services/sync/tests/unit/test_hmac_error.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250

/* Any copyright is dedicated to the Public Domain.
   http://creativecommons.org/publicdomain/zero/1.0/ */

const { Service } = ChromeUtils.importESModule(
  "resource://services-sync/service.sys.mjs"
);

// Track HMAC error counts.
var hmacErrorCount = 0;
(function () {
  let hHE = Service.handleHMACEvent;
  Service.handleHMACEvent = async function () {
    hmacErrorCount++;
    return hHE.call(Service);
  };
})();

async function shared_setup() {
  enableValidationPrefs();
  syncTestLogging();

  hmacErrorCount = 0;

  let clientsEngine = Service.clientsEngine;
  let clientsSyncID = await clientsEngine.resetLocalSyncID();

  // Make sure RotaryEngine is the only one we sync.
  let { engine, syncID, tracker } = await registerRotaryEngine();
  await engine.setLastSync(123); // Needs to be non-zero so that tracker is queried.
  engine._store.items = {
    flying: "LNER Class A3 4472",
    scotsman: "Flying Scotsman",
  };
  await tracker.addChangedID("scotsman", 0);
  Assert.equal(1, Service.engineManager.getEnabled().length);

  let engines = {
    rotary: { version: engine.version, syncID },
    clients: { version: clientsEngine.version, syncID: clientsSyncID },
  };

  // Common server objects.
  let global = new ServerWBO("global", { engines });
  let keysWBO = new ServerWBO("keys");
  let rotaryColl = new ServerCollection({}, true);
  let clientsColl = new ServerCollection({}, true);

  return [engine, rotaryColl, clientsColl, keysWBO, global, tracker];
}

add_task(async function hmac_error_during_404() {
  _("Attempt to replicate the HMAC error setup.");
  let [engine, rotaryColl, clientsColl, keysWBO, global, tracker] =
    await shared_setup();

  // Hand out 404s for crypto/keys.
  let keysHandler = keysWBO.handler();
  let key404Counter = 0;
  let keys404Handler = function (request, response) {
    if (key404Counter > 0) {
      let body = "Not Found";
      response.setStatusLine(request.httpVersion, 404, body);
      response.bodyOutputStream.write(body, body.length);
      key404Counter--;
      return;
    }
    keysHandler(request, response);
  };

  let collectionsHelper = track_collections_helper();
  let upd = collectionsHelper.with_updated_collection;
  let handlers = {
    "/1.1/foo/info/collections": collectionsHelper.handler,
    "/1.1/foo/storage/meta/global": upd("meta", global.handler()),
    "/1.1/foo/storage/crypto/keys": upd("crypto", keys404Handler),
    "/1.1/foo/storage/clients": upd("clients", clientsColl.handler()),
    "/1.1/foo/storage/rotary": upd("rotary", rotaryColl.handler()),
  };

  let server = sync_httpd_setup(handlers);
  // Do not instantiate SyncTestingInfrastructure; we need real crypto.
  await configureIdentity({ username: "foo" }, server);
  await Service.login();

  try {
    _("Syncing.");
    await sync_and_validate_telem();

    _(
      "Partially resetting client, as if after a restart, and forcing redownload."
    );
    Service.collectionKeys.clear();
    await engine.setLastSync(0); // So that we redownload records.
    key404Counter = 1;
    _("---------------------------");
    await sync_and_validate_telem();
    _("---------------------------");

    // Two rotary items, one client record... no errors.
    Assert.equal(hmacErrorCount, 0);
  } finally {
    await tracker.clearChangedIDs();
    await Service.engineManager.unregister(engine);
    for (const pref of Svc.PrefBranch.getChildList("")) {
      Svc.PrefBranch.clearUserPref(pref);
    }
    Service.recordManager.clearCache();
    await promiseStopServer(server);
  }
});

add_task(async function hmac_error_during_node_reassignment() {
  _("Attempt to replicate an HMAC error during node reassignment.");
  let [engine, rotaryColl, clientsColl, keysWBO, global, tracker] =
    await shared_setup();

  let collectionsHelper = track_collections_helper();
  let upd = collectionsHelper.with_updated_collection;

  // We'll provide a 401 mid-way through the sync. This function
  // simulates shifting to a node which has no data.
  function on401() {
    _("Deleting server data...");
    global.delete();
    rotaryColl.delete();
    keysWBO.delete();
    clientsColl.delete();
    delete collectionsHelper.collections.rotary;
    delete collectionsHelper.collections.crypto;
    delete collectionsHelper.collections.clients;
    _("Deleted server data.");
  }

  let should401 = false;
  function upd401(coll, handler) {
    return function (request, response) {
      if (should401 && request.method != "DELETE") {
        on401();
        should401 = false;
        let body = '"reassigned!"';
        response.setStatusLine(request.httpVersion, 401, "Node reassignment.");
        response.bodyOutputStream.write(body, body.length);
        return;
      }
      handler(request, response);
    };
  }

  let handlers = {
    "/1.1/foo/info/collections": collectionsHelper.handler,
    "/1.1/foo/storage/meta/global": upd("meta", global.handler()),
    "/1.1/foo/storage/crypto/keys": upd("crypto", keysWBO.handler()),
    "/1.1/foo/storage/clients": upd401("clients", clientsColl.handler()),
    "/1.1/foo/storage/rotary": upd("rotary", rotaryColl.handler()),
  };

  let server = sync_httpd_setup(handlers);
  // Do not instantiate SyncTestingInfrastructure; we need real crypto.
  await configureIdentity({ username: "foo" }, server);

  _("Syncing.");
  // First hit of clients will 401. This will happen after meta/global and
  // keys -- i.e., in the middle of the sync, but before RotaryEngine.
  should401 = true;

  // Use observers to perform actions when our sync finishes.
  // This allows us to observe the automatic next-tick sync that occurs after
  // an abort.
  function onSyncError() {
    do_throw("Should not get a sync error!");
  }
  let onSyncFinished = function () {};
  let obs = {
    observe: function observe(subject, topic) {
      switch (topic) {
        case "weave:service:sync:error":
          onSyncError();
          break;
        case "weave:service:sync:finish":
          onSyncFinished();
          break;
      }
    },
  };

  Svc.Obs.add("weave:service:sync:finish", obs);
  Svc.Obs.add("weave:service:sync:error", obs);

  // This kicks off the actual test. Split into a function here to allow this
  // source file to broadly follow actual execution order.
  async function onwards() {
    _("== Invoking first sync.");
    await Service.sync();
    _("We should not simultaneously have data but no keys on the server.");
    let hasData = rotaryColl.wbo("flying") || rotaryColl.wbo("scotsman");
    let hasKeys = keysWBO.modified;

    _("We correctly handle 401s by aborting the sync and starting again.");
    Assert.ok(!hasData == !hasKeys);

    _("Be prepared for the second (automatic) sync...");
  }

  _("Make sure that syncing again causes recovery.");
  let callbacksPromise = new Promise(resolve => {
    onSyncFinished = function () {
      _("== First sync done.");
      _("---------------------------");
      onSyncFinished = function () {
        _("== Second (automatic) sync done.");
        let hasData = rotaryColl.wbo("flying") || rotaryColl.wbo("scotsman");
        let hasKeys = keysWBO.modified;
        Assert.ok(!hasData == !hasKeys);

        // Kick off another sync. Can't just call it, because we're inside the
        // lock...
        (async () => {
          await Async.promiseYield();
          _("Now a fresh sync will get no HMAC errors.");
          _(
            "Partially resetting client, as if after a restart, and forcing redownload."
          );
          Service.collectionKeys.clear();
          await engine.setLastSync(0);
          hmacErrorCount = 0;

          onSyncFinished = async function () {
            // Two rotary items, one client record... no errors.
            Assert.equal(hmacErrorCount, 0);

            Svc.Obs.remove("weave:service:sync:finish", obs);
            Svc.Obs.remove("weave:service:sync:error", obs);

            await tracker.clearChangedIDs();
            await Service.engineManager.unregister(engine);
            for (const pref of Svc.PrefBranch.getChildList("")) {
              Svc.PrefBranch.clearUserPref(pref);
            }
            Service.recordManager.clearCache();
            server.stop(resolve);
          };

          Service.sync();
        })().catch(console.error);
      };
    };
  });
  await onwards();
  await callbacksPromise;
});