Add missing form_secret

Add tests
2022-02-14 13:06:36 +01:00 · 2022-02-14 13:06:36 +01:00 · ac343861ad
parent 4da7df5e3e
commit ac343861ad
4 changed files with 141 additions and 0 deletions
--- a/dendrite-config.yaml
+++ b/dendrite-config.yaml
@ -72,6 +72,8 @@ global:
  # If either require_at_registration or send_server_notice_to_guest are true, consent
  # messages will be sent to the users.
  user_consent:
+    # Randomly generated string to be used to calculate the HMAC
+    form_secret: "superSecretRandomlyGeneratedSecret"
    # Require consent when user registers for the first time
    require_at_registration: false
    # The name to be shown to the user
--- a/setup/config/config_global.go
+++ b/setup/config/config_global.go
@ -208,6 +208,8 @@ func (c *DNSCacheOptions) Verify(configErrs *ConfigErrors, isMonolith bool) {
 // If either require_at_registration or send_server_notice_to_guest are true, consent
 // messages will be sent to the users.
 type UserConsentOptions struct {
+	// Randomly generated string to be used to calculate the HMAC
+	FormSecret string
 	// Require consent when user registers for the first time
 	RequireAtRegistration bool `yaml:"require_at_registration"`
 	// The name to be shown to the user
@ -243,6 +245,7 @@ func (c *UserConsentOptions) Verify(configErrors *ConfigErrors, isMonolith bool)
 		checkNotEmpty(configErrors, "template_dir", c.TemplateDir)
 		checkNotEmpty(configErrors, "version", c.Version)
 		checkNotEmpty(configErrors, "policy_name", c.PolicyName)
+		checkNotEmpty(configErrors, "form_secret", c.FormSecret)
 		if len(*configErrors) > 0 {
 			return
 		}
--- a/setup/config/config_global_test.go
+++ b/setup/config/config_global_test.go
@ -0,0 +1,110 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestUserConsentOptions_Verify(t *testing.T) {
+	type args struct {
+		configErrors *ConfigErrors
+		isMonolith   bool
+	}
+	tests := []struct {
+		name    string
+		fields  UserConsentOptions
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "template dir not set",
+			fields: UserConsentOptions{
+				RequireAtRegistration: true,
+			},
+			args: struct {
+				configErrors *ConfigErrors
+				isMonolith   bool
+			}{configErrors: &ConfigErrors{}, isMonolith: true},
+			wantErr: true,
+		},
+		{
+			name: "template dir set",
+			fields: UserConsentOptions{
+				RequireAtRegistration: true,
+				TemplateDir:           "testdata/privacy",
+			},
+			args: struct {
+				configErrors *ConfigErrors
+				isMonolith   bool
+			}{configErrors: &ConfigErrors{}, isMonolith: true},
+			wantErr: true,
+		},
+		{
+			name: "policy name not set",
+			fields: UserConsentOptions{
+				RequireAtRegistration: true,
+				TemplateDir:           "testdata/privacy",
+			},
+			args: struct {
+				configErrors *ConfigErrors
+				isMonolith   bool
+			}{configErrors: &ConfigErrors{}, isMonolith: true},
+			wantErr: true,
+		},
+		{
+			name: "policy name set",
+			fields: UserConsentOptions{
+				RequireAtRegistration: true,
+				TemplateDir:           "testdata/privacy",
+				PolicyName:            "Privacy policy",
+			},
+			args: struct {
+				configErrors *ConfigErrors
+				isMonolith   bool
+			}{configErrors: &ConfigErrors{}, isMonolith: true},
+			wantErr: true,
+		},
+		{
+			name: "version not set",
+			fields: UserConsentOptions{
+				RequireAtRegistration: true,
+				TemplateDir:           "testdata/privacy",
+			},
+			args: struct {
+				configErrors *ConfigErrors
+				isMonolith   bool
+			}{configErrors: &ConfigErrors{}, isMonolith: true},
+			wantErr: true,
+		},
+		{
+			name: "everyhing required set",
+			fields: UserConsentOptions{
+				RequireAtRegistration: true,
+				TemplateDir:           "./testdata/privacy",
+				Version:               "1.0",
+				PolicyName:            "Privacy policy",
+			},
+			args: struct {
+				configErrors *ConfigErrors
+				isMonolith   bool
+			}{configErrors: &ConfigErrors{}, isMonolith: true},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &UserConsentOptions{
+				RequireAtRegistration:   tt.fields.RequireAtRegistration,
+				PolicyName:              tt.fields.PolicyName,
+				Version:                 tt.fields.Version,
+				TemplateDir:             tt.fields.TemplateDir,
+				SendServerNoticeToGuest: tt.fields.SendServerNoticeToGuest,
+				ServerNoticeContent:     tt.fields.ServerNoticeContent,
+				BlockEventsError:        tt.fields.BlockEventsError,
+			}
+			c.Verify(tt.args.configErrors, tt.args.isMonolith)
+			if tt.wantErr && tt.args.configErrors == nil {
+				t.Errorf("expected no errors, got '%+v'", tt.args.configErrors)
+			}
+		})
+	}
+}
--- a/setup/config/testdata/privacy/1.0.gohtml
+++ b/setup/config/testdata/privacy/1.0.gohtml
@ -0,0 +1,26 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <title>Matrix.org Privacy policy</title>
+</head>
+<body>
+{{ if .HasConsented }}
+<p>
+    Your base already belong to us.
+</p>
+{{ else }}
+<p>
+    All your base are belong to us.
+</p>
+{{ if not .PublicVersion }}
+<!-- The variables used here are only provided when the 'u' param is given to the homeserver -->
+<form method="post" action="consent">
+    <input type="hidden" name="v" value="{{ .Version }}"/>
+    <input type="hidden" name="u" value="{{ .User }}"/>
+    <input type="hidden" name="h" value="{{ .UserHMAC }}"/>
+    <input type="submit" value="Sure thing!"/>
+</form>
+{{ end }}
+{{ end }}
+</body>
+</html>