widget: Add tests for non-allowed matrix requests

2026-05-07 15:33:45 -04:00 · 2023-10-27 20:15:47 +02:00
parent 9d5e7c59f3
commit 0f420a61dc
2 changed files with 113 additions and 14 deletions
--- a/crates/matrix-sdk/src/widget/machine/tests/capabilities.rs
+++ b/crates/matrix-sdk/src/widget/machine/tests/capabilities.rs
@@ -26,7 +26,7 @@ use crate::widget::machine::{
 fn machine_can_negotiate_capabilities_immediately() {
    let (mut machine, initial_actions) =
        WidgetMachine::new(WIDGET_ID.to_owned(), owned_room_id!("!a98sd12bjh:example.org"), false);
-    assert_capabilities_dance(&mut machine, initial_actions);
+    assert_capabilities_dance(&mut machine, initial_actions, None);
 }

 #[test]
@@ -63,7 +63,7 @@ fn machine_can_request_capabilities_on_content_load() {
        actions
    };

-    assert_capabilities_dance(&mut machine, actions);
+    assert_capabilities_dance(&mut machine, actions, None);
 }

 #[test]
@@ -136,7 +136,16 @@ fn capabilities_failure_results_into_empty_capabilities() {
    );
 }

-pub(super) fn assert_capabilities_dance(machine: &mut WidgetMachine, actions: Vec<Action>) {
+/// Performs a capability "dance", if no capability is specified, we assume that it's:
+/// `org.matrix.msc2762.receive.state_event:m.room.member`.
+pub(super) fn assert_capabilities_dance(
+    machine: &mut WidgetMachine,
+    actions: Vec<Action>,
+    capability_str: Option<&str>,
+) {
+    let capability =
+        capability_str.unwrap_or("org.matrix.msc2762.receive.state_event:m.room.member");
+
    // Ask widget to provide desired capabilities.
    let actions = {
        let [action]: [Action; 1] = actions.try_into().unwrap();
@@ -159,7 +168,7 @@ pub(super) fn assert_capabilities_dance(machine: &mut WidgetMachine, actions: Ve
            "action": "capabilities",
            "data": {},
            "response": {
-                "capabilities": ["org.matrix.msc2762.receive.state_event:m.room.member"],
+                "capabilities": [capability],
            },
        })))
    };
@@ -174,17 +183,17 @@ pub(super) fn assert_capabilities_dance(machine: &mut WidgetMachine, actions: Ve
            } = action
        );
        let capabilities = data.desired_capabilities;
-        assert_eq!(
-            capabilities,
-            from_value(json!(["org.matrix.msc2762.receive.state_event:m.room.member"])).unwrap()
-        );
+        assert_eq!(capabilities, from_value(json!([capability])).unwrap());

        let response = Ok(MatrixDriverResponse::CapabilitiesAcquired(capabilities));
        let message = IncomingMessage::MatrixDriverResponse { request_id, response };
        machine.process(message)
    };

-    // We get the `Subscribe` command since we requested some reading capabilities.
+    // We get the `Subscribe` command if we requested some reading capabilities.
+    if ["org.matrix.msc2762.receive.state_event", "org.matrix.msc2762.receive.event"]
+        .into_iter()
+        .any(|c| capability.starts_with(c))
    {
        let action = actions.remove(0);
        assert_matches!(action, Action::Subscribe);
@@ -202,8 +211,8 @@ pub(super) fn assert_capabilities_dance(machine: &mut WidgetMachine, actions: Ve
                "widgetId": WIDGET_ID,
                "action": "notify_capabilities",
                "data": {
-                    "requested": ["org.matrix.msc2762.receive.state_event:m.room.member"],
-                    "approved": ["org.matrix.msc2762.receive.state_event:m.room.member"],
+                    "requested": [capability],
+                    "approved": [capability],
                },
            }),
        );
@@ -214,8 +223,8 @@ pub(super) fn assert_capabilities_dance(machine: &mut WidgetMachine, actions: Ve
            "requestId": request_id,
            "action": "notify_capabilities",
            "data": {
-                "requested": ["org.matrix.msc2762.receive.state_event:m.room.member"],
-                "approved": ["org.matrix.msc2762.receive.state_event:m.room.member"],
+                "requested": [capability],
+                "approved": [capability],
            },
            "response": {},
        })));
--- a/crates/matrix-sdk/src/widget/machine/tests/error.rs
+++ b/crates/matrix-sdk/src/widget/machine/tests/error.rs
@@ -76,7 +76,7 @@ fn read_messages_without_capabilities() {
 fn read_messages_not_yet_supported() {
    let (mut machine, actions) =
        WidgetMachine::new(WIDGET_ID.to_owned(), owned_room_id!("!a98sd12bjh:example.org"), false);
-    assert_capabilities_dance(&mut machine, actions);
+    assert_capabilities_dance(&mut machine, actions, None);

    let actions = machine.process(IncomingMessage::WidgetMessage(json_string!({
        "api": "fromWidget",
@@ -99,3 +99,93 @@ fn read_messages_not_yet_supported() {
        "Reading of message events is not yet supported"
    );
 }
+
+#[test]
+fn read_request_for_non_allowed_state_events() {
+    let (mut machine, actions) =
+        WidgetMachine::new(WIDGET_ID.to_owned(), owned_room_id!("!a98sd12bjh:example.org"), false);
+    assert_capabilities_dance(&mut machine, actions, None);
+
+    let actions = machine.process(IncomingMessage::WidgetMessage(json_string!({
+        "api": "fromWidget",
+        "widgetId": WIDGET_ID,
+        "requestId": "get-me-some-messages",
+        "action": "org.matrix.msc2876.read_events",
+        "data": {
+            "type": "m.room.topic",
+            "state_key": true,
+        },
+    })));
+
+    let [action]: [Action; 1] = actions.try_into().unwrap();
+    assert_let!(Action::SendToWidget(msg) = action);
+    let (msg, request_id) = parse_msg(&msg);
+    assert_eq!(request_id, "get-me-some-messages");
+    assert_eq!(msg["api"], "fromWidget");
+    assert_eq!(msg["action"], "org.matrix.msc2876.read_events");
+    assert_eq!(msg["response"]["error"]["message"].as_str().unwrap(), "Not allowed");
+}
+
+#[test]
+fn send_request_for_non_allowed_state_events() {
+    let (mut machine, actions) =
+        WidgetMachine::new(WIDGET_ID.to_owned(), owned_room_id!("!a98sd12bjh:example.org"), false);
+    assert_capabilities_dance(
+        &mut machine,
+        actions,
+        Some("org.matrix.msc2762.send.state_event:m.room.member"),
+    );
+
+    let actions = machine.process(IncomingMessage::WidgetMessage(json_string!({
+        "api": "fromWidget",
+        "widgetId": WIDGET_ID,
+        "requestId": "send-me-a-message",
+        "action": "send_event",
+        "data": {
+            "type": "m.room.topic",
+            "content": {
+                "topic": "Hello world",
+            },
+        },
+    })));
+
+    let [action]: [Action; 1] = actions.try_into().unwrap();
+    assert_let!(Action::SendToWidget(msg) = action);
+    let (msg, request_id) = parse_msg(&msg);
+    assert_eq!(request_id, "send-me-a-message");
+    assert_eq!(msg["api"], "fromWidget");
+    assert_eq!(msg["action"], "send_event");
+    assert_eq!(msg["response"]["error"]["message"].as_str().unwrap(), "Not allowed");
+}
+
+#[test]
+fn send_request_for_non_allowed_message_like_events() {
+    let (mut machine, actions) =
+        WidgetMachine::new(WIDGET_ID.to_owned(), owned_room_id!("!a98sd12bjh:example.org"), false);
+    assert_capabilities_dance(
+        &mut machine,
+        actions,
+        Some("org.matrix.msc2762.send.event:m.room.message#m.text"),
+    );
+
+    let actions = machine.process(IncomingMessage::WidgetMessage(json_string!({
+        "api": "fromWidget",
+        "widgetId": WIDGET_ID,
+        "requestId": "send-me-a-message",
+        "action": "send_event",
+        "data": {
+            "type": "m.room.message",
+            "content": {
+                "msgtype": "m.custom",
+            },
+        },
+    })));
+
+    let [action]: [Action; 1] = actions.try_into().unwrap();
+    assert_let!(Action::SendToWidget(msg) = action);
+    let (msg, request_id) = parse_msg(&msg);
+    assert_eq!(request_id, "send-me-a-message");
+    assert_eq!(msg["api"], "fromWidget");
+    assert_eq!(msg["action"], "send_event");
+    assert_eq!(msg["response"]["error"]["message"].as_str().unwrap(), "Not allowed");
+}