Add TestRestrictedRoomsLocalJoinNoCreatorsUsesPowerLevels
#836
+74
−0
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -446,3 +446,77 @@ func doTestRestrictedRoomsRemoteJoinFailOver(t *testing.T, roomVersion string, j | |
| return true | ||
| })) | ||
| } | ||
|
|
||
| // A server will attempt to perform a local join to a room with creators (v12), | ||
| // using a creator as the authorising user, but falling back to power levels if | ||
| // an appropriate creator cannot be found. | ||
| // | ||
| // ref: https://github.com/element-hq/synapse/issues/19120 | ||
| func TestRestrictedRoomsLocalJoinNoCreatorsUsesPowerLevels(t *testing.T) { | ||
|
Collaborator
There was a problem hiding this comment. Thanks for taking the time to write a test! It looks great overall 🤩
Collaborator
There was a problem hiding this comment. I've tested to make sure it fails with the latest |
||
| doTestRestrictedRoomsLocalJoinNoCreatorsUsesPowerLevels(t, "12", "restricted") | ||
|
Collaborator
There was a problem hiding this comment. We should also test with a room version before 12 |
||
| } | ||
|
|
||
| func doTestRestrictedRoomsLocalJoinNoCreatorsUsesPowerLevels(t *testing.T, roomVersion string, joinRule string) { | ||
|
Collaborator
There was a problem hiding this comment. It looks like the reason other tests are written this way is so that it can be shared with |
||
| deployment := complement.Deploy(t, 2) | ||
| defer deployment.Destroy(t) | ||
| // Create the room | ||
| alice, allowed_room, room := setupRestrictedRoom(t, deployment, roomVersion, joinRule) | ||
| // Create two users on the other homeserver. | ||
| bob := deployment.Register(t, "hs2", helpers.RegistrationOpts{}) | ||
| charlie := deployment.Register(t, "hs2", helpers.RegistrationOpts{}) | ||
|
|
||
| // Bob joins the allowed room. | ||
| bob.JoinRoom(t, allowed_room, []spec.ServerName{ | ||
| deployment.GetFullyQualifiedHomeserverName(t, "hs1"), | ||
| }) | ||
| // Bob joins the restricted room. This join should go remotely | ||
| // and consequently be authorised by Alice as she is the only | ||
| // member. | ||
| bob.JoinRoom(t, room, []spec.ServerName{ | ||
| deployment.GetFullyQualifiedHomeserverName(t, "hs1"), | ||
| }) | ||
| // Ensure the join was authorised by alice | ||
| bob.MustSyncUntil(t, client.SyncReq{}, client.SyncJoinedTo(bob.UserID, room, func(ev gjson.Result) bool { | ||
| must.MatchGJSON(t, ev, | ||
| match.JSONKeyEqual("content.join_authorised_via_users_server", alice.UserID), | ||
| ) | ||
| return true | ||
| })) | ||
|
|
||
| // Alice restricts the invite power level to moderators and promotes Bob to | ||
| // moderator. | ||
| state_key := "" | ||
| alice.SendEventSynced(t, room, b.Event{ | ||
| Type: "m.room.power_levels", | ||
| StateKey: &state_key, | ||
| Content: map[string]interface{}{ | ||
| "invite": 50, | ||
| "users": map[string]interface{}{ | ||
| bob.UserID: 50, | ||
| }, | ||
| }, | ||
| }) | ||
|
|
||
| // Charlie joins the allowed room. | ||
| charlie.JoinRoom(t, allowed_room, []spec.ServerName{ | ||
| deployment.GetFullyQualifiedHomeserverName(t, "hs1"), | ||
| }) | ||
| // Charlie attempts to join the restricted room. | ||
| // hs2 should attempt to find a creator to authorise the room join, | ||
| // but can't as the only creator is remote. It should then fall back | ||
| // to checking the power levels for a user that can authorise the join. | ||
| // The end result should be that charlie is allowed to join. | ||
|
Comment on lines
+504
to
+508
Collaborator
There was a problem hiding this comment. Probably needs a slight adjustment like the main test description comment above. |
||
| charlie.JoinRoom(t, room, []spec.ServerName{ | ||
| deployment.GetFullyQualifiedHomeserverName(t, "hs2"), | ||
| }) | ||
|
|
||
| // Ensure the join was authorised by bob. The join should not be | ||
| // authorised by alice as hs2 should not have attempted a remote | ||
| // join given bob is a local user that can authorise the join. | ||
| bob.MustSyncUntil(t, client.SyncReq{}, client.SyncJoinedTo(charlie.UserID, room, func(ev gjson.Result) bool { | ||
| must.MatchGJSON(t, ev, | ||
| match.JSONKeyEqual("content.join_authorised_via_users_server", bob.UserID), | ||
| ) | ||
| return true | ||
| })) | ||
|
Comment on lines
+513
to
+521
Collaborator
There was a problem hiding this comment. Great comment/assertion 👍 |
||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is explaining too many specifics of the Synapse implementation. Unless this is explained somewhere in the spec?
Here is an iteration: