mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-10 15:43:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

added test cases

Browse source
This commit is contained in:
santhoshivan23 2023-06-17 11:51:57 +05:30
parent 36d13b14e5
commit 09904290cb
1 changed files with 638 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

638
clientapi/admin_test.go
View file

@ -2,6 +2,7 @@ package clientapi
import ( import (
"context" "context"
"fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"reflect" "reflect"
@ -23,12 +24,649 @@ import (
"github.com/matrix-org/util" "github.com/matrix-org/util"
"github.com/tidwall/gjson" "github.com/tidwall/gjson"
capi "github.com/matrix-org/dendrite/clientapi/api"
"github.com/matrix-org/dendrite/test" "github.com/matrix-org/dendrite/test"
"github.com/matrix-org/dendrite/test/testrig" "github.com/matrix-org/dendrite/test/testrig"
"github.com/matrix-org/dendrite/userapi" "github.com/matrix-org/dendrite/userapi"
uapi "github.com/matrix-org/dendrite/userapi/api" uapi "github.com/matrix-org/dendrite/userapi/api"
) )
func TestAdminCreateToken(t *testing.T) {
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
ctx := context.Background()
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
cfg.ClientAPI.RegistrationRequiresToken = true
defer close()
natsInstance := jetstream.NATSInstance{}
routers := httputil.NewRouters()
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
accessTokens := map[*test.User]userDevice{
aliceAdmin: {},
bob: {},
}
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
testCases := []struct {
name string
requestingUser *test.User
requestOpt test.HTTPRequestOpt
wantOK bool
withHeader bool
}{
{
name: "Missing auth",
requestingUser: bob,
wantOK: false,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"token": "token1",
},
),
},
{
name: "Bob is denied access",
requestingUser: bob,
wantOK: false,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"token": "token2",
},
),
},
{
name: "Alice can create a token without specifyiing any information",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{}),
},
{
name: "Alice can to create a token specifying a name",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"token": "token3",
},
),
},
{
name: "Alice cannot to create a token that already exists",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"token": "token3",
},
),
},
{
name: "Alice can create a token specifying valid params",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"token": "token4",
"uses_allowed": 5,
"expiry_time": time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond),
},
),
},
{
name: "Alice cannot create a token specifying invalid name",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"token": "token@",
},
),
},
{
name: "Alice cannot create a token specifying invalid uses_allowed",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"token": "token5",
"uses_allowed": -1,
},
),
},
{
name: "Alice cannot create a token specifying invalid expiry_time",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"token": "token6",
"expiry_time": time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond),
},
),
},
{
name: "Alice cannot to create a token specifying invalid length",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"length": 80,
},
),
},
}
for _, tc := range testCases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
req := test.NewRequest(t, http.MethodPost, "/_dendrite/admin/registrationTokens/new")
if tc.requestOpt != nil {
req = test.NewRequest(t, http.MethodPost, "/_dendrite/admin/registrationTokens/new", tc.requestOpt)
}
if tc.withHeader {
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
}
rec := httptest.NewRecorder()
routers.DendriteAdmin.ServeHTTP(rec, req)
t.Logf("%s", rec.Body.String())
if tc.wantOK && rec.Code != http.StatusOK {
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
}
})
}
})
}
func TestAdminListRegistrationTokens(t *testing.T) {
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
ctx := context.Background()
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
cfg.ClientAPI.RegistrationRequiresToken = true
defer close()
natsInstance := jetstream.NATSInstance{}
routers := httputil.NewRouters()
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
accessTokens := map[*test.User]userDevice{
aliceAdmin: {},
bob: {},
}
tokens := []capi.RegistrationToken{
{
Token: getPointer("valid"),
UsesAllowed: getPointer(int32(10)),
ExpiryTime: getPointer(time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
Pending: getPointer(int32(0)),
Completed: getPointer(int32(0)),
},
{
Token: getPointer("invalid"),
UsesAllowed: getPointer(int32(10)),
ExpiryTime: getPointer(time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
Pending: getPointer(int32(0)),
Completed: getPointer(int32(0)),
},
}
for _, tkn := range tokens {
tkn := tkn
userAPI.PerformAdminCreateRegistrationToken(ctx, &tkn)
}
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
testCases := []struct {
name string
requestingUser *test.User
valid string
isValidSpecified bool
wantOK bool
withHeader bool
}{
{
name: "Missing auth",
requestingUser: bob,
wantOK: false,
isValidSpecified: false,
},
{
name: "Bob is denied access",
requestingUser: bob,
wantOK: false,
withHeader: true,
isValidSpecified: false,
},
{
name: "Alice can list all tokens",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
},
{
name: "Alice can list all valid tokens",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
valid: "true",
isValidSpecified: true,
},
{
name: "Alice can list all invalid tokens",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
valid: "false",
isValidSpecified: true,
},
{
name: "No response when valid has a bad value",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
valid: "trueee",
isValidSpecified: true,
},
}
for _, tc := range testCases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
var path string
if tc.isValidSpecified {
path = fmt.Sprintf("/_dendrite/admin/registrationTokens?valid=%v", tc.valid)
} else {
path = fmt.Sprintf("/_dendrite/admin/registrationTokens")
}
req := test.NewRequest(t, http.MethodGet, path)
if tc.withHeader {
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
}
rec := httptest.NewRecorder()
routers.DendriteAdmin.ServeHTTP(rec, req)
t.Logf("%s", rec.Body.String())
if tc.wantOK && rec.Code != http.StatusOK {
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
}
})
}
})
}
func TestAdminGetRegistrationToken(t *testing.T) {
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
ctx := context.Background()
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
cfg.ClientAPI.RegistrationRequiresToken = true
defer close()
natsInstance := jetstream.NATSInstance{}
routers := httputil.NewRouters()
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
accessTokens := map[*test.User]userDevice{
aliceAdmin: {},
bob: {},
}
tokens := []capi.RegistrationToken{
{
Token: getPointer("alice_token1"),
UsesAllowed: getPointer(int32(10)),
ExpiryTime: getPointer(time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
Pending: getPointer(int32(0)),
Completed: getPointer(int32(0)),
},
{
Token: getPointer("alice_token2"),
UsesAllowed: getPointer(int32(10)),
ExpiryTime: getPointer(time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
Pending: getPointer(int32(0)),
Completed: getPointer(int32(0)),
},
}
for _, tkn := range tokens {
tkn := tkn
userAPI.PerformAdminCreateRegistrationToken(ctx, &tkn)
}
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
testCases := []struct {
name string
requestingUser *test.User
token string
wantOK bool
withHeader bool
}{
{
name: "Missing auth",
requestingUser: bob,
wantOK: false,
},
{
name: "Bob is denied access",
requestingUser: bob,
wantOK: false,
withHeader: true,
},
{
name: "Alice can GET alice_token1",
token: "alice_token1",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
},
{
name: "Alice can GET alice_token2",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
token: "alice_token2",
},
{
name: "Alice cannot GET a token that does not exists",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
token: "alice_token3",
},
}
for _, tc := range testCases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
path := fmt.Sprintf("/_dendrite/admin/registrationTokens/%s", tc.token)
req := test.NewRequest(t, http.MethodGet, path)
if tc.withHeader {
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
}
rec := httptest.NewRecorder()
routers.DendriteAdmin.ServeHTTP(rec, req)
t.Logf("%s", rec.Body.String())
if tc.wantOK && rec.Code != http.StatusOK {
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
}
})
}
})
}
func TestAdminDeleteRegistrationToken(t *testing.T) {
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
ctx := context.Background()
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
cfg.ClientAPI.RegistrationRequiresToken = true
defer close()
natsInstance := jetstream.NATSInstance{}
routers := httputil.NewRouters()
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
accessTokens := map[*test.User]userDevice{
aliceAdmin: {},
bob: {},
}
tokens := []capi.RegistrationToken{
{
Token: getPointer("alice_token1"),
UsesAllowed: getPointer(int32(10)),
ExpiryTime: getPointer(time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
Pending: getPointer(int32(0)),
Completed: getPointer(int32(0)),
},
{
Token: getPointer("alice_token2"),
UsesAllowed: getPointer(int32(10)),
ExpiryTime: getPointer(time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
Pending: getPointer(int32(0)),
Completed: getPointer(int32(0)),
},
}
for _, tkn := range tokens {
tkn := tkn
userAPI.PerformAdminCreateRegistrationToken(ctx, &tkn)
}
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
testCases := []struct {
name string
requestingUser *test.User
token string
wantOK bool
withHeader bool
}{
{
name: "Missing auth",
requestingUser: bob,
wantOK: false,
},
{
name: "Bob is denied access",
requestingUser: bob,
wantOK: false,
withHeader: true,
},
{
name: "Alice can DELETE alice_token1",
token: "alice_token1",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
},
{
name: "Alice can DELETE alice_token2",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
token: "alice_token2",
},
}
for _, tc := range testCases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
path := fmt.Sprintf("/_dendrite/admin/registrationTokens/%s", tc.token)
req := test.NewRequest(t, http.MethodDelete, path)
if tc.withHeader {
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
}
rec := httptest.NewRecorder()
routers.DendriteAdmin.ServeHTTP(rec, req)
t.Logf("%s", rec.Body.String())
if tc.wantOK && rec.Code != http.StatusOK {
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
}
})
}
})
}
func TestAdminUpdateRegistrationToken(t *testing.T) {
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
ctx := context.Background()
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
cfg.ClientAPI.RegistrationRequiresToken = true
defer close()
natsInstance := jetstream.NATSInstance{}
routers := httputil.NewRouters()
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
accessTokens := map[*test.User]userDevice{
aliceAdmin: {},
bob: {},
}
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
tokens := []capi.RegistrationToken{
{
Token: getPointer("alice_token1"),
UsesAllowed: getPointer(int32(10)),
ExpiryTime: getPointer(time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
Pending: getPointer(int32(0)),
Completed: getPointer(int32(0)),
},
{
Token: getPointer("alice_token2"),
UsesAllowed: getPointer(int32(10)),
ExpiryTime: getPointer(time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
Pending: getPointer(int32(0)),
Completed: getPointer(int32(0)),
},
}
for _, tkn := range tokens {
tkn := tkn
userAPI.PerformAdminCreateRegistrationToken(ctx, &tkn)
}
testCases := []struct {
name string
requestingUser *test.User
method string
token string
requestOpt test.HTTPRequestOpt
wantOK bool
withHeader bool
}{
{
name: "Missing auth",
requestingUser: bob,
wantOK: false,
token: "alice_token1",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"uses_allowed": 10,
},
),
},
{
name: "Bob is denied access",
requestingUser: bob,
wantOK: false,
withHeader: true,
token: "alice_token1",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"uses_allowed": 10,
},
),
},
{
name: "Alice can UPDATE a token's uses_allowed property",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
token: "alice_token1",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"uses_allowed": 10,
}),
},
{
name: "Alice can UPDATE a token's expiry_time property",
requestingUser: aliceAdmin,
wantOK: true,
withHeader: true,
token: "alice_token2",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"expiry_time": time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond),
},
),
},
{
name: "Alice can UPDATE a token's uses_allowed and expiry_time property",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
token: "alice_token1",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"uses_allowed": 20,
"expiry_time": time.Now().Add(10*24*time.Hour).UnixNano() / int64(time.Millisecond),
},
),
},
{
name: "Alice CANNOT update a token with invalid properties",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
token: "alice_token2",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"uses_allowed": -5,
"expiry_time": time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond),
},
),
},
{
name: "Alice CANNOT UPDATE a token that does not exist",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
token: "alice_token9",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"uses_allowed": 100,
},
),
},
{
name: "Alice can UPDATE token specifying uses_allowed as null - Valid for infinite uses",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
token: "alice_token1",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"uses_allowed": nil,
},
),
},
{
name: "Alice can UPDATE token specifying expiry_time AS null - Valid for infinite time",
requestingUser: aliceAdmin,
wantOK: false,
withHeader: true,
token: "alice_token1",
requestOpt: test.WithJSONBody(t, map[string]interface{}{
"expiry_time": nil,
},
),
},
}
for _, tc := range testCases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
path := fmt.Sprintf("/_dendrite/admin/registrationTokens/%s", tc.token)
req := test.NewRequest(t, http.MethodPut, path)
if tc.requestOpt != nil {
req = test.NewRequest(t, http.MethodPut, path, tc.requestOpt)
}
if tc.withHeader {
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
}
rec := httptest.NewRecorder()
routers.DendriteAdmin.ServeHTTP(rec, req)
t.Logf("%s", rec.Body.String())
if tc.wantOK && rec.Code != http.StatusOK {
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
}
})
}
})
}
func getPointer[T any](s T) *T {
return &s
}
func TestAdminResetPassword(t *testing.T) { func TestAdminResetPassword(t *testing.T) {
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin)) aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser)) bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))