XF/GIA
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix all integrations

Browse Source
This commit is contained in:
Mark Veidemanis
2026-03-08 22:08:55 +00:00
parent bca4d6898f
commit acedc01e83
58 changed files with 4120 additions and 960 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
core/tests/test_command_security_policy.py
View File

@@ -20,7 +20,7 @@ from core.models import (
Person,
PersonIdentifier,
User,
UserXmppOmemoState,
UserXmppOmemoTrustedKey,
)
from core.security.command_policy import CommandSecurityContext, evaluate_command_policy
@@ -37,7 +37,7 @@ class CommandSecurityPolicyTests(TestCase):
user=self.user,
person=self.person,
service="xmpp",
identifier="policy-user@zm.is",
identifier="policy-user@example.test",
)
self.session = ChatSession.objects.create(
user=self.user,
@@ -58,7 +58,7 @@ class CommandSecurityPolicyTests(TestCase):
profile=profile,
direction="ingress",
service="xmpp",
channel_identifier="policy-user@zm.is",
channel_identifier="policy-user@example.test",
enabled=True,
)
CommandSecurityPolicy.objects.create(
@@ -74,13 +74,13 @@ class CommandSecurityPolicyTests(TestCase):
text="#bp#",
ts=1000,
source_service="xmpp",
source_chat_id="policy-user@zm.is",
source_chat_id="policy-user@example.test",
message_meta={},
)
results = async_to_sync(process_inbound_message)(
CommandContext(
service="xmpp",
channel_identifier="policy-user@zm.is",
channel_identifier="policy-user@example.test",
message_id=str(msg.id),
user_id=self.user.id,
message_text="#bp#",
@@ -101,12 +101,13 @@ class CommandSecurityPolicyTests(TestCase):
require_omemo=True,
require_trusted_omemo_fingerprint=True,
)
UserXmppOmemoState.objects.create(
UserXmppOmemoTrustedKey.objects.create(
user=self.user,
status="detected",
latest_client_key="sid:abc",
last_sender_jid="policy-user@zm.is/phone",
last_target_jid="jews.zm.is",
jid="policy-user@example.test",
key_type="client_key",
key_id="sid:abc",
trusted=True,
source="test",
)
outputs: list[str] = []
@@ -119,11 +120,15 @@ class CommandSecurityPolicyTests(TestCase):
user=self.user,
source_message=None,
service="xmpp",
channel_identifier="policy-user@zm.is",
sender_identifier="policy-user@zm.is/phone",
channel_identifier="policy-user@example.test",
sender_identifier="policy-user@example.test/phone",
message_text=".tasks list",
message_meta={
"xmpp": {"omemo_status": "detected", "omemo_client_key": "sid:abc"}
"xmpp": {
"omemo_status": "detected",
"omemo_client_key": "sid:abc",
"sender_jid": "policy-user@example.test/phone",
}
},
payload={},
),
@@ -161,8 +166,8 @@ class CommandSecurityPolicyTests(TestCase):
user=self.user,
source_message=None,
service="xmpp",
channel_identifier="policy-user@zm.is",
sender_identifier="policy-user@zm.is/phone",
channel_identifier="policy-user@example.test",
sender_identifier="policy-user@example.test/phone",
message_text=".tasks list",
message_meta={"xmpp": {"omemo_status": "no_omemo"}},
payload={},
@@ -200,7 +205,7 @@ class CommandSecurityPolicyTests(TestCase):
scope_key="gateway.tasks",
context=CommandSecurityContext(
service="xmpp",
channel_identifier="policy-user@zm.is",
channel_identifier="policy-user@example.test",
message_meta={},
payload={},
),
@@ -226,3 +231,30 @@ class CommandSecurityPolicyTests(TestCase):
)
self.assertFalse(decision.allowed)
self.assertEqual("service_not_allowed", decision.code)
def test_trusted_key_requirement_blocks_untrusted_key(self):
CommandSecurityPolicy.objects.create(
user=self.user,
scope_key="gateway.tasks",
enabled=True,
require_omemo=True,
require_trusted_omemo_fingerprint=True,
)
decision = evaluate_command_policy(
user=self.user,
scope_key="gateway.tasks",
context=CommandSecurityContext(
service="xmpp",
channel_identifier="policy-user@example.test",
message_meta={
"xmpp": {
"omemo_status": "detected",
"omemo_client_key": "sid:missing",
"sender_jid": "policy-user@example.test/phone",
}
},
payload={},
),
)
self.assertFalse(decision.allowed)
self.assertEqual("trusted_key_missing", decision.code)