c8d476a3cc
Room integrity was never compromised as GMSL does auth checks, but we would incorrectly 200 OK the request instead of 403ing.
418 lines
21 KiB
Plaintext
418 lines
21 KiB
Plaintext
GET /register yields a set of flows
|
|
POST /register can create a user
|
|
POST /register downcases capitals in usernames
|
|
POST /register rejects registration of usernames with '!'
|
|
POST /register rejects registration of usernames with '"'
|
|
POST /register rejects registration of usernames with ':'
|
|
POST /register rejects registration of usernames with '?'
|
|
POST /register rejects registration of usernames with '\'
|
|
POST /register rejects registration of usernames with '@'
|
|
POST /register rejects registration of usernames with '['
|
|
POST /register rejects registration of usernames with ']'
|
|
POST /register rejects registration of usernames with '{'
|
|
POST /register rejects registration of usernames with '|'
|
|
POST /register rejects registration of usernames with '}'
|
|
POST /register rejects registration of usernames with '£'
|
|
POST /register rejects registration of usernames with 'é'
|
|
POST /register rejects registration of usernames with '\n'
|
|
POST /register rejects registration of usernames with '''
|
|
GET /login yields a set of flows
|
|
POST /login can log in as a user
|
|
POST /login returns the same device_id as that in the request
|
|
POST /login can log in as a user with just the local part of the id
|
|
POST /login as non-existing user is rejected
|
|
POST /login wrong password is rejected
|
|
GET /events initially
|
|
GET /initialSync initially
|
|
Version responds 200 OK with valid structure
|
|
PUT /profile/:user_id/displayname sets my name
|
|
GET /profile/:user_id/displayname publicly accessible
|
|
PUT /profile/:user_id/avatar_url sets my avatar
|
|
GET /profile/:user_id/avatar_url publicly accessible
|
|
GET /device/{deviceId} gives a 404 for unknown devices
|
|
PUT /device/{deviceId} gives a 404 for unknown devices
|
|
GET /device/{deviceId}
|
|
GET /devices
|
|
PUT /device/{deviceId} updates device fields
|
|
DELETE /device/{deviceId}
|
|
DELETE /device/{deviceId} requires UI auth user to match device owner
|
|
DELETE /device/{deviceId} with no body gives a 401
|
|
POST /createRoom makes a public room
|
|
POST /createRoom makes a private room
|
|
POST /createRoom makes a private room with invites
|
|
POST /createRoom makes a room with a name
|
|
POST /createRoom makes a room with a topic
|
|
Can /sync newly created room
|
|
GET /rooms/:room_id/state/m.room.member/:user_id fetches my membership
|
|
GET /rooms/:room_id/state/m.room.power_levels fetches powerlevels
|
|
POST /join/:room_alias can join a room
|
|
POST /join/:room_id can join a room
|
|
POST /join/:room_id can join a room with custom content
|
|
POST /join/:room_alias can join a room with custom content
|
|
POST /rooms/:room_id/join can join a room
|
|
POST /rooms/:room_id/leave can leave a room
|
|
POST /rooms/:room_id/invite can send an invite
|
|
POST /rooms/:room_id/ban can ban a user
|
|
POST /rooms/:room_id/send/:event_type sends a message
|
|
PUT /rooms/:room_id/send/:event_type/:txn_id sends a message
|
|
PUT /rooms/:room_id/send/:event_type/:txn_id deduplicates the same txn id
|
|
GET /rooms/:room_id/state/m.room.power_levels can fetch levels
|
|
PUT /rooms/:room_id/state/m.room.power_levels can set levels
|
|
PUT power_levels should not explode if the old power levels were empty
|
|
GET /rooms/:room_id/state/m.room.member/:user_id?format=event fetches my membership event
|
|
GET /rooms/:room_id/joined_members fetches my membership
|
|
Both GET and PUT work
|
|
POST /rooms/:room_id/read_markers can create read marker
|
|
User signups are forbidden from starting with '_'
|
|
Request to logout with invalid an access token is rejected
|
|
Request to logout without an access token is rejected
|
|
Room creation reports m.room.create to myself
|
|
Room creation reports m.room.member to myself
|
|
Invited user can see room metadata
|
|
# Blacklisted because these tests call /r0/events which we don't implement
|
|
# New room members see their own join event
|
|
# Existing members see new members' join events
|
|
setting 'm.room.power_levels' respects room powerlevel
|
|
Unprivileged users can set m.room.topic if it only needs level 0
|
|
Users cannot set ban powerlevel higher than their own
|
|
Users cannot set kick powerlevel higher than their own
|
|
Users cannot set redact powerlevel higher than their own
|
|
Can get rooms/{roomId}/members for a departed room (SPEC-216)
|
|
3pid invite join with wrong but valid signature are rejected
|
|
3pid invite join valid signature but revoked keys are rejected
|
|
3pid invite join valid signature but unreachable ID server are rejected
|
|
Room members can join a room with an overridden displayname
|
|
Real non-joined user cannot call /events on shared room
|
|
Real non-joined user cannot call /events on invited room
|
|
Real non-joined user cannot call /events on joined room
|
|
Real non-joined user cannot call /events on default room
|
|
Real non-joined users can get state for world_readable rooms
|
|
Real non-joined users can get individual state for world_readable rooms
|
|
#Real non-joined users can get individual state for world_readable rooms after leaving
|
|
Real non-joined users cannot send messages to guest_access rooms if not joined
|
|
Real users can sync from world_readable guest_access rooms if joined
|
|
Real users can sync from default guest_access rooms if joined
|
|
Can't forget room you're still in
|
|
Can get rooms/{roomId}/members
|
|
Can create filter
|
|
Can download filter
|
|
Lazy loading parameters in the filter are strictly boolean
|
|
Can sync
|
|
Can sync a joined room
|
|
Newly joined room is included in an incremental sync
|
|
User is offline if they set_presence=offline in their sync
|
|
Changes to state are included in an incremental sync
|
|
A change to displayname should appear in incremental /sync
|
|
Current state appears in timeline in private history
|
|
Current state appears in timeline in private history with many messages before
|
|
Rooms a user is invited to appear in an initial sync
|
|
Rooms a user is invited to appear in an incremental sync
|
|
Sync can be polled for updates
|
|
Sync is woken up for leaves
|
|
Newly left rooms appear in the leave section of incremental sync
|
|
We should see our own leave event, even if history_visibility is restricted (SYN-662)
|
|
We should see our own leave event when rejecting an invite, even if history_visibility is restricted (riot-web/3462)
|
|
Newly left rooms appear in the leave section of gapped sync
|
|
Previously left rooms don't appear in the leave section of sync
|
|
Left rooms appear in the leave section of full state sync
|
|
Newly banned rooms appear in the leave section of incremental sync
|
|
Newly banned rooms appear in the leave section of incremental sync
|
|
local user can join room with version 1
|
|
User can invite local user to room with version 1
|
|
Can upload device keys
|
|
Should reject keys claiming to belong to a different user
|
|
Can query device keys using POST
|
|
Can query remote device keys using POST
|
|
Can query specific device keys using POST
|
|
query for user with no keys returns empty key dict
|
|
Can claim one time key using POST
|
|
Can claim remote one time key using POST
|
|
Can add account data
|
|
Can add account data to room
|
|
Can get account data without syncing
|
|
Can get room account data without syncing
|
|
#Latest account data appears in v2 /sync
|
|
New account data appears in incremental v2 /sync
|
|
Checking local federation server
|
|
Inbound federation can query profile data
|
|
Outbound federation can send room-join requests
|
|
Outbound federation can send events
|
|
# SyTest currently only implements the v1 endpoints for /send_join and /send_leave,
|
|
# whereas Dendrite only supports the v2 endpoints for those, so let's ignore this
|
|
# test for now.
|
|
#Inbound federation can backfill events
|
|
# SyTest currently only implements the v1 endpoints for /send_join and /send_leave,
|
|
# whereas Dendrite only supports the v2 endpoints for those, so let's ignore this
|
|
# test for now.
|
|
#Backfill checks the events requested belong to the room
|
|
Can upload without a file name
|
|
Can download without a file name locally
|
|
Can upload with ASCII file name
|
|
Can send image in room message
|
|
AS cannot create users outside its own namespace
|
|
Regular users cannot register within the AS namespace
|
|
AS can't set displayname for random users
|
|
AS user (not ghost) can join room without registering, with user_id query param
|
|
Changing the actions of an unknown default rule fails with 404
|
|
Changing the actions of an unknown rule fails with 404
|
|
Enabling an unknown default rule fails with 404
|
|
Trying to get push rules with unknown rule_id fails with 404
|
|
Events come down the correct room
|
|
# SyTest currently only implements the v1 endpoints for /send_join and /send_leave,
|
|
# whereas Dendrite only supports the v2 endpoints for those, so let's ignore this
|
|
# test for now.
|
|
#Inbound federation can receive v1 room-join requests
|
|
Typing events appear in initial sync
|
|
Typing events appear in incremental sync
|
|
Typing events appear in gapped sync
|
|
Inbound federation of state requires event_id as a mandatory paramater
|
|
Inbound federation of state_ids requires event_id as a mandatory paramater
|
|
POST /register returns the same device_id as that in the request
|
|
POST /createRoom with creation content
|
|
User can create and send/receive messages in a room with version 1
|
|
POST /createRoom ignores attempts to set the room version via creation_content
|
|
Inbound federation rejects remote attempts to join local users to rooms
|
|
Inbound federation rejects remote attempts to kick local users to rooms
|
|
Full state sync includes joined rooms
|
|
A message sent after an initial sync appears in the timeline of an incremental sync.
|
|
Can add tag
|
|
Can remove tag
|
|
Can list tags for a room
|
|
Tags appear in an initial v2 /sync
|
|
Newly updated tags appear in an incremental v2 /sync
|
|
Deleted tags appear in an incremental v2 /sync
|
|
/event/ on non world readable room does not work
|
|
Outbound federation can query profile data
|
|
/event/ on joined room works
|
|
/event/ does not allow access to events before the user joined
|
|
Federation key API allows unsigned requests for keys
|
|
GET /publicRooms lists rooms
|
|
GET /publicRooms includes avatar URLs
|
|
Can paginate public room list
|
|
GET /publicRooms lists newly-created room
|
|
Name/topic keys are correct
|
|
GET /directory/room/:room_alias yields room ID
|
|
PUT /directory/room/:room_alias creates alias
|
|
Room aliases can contain Unicode
|
|
Creators can delete alias
|
|
Regular users cannot create room aliases within the AS namespace
|
|
Deleting a non-existent alias should return a 404
|
|
Users can't delete other's aliases
|
|
Outbound federation can query room alias directory
|
|
After deactivating account, can't log in with an email
|
|
Remote room alias queries can handle Unicode
|
|
Newly joined room is included in an incremental sync after invite
|
|
Inbound /v1/make_join rejects remote attempts to join local users to rooms
|
|
Local room members see posted message events
|
|
Fetching eventstream a second time doesn't yield the message again
|
|
Local non-members don't see posted message events
|
|
Remote room members also see posted message events
|
|
Lazy loading parameters in the filter are strictly boolean
|
|
remote user can join room with version 1
|
|
Inbound federation can query room alias directory
|
|
Outbound federation can query v2 /send_join
|
|
Inbound federation can receive v2 /send_join
|
|
Message history can be paginated
|
|
Getting messages going forward is limited for a departed room (SPEC-216)
|
|
m.room.history_visibility == "world_readable" allows/forbids appropriately for Real users
|
|
Backfill works correctly with history visibility set to joined
|
|
Guest user cannot call /events globally
|
|
Guest users can join guest_access rooms
|
|
Guest user can set display names
|
|
Guest user cannot upgrade other users
|
|
m.room.history_visibility == "world_readable" allows/forbids appropriately for Guest users
|
|
Guest non-joined user cannot call /events on shared room
|
|
Guest non-joined user cannot call /events on invited room
|
|
Guest non-joined user cannot call /events on joined room
|
|
Guest non-joined user cannot call /events on default room
|
|
Guest non-joined users can get state for world_readable rooms
|
|
Guest non-joined users can get individual state for world_readable rooms
|
|
Guest non-joined users cannot room initalSync for non-world_readable rooms
|
|
Guest non-joined users can get individual state for world_readable rooms after leaving
|
|
Guest non-joined users cannot send messages to guest_access rooms if not joined
|
|
Guest users can sync from world_readable guest_access rooms if joined
|
|
Guest users can sync from default guest_access rooms if joined
|
|
Real non-joined users cannot room initalSync for non-world_readable rooms
|
|
Push rules come down in an initial /sync
|
|
Regular users can add and delete aliases in the default room configuration
|
|
GET /r0/capabilities is not public
|
|
GET /joined_rooms lists newly-created room
|
|
/joined_rooms returns only joined rooms
|
|
Message history can be paginated over federation
|
|
GET /rooms/:room_id/messages returns a message
|
|
Remote user can backfill in a room with version 1
|
|
POST /createRoom creates a room with the given version
|
|
POST /createRoom rejects attempts to create rooms with numeric versions
|
|
POST /createRoom rejects attempts to create rooms with unknown versions
|
|
Regular users can add and delete aliases when m.room.aliases is restricted
|
|
User can create and send/receive messages in a room with version 2
|
|
local user can join room with version 2
|
|
remote user can join room with version 2
|
|
User can invite local user to room with version 2
|
|
Remote user can backfill in a room with version 2
|
|
Inbound federation accepts attempts to join v2 rooms from servers with support
|
|
Outbound federation can send invites via v2 API
|
|
Outbound federation can send invites via v1 API
|
|
Inbound federation can receive invites via v1 API
|
|
Inbound federation can receive invites via v2 API
|
|
User can create and send/receive messages in a room with version 3
|
|
local user can join room with version 3
|
|
Remote user can backfill in a room with version 3
|
|
User can create and send/receive messages in a room with version 4
|
|
local user can join room with version 4
|
|
remote user can join room with version 3
|
|
remote user can join room with version 4
|
|
Remote user can backfill in a room with version 4
|
|
# We don't support ignores yet, so ignore this for now - ha ha.
|
|
# Ignore invite in incremental sync
|
|
Outbound federation can send invites via v2 API
|
|
User can invite local user to room with version 3
|
|
User can invite local user to room with version 4
|
|
A pair of servers can establish a join in a v2 room
|
|
Can logout all devices
|
|
State from remote users is included in the timeline in an incremental sync
|
|
User can invite remote user to room with version 1
|
|
User can invite remote user to room with version 2
|
|
User can invite remote user to room with version 3
|
|
User can invite remote user to room with version 4
|
|
User can create and send/receive messages in a room with version 5
|
|
local user can join room with version 5
|
|
User can invite local user to room with version 5
|
|
remote user can join room with version 5
|
|
User can invite remote user to room with version 5
|
|
Remote user can backfill in a room with version 5
|
|
Inbound federation can receive v1 /send_join
|
|
Inbound federation can get state for a room
|
|
Inbound federation of state requires event_id as a mandatory paramater
|
|
Inbound federation can get state_ids for a room
|
|
Inbound federation of state_ids requires event_id as a mandatory paramater
|
|
Federation rejects inbound events where the prev_events cannot be found
|
|
Alternative server names do not cause a routing loop
|
|
Events whose auth_events are in the wrong room do not mess up the room state
|
|
Inbound federation can return events
|
|
Inbound federation can return missing events for world_readable visibility
|
|
Inbound federation can return missing events for invite visibility
|
|
Inbound federation can get public room list
|
|
POST /rooms/:room_id/redact/:event_id as power user redacts message
|
|
POST /rooms/:room_id/redact/:event_id as original message sender redacts message
|
|
POST /rooms/:room_id/redact/:event_id as random user does not redact message
|
|
POST /redact disallows redaction of event in different room
|
|
An event which redacts itself should be ignored
|
|
A pair of events which redact each other should be ignored
|
|
Redaction of a redaction redacts the redaction reason
|
|
An event which redacts an event in a different room should be ignored
|
|
Can receive redactions from regular users over federation in room version 1
|
|
Can receive redactions from regular users over federation in room version 2
|
|
Can receive redactions from regular users over federation in room version 3
|
|
Can receive redactions from regular users over federation in room version 4
|
|
Can receive redactions from regular users over federation in room version 5
|
|
Can receive redactions from regular users over federation in room version 6
|
|
Outbound federation can backfill events
|
|
Inbound federation can backfill events
|
|
Backfill checks the events requested belong to the room
|
|
Backfilled events whose prev_events are in a different room do not allow cross-room back-pagination
|
|
Outbound federation can request missing events
|
|
New room members see their own join event
|
|
Existing members see new members' join events
|
|
Inbound federation can receive events
|
|
Inbound federation can receive redacted events
|
|
Can logout current device
|
|
Can send a message directly to a device using PUT /sendToDevice
|
|
Can recv a device message using /sync
|
|
Can recv device messages until they are acknowledged
|
|
Device messages with the same txn_id are deduplicated
|
|
Device messages wake up /sync
|
|
Can recv device messages over federation
|
|
Device messages over federation wake up /sync
|
|
Can send messages with a wildcard device id
|
|
Can send messages with a wildcard device id to two devices
|
|
Wildcard device messages wake up /sync
|
|
Wildcard device messages over federation wake up /sync
|
|
Can send a to-device message to two users which both receive it using /sync
|
|
User can create and send/receive messages in a room with version 6
|
|
local user can join room with version 6
|
|
User can invite local user to room with version 6
|
|
remote user can join room with version 6
|
|
User can invite remote user to room with version 6
|
|
Remote user can backfill in a room with version 6
|
|
Inbound: send_join rejects invalid JSON for room version 6
|
|
Outbound federation rejects backfill containing invalid JSON for events in room version 6
|
|
Invalid JSON integers
|
|
Invalid JSON special values
|
|
Invalid JSON floats
|
|
Outbound federation will ignore a missing event with bad JSON for room version 6
|
|
Server correctly handles transactions that break edu limits
|
|
Server rejects invalid JSON in a version 6 room
|
|
Can download without a file name over federation
|
|
POST /media/r0/upload can create an upload
|
|
GET /media/r0/download can fetch the value again
|
|
Remote users can join room by alias
|
|
Alias creators can delete alias with no ops
|
|
Alias creators can delete canonical alias with no ops
|
|
Room members can override their displayname on a room-specific basis
|
|
displayname updates affect room member events
|
|
avatar_url updates affect room member events
|
|
Real non-joined users can get individual state for world_readable rooms after leaving
|
|
Can upload with Unicode file name
|
|
POSTed media can be thumbnailed
|
|
Remote media can be thumbnailed
|
|
Can download with Unicode file name locally
|
|
Can download file 'ascii'
|
|
Can download file 'name with spaces'
|
|
Can download file 'name;with;semicolons'
|
|
Can download specifying a different ASCII file name
|
|
Can download with Unicode file name over federation
|
|
Can download specifying a different Unicode file name
|
|
Inbound /v1/send_join rejects joins from other servers
|
|
Outbound federation can query v1 /send_join
|
|
Inbound /v1/send_join rejects incorrectly-signed joins
|
|
POST /rooms/:room_id/state/m.room.name sets name
|
|
GET /rooms/:room_id/state/m.room.name gets name
|
|
POST /rooms/:room_id/state/m.room.topic sets topic
|
|
GET /rooms/:room_id/state/m.room.topic gets topic
|
|
GET /rooms/:room_id/state fetches entire room state
|
|
Setting room topic reports m.room.topic to myself
|
|
setting 'm.room.name' respects room powerlevel
|
|
Syncing a new room with a large timeline limit isn't limited
|
|
Left rooms appear in the leave section of sync
|
|
Banned rooms appear in the leave section of sync
|
|
Getting state checks the events requested belong to the room
|
|
Getting state IDs checks the events requested belong to the room
|
|
Can invite users to invite-only rooms
|
|
Uninvited users cannot join the room
|
|
Users cannot invite themselves to a room
|
|
Users cannot invite a user that is already in the room
|
|
Invited user can reject invite
|
|
Invited user can reject invite for empty room
|
|
Invited user can reject local invite after originator leaves
|
|
PUT /rooms/:room_id/typing/:user_id sets typing notification
|
|
Typing notification sent to local room members
|
|
Typing notifications also sent to remote room members
|
|
Typing can be explicitly stopped
|
|
Banned user is kicked and may not rejoin until unbanned
|
|
Inbound federation rejects attempts to join v1 rooms from servers without v1 support
|
|
Inbound federation rejects attempts to join v2 rooms from servers lacking version support
|
|
Inbound federation rejects attempts to join v2 rooms from servers only supporting v1
|
|
Outbound federation passes make_join failures through to the client
|
|
Outbound federation correctly handles unsupported room versions
|
|
Remote users may not join unfederated rooms
|
|
Guest users denied access over federation if guest access prohibited
|
|
Non-numeric ports in server names are rejected
|
|
Invited user can reject invite over federation
|
|
Invited user can reject invite over federation for empty room
|
|
Can reject invites over federation for rooms with version 1
|
|
Can reject invites over federation for rooms with version 2
|
|
Can reject invites over federation for rooms with version 3
|
|
Can reject invites over federation for rooms with version 4
|
|
Can reject invites over federation for rooms with version 5
|
|
Can reject invites over federation for rooms with version 6
|
|
Event size limits
|
|
Can sync a room with a single message
|
|
Can sync a room with a message with a transaction id
|
|
A full_state incremental update returns only recent timeline
|
|
A prev_batch token can be used in the v1 messages API
|
|
We don't send redundant membership state across incremental syncs by default
|
|
Typing notifications don't leak
|
|
Users cannot kick users from a room they are not in
|
|
Users cannot kick users who have already left a room
|