Compare commits

...

4 Commits

Author SHA1 Message Date
Erik Johnston 49c1eb998c Remove duplicated error handling 2020-11-02 10:15:29 +00:00
Erik Johnston 3b400ecb94 Use POST 2020-11-02 10:14:09 +00:00
Erik Johnston 9e89ef6a73 Review 2020-11-02 10:04:53 +00:00
Erik Johnston ae0fef3063
Update tests/rest/admin/test_user.py
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
2020-11-02 10:04:30 +00:00
5 changed files with 25 additions and 14 deletions

View File

@ -432,7 +432,7 @@ when admins wish to do actions on behalf of a user.
The API is::
PUT /_synapse/admin/v1/users/<user_id>/login
POST /_synapse/admin/v1/users/<user_id>/login
{}
An optional ``valid_until_ms`` field can be specified in the request body as an

View File

@ -61,8 +61,14 @@ class AuthBlocking:
certain blocking reasons like MAU.
requester: If present, and the authenticated entity is a user, checks for
presence against existing MAU cohort.
presence against existing MAU cohort. Passing in both a `user_id` and
`requester` is an error.
"""
if requester and user_id:
raise Exception(
"Passed in both 'user_id' and 'requester' to 'check_auth_blocking'"
)
if requester:
if requester.authenticated_entity.startswith("@"):
user_id = requester.authenticated_entity

View File

@ -376,11 +376,6 @@ class RegistrationHandler(BaseHandler):
action="join",
ratelimit=False,
)
except ConsentNotGivenError as e:
# Technically not necessary to pull out this error though
# moving away from bare excepts is a good thing to do.
logger.error("Failed to join new user to %r: %r", r, e)
except Exception as e:
logger.error("Failed to join new user to %r: %r", r, e)

View File

@ -833,6 +833,16 @@ class UserMediaRestServlet(RestServlet):
class UserTokenRestServlet(RestServlet):
"""An admin API for logging in as a user.
Example:
POST /_synapse/admin/v1/users/@test:example.com/login
{}
200 OK
{
"access_token": "<some_token>"
}
"""
PATTERNS = admin_patterns("/users/(?P<user_id>[^/]*)/login$")
@ -843,7 +853,7 @@ class UserTokenRestServlet(RestServlet):
self.auth = hs.get_auth()
self.auth_handler = hs.get_auth_handler()
async def on_PUT(self, request, user_id):
async def on_POST(self, request, user_id):
requester = await self.auth.get_user_by_req(request)
await assert_user_is_admin(self.auth, requester.user)
auth_user = requester.user
@ -851,7 +861,7 @@ class UserTokenRestServlet(RestServlet):
if not self.hs.is_mine_id(user_id):
raise SynapseError(400, "Only local users can be logged in as")
body = parse_json_object_from_request(request)
body = parse_json_object_from_request(request, allow_empty_body=True)
valid_until_ms = body.get("valid_until_ms")
if valid_until_ms and not isinstance(valid_until_ms, int):

View File

@ -1550,7 +1550,7 @@ class UserTokenRestTestCase(unittest.HomeserverTestCase):
def _get_token(self) -> str:
request, channel = self.make_request(
"PUT", self.url, b"{}", access_token=self.admin_user_tok
"POST", self.url, b"{}", access_token=self.admin_user_tok
)
self.render(request)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
@ -1559,7 +1559,7 @@ class UserTokenRestTestCase(unittest.HomeserverTestCase):
def test_no_auth(self):
"""Try to login as a user without authentication.
"""
request, channel = self.make_request("PUT", self.url, b"{}")
request, channel = self.make_request("POST", self.url, b"{}")
self.render(request)
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
@ -1569,7 +1569,7 @@ class UserTokenRestTestCase(unittest.HomeserverTestCase):
"""Try to login as a user as a non-admin user.
"""
request, channel = self.make_request(
"PUT", self.url, b"{}", access_token=self.other_user_tok
"POST", self.url, b"{}", access_token=self.other_user_tok
)
self.render(request)
@ -1753,12 +1753,12 @@ class UserTokenRestTestCase(unittest.HomeserverTestCase):
# Create a room as the admin user. This will bump the monthly active users to 1.
room_id = self.helper.create_room_as(self.admin_user, tok=self.admin_user_tok)
# Trying to join as the other user should fail.
# Trying to join as the other user should fail due to reaching MAU limit.
self.helper.join(
room_id, user=self.other_user, tok=self.other_user_tok, expect_code=403
)
# Logging in as the other user and joining a room should work, even
# though they should be denied.
# though the MAU limit would stop the user doing so.
puppet_token = self._get_token()
self.helper.join(room_id, user=self.other_user, tok=puppet_token)