enforce auth for capabilities endpoint

This commit is contained in:
Neil Johnson 2019-01-29 11:37:56 +00:00
parent 327b992e17
commit a124025dab
2 changed files with 36 additions and 14 deletions

View file

@ -12,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from twisted.internet import defer
from synapse.http.servlet import RestServlet
@ -28,20 +29,26 @@ class CapabilitiesRestServlet(RestServlet):
"""
super(CapabilitiesRestServlet, self).__init__()
self.hs = hs
self.auth = hs.get_auth()
@defer.inlineCallbacks
def on_GET(self, request):
return 200, {
"capabilities": {
"m.room_versions": {
"default": "1",
"available": {
"1": "stable",
"2": "stable",
"state-v2-test": "unstable",
yield self.auth.get_user_by_req(request, allow_guest=True)
defer.returnValue(
(200, {
"capabilities": {
"m.room_versions": {
"default": "1",
"available": {
"1": "stable",
"2": "stable",
"state-v2-test": "unstable",
}
}
}
}
}
})
)
def register_servlets(hs, http_server):

View file

@ -14,23 +14,38 @@
# limitations under the License.
from synapse.api.constants import DEFAULT_ROOM_VERSION, KNOWN_ROOM_VERSIONS
from synapse.rest.client.v2_alpha.capabilities import register_servlets
from synapse.rest.client.v2_alpha import capabilities
from synapse.rest.client.v1 import login, admin
from tests import unittest
class CapabilitiesTestCase(unittest.HomeserverTestCase):
servlets = [register_servlets]
servlets = [
admin.register_servlets,
capabilities.register_servlets,
login.register_servlets,
]
def make_homeserver(self, reactor, clock):
self.url = b"/_matrix/client/r0/capabilities"
hs = self.setup_test_homeserver()
return hs
def test_get_room_version_capabilities(self):
def test_check_auth_required(self):
request, channel = self.make_request("GET", self.url)
self.render(request)
self.assertEqual(channel.code, 401)
def test_get_room_version_capabilities(self):
self.register_user("user", "pass")
access_token = self.login("user", "pass")
request, channel = self.make_request("GET", self.url, access_token=access_token)
self.render(request)
capabilities = channel.json_body['capabilities']
self.assertEqual(channel.code, 200)
for room_version in capabilities['m.room_versions']['available'].keys():
self.assertTrue(room_version in KNOWN_ROOM_VERSIONS, "" + room_version)