synapse/tests/rest/test_well_known.py

#
# This file is licensed under the Affero General Public License (AGPL) version 3.
#
# Copyright (C) 2023 New Vector, Ltd
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# See the GNU Affero General Public License for more details:
# <https://www.gnu.org/licenses/agpl-3.0.html>.
#
# Originally licensed under the Apache License, Version 2.0:
# <http://www.apache.org/licenses/LICENSE-2.0>.
#
# [This file includes modifications made by New Vector Limited]
#
#
from unittest.mock import AsyncMock

from twisted.web.resource import Resource

from synapse.rest.well_known import well_known_resource

from tests import unittest
from tests.utils import HAS_AUTHLIB


class WellKnownTests(unittest.HomeserverTestCase):
    def create_test_resource(self) -> Resource:
        # replace the JsonResource with a Resource wrapping the WellKnownResource
        res = Resource()
        res.putChild(b".well-known", well_known_resource(self.hs))
        return res

    @unittest.override_config(
        {
            "public_baseurl": "https://tesths",
            "default_identity_server": "https://testis",
        }
    )
    def test_client_well_known(self) -> None:
        channel = self.make_request(
            "GET", "/.well-known/matrix/client", shorthand=False
        )

        self.assertEqual(channel.code, 200)
        self.assertEqual(
            channel.json_body,
            {
                "m.homeserver": {"base_url": "https://tesths/"},
                "m.identity_server": {"base_url": "https://testis"},
            },
        )

    @unittest.override_config(
        {
            "public_baseurl": None,
        }
    )
    def test_client_well_known_no_public_baseurl(self) -> None:
        channel = self.make_request(
            "GET", "/.well-known/matrix/client", shorthand=False
        )

        self.assertEqual(channel.code, 404)

    @unittest.override_config(
        {
            "public_baseurl": "https://tesths",
            "default_identity_server": "https://testis",
            "extra_well_known_client_content": {"custom": False},
        }
    )
    def test_client_well_known_custom(self) -> None:
        channel = self.make_request(
            "GET", "/.well-known/matrix/client", shorthand=False
        )

        self.assertEqual(channel.code, 200)
        self.assertEqual(
            channel.json_body,
            {
                "m.homeserver": {"base_url": "https://tesths/"},
                "m.identity_server": {"base_url": "https://testis"},
                "custom": False,
            },
        )

    @unittest.override_config({"serve_server_wellknown": True})
    def test_server_well_known(self) -> None:
        channel = self.make_request(
            "GET", "/.well-known/matrix/server", shorthand=False
        )

        self.assertEqual(channel.code, 200)
        self.assertEqual(
            channel.json_body,
            {"m.server": "test:443"},
        )

    def test_server_well_known_disabled(self) -> None:
        channel = self.make_request(
            "GET", "/.well-known/matrix/server", shorthand=False
        )
        self.assertEqual(channel.code, 404)

    @unittest.skip_unless(HAS_AUTHLIB, "requires authlib")
    @unittest.override_config(
        {
            "public_baseurl": "https://homeserver",  # this is only required so that client well known is served
            "experimental_features": {
                "msc3861": {
                    "enabled": True,
                    "issuer": "https://issuer",
                    "client_id": "id",
                    "client_auth_method": "client_secret_post",
                    "client_secret": "secret",
                },
            },
            "disable_registration": True,
        }
    )
    def test_client_well_known_msc3861_oauth_delegation(self) -> None:
        # Patch the HTTP client to return the issuer metadata
        req_mock = AsyncMock(
            return_value={
                "issuer": "https://issuer",
                "account_management_uri": "https://my-account.issuer",
            }
        )
        self.hs.get_proxied_http_client().get_json = req_mock  # type: ignore[method-assign]

        for _ in range(2):
            channel = self.make_request(
                "GET", "/.well-known/matrix/client", shorthand=False
            )

            self.assertEqual(channel.code, 200)
            self.assertEqual(
                channel.json_body,
                {
                    "m.homeserver": {"base_url": "https://homeserver/"},
                    "org.matrix.msc2965.authentication": {
                        "issuer": "https://issuer",
                        "account": "https://my-account.issuer",
                    },
                },
            )

        # It should have been called exactly once, because it gets cached
        req_mock.assert_called_once_with(
            "https://issuer/.well-known/openid-configuration"
        )
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00			`#`
Update license headers 2023-11-21 13:29:58 -07:00			`# This file is licensed under the Affero General Public License (AGPL) version 3.`
			`#`
			`# Copyright (C) 2023 New Vector, Ltd`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU Affero General Public License as`
			`# published by the Free Software Foundation, either version 3 of the`
			`# License, or (at your option) any later version.`
			`#`
			`# See the GNU Affero General Public License for more details:`
			`# <https://www.gnu.org/licenses/agpl-3.0.html>.`
			`#`
			`# Originally licensed under the Apache License, Version 2.0:`
			`# <http://www.apache.org/licenses/LICENSE-2.0>.`
			`#`
			`# [This file includes modifications made by New Vector Limited]`
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00			`#`
			`#`
MSC3861: load the issuer and account management URLs from OIDC discovery (#17407) This will help mitigating any discrepancies between the issuer configured and the one returned by the OIDC provider. This also removes the need for configuring the `account_management_url` explicitely, as it will now be loaded from the OIDC discovery, as per MSC2965. Because we may now fetch stuff for the .well-known/matrix/client endpoint, this also transforms the client well-known resource to be asynchronous. 2024-08-30 08:04:08 -06:00			`from unittest.mock import AsyncMock`

Support for serving server well-known files (#11211) Fixes https://github.com/matrix-org/synapse/issues/8308 2021-11-01 09:10:16 -06:00			`from twisted.web.resource import Resource`
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00
Support for serving server well-known files (#11211) Fixes https://github.com/matrix-org/synapse/issues/8308 2021-11-01 09:10:16 -06:00			`from synapse.rest.well_known import well_known_resource`
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00
			`from tests import unittest`
Keep track of `user_ips` and `monthly_active_users` when delegating auth (#16672) * Describe `insert_client_ip` * Pull out client_ips and MAU tracking to BaseAuth * Define HAS_AUTHLIB once in tests sick of copypasting * Track ips and token usage when delegating auth * Test that we track MAU and user_ips * Don't track `__oidc_admin` 2023-11-23 05:35:37 -07:00			`from tests.utils import HAS_AUTHLIB`
Test MSC2965 implementation: well-known discovery document 2023-02-06 10:12:42 -07:00
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00
			`class WellKnownTests(unittest.HomeserverTestCase):`
Add type hints to `tests/rest` (#12146) * Add type hints to `tests/rest` * newsfile * change import from `SigningKey` 2022-03-03 09:05:44 -07:00			`def create_test_resource(self) -> Resource:`
Support for serving server well-known files (#11211) Fixes https://github.com/matrix-org/synapse/issues/8308 2021-11-01 09:10:16 -06:00			`# replace the JsonResource with a Resource wrapping the WellKnownResource`
			`res = Resource()`
			`res.putChild(b".well-known", well_known_resource(self.hs))`
			`return res`
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00
Use direct references for some configuration variables (#10798) Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit). 2021-09-13 11:07:12 -06:00			`@unittest.override_config(`
			`{`
			`"public_baseurl": "https://tesths",`
			`"default_identity_server": "https://testis",`
			`}`
			`)`
Add type hints to `tests/rest` (#12146) * Add type hints to `tests/rest` * newsfile * change import from `SigningKey` 2022-03-03 09:05:44 -07:00			`def test_client_well_known(self) -> None:`
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it. 2020-12-15 07:44:04 -07:00			`channel = self.make_request(`
Run Black on the tests again (#5170) 2019-05-09 23:12:11 -06:00			`"GET", "/.well-known/matrix/client", shorthand=False`
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00			`)`

Use literals in place of `HTTPStatus` constants in tests (#13463) 2022-08-05 08:59:09 -06:00			`self.assertEqual(channel.code, 200)`
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00			`self.assertEqual(`
Run Black on the tests again (#5170) 2019-05-09 23:12:11 -06:00			`channel.json_body,`
			`{`
Use direct references for some configuration variables (#10798) Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit). 2021-09-13 11:07:12 -06:00			`"m.homeserver": {"base_url": "https://tesths/"},`
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00			`"m.identity_server": {"base_url": "https://testis"},`
Run Black on the tests again (#5170) 2019-05-09 23:12:11 -06:00			`},`
Implement .well-known handling (#4262) Sometimes it's useful for synapse to generate its own .well-known file. 2018-12-05 06:38:58 -07:00			`)`
Backout changes for automatically calculating the public baseurl. (#9313) This breaks some people's configurations (if their Client-Server API is not accessed via port 443). 2021-02-11 09:16:54 -07:00
Use direct references for some configuration variables (#10798) Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit). 2021-09-13 11:07:12 -06:00			`@unittest.override_config(`
			`{`
			`"public_baseurl": None,`
			`}`
			`)`
Add type hints to `tests/rest` (#12146) * Add type hints to `tests/rest` * newsfile * change import from `SigningKey` 2022-03-03 09:05:44 -07:00			`def test_client_well_known_no_public_baseurl(self) -> None:`
Backout changes for automatically calculating the public baseurl. (#9313) This breaks some people's configurations (if their Client-Server API is not accessed via port 443). 2021-02-11 09:16:54 -07:00			`channel = self.make_request(`
			`"GET", "/.well-known/matrix/client", shorthand=False`
			`)`

Use literals in place of `HTTPStatus` constants in tests (#13463) 2022-08-05 08:59:09 -06:00			`self.assertEqual(channel.code, 404)`
Support for serving server well-known files (#11211) Fixes https://github.com/matrix-org/synapse/issues/8308 2021-11-01 09:10:16 -06:00
Add custom well-known (#13035) Co-authored-by: David Robertson <david.m.robertson1@gmail.com> 2022-06-16 04:48:18 -06:00			`@unittest.override_config(`
			`{`
			`"public_baseurl": "https://tesths",`
			`"default_identity_server": "https://testis",`
			`"extra_well_known_client_content": {"custom": False},`
			`}`
			`)`
			`def test_client_well_known_custom(self) -> None:`
			`channel = self.make_request(`
			`"GET", "/.well-known/matrix/client", shorthand=False`
			`)`

Use literals in place of `HTTPStatus` constants in tests (#13463) 2022-08-05 08:59:09 -06:00			`self.assertEqual(channel.code, 200)`
Add custom well-known (#13035) Co-authored-by: David Robertson <david.m.robertson1@gmail.com> 2022-06-16 04:48:18 -06:00			`self.assertEqual(`
			`channel.json_body,`
			`{`
			`"m.homeserver": {"base_url": "https://tesths/"},`
			`"m.identity_server": {"base_url": "https://testis"},`
			`"custom": False,`
			`},`
			`)`

Support for serving server well-known files (#11211) Fixes https://github.com/matrix-org/synapse/issues/8308 2021-11-01 09:10:16 -06:00			`@unittest.override_config({"serve_server_wellknown": True})`
Add type hints to `tests/rest` (#12146) * Add type hints to `tests/rest` * newsfile * change import from `SigningKey` 2022-03-03 09:05:44 -07:00			`def test_server_well_known(self) -> None:`
Support for serving server well-known files (#11211) Fixes https://github.com/matrix-org/synapse/issues/8308 2021-11-01 09:10:16 -06:00			`channel = self.make_request(`
			`"GET", "/.well-known/matrix/server", shorthand=False`
			`)`

Use literals in place of `HTTPStatus` constants in tests (#13463) 2022-08-05 08:59:09 -06:00			`self.assertEqual(channel.code, 200)`
Support for serving server well-known files (#11211) Fixes https://github.com/matrix-org/synapse/issues/8308 2021-11-01 09:10:16 -06:00			`self.assertEqual(`
			`channel.json_body,`
			`{"m.server": "test:443"},`
			`)`

Add type hints to `tests/rest` (#12146) * Add type hints to `tests/rest` * newsfile * change import from `SigningKey` 2022-03-03 09:05:44 -07:00			`def test_server_well_known_disabled(self) -> None:`
Support for serving server well-known files (#11211) Fixes https://github.com/matrix-org/synapse/issues/8308 2021-11-01 09:10:16 -06:00			`channel = self.make_request(`
			`"GET", "/.well-known/matrix/server", shorthand=False`
			`)`
Use literals in place of `HTTPStatus` constants in tests (#13463) 2022-08-05 08:59:09 -06:00			`self.assertEqual(channel.code, 404)`
Test MSC2965 implementation: well-known discovery document 2023-02-06 10:12:42 -07:00
			`@unittest.skip_unless(HAS_AUTHLIB, "requires authlib")`
			`@unittest.override_config(`
			`{`
			`"public_baseurl": "https://homeserver", # this is only required so that client well known is served`
Refactor config to be an experimental feature Also enforce you can't combine it with incompatible config options 2023-05-09 08:20:04 -06:00			`"experimental_features": {`
			`"msc3861": {`
			`"enabled": True,`
			`"issuer": "https://issuer",`
			`"client_id": "id",`
			`"client_auth_method": "client_secret_post",`
			`"client_secret": "secret",`
			`},`
Test MSC2965 implementation: well-known discovery document 2023-02-06 10:12:42 -07:00			`},`
Refactor config to be an experimental feature Also enforce you can't combine it with incompatible config options 2023-05-09 08:20:04 -06:00			`"disable_registration": True,`
Test MSC2965 implementation: well-known discovery document 2023-02-06 10:12:42 -07:00			`}`
			`)`
			`def test_client_well_known_msc3861_oauth_delegation(self) -> None:`
MSC3861: load the issuer and account management URLs from OIDC discovery (#17407) This will help mitigating any discrepancies between the issuer configured and the one returned by the OIDC provider. This also removes the need for configuring the `account_management_url` explicitely, as it will now be loaded from the OIDC discovery, as per MSC2965. Because we may now fetch stuff for the .well-known/matrix/client endpoint, this also transforms the client well-known resource to be asynchronous. 2024-08-30 08:04:08 -06:00			`# Patch the HTTP client to return the issuer metadata`
Format files with Ruff (#17643) I thought ruff check would also format, but it doesn't. This runs ruff format in CI and dev scripts. The first commit is just a run of `ruff format .` in the root directory. 2024-09-02 05:39:04 -06:00			`req_mock = AsyncMock(`
			`return_value={`
			`"issuer": "https://issuer",`
			`"account_management_uri": "https://my-account.issuer",`
			`}`
			`)`
MSC3861: load the issuer and account management URLs from OIDC discovery (#17407) This will help mitigating any discrepancies between the issuer configured and the one returned by the OIDC provider. This also removes the need for configuring the `account_management_url` explicitely, as it will now be loaded from the OIDC discovery, as per MSC2965. Because we may now fetch stuff for the .well-known/matrix/client endpoint, this also transforms the client well-known resource to be asynchronous. 2024-08-30 08:04:08 -06:00			`self.hs.get_proxied_http_client().get_json = req_mock # type: ignore[method-assign]`
Test MSC2965 implementation: well-known discovery document 2023-02-06 10:12:42 -07:00
MSC3861: load the issuer and account management URLs from OIDC discovery (#17407) This will help mitigating any discrepancies between the issuer configured and the one returned by the OIDC provider. This also removes the need for configuring the `account_management_url` explicitely, as it will now be loaded from the OIDC discovery, as per MSC2965. Because we may now fetch stuff for the .well-known/matrix/client endpoint, this also transforms the client well-known resource to be asynchronous. 2024-08-30 08:04:08 -06:00			`for _ in range(2):`
			`channel = self.make_request(`
			`"GET", "/.well-known/matrix/client", shorthand=False`
			`)`

			`self.assertEqual(channel.code, 200)`
			`self.assertEqual(`
			`channel.json_body,`
			`{`
			`"m.homeserver": {"base_url": "https://homeserver/"},`
			`"org.matrix.msc2965.authentication": {`
			`"issuer": "https://issuer",`
			`"account": "https://my-account.issuer",`
			`},`
Test MSC2965 implementation: well-known discovery document 2023-02-06 10:12:42 -07:00			`},`
MSC3861: load the issuer and account management URLs from OIDC discovery (#17407) This will help mitigating any discrepancies between the issuer configured and the one returned by the OIDC provider. This also removes the need for configuring the `account_management_url` explicitely, as it will now be loaded from the OIDC discovery, as per MSC2965. Because we may now fetch stuff for the .well-known/matrix/client endpoint, this also transforms the client well-known resource to be asynchronous. 2024-08-30 08:04:08 -06:00			`)`

			`# It should have been called exactly once, because it gets cached`
Format files with Ruff (#17643) I thought ruff check would also format, but it doesn't. This runs ruff format in CI and dev scripts. The first commit is just a run of `ruff format .` in the root directory. 2024-09-02 05:39:04 -06:00			`req_mock.assert_called_once_with(`
			`"https://issuer/.well-known/openid-configuration"`
			`)`