Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Allow admins to require a manual approval process before new accounts can be used (using MSC3866) #13556

Merged
merged 24 commits into from
Sep 29, 2022
Merged
Changes from 1 commit
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
f7c9743
Add experimental config options and constant for MSC3866
babolivier Aug 18, 2022
1eaff08
Add storage support for checking and updating a user's approval status
babolivier Aug 18, 2022
685f76f
Block new accounts after registering if configured to do so
babolivier Aug 18, 2022
5d08fe2
Block login if a user requires approval and the server is configured …
babolivier Aug 18, 2022
7b532a9
Change admin APIs to support checking and updating the approval statu…
babolivier Aug 18, 2022
eedaed1
Changelog
babolivier Aug 18, 2022
ffaea1e
Use a boolean in the database schema
babolivier Aug 30, 2022
0230200
Incorporate review
babolivier Aug 31, 2022
562aa7a
Merge branch 'develop' of github.com:matrix-org/synapse into babolivi…
babolivier Sep 21, 2022
868ab64
Incorporate review
babolivier Sep 21, 2022
836aa32
Merge branch 'develop' of github.com:matrix-org/synapse into babolivi…
babolivier Sep 21, 2022
8d091b4
Correctly filter on bools, not ints
babolivier Sep 22, 2022
116fc53
Merge branch 'develop' of github.com:matrix-org/synapse into babolivi…
babolivier Sep 22, 2022
a87d2f7
Don't create a new device if the new user needs approval
babolivier Sep 22, 2022
08d85f5
Test that we raise the error on SSO logins
babolivier Sep 22, 2022
7585098
Test that we don't register devices for users needing approval
babolivier Sep 22, 2022
75cf999
Lint
babolivier Sep 22, 2022
f4a7f16
Merge branch 'develop' of github.com:matrix-org/synapse into babolivi…
babolivier Sep 26, 2022
df0c887
Incorporate review
babolivier Sep 27, 2022
3f93dda
Fix test
babolivier Sep 29, 2022
577967c
Lint
babolivier Sep 29, 2022
7a5425a
Incorporate review
babolivier Sep 29, 2022
560e160
Incorporate latest change in the MSC
babolivier Sep 29, 2022
7d71712
Add comment to try to catch bool()ing NULLs in the future
babolivier Sep 29, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 17 additions & 13 deletions tests/rest/admin/test_user.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@
from twisted.test.proto_helpers import MemoryReactor

import synapse.rest.admin
from synapse.api.constants import UserTypes
from synapse.api.constants import UserTypes, LoginType
from synapse.api.errors import Codes, HttpResponseException, ResourceLimitError
from synapse.api.room_versions import RoomVersions
from synapse.rest.client import devices, login, logout, profile, room, sync
from synapse.rest.client import devices, login, logout, profile, room, sync, register
from synapse.rest.media.v1.filepath import MediaFilePaths
from synapse.server import HomeServer
from synapse.types import JsonDict, UserID
Expand Down Expand Up @@ -1355,6 +1355,7 @@ class UserRestTestCase(unittest.HomeserverTestCase):
synapse.rest.admin.register_servlets,
login.register_servlets,
sync.register_servlets,
register.register_servlets,
]

def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
Expand Down Expand Up @@ -2633,16 +2634,19 @@ def test_approve_account(self) -> None:
"""Tests that approving an account correctly sets the approved flag for the user."""
url = self.url_prefix % "@bob:test"

# Create user
# Create the user using the client-server API since otherwise the user will be
# marked as approved automatically.
channel = self.make_request(
"PUT",
url,
access_token=self.admin_user_tok,
content={"password": "abc123"},
"POST",
"register",
{
"username": "bob",
"password": "test",
"auth": {"type": LoginType.DUMMY},
},
)

self.assertEqual(201, channel.code, msg=channel.json_body)
self.assertEqual(0, channel.json_body["approved"])
self.assertEqual(403, channel.code, channel.result)
self.assertEqual(Codes.USER_AWAITING_APPROVAL, channel.json_body["errcode"])

# Get user
channel = self.make_request(
Expand All @@ -2652,7 +2656,7 @@ def test_approve_account(self) -> None:
)

self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(0, channel.json_body["approved"])
self.assertFalse(channel.json_body["approved"])
babolivier marked this conversation as resolved.
Show resolved Hide resolved

# Approve user
channel = self.make_request(
Expand All @@ -2663,7 +2667,7 @@ def test_approve_account(self) -> None:
)

self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(1, channel.json_body["approved"])
self.assertTrue(channel.json_body["approved"])

# Check that the user is now approved
channel = self.make_request(
Expand All @@ -2673,7 +2677,7 @@ def test_approve_account(self) -> None:
)

self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(1, channel.json_body["approved"])
self.assertTrue(channel.json_body["approved"])

@override_config(
{
Expand Down