mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-24 10:35:46 +03:00
1c802de626
Allow configuring the set of workers to proxy outbound federation traffic through (`outbound_federation_restricted_to`). This is useful when you have a worker setup with `federation_sender` instances responsible for sending outbound federation requests and want to make sure *all* outbound federation traffic goes through those instances. Before this change, the generic workers would still contact federation themselves for things like profile lookups, backfill, etc. This PR allows you to set more strict access controls/firewall for all workers and only allow the `federation_sender`'s to contact the outside world.
80 lines
2.8 KiB
Python
80 lines
2.8 KiB
Python
# Copyright 2019 The Matrix.org Foundation C.I.C.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from twisted.test.proto_helpers import MemoryReactor
|
|
|
|
from synapse.server import HomeServer
|
|
from synapse.storage.databases.main.e2e_room_keys import RoomKey
|
|
from synapse.util import Clock
|
|
|
|
from tests import unittest
|
|
|
|
# sample room_key data for use in the tests
|
|
room_key: RoomKey = {
|
|
"first_message_index": 1,
|
|
"forwarded_count": 1,
|
|
"is_verified": False,
|
|
"session_data": "SSBBTSBBIEZJU0gK",
|
|
}
|
|
|
|
|
|
class E2eRoomKeysHandlerTestCase(unittest.HomeserverTestCase):
|
|
def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
|
|
hs = self.setup_test_homeserver("server")
|
|
self.store = hs.get_datastores().main
|
|
return hs
|
|
|
|
def test_room_keys_version_delete(self) -> None:
|
|
# test that deleting a room key backup deletes the keys
|
|
version1 = self.get_success(
|
|
self.store.create_e2e_room_keys_version(
|
|
"user_id", {"algorithm": "rot13", "auth_data": {}}
|
|
)
|
|
)
|
|
|
|
self.get_success(
|
|
self.store.add_e2e_room_keys(
|
|
"user_id", version1, [("room", "session", room_key)]
|
|
)
|
|
)
|
|
|
|
version2 = self.get_success(
|
|
self.store.create_e2e_room_keys_version(
|
|
"user_id", {"algorithm": "rot13", "auth_data": {}}
|
|
)
|
|
)
|
|
|
|
self.get_success(
|
|
self.store.add_e2e_room_keys(
|
|
"user_id", version2, [("room", "session", room_key)]
|
|
)
|
|
)
|
|
|
|
# make sure the keys were stored properly
|
|
keys = self.get_success(self.store.get_e2e_room_keys("user_id", version1))
|
|
self.assertEqual(len(keys["rooms"]), 1)
|
|
|
|
keys = self.get_success(self.store.get_e2e_room_keys("user_id", version2))
|
|
self.assertEqual(len(keys["rooms"]), 1)
|
|
|
|
# delete version1
|
|
self.get_success(self.store.delete_e2e_room_keys_version("user_id", version1))
|
|
|
|
# make sure the key from version1 is gone, and the key from version2 is
|
|
# still there
|
|
keys = self.get_success(self.store.get_e2e_room_keys("user_id", version1))
|
|
self.assertEqual(len(keys["rooms"]), 0)
|
|
|
|
keys = self.get_success(self.store.get_e2e_room_keys("user_id", version2))
|
|
self.assertEqual(len(keys["rooms"]), 1)
|