def getSignedAssociationsAfterId(
self,
afterId: Optional[int],
limit: Optional[int] = None
) -> Tuple[SignedAssociations, Optional[int]]:
"""Get associations after a given ID, and sign them before returning
:param afterId: The ID to return results after (not inclusive)
:param limit: The maximum amount of signed associations to return. None for no
limit.
:return: A tuple consisting of a dictionary containing the signed associations
(id: assoc dict) and an int representing the maximum ID (which is None if
there was no association to retrieve).
"""
assocs = {}
(localAssocs, maxId) = self.getAssociationsAfterId(afterId, limit)
signer = Signer(self.sydent)
for localId in localAssocs:
sgAssoc = signer.signedThreePidAssociation(localAssocs[localId])
assocs[localId] = sgAssoc
return assocs, maxId
def test_incoming_replication(self):
"""Impersonate a peer that sends a replication push to Sydent, then checks that it
accepts the payload and saves it correctly.
"""
self.sydent.run()
# Configure the Sydent to impersonate. We need to use "fake.server" as the
# server's name because that's the name the recipient Sydent has for it. On top
# of that, the replication servlet expects a TLS certificate in the request so it
# can extract a common name and figure out which peer sent it from its common
# name. The common name of the certificate we use for tests is fake.server.
config = {
"general": {
"server.name": "fake.server"
},
"crypto": {
"ed25519.signingkey":
"ed25519 0 b29eXMMAYCFvFEtq9mLI42aivMtcg4Hl0wK89a+Vb6c"
},
}
fake_sender_sydent = make_sydent(config)
signer = Signer(fake_sender_sydent)
# Sign the associations with the Sydent to impersonate so the recipient Sydent
# can verify the signatures on them.
signed_assocs = {}
for assoc_id, assoc in enumerate(self.assocs):
signed_assoc = signer.signedThreePidAssociation(assoc)
signed_assocs[assoc_id] = signed_assoc
# Send the replication push.
body = json.dumps({"sgAssocs": signed_assocs})
request, channel = make_request(self.sydent.reactor, "POST",
"/_matrix/identity/replicate/v1/push",
body)
request.render(self.sydent.servlets.replicationPush)
self.assertEqual(channel.code, 200)
# Check that the recipient Sydent has correctly saved the associations in the
# push.
cur = self.sydent.db.cursor()
res = cur.execute(
"SELECT originId, sgAssoc FROM global_threepid_associations")
res_assocs = {}
for row in res.fetchall():
originId = row[0]
signed_assoc = json.loads(row[1])
res_assocs[originId] = signed_assoc
for assoc_id, signed_assoc in signed_assocs.items():
self.assertDictEqual(signed_assoc, res_assocs[assoc_id])
def getSignedAssociationsAfterId(self, afterId, limit):
assocs = {}
localAssocStore = LocalAssociationStore(self.sydent)
(localAssocs, maxId) = localAssocStore.getAssociationsAfterId(afterId, limit)
signer = Signer(self.sydent)
for localId in localAssocs:
sgAssoc = signer.signedThreePidAssociation(localAssocs[localId])
assocs[localId] = sgAssoc
return (assocs, maxId)
def getSignedAssociationsAfterId(self, afterId, limit):
assocs = {}
localAssocStore = LocalAssociationStore(self.sydent)
(localAssocs,
maxId) = localAssocStore.getAssociationsAfterId(afterId, limit)
signer = Signer(self.sydent)
for localId in localAssocs:
sgAssoc = signer.signedThreePidAssociation(localAssocs[localId])
assocs[localId] = sgAssoc
return (assocs, maxId)
def addBinding(self, medium, address, mxid):
"""Binds the given 3pid to the given mxid.
It's assumed that we have somehow validated that the given user owns
the given 3pid
Args:
medium (str): the type of 3pid
address (str): the 3pid
mxid (str): the mxid to bind it to
"""
localAssocStore = LocalAssociationStore(self.sydent)
createdAt = time_msec()
expires = createdAt + ThreepidBinder.THREEPID_ASSOCIATION_LIFETIME_MS
assoc = ThreepidAssociation(medium, address, mxid, createdAt,
createdAt, expires)
localAssocStore.addOrUpdateAssociation(assoc)
self.sydent.pusher.doLocalPush()
joinTokenStore = JoinTokenStore(self.sydent)
pendingJoinTokens = joinTokenStore.getTokens(medium, address)
invites = []
for token in pendingJoinTokens:
token["mxid"] = mxid
token["signed"] = {
"mxid": mxid,
"token": token["token"],
}
token["signed"] = signedjson.sign.sign_json(
token["signed"], self.sydent.server_name,
self.sydent.keyring.ed25519)
invites.append(token)
if invites:
assoc.extra_fields["invites"] = invites
joinTokenStore.markTokensAsSent(medium, address)
signer = Signer(self.sydent)
sgassoc = signer.signedThreePidAssociation(assoc)
self._notify(sgassoc, 0)
return sgassoc
def addBinding(self, medium, address, mxid):
"""Binds the given 3pid to the given mxid.
It's assumed that we have somehow validated that the given user owns
the given 3pid
Args:
medium (str): the type of 3pid
address (str): the 3pid
mxid (str): the mxid to bind it to
"""
localAssocStore = LocalAssociationStore(self.sydent)
createdAt = time_msec()
expires = createdAt + ThreepidBinder.THREEPID_ASSOCIATION_LIFETIME_MS
assoc = ThreepidAssociation(medium, address, mxid, createdAt, createdAt, expires)
localAssocStore.addOrUpdateAssociation(assoc)
self.sydent.pusher.doLocalPush()
joinTokenStore = JoinTokenStore(self.sydent)
pendingJoinTokens = joinTokenStore.getTokens(medium, address)
invites = []
for token in pendingJoinTokens:
token["mxid"] = mxid
token["signed"] = {
"mxid": mxid,
"token": token["token"],
}
token["signed"] = signedjson.sign.sign_json(token["signed"], self.sydent.server_name, self.sydent.keyring.ed25519)
invites.append(token)
if invites:
assoc.extra_fields["invites"] = invites
joinTokenStore.markTokensAsSent(medium, address)
signer = Signer(self.sydent)
sgassoc = signer.signedThreePidAssociation(assoc)
self._notify(sgassoc, 0)
return sgassoc
def addBinding(self, medium, address, mxid):
"""
Binds the given 3pid to the given mxid.
It's assumed that we have somehow validated that the given user owns
the given 3pid
:param medium: The medium of the 3PID to bind.
:type medium: unicode
:param address: The address of the 3PID to bind.
:type address: unicode
:param mxid: The MXID to bind the 3PID to.
:type mxid: unicode
:return: The signed association.
:rtype: dict[str, any]
"""
localAssocStore = LocalAssociationStore(self.sydent)
# Fill out the association details
createdAt = time_msec()
expires = createdAt + ThreepidBinder.THREEPID_ASSOCIATION_LIFETIME_MS
# Hash the medium + address and store that hash for the purposes of
# later lookups
str_to_hash = u' '.join(
[address, medium,
self.hashing_store.get_lookup_pepper()], )
lookup_hash = sha256_and_url_safe_base64(str_to_hash)
assoc = ThreepidAssociation(
medium,
address,
lookup_hash,
mxid,
createdAt,
createdAt,
expires,
)
localAssocStore.addOrUpdateAssociation(assoc)
self.sydent.pusher.doLocalPush()
joinTokenStore = JoinTokenStore(self.sydent)
pendingJoinTokens = joinTokenStore.getTokens(medium, address)
invites = []
for token in pendingJoinTokens:
token["mxid"] = mxid
token["signed"] = {
"mxid": mxid,
"token": token["token"],
}
token["signed"] = signedjson.sign.sign_json(
token["signed"], self.sydent.server_name,
self.sydent.keyring.ed25519)
invites.append(token)
if invites:
assoc.extra_fields["invites"] = invites
joinTokenStore.markTokensAsSent(medium, address)
signer = Signer(self.sydent)
sgassoc = signer.signedThreePidAssociation(assoc)
self._notify(sgassoc, 0)
return sgassoc
def test_outgoing_replication(self):
"""Make a fake peer and associations and make sure Sydent tries to push to it."""
cur = self.sydent.db.cursor()
# Insert the fake associations into the database.
cur.executemany(
"INSERT INTO local_threepid_associations "
"(medium, address, lookup_hash, mxid, ts, notBefore, notAfter) "
"VALUES (?, ?, ?, ?, ?, ?, ?)",
[(
assoc.medium,
assoc.address,
assoc.lookup_hash,
assoc.mxid,
assoc.ts,
assoc.not_before,
assoc.not_after,
) for assoc in self.assocs],
)
self.sydent.db.commit()
# Manually sign all associations so we can check whether Sydent attempted to
# push the same.
signer = Signer(self.sydent)
signed_assocs = {}
for assoc_id, assoc in enumerate(self.assocs):
signed_assoc = signer.signedThreePidAssociation(assoc)
signed_assocs[assoc_id] = signed_assoc
sent_assocs = {}
def request(method, uri, headers, body):
"""
Processes a request sent to the mocked agent.
:param method: The method of the request.
:type method: bytes
:param uri: The URI of the request.
:type uri: bytes
:param headers: The headers of the request.
:type headers: twisted.web.http_headers.Headers
:param body: The body of the request.
:type body: twisted.web.client.FileBodyProducer[io.BytesIO]
:return: A deferred that resolves into a 200 OK response.
:rtype: twisted.internet.defer.Deferred[Response]
"""
# Check the method and the URI.
assert method == b"POST"
assert uri == b"https://fake.server:1234/_matrix/identity/replicate/v1/push"
# postJson calls the agent with a BytesIO within a FileBodyProducer, so we
# need to unpack the payload correctly.
payload = json.loads(body._inputFile.read().decode("utf8"))
for assoc_id, assoc in payload["sgAssocs"].items():
sent_assocs[assoc_id] = assoc
# Return with a fake response wrapped in a Deferred.
d = defer.Deferred()
d.callback(Response((b"HTTP", 1, 1), 200, b"OK", None, None))
return d
# Mock the replication client's agent so it runs the custom code instead of
# actually sending the requests.
agent = Mock(spec=["request"])
agent.request.side_effect = request
self.sydent.replicationHttpsClient.agent = agent
# Start Sydent and allow some time for all the necessary pushes to happen.
self.sydent.run()
self.sydent.reactor.advance(1000)
# Check that, now that Sydent pushed all the associations it was meant to, we
# have all of the associations we initially inserted.
self.assertEqual(len(self.assocs), len(sent_assocs))
for assoc_id, assoc in sent_assocs.items():
# Replication payloads use a specific format that causes the JSON encoder to
# convert the numeric indexes to string, so we need to convert them back when
# looking up in signed_assocs. Also, the ID of the first association Sydent
# will push will be 1, so we need to subtract 1 when figuring out which index
# to lookup.
self.assertDictEqual(assoc, signed_assocs[int(assoc_id) - 1])
def addBinding(self, medium: str, address: str,
mxid: str) -> Dict[str, Any]:
"""
Binds the given 3pid to the given mxid.
It's assumed that we have somehow validated that the given user owns
the given 3pid
:param medium: The medium of the 3PID to bind.
:param address: The address of the 3PID to bind.
:param mxid: The MXID to bind the 3PID to.
:return: The signed association.
"""
# ensure we casefold email address before storing
normalised_address = normalise_address(address, medium)
localAssocStore = LocalAssociationStore(self.sydent)
# Fill out the association details
createdAt = time_msec()
expires = createdAt + ThreepidBinder.THREEPID_ASSOCIATION_LIFETIME_MS
# Hash the medium + address and store that hash for the purposes of
# later lookups
lookup_pepper = self.hashing_store.get_lookup_pepper()
assert lookup_pepper is not None
str_to_hash = " ".join([normalised_address, medium, lookup_pepper], )
lookup_hash = sha256_and_url_safe_base64(str_to_hash)
assoc = ThreepidAssociation(
medium,
normalised_address,
lookup_hash,
mxid,
createdAt,
createdAt,
expires,
)
localAssocStore.addOrUpdateAssociation(assoc)
self.sydent.pusher.doLocalPush()
joinTokenStore = JoinTokenStore(self.sydent)
pendingJoinTokens = joinTokenStore.getTokens(medium,
normalised_address)
invites = []
# Widen the value type to Any: we're going to set the signed key
# to point to a dict, but pendingJoinTokens yields Dict[str, str]
token: Dict[str, Any]
for token in pendingJoinTokens:
token["mxid"] = mxid
presigned = {
"mxid": mxid,
"token": token["token"],
}
token["signed"] = signedjson.sign.sign_json(
presigned,
self.sydent.config.general.server_name,
self.sydent.keyring.ed25519,
)
invites.append(token)
if invites:
assoc.extra_fields["invites"] = invites
joinTokenStore.markTokensAsSent(medium, normalised_address)
signer = Signer(self.sydent)
sgassoc = signer.signedThreePidAssociation(assoc)
defer.ensureDeferred(self._notify(sgassoc, 0))
return sgassoc