Commit Graph

37 Commits (2f5be2d8dcdb03c14178d0f7dd19583d377457d6)

Author SHA1 Message Date
Richard van der Hoff 1529c19675 Prevent user tokens being used as guest tokens (#1675)
Make sure that a user cannot pretend to be a guest by adding 'guest = True'
caveats.
2016-12-06 15:31:37 +00:00
Mark Haines ec609f8094 Fix unit tests 2016-09-12 10:46:02 +01:00
Richard van der Hoff ec041b335e Record device_id in client_ips
Record the device_id when we add a client ip; it's somewhat redundant as we
could get it via the access_token, but it will make querying rather easier.
2016-07-20 16:41:03 +01:00
Negar Fazeli 0136a522b1 Bug fix: expire invalid access tokens 2016-07-13 15:00:37 +02:00
Negi Fazeli 40aa6e8349 Create user with expiry
- Add unittests for client, api and handler

Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
2016-05-13 15:34:15 +02:00
Mark Haines 5c79ef9396 Test Filter.filter_rooms
Also check that the __repr__ method for FilterCollection does something
sensible.
2016-02-19 17:55:28 +00:00
Mark Haines 700487a7c7 Fix flake8 warnings for tests 2016-02-19 15:34:38 +00:00
Erik Johnston 35981c8b71 Fix test 2016-01-28 17:20:05 +00:00
Erik Johnston 8c6012a4af Fix tests 2016-01-25 13:12:35 +00:00
Erik Johnston 8f9c74e9f1 Fix tests 2016-01-22 10:48:27 +00:00
Daniel Wagner-Hall 2110e35fd6 Introduce a Requester object
This tracks data about the entity which made the request. This is
instead of passing around a tuple, which requires call-site
modifications every time a new piece of optional context is passed
around.

I tried to introduce a User object. I gave up.
2016-01-11 17:48:45 +00:00
Matthew Hodgson 6c28ac260c copyrights 2016-01-07 04:26:29 +00:00
Daniel Wagner-Hall cfd07aafff Allow guests to upgrade their accounts 2016-01-05 18:01:18 +00:00
Daniel Wagner-Hall f522f50a08 Allow guests to register and call /events?room_id=
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
2015-11-04 17:29:07 +00:00
Erik Johnston 45cd2b0233 Refactor api.filtering to have a Filter API 2015-10-20 15:33:25 +01:00
Mark Haines 8897781558 update filtering tests 2015-10-13 14:13:51 +01:00
Daniel Wagner-Hall e255c2c32f s/user_id/user/g for consistency 2015-09-01 12:41:16 +01:00
Daniel Wagner-Hall 81450fded8 Turn TODO into thing which actually will fail 2015-08-26 13:56:01 +01:00
Daniel Wagner-Hall 6a4b650d8a Attempt to validate macaroons
A couple of weird caveats:
 * If we can't validate your macaroon, we fall back to checking that
   your access token is in the DB, and ignoring the failure
 * Even if we can validate your macaroon, we still have to hit the DB to
   get the access token ID, which we pretend is a device ID all over the
   codebase.

This mostly adds the interesting code, and points out the two pieces we
need to delete (and necessary conditions) in order to fix the above
caveats.
2015-08-26 13:22:23 +01:00
Daniel Wagner-Hall a9d8bd95e7 Stop looking up "admin", which we never read 2015-08-25 16:29:39 +01:00
Daniel Wagner-Hall a0b181bd17 Remove completely unused concepts from codebase
Removes device_id and ClientInfo

device_id is never actually written, and the matrix.org DB has no
non-null entries for it. Right now, it's just cluttering up code.

This doesn't remove the columns from the database, because that's
fiddly.
2015-08-25 16:23:06 +01:00
Daniel Wagner-Hall 13a6517d89 s/by_token/by_access_token/g
We're about to have two kinds of token, access and refresh
2015-08-20 16:01:29 +01:00
Kegan Dougal f2fdcb7c4b Merge branch 'develop' into application-services 2015-02-11 16:43:26 +00:00
Mark Haines 896253e085 Factor out some of the common homeserver setup code into a
setup_test_homeserver function in utils.
2015-02-11 11:37:30 +00:00
Kegan Dougal ab3c897ce1 Remove unused imports. 2015-02-09 14:16:36 +00:00
Kegan Dougal 5a7dd05818 Modify auth.get_user_by_req for authing appservices directly.
Add logic to map the appservice token to the autogenned appservice user ID.
Add unit tests for all forms of get_user_by_req (user/appservice,
valid/bad/missing tokens)
2015-02-09 14:14:15 +00:00
Mark Haines 93ed31dda2 Create a separate filter object to do the actual filtering, so that we can
split the storage and management of filters from the actual filter code
and don't have to load a filter from the db each time we filter an event
2015-01-29 17:45:07 +00:00
Kegan Dougal 38b27bd2cb Add filter_room_state unit tests. 2015-01-29 14:28:34 +00:00
Kegan Dougal 83172487b0 Add basic filtering public API unit tests. Use defers in the right places. 2015-01-29 12:20:59 +00:00
Kegan Dougal 5561a87920 Add more unit tests for the filter algorithm. 2015-01-29 12:06:16 +00:00
Kegan Dougal 777d9914b5 Implement filter algorithm. Add basic event type unit tests to assert it works. 2015-01-29 11:38:06 +00:00
Kegan Dougal c23e3db544 Add filter JSON sanity checks. 2015-01-28 16:45:18 +00:00
Paul "LeoNerd" Evans 06cc147012 Initial stab at real SQL storage implementation of user filter definitions 2015-01-27 18:46:03 +00:00
Paul "LeoNerd" Evans 059651efa1 Have the Filtering API return Deferreds, so we can do the Datastore implementation nicely 2015-01-27 16:17:56 +00:00
Paul "LeoNerd" Evans b1503112ce Initial trivial unittest of Filtering object 2015-01-27 15:56:14 +00:00
Paul "LeoNerd" Evans cd62ee3f29 Have all unit tests import from our own subclass of trial's unittest TestCase; set up logging in ONE PLACE ONLY 2014-09-12 18:46:13 +01:00
Mark Haines dd2cd9312a Test ratelimiter 2014-09-02 15:16:26 +01:00