Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

fix broken avatar checks when server_name contains a port #13927

Merged

Conversation

ashfame
Copy link
Contributor

@ashfame ashfame commented Sep 28, 2022

This PR fixes check_avatar_size_and_mime_type() to successfully update avatars on homeservers running on non-default ports which it would mistakenly treat as remote homeserver while validating the avatar's size and mime type.

Essentially it was incorrectly using host as server_name inside of check_avatar_size_and_mime_type() without minding the port its actually running on.

Eg: If running synapse on synapse.dev:8008 this function would infer the current homeserver url is synapse.dev and treat synapse.dev:8008 as remote server while trying to fetch media's metadata to check for size and mime type. As a result, it fails to find the image itself & fails avatar validation & hence setting a new avatar.

Happy to address any feedback given so that we can land this change.

Signed-off-by: Ashish Kumar [email protected]

@ashfame ashfame requested a review from a team as a code owner September 28, 2022 07:23
@clokep
Copy link
Member

clokep commented Sep 28, 2022

This looks reasonable, but seems like a thing that we would possibly break in the future again. Do you think a test-case could be added to ProfileTestCase for this?

@ashfame
Copy link
Contributor Author

ashfame commented Sep 29, 2022

@clokep Thanks for taking a look! I am not sure how I can write the test for check_avatar_size_and_mime_type() since that requires an actual valid mxc url since we pull out metadata by the mxc url and then we need two homeserver instances, one of which runs on non-default port.

In existing tests, I only saw dummy mxc urls like mxc://test/good and mxc://test/small

I am pretty new to both Python & Synapse, so I may be missing something obvious/established.

@richvdh richvdh self-requested a review October 3, 2022 11:54
changelog.d/13927.bugfix Outdated Show resolved Hide resolved
synapse/handlers/profile.py Show resolved Hide resolved
synapse/handlers/profile.py Show resolved Hide resolved
changelog.d/13927.bugfix Outdated Show resolved Hide resolved
@ashfame
Copy link
Contributor Author

ashfame commented Oct 4, 2022

@richvdh Thanks for the feedback in this PR! I have addressed all the points and its ready for another review. ✌️

Regarding the failing checks, I am not sure what the problem is since the exact failing test pass when I run them locally:

--- PASS: TestMembersLocal (8.83s)
    --- PASS: TestMembersLocal/Parallel (0.00s)
        --- PASS: TestMembersLocal/Parallel/New_room_members_see_their_own_join_event (0.05s)
        --- PASS: TestMembersLocal/Parallel/Existing_members_see_new_members'_presence (0.05s)
        --- PASS: TestMembersLocal/Parallel/Existing_members_see_new_members'_join_events (0.06s)
PASS

@ashfame ashfame requested a review from richvdh October 4, 2022 12:31
@DMRobertson
Copy link
Contributor

@richvdh Thanks for the feedback in this PR! I have addressed all the points and its ready for another review. v

Regarding the failing checks, I am not sure what the problem is since the exact failing test pass when I run them locally:

--- PASS: TestMembersLocal (8.83s)
    --- PASS: TestMembersLocal/Parallel (0.00s)
        --- PASS: TestMembersLocal/Parallel/New_room_members_see_their_own_join_event (0.05s)
        --- PASS: TestMembersLocal/Parallel/Existing_members_see_new_members'_presence (0.05s)
        --- PASS: TestMembersLocal/Parallel/Existing_members_see_new_members'_join_events (0.06s)
PASS

The tests are probably just flakey, see #13199

changelog.d/13927.bugfix Outdated Show resolved Hide resolved
tests/handlers/test_profile.py Outdated Show resolved Hide resolved
tests/handlers/test_profile.py Outdated Show resolved Hide resolved
tests/handlers/test_profile.py Outdated Show resolved Hide resolved
tests/handlers/test_profile.py Outdated Show resolved Hide resolved
@ashfame
Copy link
Contributor Author

ashfame commented Oct 12, 2022

@richvdh Is this ready to be merged now? Tests are failing because Connection to files.pythonhosted.org timed out in Complement tests.

@richvdh richvdh self-requested a review October 13, 2022 11:48
tests/handlers/test_profile.py Outdated Show resolved Hide resolved
tests/handlers/test_profile.py Outdated Show resolved Hide resolved
tests/handlers/test_profile.py Show resolved Hide resolved
tests/handlers/test_profile.py Show resolved Hide resolved
tests/handlers/test_profile.py Outdated Show resolved Hide resolved
@ashfame
Copy link
Contributor Author

ashfame commented Oct 13, 2022

@richvdh Allow me to re-phrase the issue and the unit test:

check_avatar_size_and_mime_type() had a logical bug of incorrectly using parse_and_validate_mxc_uri() to figure out the server_name. Now the only test against that bug would be to check for the impact caused by the value of server_name, which is either get_local_media() gets called or get_cached_remote_media() gets called.

This is what the unit test tries to test, whether the expected method to retrieve metadata gets called or not, as a way to check whether we have the right server_name figured out or not. And since we pass it both: a local file first and then a remote file, we don't really need to test with an overriden config of server_name and the test works for both default and non-default ports of server_name in this manner.

Hope that explains my intention with this PR. I re-worked the test to make it more elaborative and much more descriptive.

Sorry for the back-and-forth on this issue and I am happy with any changes you want to make on top of it.

- by removing good bad mxc urls based on allowed mime type, since we already have a separate test for it
- by adding a port to the server_name for this test
- changing the user_id associated with upload to be consistent
@ashfame
Copy link
Contributor Author

ashfame commented Oct 18, 2022

@richvdh I have simplified it further & it now specifies a port in server_name for the test. Hope this is easy to make sense of now :)

Ideally, I would like the same unit test to run for both cases, one with default server_name value and one with overridden value. But I am not sure what would be the best way to go about it.

@richvdh richvdh self-requested a review October 18, 2022 17:42
@ashfame
Copy link
Contributor Author

ashfame commented Oct 26, 2022

@richvdh Do you know when you will be able to take another look at this? I have simplified the test with lot more comments since your last review, as I put it in my 2 comments above.

@richvdh
Copy link
Member

richvdh commented Oct 26, 2022

@ashfame as it happens I was just looking at it. I've cleaned up the unit tests a bit more; if you are happy and the CI passes I will merge it.

@ashfame
Copy link
Contributor Author

ashfame commented Oct 26, 2022

@richvdh No problem! Sounds good 👍

@richvdh richvdh changed the title fix incorrect assumption of host as server_name in avatar checks fix broken avatar checks when server_name contains a port Oct 26, 2022
@richvdh richvdh merged commit 0cfbb35 into matrix-org:develop Oct 26, 2022
@richvdh
Copy link
Member

richvdh commented Oct 26, 2022

Thanks for your contribution!

@ashfame ashfame deleted the incorrect_server_name_check_handling_avatars branch October 26, 2022 14:52
bradtgmurray added a commit to beeper/synapse-legacy-fork that referenced this pull request Nov 15, 2022
Synapse 1.71.0 (2022-11-08)
===========================

Please note that, as announced in the release notes for Synapse 1.69.0, legacy Prometheus metric names are now disabled by default.
They will be removed altogether in Synapse 1.73.0.
If not already done, server administrators should update their dashboards and alerting rules to avoid using the deprecated metric names.
See the [upgrade notes](https://matrix-org.github.io/synapse/v1.71/upgrade.html#upgrading-to-v1710) for more details.

**Note:** in line with our [deprecation policy](https://matrix-org.github.io/synapse/latest/deprecation_policy.html) for platform dependencies, this will be the last release to support PostgreSQL 10, which reaches upstream end-of-life on November 10th, 2022. Future releases of Synapse will require PostgreSQL 11+.

No significant changes since 1.71.0rc2.

Synapse 1.71.0rc2 (2022-11-04)
==============================

Improved Documentation
----------------------

- Document the changes to monthly active user metrics due to deprecation of legacy Prometheus metric names. ([\matrix-org#14358](matrix-org#14358), [\matrix-org#14360](matrix-org#14360))

Deprecations and Removals
-------------------------

- Disable legacy Prometheus metric names by default. They can still be re-enabled for now, but they will be removed altogether in Synapse 1.73.0. ([\matrix-org#14353](matrix-org#14353))

Internal Changes
----------------

- Run unit tests against Python 3.11. ([\matrix-org#13812](matrix-org#13812))

Synapse 1.71.0rc1 (2022-11-01)
==============================

Features
--------

- Support back-channel logouts from OpenID Connect providers. ([\matrix-org#11414](matrix-org#11414))
- Allow use of Postgres and SQLlite full-text search operators in search queries. ([\matrix-org#11635](matrix-org#11635), [\matrix-org#14310](matrix-org#14310), [\matrix-org#14311](matrix-org#14311))
- Implement [MSC3664](matrix-org/matrix-spec-proposals#3664), Pushrules for relations. Contributed by Nico. ([\matrix-org#11804](matrix-org#11804))
- Improve aesthetics of HTML templates. Note that these changes do not retroactively apply to templates which have been [customised](https://matrix-org.github.io/synapse/latest/templates.html#templates) by server admins. ([\matrix-org#13652](matrix-org#13652))
- Enable write-ahead logging for SQLite installations. Contributed by [@asymmetric](https://github.com/asymmetric). ([\matrix-org#13897](matrix-org#13897))
- Show erasure status when [listing users](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#query-user-account) in the Admin API. ([\matrix-org#14205](matrix-org#14205))
- Provide a specific error code when a `/sync` request provides a filter which doesn't represent a JSON object. ([\matrix-org#14262](matrix-org#14262))

Bugfixes
--------

- Fix a long-standing bug where the `update_synapse_database` script could not be run with multiple databases. Contributed by @thefinn93 @ Beeper. ([\matrix-org#13422](matrix-org#13422))
- Fix a bug which prevented setting an avatar on homeservers which have an explicit port in their `server_name` and have `max_avatar_size` and/or `allowed_avatar_mimetypes` configuration. Contributed by @ashfame. ([\matrix-org#13927](matrix-org#13927))
- Check appservice user interest against the local users instead of all users in the room to align with [MSC3905](matrix-org/matrix-spec-proposals#3905). ([\matrix-org#13958](matrix-org#13958))
- Fix a long-standing bug where Synapse would accidentally include extra information in the response to [`PUT /_matrix/federation/v2/invite/{roomId}/{eventId}`](https://spec.matrix.org/v1.4/server-server-api/#put_matrixfederationv2inviteroomideventid). ([\matrix-org#14064](matrix-org#14064))
- Fix a bug introduced in Synapse 1.64.0 where presence updates could be missing from `/sync` responses. ([\matrix-org#14243](matrix-org#14243))
- Fix a bug introduced in Synapse 1.60.0 which caused an error to be logged when Synapse received a SIGHUP signal if debug logging was enabled. ([\matrix-org#14258](matrix-org#14258))
- Prevent history insertion ([MSC2716](matrix-org/matrix-spec-proposals#2716)) during an partial join ([MSC3706](matrix-org/matrix-spec-proposals#3706)). ([\matrix-org#14291](matrix-org#14291))
- Fix a bug introduced in Synapse 1.34.0 where device names would be returned via a federation user key query request when `allow_device_name_lookup_over_federation` was set to `false`. ([\matrix-org#14304](matrix-org#14304))
- Fix a bug introduced in Synapse 0.34.0 where logs could include error spam when background processes are measured as taking a negative amount of time. ([\matrix-org#14323](matrix-org#14323))
- Fix a bug introduced in Synapse 1.70.0 where clients were unable to PUT new [dehydrated devices](matrix-org/matrix-spec-proposals#2697). ([\matrix-org#14336](matrix-org#14336))

Improved Documentation
----------------------

- Explain how to disable the use of [`trusted_key_servers`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#trusted_key_servers). ([\matrix-org#13999](matrix-org#13999))
- Add workers settings to [configuration manual](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#individual-worker-configuration). ([\matrix-org#14086](matrix-org#14086))
- Correct the name of the config option [`encryption_enabled_by_default_for_room_type`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#encryption_enabled_by_default_for_room_type). ([\matrix-org#14110](matrix-org#14110))
- Update docstrings of `SynapseError` and `FederationError` to bettter describe what they are used for and the effects of using them are. ([\matrix-org#14191](matrix-org#14191))

Internal Changes
----------------

- Remove unused `@lru_cache` decorator. ([\matrix-org#13595](matrix-org#13595))
- Save login tokens in database and prevent login token reuse. ([\matrix-org#13844](matrix-org#13844))
- Refactor OIDC tests to better mimic an actual OIDC provider. ([\matrix-org#13910](matrix-org#13910))
- Fix type annotation causing import time error in the Complement forking launcher. ([\matrix-org#14084](matrix-org#14084))
- Refactor [MSC3030](matrix-org/matrix-spec-proposals#3030) `/timestamp_to_event` endpoint to loop over federation destinations with standard pattern and error handling. ([\matrix-org#14096](matrix-org#14096))
- Add initial power level event to batch of bulk persisted events when creating a new room. ([\matrix-org#14228](matrix-org#14228))
- Refactor `/key/` endpoints to use `RestServlet` classes. ([\matrix-org#14229](matrix-org#14229))
- Switch to using the `matrix-org/backend-meta` version of `triage-incoming` for new issues in CI. ([\matrix-org#14230](matrix-org#14230))
- Build wheels on macos 11, not 10.15. ([\matrix-org#14249](matrix-org#14249))
- Add debugging to help diagnose lost device list updates. ([\matrix-org#14268](matrix-org#14268))
- Add Rust cache to CI for `trial` runs. ([\matrix-org#14287](matrix-org#14287))
- Improve type hinting of `RawHeaders`. ([\matrix-org#14303](matrix-org#14303))
- Use Poetry 1.2.0 in the Twisted Trunk CI job. ([\matrix-org#14305](matrix-org#14305))

<details>
<summary>Dependency updates</summary>

Runtime:

- Bump anyhow from 1.0.65 to 1.0.66. ([\matrix-org#14278](matrix-org#14278))
- Bump jinja2 from 3.0.3 to 3.1.2. ([\matrix-org#14271](matrix-org#14271))
- Bump prometheus-client from 0.14.0 to 0.15.0. ([\matrix-org#14274](matrix-org#14274))
- Bump psycopg2 from 2.9.4 to 2.9.5. ([\matrix-org#14331](matrix-org#14331))
- Bump pysaml2 from 7.1.2 to 7.2.1. ([\matrix-org#14270](matrix-org#14270))
- Bump sentry-sdk from 1.5.11 to 1.10.1. ([\matrix-org#14330](matrix-org#14330))
- Bump serde from 1.0.145 to 1.0.147. ([\matrix-org#14277](matrix-org#14277))
- Bump serde_json from 1.0.86 to 1.0.87. ([\matrix-org#14279](matrix-org#14279))

Tooling and CI:

- Bump black from 22.3.0 to 22.10.0. ([\matrix-org#14328](matrix-org#14328))
- Bump flake8-bugbear from 21.3.2 to 22.9.23. ([\matrix-org#14042](matrix-org#14042))
- Bump peaceiris/actions-gh-pages from 3.8.0 to 3.9.0. ([\matrix-org#14276](matrix-org#14276))
- Bump peaceiris/actions-mdbook from 1.1.14 to 1.2.0. ([\matrix-org#14275](matrix-org#14275))
- Bump setuptools-rust from 1.5.1 to 1.5.2. ([\matrix-org#14273](matrix-org#14273))
- Bump twine from 3.8.0 to 4.0.1. ([\matrix-org#14332](matrix-org#14332))
- Bump types-opentracing from 2.4.7 to 2.4.10. ([\matrix-org#14133](matrix-org#14133))
- Bump types-requests from 2.28.11 to 2.28.11.2. ([\matrix-org#14272](matrix-org#14272))
</details>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants