Apply an IP range blacklist to push and key revocation requests. (#8821)

Replaces the `federation_ip_range_blacklist` configuration setting with an
`ip_range_blacklist` setting with wider scope. It now applies to:

* Federation
* Identity servers
* Push notifications
* Checking key validitity for third-party invite events

The old `federation_ip_range_blacklist` setting is still honored if present, but
with reduced scope (it only applies to federation and identity servers).
This commit is contained in:
Patrick Cloke 2020-12-02 11:09:24 -05:00 committed by GitHub
parent c5b6abd53d
commit 30fba62108
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
43 changed files with 175 additions and 114 deletions

1
changelog.d/8821.bugfix Normal file
View File

@ -0,0 +1 @@
Apply the `federation_ip_range_blacklist` to push and key revocation requests.

View File

@ -642,17 +642,19 @@ acme:
# - nyc.example.com # - nyc.example.com
# - syd.example.com # - syd.example.com
# Prevent federation requests from being sent to the following # Prevent outgoing requests from being sent to the following blacklisted IP address
# blacklist IP address CIDR ranges. If this option is not specified, or # CIDR ranges. If this option is not specified, or specified with an empty list,
# specified with an empty list, no ip range blacklist will be enforced. # no IP range blacklist will be enforced.
# #
# As of Synapse v1.4.0 this option also affects any outbound requests to identity # The blacklist applies to the outbound requests for federation, identity servers,
# servers provided by user input. # push servers, and for checking key validitity for third-party invite events.
# #
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly # (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
# listed here, since they correspond to unroutable addresses.) # listed here, since they correspond to unroutable addresses.)
# #
federation_ip_range_blacklist: # This option replaces federation_ip_range_blacklist in Synapse v1.24.0.
#
ip_range_blacklist:
- '127.0.0.0/8' - '127.0.0.0/8'
- '10.0.0.0/8' - '10.0.0.0/8'
- '172.16.0.0/12' - '172.16.0.0/12'

View File

@ -266,7 +266,6 @@ class GenericWorkerPresence(BasePresenceHandler):
super().__init__(hs) super().__init__(hs)
self.hs = hs self.hs = hs
self.is_mine_id = hs.is_mine_id self.is_mine_id = hs.is_mine_id
self.http_client = hs.get_simple_http_client()
self._presence_enabled = hs.config.use_presence self._presence_enabled = hs.config.use_presence

View File

@ -36,22 +36,30 @@ class FederationConfig(Config):
for domain in federation_domain_whitelist: for domain in federation_domain_whitelist:
self.federation_domain_whitelist[domain] = True self.federation_domain_whitelist[domain] = True
self.federation_ip_range_blacklist = config.get( ip_range_blacklist = config.get("ip_range_blacklist", [])
"federation_ip_range_blacklist", []
)
# Attempt to create an IPSet from the given ranges # Attempt to create an IPSet from the given ranges
try: try:
self.federation_ip_range_blacklist = IPSet( self.ip_range_blacklist = IPSet(ip_range_blacklist)
self.federation_ip_range_blacklist except Exception as e:
) raise ConfigError("Invalid range(s) provided in ip_range_blacklist: %s" % e)
# Always blacklist 0.0.0.0, ::
self.ip_range_blacklist.update(["0.0.0.0", "::"])
# Always blacklist 0.0.0.0, :: # The federation_ip_range_blacklist is used for backwards-compatibility
self.federation_ip_range_blacklist.update(["0.0.0.0", "::"]) # and only applies to federation and identity servers. If it is not given,
# default to ip_range_blacklist.
federation_ip_range_blacklist = config.get(
"federation_ip_range_blacklist", ip_range_blacklist
)
try:
self.federation_ip_range_blacklist = IPSet(federation_ip_range_blacklist)
except Exception as e: except Exception as e:
raise ConfigError( raise ConfigError(
"Invalid range(s) provided in federation_ip_range_blacklist: %s" % e "Invalid range(s) provided in federation_ip_range_blacklist: %s" % e
) )
# Always blacklist 0.0.0.0, ::
self.federation_ip_range_blacklist.update(["0.0.0.0", "::"])
federation_metrics_domains = config.get("federation_metrics_domains") or [] federation_metrics_domains = config.get("federation_metrics_domains") or []
validate_config( validate_config(
@ -76,17 +84,19 @@ class FederationConfig(Config):
# - nyc.example.com # - nyc.example.com
# - syd.example.com # - syd.example.com
# Prevent federation requests from being sent to the following # Prevent outgoing requests from being sent to the following blacklisted IP address
# blacklist IP address CIDR ranges. If this option is not specified, or # CIDR ranges. If this option is not specified, or specified with an empty list,
# specified with an empty list, no ip range blacklist will be enforced. # no IP range blacklist will be enforced.
# #
# As of Synapse v1.4.0 this option also affects any outbound requests to identity # The blacklist applies to the outbound requests for federation, identity servers,
# servers provided by user input. # push servers, and for checking key validitity for third-party invite events.
# #
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly # (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
# listed here, since they correspond to unroutable addresses.) # listed here, since they correspond to unroutable addresses.)
# #
federation_ip_range_blacklist: # This option replaces federation_ip_range_blacklist in Synapse v1.24.0.
#
ip_range_blacklist:
- '127.0.0.0/8' - '127.0.0.0/8'
- '10.0.0.0/8' - '10.0.0.0/8'
- '172.16.0.0/12' - '172.16.0.0/12'

View File

@ -578,7 +578,7 @@ class PerspectivesKeyFetcher(BaseV2KeyFetcher):
def __init__(self, hs): def __init__(self, hs):
super().__init__(hs) super().__init__(hs)
self.clock = hs.get_clock() self.clock = hs.get_clock()
self.client = hs.get_http_client() self.client = hs.get_federation_http_client()
self.key_servers = self.config.key_servers self.key_servers = self.config.key_servers
async def get_keys(self, keys_to_fetch): async def get_keys(self, keys_to_fetch):
@ -748,7 +748,7 @@ class ServerKeyFetcher(BaseV2KeyFetcher):
def __init__(self, hs): def __init__(self, hs):
super().__init__(hs) super().__init__(hs)
self.clock = hs.get_clock() self.clock = hs.get_clock()
self.client = hs.get_http_client() self.client = hs.get_federation_http_client()
async def get_keys(self, keys_to_fetch): async def get_keys(self, keys_to_fetch):
""" """

View File

@ -845,7 +845,6 @@ class FederationHandlerRegistry:
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
self.config = hs.config self.config = hs.config
self.http_client = hs.get_simple_http_client()
self.clock = hs.get_clock() self.clock = hs.get_clock()
self._instance_name = hs.get_instance_name() self._instance_name = hs.get_instance_name()

View File

@ -35,7 +35,7 @@ class TransportLayerClient:
def __init__(self, hs): def __init__(self, hs):
self.server_name = hs.hostname self.server_name = hs.hostname
self.client = hs.get_http_client() self.client = hs.get_federation_http_client()
@log_function @log_function
def get_room_state_ids(self, destination, room_id, event_id): def get_room_state_ids(self, destination, room_id, event_id):

View File

@ -140,7 +140,7 @@ class FederationHandler(BaseHandler):
self._message_handler = hs.get_message_handler() self._message_handler = hs.get_message_handler()
self._server_notices_mxid = hs.config.server_notices_mxid self._server_notices_mxid = hs.config.server_notices_mxid
self.config = hs.config self.config = hs.config
self.http_client = hs.get_simple_http_client() self.http_client = hs.get_proxied_blacklisted_http_client()
self._instance_name = hs.get_instance_name() self._instance_name = hs.get_instance_name()
self._replication = hs.get_replication_data_handler() self._replication = hs.get_replication_data_handler()

View File

@ -46,13 +46,13 @@ class IdentityHandler(BaseHandler):
def __init__(self, hs): def __init__(self, hs):
super().__init__(hs) super().__init__(hs)
# An HTTP client for contacting trusted URLs.
self.http_client = SimpleHttpClient(hs) self.http_client = SimpleHttpClient(hs)
# We create a blacklisting instance of SimpleHttpClient for contacting identity # An HTTP client for contacting identity servers specified by clients.
# servers specified by clients
self.blacklisting_http_client = SimpleHttpClient( self.blacklisting_http_client = SimpleHttpClient(
hs, ip_blacklist=hs.config.federation_ip_range_blacklist hs, ip_blacklist=hs.config.federation_ip_range_blacklist
) )
self.federation_http_client = hs.get_http_client() self.federation_http_client = hs.get_federation_http_client()
self.hs = hs self.hs = hs
async def threepid_from_creds( async def threepid_from_creds(

View File

@ -125,7 +125,7 @@ def _make_scheduler(reactor):
return _scheduler return _scheduler
class IPBlacklistingResolver: class _IPBlacklistingResolver:
""" """
A proxy for reactor.nameResolver which only produces non-blacklisted IP A proxy for reactor.nameResolver which only produces non-blacklisted IP
addresses, preventing DNS rebinding attacks on URL preview. addresses, preventing DNS rebinding attacks on URL preview.
@ -199,6 +199,35 @@ class IPBlacklistingResolver:
return r return r
@implementer(IReactorPluggableNameResolver)
class BlacklistingReactorWrapper:
"""
A Reactor wrapper which will prevent DNS resolution to blacklisted IP
addresses, to prevent DNS rebinding.
"""
def __init__(
self,
reactor: IReactorPluggableNameResolver,
ip_whitelist: Optional[IPSet],
ip_blacklist: IPSet,
):
self._reactor = reactor
# We need to use a DNS resolver which filters out blacklisted IP
# addresses, to prevent DNS rebinding.
self._nameResolver = _IPBlacklistingResolver(
self._reactor, ip_whitelist, ip_blacklist
)
def __getattr__(self, attr: str) -> Any:
# Passthrough to the real reactor except for the DNS resolver.
if attr == "nameResolver":
return self._nameResolver
else:
return getattr(self._reactor, attr)
class BlacklistingAgentWrapper(Agent): class BlacklistingAgentWrapper(Agent):
""" """
An Agent wrapper which will prevent access to IP addresses being accessed An Agent wrapper which will prevent access to IP addresses being accessed
@ -292,22 +321,11 @@ class SimpleHttpClient:
self.user_agent = self.user_agent.encode("ascii") self.user_agent = self.user_agent.encode("ascii")
if self._ip_blacklist: if self._ip_blacklist:
real_reactor = hs.get_reactor()
# If we have an IP blacklist, we need to use a DNS resolver which # If we have an IP blacklist, we need to use a DNS resolver which
# filters out blacklisted IP addresses, to prevent DNS rebinding. # filters out blacklisted IP addresses, to prevent DNS rebinding.
nameResolver = IPBlacklistingResolver( self.reactor = BlacklistingReactorWrapper(
real_reactor, self._ip_whitelist, self._ip_blacklist hs.get_reactor(), self._ip_whitelist, self._ip_blacklist
) )
@implementer(IReactorPluggableNameResolver)
class Reactor:
def __getattr__(_self, attr):
if attr == "nameResolver":
return nameResolver
else:
return getattr(real_reactor, attr)
self.reactor = Reactor()
else: else:
self.reactor = hs.get_reactor() self.reactor = hs.get_reactor()

View File

@ -16,7 +16,7 @@ import logging
import urllib.parse import urllib.parse
from typing import List, Optional from typing import List, Optional
from netaddr import AddrFormatError, IPAddress from netaddr import AddrFormatError, IPAddress, IPSet
from zope.interface import implementer from zope.interface import implementer
from twisted.internet import defer from twisted.internet import defer
@ -31,6 +31,7 @@ from twisted.web.http_headers import Headers
from twisted.web.iweb import IAgent, IAgentEndpointFactory, IBodyProducer from twisted.web.iweb import IAgent, IAgentEndpointFactory, IBodyProducer
from synapse.crypto.context_factory import FederationPolicyForHTTPS from synapse.crypto.context_factory import FederationPolicyForHTTPS
from synapse.http.client import BlacklistingAgentWrapper
from synapse.http.federation.srv_resolver import Server, SrvResolver from synapse.http.federation.srv_resolver import Server, SrvResolver
from synapse.http.federation.well_known_resolver import WellKnownResolver from synapse.http.federation.well_known_resolver import WellKnownResolver
from synapse.logging.context import make_deferred_yieldable, run_in_background from synapse.logging.context import make_deferred_yieldable, run_in_background
@ -70,6 +71,7 @@ class MatrixFederationAgent:
reactor: IReactorCore, reactor: IReactorCore,
tls_client_options_factory: Optional[FederationPolicyForHTTPS], tls_client_options_factory: Optional[FederationPolicyForHTTPS],
user_agent: bytes, user_agent: bytes,
ip_blacklist: IPSet,
_srv_resolver: Optional[SrvResolver] = None, _srv_resolver: Optional[SrvResolver] = None,
_well_known_resolver: Optional[WellKnownResolver] = None, _well_known_resolver: Optional[WellKnownResolver] = None,
): ):
@ -90,12 +92,18 @@ class MatrixFederationAgent:
self.user_agent = user_agent self.user_agent = user_agent
if _well_known_resolver is None: if _well_known_resolver is None:
# Note that the name resolver has already been wrapped in a
# IPBlacklistingResolver by MatrixFederationHttpClient.
_well_known_resolver = WellKnownResolver( _well_known_resolver = WellKnownResolver(
self._reactor, self._reactor,
agent=Agent( agent=BlacklistingAgentWrapper(
Agent(
self._reactor,
pool=self._pool,
contextFactory=tls_client_options_factory,
),
self._reactor, self._reactor,
pool=self._pool, ip_blacklist=ip_blacklist,
contextFactory=tls_client_options_factory,
), ),
user_agent=self.user_agent, user_agent=self.user_agent,
) )

View File

@ -26,11 +26,10 @@ import treq
from canonicaljson import encode_canonical_json from canonicaljson import encode_canonical_json
from prometheus_client import Counter from prometheus_client import Counter
from signedjson.sign import sign_json from signedjson.sign import sign_json
from zope.interface import implementer
from twisted.internet import defer from twisted.internet import defer
from twisted.internet.error import DNSLookupError from twisted.internet.error import DNSLookupError
from twisted.internet.interfaces import IReactorPluggableNameResolver, IReactorTime from twisted.internet.interfaces import IReactorTime
from twisted.internet.task import _EPSILON, Cooperator from twisted.internet.task import _EPSILON, Cooperator
from twisted.web.http_headers import Headers from twisted.web.http_headers import Headers
from twisted.web.iweb import IBodyProducer, IResponse from twisted.web.iweb import IBodyProducer, IResponse
@ -45,7 +44,7 @@ from synapse.api.errors import (
from synapse.http import QuieterFileBodyProducer from synapse.http import QuieterFileBodyProducer
from synapse.http.client import ( from synapse.http.client import (
BlacklistingAgentWrapper, BlacklistingAgentWrapper,
IPBlacklistingResolver, BlacklistingReactorWrapper,
encode_query_args, encode_query_args,
readBodyToFile, readBodyToFile,
) )
@ -221,31 +220,22 @@ class MatrixFederationHttpClient:
self.signing_key = hs.signing_key self.signing_key = hs.signing_key
self.server_name = hs.hostname self.server_name = hs.hostname
real_reactor = hs.get_reactor()
# We need to use a DNS resolver which filters out blacklisted IP # We need to use a DNS resolver which filters out blacklisted IP
# addresses, to prevent DNS rebinding. # addresses, to prevent DNS rebinding.
nameResolver = IPBlacklistingResolver( self.reactor = BlacklistingReactorWrapper(
real_reactor, None, hs.config.federation_ip_range_blacklist hs.get_reactor(), None, hs.config.federation_ip_range_blacklist
) )
@implementer(IReactorPluggableNameResolver)
class Reactor:
def __getattr__(_self, attr):
if attr == "nameResolver":
return nameResolver
else:
return getattr(real_reactor, attr)
self.reactor = Reactor()
user_agent = hs.version_string user_agent = hs.version_string
if hs.config.user_agent_suffix: if hs.config.user_agent_suffix:
user_agent = "%s %s" % (user_agent, hs.config.user_agent_suffix) user_agent = "%s %s" % (user_agent, hs.config.user_agent_suffix)
user_agent = user_agent.encode("ascii") user_agent = user_agent.encode("ascii")
self.agent = MatrixFederationAgent( self.agent = MatrixFederationAgent(
self.reactor, tls_client_options_factory, user_agent self.reactor,
tls_client_options_factory,
user_agent,
hs.config.federation_ip_range_blacklist,
) )
# Use a BlacklistingAgentWrapper to prevent circumventing the IP # Use a BlacklistingAgentWrapper to prevent circumventing the IP

View File

@ -100,7 +100,7 @@ class HttpPusher:
if "url" not in self.data: if "url" not in self.data:
raise PusherConfigException("'url' required in data for HTTP pusher") raise PusherConfigException("'url' required in data for HTTP pusher")
self.url = self.data["url"] self.url = self.data["url"]
self.http_client = hs.get_proxied_http_client() self.http_client = hs.get_proxied_blacklisted_http_client()
self.data_minus_url = {} self.data_minus_url = {}
self.data_minus_url.update(self.data) self.data_minus_url.update(self.data)
del self.data_minus_url["url"] del self.data_minus_url["url"]

View File

@ -66,7 +66,7 @@ class MediaRepository:
def __init__(self, hs): def __init__(self, hs):
self.hs = hs self.hs = hs
self.auth = hs.get_auth() self.auth = hs.get_auth()
self.client = hs.get_http_client() self.client = hs.get_federation_http_client()
self.clock = hs.get_clock() self.clock = hs.get_clock()
self.server_name = hs.hostname self.server_name = hs.hostname
self.store = hs.get_datastore() self.store = hs.get_datastore()

View File

@ -350,16 +350,45 @@ class HomeServer(metaclass=abc.ABCMeta):
@cache_in_self @cache_in_self
def get_simple_http_client(self) -> SimpleHttpClient: def get_simple_http_client(self) -> SimpleHttpClient:
"""
An HTTP client with no special configuration.
"""
return SimpleHttpClient(self) return SimpleHttpClient(self)
@cache_in_self @cache_in_self
def get_proxied_http_client(self) -> SimpleHttpClient: def get_proxied_http_client(self) -> SimpleHttpClient:
"""
An HTTP client that uses configured HTTP(S) proxies.
"""
return SimpleHttpClient( return SimpleHttpClient(
self, self,
http_proxy=os.getenvb(b"http_proxy"), http_proxy=os.getenvb(b"http_proxy"),
https_proxy=os.getenvb(b"HTTPS_PROXY"), https_proxy=os.getenvb(b"HTTPS_PROXY"),
) )
@cache_in_self
def get_proxied_blacklisted_http_client(self) -> SimpleHttpClient:
"""
An HTTP client that uses configured HTTP(S) proxies and blacklists IPs
based on the IP range blacklist.
"""
return SimpleHttpClient(
self,
ip_blacklist=self.config.ip_range_blacklist,
http_proxy=os.getenvb(b"http_proxy"),
https_proxy=os.getenvb(b"HTTPS_PROXY"),
)
@cache_in_self
def get_federation_http_client(self) -> MatrixFederationHttpClient:
"""
An HTTP client for federation.
"""
tls_client_options_factory = context_factory.FederationPolicyForHTTPS(
self.config
)
return MatrixFederationHttpClient(self, tls_client_options_factory)
@cache_in_self @cache_in_self
def get_room_creation_handler(self) -> RoomCreationHandler: def get_room_creation_handler(self) -> RoomCreationHandler:
return RoomCreationHandler(self) return RoomCreationHandler(self)
@ -514,13 +543,6 @@ class HomeServer(metaclass=abc.ABCMeta):
def get_pusherpool(self) -> PusherPool: def get_pusherpool(self) -> PusherPool:
return PusherPool(self) return PusherPool(self)
@cache_in_self
def get_http_client(self) -> MatrixFederationHttpClient:
tls_client_options_factory = context_factory.FederationPolicyForHTTPS(
self.config
)
return MatrixFederationHttpClient(self, tls_client_options_factory)
@cache_in_self @cache_in_self
def get_media_repository_resource(self) -> MediaRepositoryResource: def get_media_repository_resource(self) -> MediaRepositoryResource:
# build the media repo resource. This indirects through the HomeServer # build the media repo resource. This indirects through the HomeServer

View File

@ -50,7 +50,9 @@ class FilteringTestCase(unittest.TestCase):
self.mock_http_client.put_json = DeferredMockCallable() self.mock_http_client.put_json = DeferredMockCallable()
hs = yield setup_test_homeserver( hs = yield setup_test_homeserver(
self.addCleanup, http_client=self.mock_http_client, keyring=Mock(), self.addCleanup,
federation_http_client=self.mock_http_client,
keyring=Mock(),
) )
self.filtering = hs.get_filtering() self.filtering = hs.get_filtering()

View File

@ -23,7 +23,7 @@ class FrontendProxyTests(HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
http_client=None, homeserver_to_use=GenericWorkerServer federation_http_client=None, homeserver_to_use=GenericWorkerServer
) )
return hs return hs

View File

@ -27,7 +27,7 @@ from tests.unittest import HomeserverTestCase
class FederationReaderOpenIDListenerTests(HomeserverTestCase): class FederationReaderOpenIDListenerTests(HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
http_client=None, homeserver_to_use=GenericWorkerServer federation_http_client=None, homeserver_to_use=GenericWorkerServer
) )
return hs return hs
@ -84,7 +84,7 @@ class FederationReaderOpenIDListenerTests(HomeserverTestCase):
class SynapseHomeserverOpenIDListenerTests(HomeserverTestCase): class SynapseHomeserverOpenIDListenerTests(HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
http_client=None, homeserver_to_use=SynapseHomeServer federation_http_client=None, homeserver_to_use=SynapseHomeServer
) )
return hs return hs

View File

@ -315,7 +315,7 @@ class KeyringTestCase(unittest.HomeserverTestCase):
class ServerKeyFetcherTestCase(unittest.HomeserverTestCase): class ServerKeyFetcherTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
self.http_client = Mock() self.http_client = Mock()
hs = self.setup_test_homeserver(http_client=self.http_client) hs = self.setup_test_homeserver(federation_http_client=self.http_client)
return hs return hs
def test_get_keys_from_server(self): def test_get_keys_from_server(self):
@ -395,7 +395,9 @@ class PerspectivesKeyFetcherTestCase(unittest.HomeserverTestCase):
} }
] ]
return self.setup_test_homeserver(http_client=self.http_client, config=config) return self.setup_test_homeserver(
federation_http_client=self.http_client, config=config
)
def build_perspectives_response( def build_perspectives_response(
self, server_name: str, signing_key: SigningKey, valid_until_ts: int, self, server_name: str, signing_key: SigningKey, valid_until_ts: int,

View File

@ -27,7 +27,7 @@ user2 = "@theresa:bbb"
class DeviceTestCase(unittest.HomeserverTestCase): class DeviceTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver("server", http_client=None) hs = self.setup_test_homeserver("server", federation_http_client=None)
self.handler = hs.get_device_handler() self.handler = hs.get_device_handler()
self.store = hs.get_datastore() self.store = hs.get_datastore()
return hs return hs
@ -229,7 +229,7 @@ class DeviceTestCase(unittest.HomeserverTestCase):
class DehydrationTestCase(unittest.HomeserverTestCase): class DehydrationTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver("server", http_client=None) hs = self.setup_test_homeserver("server", federation_http_client=None)
self.handler = hs.get_device_handler() self.handler = hs.get_device_handler()
self.registration = hs.get_registration_handler() self.registration = hs.get_registration_handler()
self.auth = hs.get_auth() self.auth = hs.get_auth()

View File

@ -42,7 +42,7 @@ class DirectoryTestCase(unittest.HomeserverTestCase):
self.mock_registry.register_query_handler = register_query_handler self.mock_registry.register_query_handler = register_query_handler
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
http_client=None, federation_http_client=None,
resource_for_federation=Mock(), resource_for_federation=Mock(),
federation_client=self.mock_federation, federation_client=self.mock_federation,
federation_registry=self.mock_registry, federation_registry=self.mock_registry,

View File

@ -37,7 +37,7 @@ class FederationTestCase(unittest.HomeserverTestCase):
] ]
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver(http_client=None) hs = self.setup_test_homeserver(federation_http_client=None)
self.handler = hs.get_federation_handler() self.handler = hs.get_federation_handler()
self.store = hs.get_datastore() self.store = hs.get_datastore()
return hs return hs

View File

@ -463,7 +463,7 @@ class PresenceJoinTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
"server", http_client=None, federation_sender=Mock() "server", federation_http_client=None, federation_sender=Mock()
) )
return hs return hs

View File

@ -44,7 +44,7 @@ class ProfileTestCase(unittest.TestCase):
hs = yield setup_test_homeserver( hs = yield setup_test_homeserver(
self.addCleanup, self.addCleanup,
http_client=None, federation_http_client=None,
resource_for_federation=Mock(), resource_for_federation=Mock(),
federation_client=self.mock_federation, federation_client=self.mock_federation,
federation_server=Mock(), federation_server=Mock(),

View File

@ -70,7 +70,7 @@ class TypingNotificationsTestCase(unittest.HomeserverTestCase):
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
notifier=Mock(), notifier=Mock(),
http_client=mock_federation_client, federation_http_client=mock_federation_client,
keyring=mock_keyring, keyring=mock_keyring,
replication_streams={}, replication_streams={},
) )
@ -192,7 +192,7 @@ class TypingNotificationsTestCase(unittest.HomeserverTestCase):
) )
) )
put_json = self.hs.get_http_client().put_json put_json = self.hs.get_federation_http_client().put_json
put_json.assert_called_once_with( put_json.assert_called_once_with(
"farm", "farm",
path="/_matrix/federation/v1/send/1000000", path="/_matrix/federation/v1/send/1000000",
@ -270,7 +270,7 @@ class TypingNotificationsTestCase(unittest.HomeserverTestCase):
self.on_new_event.assert_has_calls([call("typing_key", 1, rooms=[ROOM_ID])]) self.on_new_event.assert_has_calls([call("typing_key", 1, rooms=[ROOM_ID])])
put_json = self.hs.get_http_client().put_json put_json = self.hs.get_federation_http_client().put_json
put_json.assert_called_once_with( put_json.assert_called_once_with(
"farm", "farm",
path="/_matrix/federation/v1/send/1000000", path="/_matrix/federation/v1/send/1000000",

View File

@ -17,6 +17,7 @@ import logging
from mock import Mock from mock import Mock
import treq import treq
from netaddr import IPSet
from service_identity import VerificationError from service_identity import VerificationError
from zope.interface import implementer from zope.interface import implementer
@ -103,6 +104,7 @@ class MatrixFederationAgentTests(unittest.TestCase):
reactor=self.reactor, reactor=self.reactor,
tls_client_options_factory=self.tls_factory, tls_client_options_factory=self.tls_factory,
user_agent="test-agent", # Note that this is unused since _well_known_resolver is provided. user_agent="test-agent", # Note that this is unused since _well_known_resolver is provided.
ip_blacklist=IPSet(),
_srv_resolver=self.mock_resolver, _srv_resolver=self.mock_resolver,
_well_known_resolver=self.well_known_resolver, _well_known_resolver=self.well_known_resolver,
) )
@ -736,6 +738,7 @@ class MatrixFederationAgentTests(unittest.TestCase):
reactor=self.reactor, reactor=self.reactor,
tls_client_options_factory=tls_factory, tls_client_options_factory=tls_factory,
user_agent=b"test-agent", # This is unused since _well_known_resolver is passed below. user_agent=b"test-agent", # This is unused since _well_known_resolver is passed below.
ip_blacklist=IPSet(),
_srv_resolver=self.mock_resolver, _srv_resolver=self.mock_resolver,
_well_known_resolver=WellKnownResolver( _well_known_resolver=WellKnownResolver(
self.reactor, self.reactor,

View File

@ -49,7 +49,9 @@ class HTTPPusherTests(HomeserverTestCase):
config = self.default_config() config = self.default_config()
config["start_pushers"] = True config["start_pushers"] = True
hs = self.setup_test_homeserver(config=config, proxied_http_client=m) hs = self.setup_test_homeserver(
config=config, proxied_blacklisted_http_client=m
)
return hs return hs

View File

@ -67,7 +67,7 @@ class BaseStreamTestCase(unittest.HomeserverTestCase):
# Make a new HomeServer object for the worker # Make a new HomeServer object for the worker
self.reactor.lookups["testserv"] = "1.2.3.4" self.reactor.lookups["testserv"] = "1.2.3.4"
self.worker_hs = self.setup_test_homeserver( self.worker_hs = self.setup_test_homeserver(
http_client=None, federation_http_client=None,
homeserver_to_use=GenericWorkerServer, homeserver_to_use=GenericWorkerServer,
config=self._get_worker_hs_config(), config=self._get_worker_hs_config(),
reactor=self.reactor, reactor=self.reactor,
@ -264,7 +264,7 @@ class BaseMultiWorkerStreamTestCase(unittest.HomeserverTestCase):
worker_app: Type of worker, e.g. `synapse.app.federation_sender`. worker_app: Type of worker, e.g. `synapse.app.federation_sender`.
extra_config: Any extra config to use for this instances. extra_config: Any extra config to use for this instances.
**kwargs: Options that get passed to `self.setup_test_homeserver`, **kwargs: Options that get passed to `self.setup_test_homeserver`,
useful to e.g. pass some mocks for things like `http_client` useful to e.g. pass some mocks for things like `federation_http_client`
Returns: Returns:
The new worker HomeServer instance. The new worker HomeServer instance.

View File

@ -50,7 +50,7 @@ class FederationSenderTestCase(BaseMultiWorkerStreamTestCase):
self.make_worker_hs( self.make_worker_hs(
"synapse.app.federation_sender", "synapse.app.federation_sender",
{"send_federation": True}, {"send_federation": True},
http_client=mock_client, federation_http_client=mock_client,
) )
user = self.register_user("user", "pass") user = self.register_user("user", "pass")
@ -81,7 +81,7 @@ class FederationSenderTestCase(BaseMultiWorkerStreamTestCase):
"worker_name": "sender1", "worker_name": "sender1",
"federation_sender_instances": ["sender1", "sender2"], "federation_sender_instances": ["sender1", "sender2"],
}, },
http_client=mock_client1, federation_http_client=mock_client1,
) )
mock_client2 = Mock(spec=["put_json"]) mock_client2 = Mock(spec=["put_json"])
@ -93,7 +93,7 @@ class FederationSenderTestCase(BaseMultiWorkerStreamTestCase):
"worker_name": "sender2", "worker_name": "sender2",
"federation_sender_instances": ["sender1", "sender2"], "federation_sender_instances": ["sender1", "sender2"],
}, },
http_client=mock_client2, federation_http_client=mock_client2,
) )
user = self.register_user("user2", "pass") user = self.register_user("user2", "pass")
@ -144,7 +144,7 @@ class FederationSenderTestCase(BaseMultiWorkerStreamTestCase):
"worker_name": "sender1", "worker_name": "sender1",
"federation_sender_instances": ["sender1", "sender2"], "federation_sender_instances": ["sender1", "sender2"],
}, },
http_client=mock_client1, federation_http_client=mock_client1,
) )
mock_client2 = Mock(spec=["put_json"]) mock_client2 = Mock(spec=["put_json"])
@ -156,7 +156,7 @@ class FederationSenderTestCase(BaseMultiWorkerStreamTestCase):
"worker_name": "sender2", "worker_name": "sender2",
"federation_sender_instances": ["sender1", "sender2"], "federation_sender_instances": ["sender1", "sender2"],
}, },
http_client=mock_client2, federation_http_client=mock_client2,
) )
user = self.register_user("user3", "pass") user = self.register_user("user3", "pass")

View File

@ -98,7 +98,7 @@ class PusherShardTestCase(BaseMultiWorkerStreamTestCase):
self.make_worker_hs( self.make_worker_hs(
"synapse.app.pusher", "synapse.app.pusher",
{"start_pushers": True}, {"start_pushers": True},
proxied_http_client=http_client_mock, proxied_blacklisted_http_client=http_client_mock,
) )
event_id = self._create_pusher_and_send_msg("user") event_id = self._create_pusher_and_send_msg("user")
@ -133,7 +133,7 @@ class PusherShardTestCase(BaseMultiWorkerStreamTestCase):
"worker_name": "pusher1", "worker_name": "pusher1",
"pusher_instances": ["pusher1", "pusher2"], "pusher_instances": ["pusher1", "pusher2"],
}, },
proxied_http_client=http_client_mock1, proxied_blacklisted_http_client=http_client_mock1,
) )
http_client_mock2 = Mock(spec_set=["post_json_get_json"]) http_client_mock2 = Mock(spec_set=["post_json_get_json"])
@ -148,7 +148,7 @@ class PusherShardTestCase(BaseMultiWorkerStreamTestCase):
"worker_name": "pusher2", "worker_name": "pusher2",
"pusher_instances": ["pusher1", "pusher2"], "pusher_instances": ["pusher1", "pusher2"],
}, },
proxied_http_client=http_client_mock2, proxied_blacklisted_http_client=http_client_mock2,
) )
# We choose a user name that we know should go to pusher1. # We choose a user name that we know should go to pusher1.

View File

@ -210,7 +210,7 @@ class QuarantineMediaTestCase(unittest.HomeserverTestCase):
} }
config["media_storage_providers"] = [provider_config] config["media_storage_providers"] = [provider_config]
hs = self.setup_test_homeserver(config=config, http_client=client) hs = self.setup_test_homeserver(config=config, federation_http_client=client)
return hs return hs

View File

@ -38,7 +38,7 @@ class PresenceTestCase(unittest.HomeserverTestCase):
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
"red", "red",
http_client=None, federation_http_client=None,
federation_client=Mock(), federation_client=Mock(),
presence_handler=presence_handler, presence_handler=presence_handler,
) )

View File

@ -63,7 +63,7 @@ class MockHandlerProfileTestCase(unittest.TestCase):
hs = yield setup_test_homeserver( hs = yield setup_test_homeserver(
self.addCleanup, self.addCleanup,
"test", "test",
http_client=None, federation_http_client=None,
resource_for_client=self.mock_resource, resource_for_client=self.mock_resource,
federation=Mock(), federation=Mock(),
federation_client=Mock(), federation_client=Mock(),

View File

@ -45,7 +45,7 @@ class RoomBase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
self.hs = self.setup_test_homeserver( self.hs = self.setup_test_homeserver(
"red", http_client=None, federation_client=Mock(), "red", federation_http_client=None, federation_client=Mock(),
) )
self.hs.get_federation_handler = Mock() self.hs.get_federation_handler = Mock()

View File

@ -39,7 +39,7 @@ class RoomTypingTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
"red", http_client=None, federation_client=Mock(), "red", federation_http_client=None, federation_client=Mock(),
) )
self.event_source = hs.get_event_sources().sources["typing"] self.event_source = hs.get_event_sources().sources["typing"]

View File

@ -39,7 +39,7 @@ from tests.utils import default_config
class BaseRemoteKeyResourceTestCase(unittest.HomeserverTestCase): class BaseRemoteKeyResourceTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
self.http_client = Mock() self.http_client = Mock()
return self.setup_test_homeserver(http_client=self.http_client) return self.setup_test_homeserver(federation_http_client=self.http_client)
def create_test_resource(self): def create_test_resource(self):
return create_resource_tree( return create_resource_tree(
@ -172,7 +172,7 @@ class EndToEndPerspectivesTests(BaseRemoteKeyResourceTestCase):
} }
] ]
self.hs2 = self.setup_test_homeserver( self.hs2 = self.setup_test_homeserver(
http_client=self.http_client2, config=config federation_http_client=self.http_client2, config=config
) )
# wire up outbound POST /key/v2/query requests from hs2 so that they # wire up outbound POST /key/v2/query requests from hs2 so that they

View File

@ -214,7 +214,7 @@ class MediaRepoTests(unittest.HomeserverTestCase):
} }
config["media_storage_providers"] = [provider_config] config["media_storage_providers"] = [provider_config]
hs = self.setup_test_homeserver(config=config, http_client=client) hs = self.setup_test_homeserver(config=config, federation_http_client=client)
return hs return hs

View File

@ -26,7 +26,7 @@ room_key = {
class E2eRoomKeysHandlerTestCase(unittest.HomeserverTestCase): class E2eRoomKeysHandlerTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver("server", http_client=None) hs = self.setup_test_homeserver("server", federation_http_client=None)
self.store = hs.get_datastore() self.store = hs.get_datastore()
return hs return hs

View File

@ -27,7 +27,7 @@ class PurgeTests(HomeserverTestCase):
servlets = [room.register_servlets] servlets = [room.register_servlets]
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver("server", http_client=None) hs = self.setup_test_homeserver("server", federation_http_client=None)
return hs return hs
def prepare(self, reactor, clock, hs): def prepare(self, reactor, clock, hs):

View File

@ -34,7 +34,7 @@ class RedactionTestCase(unittest.HomeserverTestCase):
config = self.default_config() config = self.default_config()
config["redaction_retention_period"] = "30d" config["redaction_retention_period"] = "30d"
return self.setup_test_homeserver( return self.setup_test_homeserver(
resource_for_federation=Mock(), http_client=None, config=config resource_for_federation=Mock(), federation_http_client=None, config=config
) )
def prepare(self, reactor, clock, hs): def prepare(self, reactor, clock, hs):

View File

@ -36,7 +36,7 @@ class RoomMemberStoreTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock): def make_homeserver(self, reactor, clock):
hs = self.setup_test_homeserver( hs = self.setup_test_homeserver(
resource_for_federation=Mock(), http_client=None resource_for_federation=Mock(), federation_http_client=None
) )
return hs return hs

View File

@ -37,7 +37,7 @@ class MessageAcceptTests(unittest.HomeserverTestCase):
self.hs_clock = Clock(self.reactor) self.hs_clock = Clock(self.reactor)
self.homeserver = setup_test_homeserver( self.homeserver = setup_test_homeserver(
self.addCleanup, self.addCleanup,
http_client=self.http_client, federation_http_client=self.http_client,
clock=self.hs_clock, clock=self.hs_clock,
reactor=self.reactor, reactor=self.reactor,
) )

View File

@ -38,7 +38,10 @@ class JsonResourceTests(unittest.TestCase):
self.reactor = ThreadedMemoryReactorClock() self.reactor = ThreadedMemoryReactorClock()
self.hs_clock = Clock(self.reactor) self.hs_clock = Clock(self.reactor)
self.homeserver = setup_test_homeserver( self.homeserver = setup_test_homeserver(
self.addCleanup, http_client=None, clock=self.hs_clock, reactor=self.reactor self.addCleanup,
federation_http_client=None,
clock=self.hs_clock,
reactor=self.reactor,
) )
def test_handler_for_request(self): def test_handler_for_request(self):