2019-04-01 19:42:18 +03:00
|
|
|
#
|
2023-11-21 23:29:58 +03:00
|
|
|
# This file is licensed under the Affero General Public License (AGPL) version 3.
|
|
|
|
#
|
|
|
|
# Copyright (C) 2023 New Vector, Ltd
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU Affero General Public License as
|
|
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
|
|
# License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# See the GNU Affero General Public License for more details:
|
|
|
|
# <https://www.gnu.org/licenses/agpl-3.0.html>.
|
|
|
|
#
|
|
|
|
# Originally licensed under the Apache License, Version 2.0:
|
|
|
|
# <http://www.apache.org/licenses/LICENSE-2.0>.
|
|
|
|
#
|
|
|
|
# [This file includes modifications made by New Vector Limited]
|
2019-04-01 19:42:18 +03:00
|
|
|
#
|
|
|
|
#
|
|
|
|
|
2019-08-28 15:12:22 +03:00
|
|
|
import yaml
|
|
|
|
|
2021-02-03 15:13:46 +03:00
|
|
|
from synapse.config._base import ConfigError
|
|
|
|
from synapse.config.server import ServerConfig, generate_ip_set, is_threepid_reserved
|
2019-04-01 19:42:18 +03:00
|
|
|
|
|
|
|
from tests import unittest
|
|
|
|
|
|
|
|
|
|
|
|
class ServerConfigTestCase(unittest.TestCase):
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_is_threepid_reserved(self) -> None:
|
2019-06-20 12:32:02 +03:00
|
|
|
user1 = {"medium": "email", "address": "user1@example.com"}
|
|
|
|
user2 = {"medium": "email", "address": "user2@example.com"}
|
|
|
|
user3 = {"medium": "email", "address": "user3@example.com"}
|
|
|
|
user1_msisdn = {"medium": "msisdn", "address": "447700000000"}
|
2019-04-01 19:42:18 +03:00
|
|
|
config = [user1, user2]
|
|
|
|
|
|
|
|
self.assertTrue(is_threepid_reserved(config, user1))
|
|
|
|
self.assertFalse(is_threepid_reserved(config, user3))
|
|
|
|
self.assertFalse(is_threepid_reserved(config, user1_msisdn))
|
2019-08-28 15:12:22 +03:00
|
|
|
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_unsecure_listener_no_listeners_open_private_ports_false(self) -> None:
|
2019-08-28 15:12:22 +03:00
|
|
|
conf = yaml.safe_load(
|
|
|
|
ServerConfig().generate_config_section(
|
2022-04-11 19:07:23 +03:00
|
|
|
"CONFDIR", "/data_dir_path", "che.org", False, None
|
2019-08-28 15:12:22 +03:00
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
expected_listeners = [
|
|
|
|
{
|
|
|
|
"port": 8008,
|
|
|
|
"tls": False,
|
|
|
|
"type": "http",
|
|
|
|
"x_forwarded": True,
|
|
|
|
"bind_addresses": ["::1", "127.0.0.1"],
|
|
|
|
"resources": [{"names": ["client", "federation"], "compress": False}],
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
self.assertEqual(conf["listeners"], expected_listeners)
|
|
|
|
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_unsecure_listener_no_listeners_open_private_ports_true(self) -> None:
|
2019-08-28 15:12:22 +03:00
|
|
|
conf = yaml.safe_load(
|
|
|
|
ServerConfig().generate_config_section(
|
2022-04-11 19:07:23 +03:00
|
|
|
"CONFDIR", "/data_dir_path", "che.org", True, None
|
2019-08-28 15:12:22 +03:00
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
expected_listeners = [
|
|
|
|
{
|
|
|
|
"port": 8008,
|
|
|
|
"tls": False,
|
|
|
|
"type": "http",
|
|
|
|
"x_forwarded": True,
|
|
|
|
"resources": [{"names": ["client", "federation"], "compress": False}],
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
self.assertEqual(conf["listeners"], expected_listeners)
|
|
|
|
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_listeners_set_correctly_open_private_ports_false(self) -> None:
|
2019-08-28 15:12:22 +03:00
|
|
|
listeners = [
|
|
|
|
{
|
|
|
|
"port": 8448,
|
|
|
|
"resources": [{"names": ["federation"]}],
|
|
|
|
"tls": True,
|
|
|
|
"type": "http",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"port": 443,
|
|
|
|
"resources": [{"names": ["client"]}],
|
|
|
|
"tls": False,
|
|
|
|
"type": "http",
|
|
|
|
},
|
|
|
|
]
|
|
|
|
|
|
|
|
conf = yaml.safe_load(
|
|
|
|
ServerConfig().generate_config_section(
|
2022-04-11 19:07:23 +03:00
|
|
|
"CONFDIR", "/data_dir_path", "this.one.listens", True, listeners
|
2019-08-28 15:12:22 +03:00
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
self.assertEqual(conf["listeners"], listeners)
|
|
|
|
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_listeners_set_correctly_open_private_ports_true(self) -> None:
|
2019-08-28 15:12:22 +03:00
|
|
|
listeners = [
|
|
|
|
{
|
|
|
|
"port": 8448,
|
|
|
|
"resources": [{"names": ["federation"]}],
|
|
|
|
"tls": True,
|
|
|
|
"type": "http",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"port": 443,
|
|
|
|
"resources": [{"names": ["client"]}],
|
|
|
|
"tls": False,
|
|
|
|
"type": "http",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"port": 1243,
|
|
|
|
"resources": [{"names": ["client"]}],
|
|
|
|
"tls": False,
|
|
|
|
"type": "http",
|
|
|
|
"bind_addresses": ["this_one_is_bound"],
|
|
|
|
},
|
|
|
|
]
|
|
|
|
|
|
|
|
expected_listeners = listeners.copy()
|
|
|
|
expected_listeners[1]["bind_addresses"] = ["::1", "127.0.0.1"]
|
|
|
|
|
|
|
|
conf = yaml.safe_load(
|
|
|
|
ServerConfig().generate_config_section(
|
2022-04-11 19:07:23 +03:00
|
|
|
"CONFDIR", "/data_dir_path", "this.one.listens", True, listeners
|
2019-08-28 15:12:22 +03:00
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
self.assertEqual(conf["listeners"], expected_listeners)
|
2021-02-03 15:13:46 +03:00
|
|
|
|
|
|
|
|
|
|
|
class GenerateIpSetTestCase(unittest.TestCase):
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_empty(self) -> None:
|
2021-02-03 15:13:46 +03:00
|
|
|
ip_set = generate_ip_set(())
|
|
|
|
self.assertFalse(ip_set)
|
|
|
|
|
|
|
|
ip_set = generate_ip_set((), ())
|
|
|
|
self.assertFalse(ip_set)
|
|
|
|
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_generate(self) -> None:
|
2021-02-03 15:13:46 +03:00
|
|
|
"""Check adding IPv4 and IPv6 addresses."""
|
|
|
|
# IPv4 address
|
|
|
|
ip_set = generate_ip_set(("1.2.3.4",))
|
|
|
|
self.assertEqual(len(ip_set.iter_cidrs()), 4)
|
|
|
|
|
|
|
|
# IPv4 CIDR
|
|
|
|
ip_set = generate_ip_set(("1.2.3.4/24",))
|
|
|
|
self.assertEqual(len(ip_set.iter_cidrs()), 4)
|
|
|
|
|
|
|
|
# IPv6 address
|
|
|
|
ip_set = generate_ip_set(("2001:db8::8a2e:370:7334",))
|
|
|
|
self.assertEqual(len(ip_set.iter_cidrs()), 1)
|
|
|
|
|
|
|
|
# IPv6 CIDR
|
|
|
|
ip_set = generate_ip_set(("2001:db8::/104",))
|
|
|
|
self.assertEqual(len(ip_set.iter_cidrs()), 1)
|
|
|
|
|
|
|
|
# The addresses can overlap OK.
|
|
|
|
ip_set = generate_ip_set(("1.2.3.4", "::1.2.3.4"))
|
|
|
|
self.assertEqual(len(ip_set.iter_cidrs()), 4)
|
|
|
|
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_extra(self) -> None:
|
2021-02-03 15:13:46 +03:00
|
|
|
"""Extra IP addresses are treated the same."""
|
|
|
|
ip_set = generate_ip_set((), ("1.2.3.4",))
|
|
|
|
self.assertEqual(len(ip_set.iter_cidrs()), 4)
|
|
|
|
|
|
|
|
ip_set = generate_ip_set(("1.1.1.1",), ("1.2.3.4",))
|
|
|
|
self.assertEqual(len(ip_set.iter_cidrs()), 8)
|
|
|
|
|
|
|
|
# They can duplicate without error.
|
|
|
|
ip_set = generate_ip_set(("1.2.3.4",), ("1.2.3.4",))
|
|
|
|
self.assertEqual(len(ip_set.iter_cidrs()), 4)
|
|
|
|
|
2022-12-16 16:53:28 +03:00
|
|
|
def test_bad_value(self) -> None:
|
2021-02-03 15:13:46 +03:00
|
|
|
"""An error should be raised if a bad value is passed in."""
|
|
|
|
with self.assertRaises(ConfigError):
|
|
|
|
generate_ip_set(("not-an-ip",))
|
|
|
|
|
|
|
|
with self.assertRaises(ConfigError):
|
|
|
|
generate_ip_set(("1.2.3.4/128",))
|
|
|
|
|
|
|
|
with self.assertRaises(ConfigError):
|
|
|
|
generate_ip_set((":::",))
|
|
|
|
|
|
|
|
# The following get treated as empty data.
|
|
|
|
self.assertFalse(generate_ip_set(None))
|
|
|
|
self.assertFalse(generate_ip_set({}))
|