Complement

Running

$ COMPLEMENT_BASE_IMAGE=some-matrix/homeserver-impl go test -v ./tests/...

$ COMPLEMENT_BASE_IMAGE=complement-dendrite:latest go test -timeout 30s -run '^(TestOutboundFederationSend)$' -v ./tests/...

Potential conflict with firewall software

sudo ufw allowin on br-+

Running using Podman

default_rootless_network_cmd = "slirp4netns"

Running against Dendrite

# build a docker image for Dendrite...$ git clone https://github.com/element-hq/dendrite$ (cd dendrite && docker build -t complement-dendrite -f build/scripts/Complement.Dockerfile .)# ...and test it$ COMPLEMENT_BASE_IMAGE=complement-dendrite:latest go test -v ./tests/...

Running against Synapse

COMPLEMENT_DIR=/path/to/complement scripts-dev/complement.sh -run"TestOutboundFederation(Profile|Send)"

(cd synapse&& docker build -t complement-synapse:v1.36.0 -f docker/complement/Dockerfile --build-arg=SYNAPSE_VERSION=v1.36.0 docker/complement)COMPLEMENT_BASE_IMAGE=complement-synapse:v1.36.0 gotest ./tests/...

Image requirements

Developing locally

$git clone https://github.com/element-hq/dendrite ../dendrite$(cd ../dendrite&& docker build -t complement-dendrite-local -f build/scripts/ComplementLocal.Dockerfile .)$mkdir -p ../complement-go-build-cache$export COMPLEMENT_BASE_IMAGE=complement-dendrite-local$export COMPLEMENT_HOST_MOUNTS="$PWD/../dendrite:/dendrite:ro;$HOME/go:/go:ro;$PWD/../complement-go-build-cache:/root/.cache/go-build"

$gotest -v ./tests/...

Getting prettier output

Writing tests

Build tags (test blacklisting)

// +build !dendrite_blacklist

// +build !dendrite_blacklist

COMPLEMENT_BASE_IMAGE=complement-synapse:latest go test -v -tags="synapse_blacklist" ./tests/...

Writing tests for unstable MSCs

tests/msc9999├── main_test.go└── msc9999_test.go

package testsimport ("testing""github.com/matrix-org/complement")funcTestMain(m*testing.M) {complement.TestMain(m,"msc9999")}

Why 'Complement'?

Complement PKI

openssl genrsa -out $SERVER_NAME.key 2048openssl req -new -sha256 -key $SERVER_NAME.key -subj "/C=US/ST=CA/O=MyOrg, Inc./CN=$SERVER_NAME" -out $SERVER_NAME.csropenssl x509 -req -in $SERVER_NAME.csr -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -CAcreateserial -out $SERVER_NAME.crt -days 1 -sha256

cp /complement/ca/ca.crt /usr/local/share/ca-certificates/complement.crtupdate-ca-certificates

Sytest parity

$ go build ./cmd/sytest-coverage$ ./sytest-coverage -v10apidoc/01register 10/10 tests    ✓ POST $ep_name admin with shared secret    ✓ POST $ep_name with shared secret disallows symbols    ✓ POST $ep_name with shared secret downcases capitals    ✓ POST $ep_name with shared secret    ✓ POST /register allows registration of usernames with '$chr'    ✓ POST /register rejects registration of usernames with '$q'    ✓ GET /register yields a set of flows    ✓ POST /register can create a user    ✓ POST /register downcases capitals in usernames    ✓ POST /register returns the same device_id as that in the request10apidoc/01request-encoding 1/1 tests    ✓ POST rejects invalid utf-8 in JSON10apidoc/02login 6/6 tests    ✓ GET /login yields a set of flows    ✓ POST /login as non-existing user is rejected    ✓ POST /login can log in as a user with just the local part of the id    ✓ POST /login can log in as a user    ✓ POST /login returns the same device_id as that in the request    ✓ POST /login wrong password is rejected10apidoc/04version 1/1 tests    ✓ Version responds 200 OK with valid structure10apidoc/10profile-displayname 2/2 tests    ✓ GET /profile/:user_id/displayname publicly accessible    ✓ PUT /profile/:user_id/displayname sets my name10apidoc/11profile-avatar_url 2/2 tests    ✓ GET /profile/:user_id/avatar_url publicly accessible    ✓ PUT /profile/:user_id/avatar_url sets my avatar10apidoc/12device_management 8/8 tests    ✓ DELETE /device/{deviceId} requires UI auth user to match device owner    ✓ DELETE /device/{deviceId} with no body gives a 401    ✓ DELETE /device/{deviceId}    ✓ GET /device/{deviceId} gives a 404 for unknown devices    ✓ GET /device/{deviceId}    ✓ GET /devices    ✓ PUT /device/{deviceId} gives a 404 for unknown devices    ✓ PUT /device/{deviceId} updates device fields10apidoc/13ui-auth 0/4 tests10apidoc/20presence 2/2 tests    ✓ GET /presence/:user_id/status fetches initial status    ✓ PUT /presence/:user_id/status updates my presence10apidoc/30room-create 10/10 tests    ✓ Can /sync newly created room    ✓ POST /createRoom creates a room with the given version    ✓ POST /createRoom ignores attempts to set the room version via creation_content    ✓ POST /createRoom makes a private room with invites    ✓ POST /createRoom makes a private room    ✓ POST /createRoom makes a public room    ✓ POST /createRoom makes a room with a name    ✓ POST /createRoom makes a room with a topic    ✓ POST /createRoom rejects attempts to create rooms with numeric versions    ✓ POST /createRoom rejects attempts to create rooms with unknown versions10apidoc/31room-state 13/13 tests    ✓ GET /directory/room/:room_alias yields room ID    ✓ GET /joined_rooms lists newly-created room    ✓ GET /publicRooms lists newly-created room    ✓ GET /rooms/:room_id/joined_members fetches my membership    ✓ GET /rooms/:room_id/state fetches entire room state    ✓ GET /rooms/:room_id/state/m.room.member/:user_id fetches my membership    ✓ GET /rooms/:room_id/state/m.room.member/:user_id?format=event fetches my membership event    ✓ GET /rooms/:room_id/state/m.room.name gets name    ✓ GET /rooms/:room_id/state/m.room.power_levels fetches powerlevels    ✓ GET /rooms/:room_id/state/m.room.topic gets topic    ✓ POST /createRoom with creation content    ✓ POST /rooms/:room_id/state/m.room.name sets name    ✓ POST /rooms/:room_id/state/m.room.topic sets topic10apidoc/32room-alias 2/2 tests    ✓ GET /rooms/:room_id/aliases lists aliases    ✓ PUT /directory/room/:room_alias creates alias10apidoc/33room-members 8/8 tests    ✓ POST /join/:room_alias can join a room with custom content    ✓ POST /join/:room_alias can join a room    ✓ POST /join/:room_id can join a room with custom content    ✓ POST /join/:room_id can join a room    ✓ POST /rooms/:room_id/ban can ban a user    ✓ POST /rooms/:room_id/invite can send an invite    ✓ POST /rooms/:room_id/join can join a room    ✓ POST /rooms/:room_id/leave can leave a room10apidoc/34room-messages 5/5 tests    ✓ GET /rooms/:room_id/messages lazy loads members correctly    ✓ GET /rooms/:room_id/messages returns a message    ✓ POST /rooms/:room_id/send/:event_type sends a message    ✓ PUT /rooms/:room_id/send/:event_type/:txn_id deduplicates the same txn id    ✓ PUT /rooms/:room_id/send/:event_type/:txn_id sends a message10apidoc/35room-typing 1/1 tests    ✓ PUT /rooms/:room_id/typing/:user_id sets typing notification10apidoc/36room-levels 3/3 tests    ✓ GET /rooms/:room_id/state/m.room.power_levels can fetch levels    ✓ PUT /rooms/:room_id/state/m.room.power_levels can set levels    ✓ PUT power_levels should not explode if the old power levels were empty10apidoc/37room-receipts 1/1 tests    ✓ POST /rooms/:room_id/receipt can create receipts10apidoc/38room-read-marker 1/1 tests    ✓ POST /rooms/:room_id/read_markers can create read marker10apidoc/40content 2/2 tests    ✓ GET /media/v3/download can fetch the value again    ✓ POST /media/v3/upload can create an upload10apidoc/45server-capabilities 2/2 tests    ✓ GET /capabilities is present and well formed for registered user    ✓ GET /v3/capabilities is not public11register 1/7 tests    × Register with a recaptcha    × Can register using an email address    ✓ registration accepts non-ascii passwords    × registration is idempotent, with username specified    × registration is idempotent, without username specified    × registration remembers parameters    × registration with inhibit_login inhibits login12login/01threepid-and-password 0/1 tests12login/02cas 0/3 tests13logout 4/4 tests    ✓ Can logout all devices    ✓ Can logout current device    ✓ Request to logout with invalid an access token is rejected    ✓ Request to logout without an access token is rejected14account/01change-password 7/7 tests    ✓ After changing password, a different session no longer works by default    ✓ After changing password, can log in with new password    ✓ After changing password, can't log in with old password    ✓ After changing password, different sessions can optionally be kept    ✓ After changing password, existing session still works    ✓ Pushers created with a different access token are deleted on password change    ✓ Pushers created with a the same access token are not deleted on password change14account/02deactivate 3/4 tests    × After deactivating account, can't log in with an email    ✓ After deactivating account, can't log in with password    ✓ Can deactivate account    ✓ Can't deactivate account with wrong password21presence-events 0/2 tests30rooms/01state 5/5 tests    ✓ Joining room twice is idempotent    ✓ Room creation reports m.room.create to myself    ✓ Room creation reports m.room.member to myself    ✓ Setting room topic reports m.room.topic to myself    ✓ Setting state twice is idempotent30rooms/02members-local 3/3 tests    ✓ Existing members see new members' join events    ✓ Existing members see new members' presence    ✓ New room members see their own join event30rooms/03members-remote 2/5 tests    × Existing members see new member's presence    ✓ Existing members see new members' join events    ✓ New room members see their own join event    × Remote users can join room by alias    × Remote users may not join unfederated rooms30rooms/04messages 0/9 tests30rooms/05aliases 13/13 tests    ✓ Canonical alias can be set    ✓ Canonical alias can include alt_aliases    ✓ Alias creators can delete alias with no ops    ✓ Alias creators can delete canonical alias with no ops    ✓ Can delete canonical alias    ✓ Deleting a non-existent alias should return a 404    ✓ Only room members can list aliases of a room    ✓ Regular users can add and delete aliases in the default room configuration    ✓ Regular users can add and delete aliases when m.room.aliases is restricted    ✓ Remote room alias queries can handle Unicode    ✓ Room aliases can contain Unicode    ✓ Users can't delete other's aliases    ✓ Users with sufficient power-level can delete other's aliases30rooms/06invite 13/13 tests    ✓ Can invite users to invite-only rooms    ✓ Test that we can be reinvited to a room we created    ✓ Invited user can reject invite for empty room    ✓ Invited user can reject invite over federation for empty room    ✓ Invited user can reject invite over federation several times    ✓ Invited user can reject invite over federation    ✓ Invited user can reject invite    ✓ Invited user can reject local invite after originator leaves    ✓ Invited user can see room metadata    ✓ Remote invited user can see room metadata    ✓ Uninvited users cannot join the room    ✓ Users cannot invite a user that is already in the room    ✓ Users cannot invite themselves to a room30rooms/07ban 0/2 tests30rooms/08levels 0/3 tests30rooms/09eventstream 0/2 tests30rooms/10redactions 0/6 tests30rooms/11leaving 5/5 tests    ✓ Can get 'm.room.name' state for a departed room (SPEC-216)    ✓ Can get rooms/{roomId}/members for a departed room (SPEC-216)    ✓ Can get rooms/{roomId}/messages for a departed room (SPEC-216)    ✓ Can get rooms/{roomId}/state for a departed room (SPEC-216)    ✓ Getting messages going forward is limited for a departed room (SPEC-216)30rooms/12thirdpartyinvite 0/13 tests30rooms/13guestaccess 0/11 tests30rooms/14override-per-room 0/2 tests30rooms/15kick 2/2 tests    ✓ Users cannot kick users from a room they are not in    ✓ Users cannot kick users who have already left a room30rooms/20typing 3/3 tests    ✓ Typing can be explicitly stopped    ✓ Typing notification sent to local room members    ✓ Typing notifications also sent to remote room members30rooms/21receipts 0/2 tests30rooms/22profile 1/1 tests    ✓ $datum updates affect room member events30rooms/30history-visibility 0/2 tests30rooms/31forget 5/5 tests    ✓ Can forget room you've been kicked from    ✓ Can re-join room if re-invited    ✓ Can't forget room you're still in    ✓ Forgetting room does not show up in v2 /sync    ✓ Forgotten room messages cannot be paginated30rooms/32erasure 0/1 tests30rooms/40joinedapis 0/2 tests30rooms/50context 0/4 tests30rooms/51event 3/3 tests    ✓ /event/ does not allow access to events before the user joined    ✓ /event/ on joined room works    ✓ /event/ on non world readable room does not work30rooms/52members 3/3 tests    ✓ Can filter rooms/{roomId}/members    ✓ Can get rooms/{roomId}/members at a given point    ✓ Can get rooms/{roomId}/members30rooms/60version_upgrade 0/19 tests30rooms/70publicroomslist 0/5 tests31sync/01filter 2/2 tests    ✓ Can create filter    ✓ Can download filter31sync/02sync 1/1 tests    ✓ Can sync31sync/03joined 6/6 tests    ✓ Can sync a joined room    ✓ Full state sync includes joined rooms    ✓ Get presence for newly joined members in incremental sync    ✓ Newly joined room has correct timeline in incremental sync    ✓ Newly joined room includes presence in incremental sync    ✓ Newly joined room is included in an incremental sync31sync/04timeline 0/9 tests31sync/05presence 0/3 tests31sync/06state 0/14 tests31sync/07invited 0/3 tests31sync/08polling 0/2 tests31sync/09archived 8/8 tests    ✓ Archived rooms only contain history from before the user left    ✓ Left rooms appear in the leave section of full state sync    ✓ Left rooms appear in the leave section of sync    ✓ Newly left rooms appear in the leave section of gapped sync    ✓ Newly left rooms appear in the leave section of incremental sync    ✓ Previously left rooms don't appear in the leave section of sync    ✓ We should see our own leave event when rejecting an invite,    ✓ We should see our own leave event, even if history_visibility is31sync/10archived-ban 0/3 tests31sync/11typing 0/3 tests31sync/12receipts 0/2 tests31sync/13filtered_sync 0/2 tests31sync/14read-markers 0/3 tests31sync/15lazy-members 0/12 tests31sync/16room-summary 0/4 tests31sync/17peeking 0/4 tests32room-versions 0/6 tests40presence 5/5 tests    ✓ Presence can be set from sync    ✓ Presence changes are also reported to remote room members    ✓ Presence changes are reported to local room members    ✓ Presence changes to UNAVAILABLE are reported to local room members    ✓ Presence changes to UNAVAILABLE are reported to remote room members41end-to-end-keys/01-upload-key 6/6 tests    ✓ Can query device keys using POST    ✓ Can query specific device keys using POST    ✓ Can upload device keys    ✓ Rejects invalid device keys    ✓ Should reject keys claiming to belong to a different user    ✓ query for user with no keys returns empty key dict41end-to-end-keys/03-one-time-keys 1/1 tests    ✓ Can claim one time key using POST41end-to-end-keys/04-query-key-federation 1/1 tests    ✓ Can query remote device keys using POST41end-to-end-keys/05-one-time-key-federation 1/1 tests    ✓ Can claim remote one time key using POST41end-to-end-keys/06-device-lists 0/15 tests41end-to-end-keys/07-backup 0/10 tests41end-to-end-keys/08-cross-signing 0/8 tests42tags 0/7 tests44account_data 4/6 tests    ✓ Can add account data to room    ✓ Can add account data    ✓ Can get account data without syncing    ✓ Can get room account data without syncing    × Latest account data appears in v2 /sync    × New account data appears in incremental v2 /sync45openid 0/3 tests46direct/01directmessage 3/3 tests    ✓ Can recv a device message using /sync    ✓ Can send a message directly to a device using PUT /sendToDevice    ✓ Can send a to-device message to two users which both receive it using /sync46direct/02reliability 0/2 tests46direct/03polling 0/1 tests46direct/04federation 0/2 tests46direct/05wildcard 0/4 tests48admin 0/1 tests49ignore 0/3 tests50federation/01keys 1/4 tests    × Federation key API can act as a notary server via a $method request    ✓ Federation key API allows unsigned requests for keys    × Key notary server must not overwrite a valid key with a spurious result from the origin server    × Key notary server should return an expired key if it can't find any others50federation/02server-names 1/1 tests    ✓ Non-numeric ports in server names are rejected50federation/10query-profile 2/2 tests    ✓ Inbound federation can query profile data    ✓ Outbound federation can query profile data50federation/11query-directory 0/2 tests50federation/30room-join 0/19 tests50federation/31room-send 0/5 tests50federation/32room-getevent 0/2 tests50federation/33room-get-missing-events 2/4 tests    ✓ Inbound federation can return missing events for $vis visibility    × Outbound federation can request missing events    ✓ Outbound federation will ignore a missing event with bad JSON for room version 6    × outliers whose auth_events are in a different room are correctly rejected50federation/34room-backfill 0/5 tests50federation/35room-invite 0/11 tests50federation/36state 0/13 tests50federation/37public-rooms 0/1 tests50federation/38receipts 0/2 tests50federation/39redactions 0/4 tests50federation/40devicelists 0/7 tests50federation/40publicroomlist 0/1 tests50federation/41power-levels 0/2 tests50federation/43typing 0/1 tests50federation/44presence 0/1 tests50federation/50no-deextrem-outliers 0/1 tests50federation/50server-acl-endpoints 0/1 tests50federation/51transactions 0/2 tests50federation/52soft-fail 0/3 tests51media/01unicode 4/5 tests    × Alternative server names do not cause a routing loop    ✓ Can download specifying a different Unicode file name    ✓ Can download with Unicode file name locally    ✓ Can download with Unicode file name over federation    ✓ Can upload with Unicode file name51media/02nofilename 3/3 tests    ✓ Can download without a file name locally    ✓ Can download without a file name over federation    ✓ Can upload without a file name51media/03ascii 5/5 tests    ✓ Can download file '$filename'    ✓ Can download specifying a different ASCII file name    ✓ Can fetch images in room    ✓ Can send image in room message    ✓ Can upload with ASCII file name51media/10thumbnail 2/2 tests    ✓ POSTed media can be thumbnailed    ✓ Remote media can be thumbnailed51media/20urlpreview 1/1 tests    ✓ Test URL preview51media/30config 1/1 tests    ✓ Can read configuration endpoint52user-directory/01public 0/7 tests52user-directory/02private 0/3 tests54identity 0/6 tests60app-services/01as-create 0/7 tests60app-services/02ghost 0/6 tests60app-services/03passive 0/3 tests60app-services/04asuser 0/2 tests60app-services/05lookup3pe 0/4 tests60app-services/06publicroomlist 0/2 tests60app-services/07deactivate 0/1 tests61push/01message-pushed 0/7 tests61push/02add_rules 0/7 tests61push/03_unread_count 0/2 tests61push/05_set_actions 0/4 tests61push/06_get_pusher 0/1 tests61push/07_set_enabled 0/2 tests61push/08_rejected_pushers 0/1 tests61push/09_notifications_api 0/1 tests61push/80torture 0/3 tests80torture/03events 1/1 tests    ✓ Event size limits80torture/10filters 1/1 tests    ✓ Check creating invalid filters returns 4xx80torture/20json 3/3 tests    ✓ Invalid JSON floats    ✓ Invalid JSON integers    ✓ Invalid JSON special values90jira/SYN-205 1/1 tests    ✓ Rooms can be created with an initial invite list (SYN-205)90jira/SYN-328 1/1 tests    ✓ Typing notifications don't leak90jira/SYN-343 1/1 tests    ✓ Non-present room members cannot ban others90jira/SYN-390 1/1 tests    ✓ Getting push rules doesn't corrupt the cache SYN-39090jira/SYN-516 0/1 tests90jira/SYN-627 0/1 testsTOTAL: 220/610 tests converted