recipe-maintainer/recipe-info/matrix-synapse/tests/test_complexity_limit.sh

#!/bin/bash
# Test: verify room complexity limit blocks joining large remote rooms
#
# Tries to join a known large remote room (#community:matrix.org) and
# verifies Synapse rejects the join due to complexity limits.
# Requires: ROOM_COMPLEXITY_LIMIT set low enough (e.g. 10.0) and federation enabled.
set -euo pipefail

SERVER="cctest.autonomic.zone"
DOMAIN="matrix-synapse.cctest.autonomic.zone"
STACK_NAME="matrix-synapse_cctest_autonomic_zone"
ADMIN_USER="complexity_test_admin"
ADMIN_PASS="complextest_pass_123"

echo "=== Test: room complexity limit blocks large remote rooms ==="

# Register admin user
echo "Registering admin user..."
ssh "$SERVER" "docker exec \$(docker ps --filter name=${STACK_NAME}_app -q) \
    register_new_matrix_user -u $ADMIN_USER -p $ADMIN_PASS -a -c /data/homeserver.yaml http://localhost:8008 2>&1" || true

# Get token
echo "Getting token..."
TOKEN=$(ssh "$SERVER" "docker exec \$(docker ps --filter name=${STACK_NAME}_app -q) \
    curl -s -X POST http://localhost:8008/_matrix/client/r0/login \
    -H 'Content-Type: application/json' \
    -d '{\"type\":\"m.login.password\",\"user\":\"$ADMIN_USER\",\"password\":\"$ADMIN_PASS\"}'" \
    | python3 -c "import sys,json; print(json.load(sys.stdin)['access_token'])")

if [ -z "$TOKEN" ]; then
    echo "FAIL: Could not get token"
    exit 1
fi
echo "Token: ${TOKEN:0:20}..."

# Verify complexity limit is set
echo ""
echo "Checking homeserver config..."
COMPLEXITY=$(ssh "$SERVER" "docker exec \$(docker ps --filter name=${STACK_NAME}_app -q) \
    grep 'complexity:' /data/homeserver.yaml" | awk '{print $2}')
echo "Configured complexity limit: $COMPLEXITY"

# Try to join #community:matrix.org (a large room with ~30k state events, complexity ~60)
# This should be rejected because complexity 60 > limit 10
LARGE_ROOM="%23community:matrix.org"
echo ""
echo "Attempting to join #community:matrix.org (should be rejected)..."
RESULT=$(ssh "$SERVER" "docker exec \$(docker ps --filter name=${STACK_NAME}_app -q) \
    curl -s -X POST 'http://localhost:8008/_matrix/client/r0/join/${LARGE_ROOM}' \
    -H 'Authorization: Bearer $TOKEN' \
    -H 'Content-Type: application/json' \
    -d '{}'")
echo "Response: $RESULT"

# Check for complexity error
if echo "$RESULT" | grep -qi "complex\|too large\|M_RESOURCE_LIMIT_EXCEEDED"; then
    echo ""
    echo "PASS: Room join rejected due to complexity limit"
elif echo "$RESULT" | grep -qi "error"; then
    echo ""
    echo "Got an error (may be federation related, not complexity):"
    echo "$RESULT" | python3 -m json.tool 2>/dev/null || echo "$RESULT"
    echo ""
    echo "INCONCLUSIVE: Got an error but not clearly a complexity rejection"
    exit 1
else
    echo ""
    echo "FAIL: Room join was not rejected — complexity limit may not be working"
    exit 1
fi