1818# [This file includes modifications made by New Vector Limited]
1919#
2020#
21+ from typing import Any
22+
2123from twisted .internet .testing import MemoryReactor
2224
2325import synapse .rest .admin
2426from synapse .api .constants import EventTypes
2527from synapse .rest import admin
26- from synapse .rest .client import login , read_marker , register , room
28+ from synapse .rest .client import devices , login , read_marker , register , room
2729from synapse .server import HomeServer
2830from synapse .util .clock import Clock
2931
3032from tests import unittest
33+ from tests .replication ._base import BaseMultiWorkerStreamTestCase
34+ from tests .rest .client .utils import make_request
3135
3236ONE_HOUR_MS = 3600000
3337ONE_DAY_MS = ONE_HOUR_MS * 24
@@ -39,6 +43,7 @@ class ReadMarkerTestCase(unittest.HomeserverTestCase):
3943 register .register_servlets ,
4044 read_marker .register_servlets ,
4145 room .register_servlets ,
46+ devices .register_servlets ,
4247 synapse .rest .admin .register_servlets ,
4348 admin .register_servlets ,
4449 ]
@@ -149,3 +154,75 @@ def send_message() -> str:
149154 access_token = self .owner_tok ,
150155 )
151156 self .assertEqual (channel .code , 200 , channel .result )
157+
158+ def test_deleted_device_cannot_set_read_marker_or_send_message (self ) -> None :
159+ """
160+ Test that a deleted device cannot set a read marker or send a message.
161+ """
162+ # Register a user and login with a specific device_id
163+ user_id = self .register_user ("testuser" , "password" )
164+ device_id = "TEST_DEVICE_123"
165+ access_token = self .login ("testuser" , "password" , device_id = device_id )
166+ print ("access token: " , access_token )
167+
168+ # Create a room
169+ room_id = self .helper .create_room_as (user_id , tok = access_token )
170+
171+ # Send a message
172+ message_result = self .helper .send (room_id = room_id , body = "Hello" , tok = access_token )
173+ event_id = message_result ["event_id" ]
174+
175+ # Delete the device
176+ channel = self .make_request (
177+ "DELETE" ,
178+ f"devices/{ device_id } " ,
179+ access_token = access_token ,
180+ )
181+
182+ # If UI auth is required, provide it
183+ if channel .code == 401 :
184+ session = channel .json_body ["session" ]
185+ channel = self .make_request (
186+ "DELETE" ,
187+ f"devices/{ device_id } " ,
188+ access_token = access_token ,
189+ content = {
190+ "auth" : {
191+ "type" : "m.login.password" ,
192+ "user" : "testuser" ,
193+ "password" : "password" ,
194+ "session" : session ,
195+ },
196+ },
197+ )
198+
199+ self .assertEqual (channel .code , 200 , channel .result )
200+
201+ # Try to set a read marker with the deleted device's token
202+ channel = self .make_request (
203+ "POST" ,
204+ f"/rooms/{ room_id } /read_markers" ,
205+ content = {
206+ "m.fully_read" : event_id ,
207+ },
208+ access_token = access_token ,
209+ )
210+ # Should fail with 401 (unauthorized) since the device is deleted
211+ self .assertEqual (channel .code , 401 , channel .result )
212+ self .assertEqual (channel .json_body ["errcode" ], "M_UNKNOWN_TOKEN" )
213+
214+ # Try to send a message with the deleted device's token
215+ channel = self .make_request (
216+ "PUT" ,
217+ f"/rooms/{ room_id } /send/m.room.message/test_msg" ,
218+ content = {
219+ "msgtype" : "m.text" ,
220+ "body" : "This should fail" ,
221+ },
222+ access_token = access_token ,
223+ )
224+ # Should fail with 401 (unauthorized) since the device is deleted
225+ self .assertEqual (channel .code , 401 , channel .result )
226+ self .assertEqual (channel .json_body ["errcode" ], "M_UNKNOWN_TOKEN" )
227+
228+
0 commit comments