From a39ccfc769c30f53ee200059d54e79f42d980705 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Wed, 8 Dec 2021 14:47:43 +0000 Subject: [PATCH 01/16] Expand return type of get_appservice_user_id to allow returning a device ID to masquerade as --- synapse/api/auth.py | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 44883c6663ff..1a245c8b5c21 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -155,7 +155,9 @@ async def get_user_by_req( access_token = self.get_access_token_from_request(request) - user_id, app_service = await self._get_appservice_user_id(request) + user_id, _, app_service = await self._get_appservice_user_id_and_device_id( + request + ) if user_id and app_service: if ip_addr and self._track_appservice_user_ips: await self.store.insert_client_ip( @@ -274,33 +276,59 @@ async def validate_appservice_can_control_user_id( 403, "Application service has not registered this user (%s)" % user_id ) - async def _get_appservice_user_id( + async def _get_appservice_user_id_and_device_id( self, request: Request - ) -> Tuple[Optional[str], Optional[ApplicationService]]: + ) -> Tuple[Optional[str], Optional[str], Optional[ApplicationService]]: + """ + Given a request, reads the request parameters to determine: + - whether it's an application service that's making this request + - what user the application service should be treated as controlling + (the user_id URI parameter allows an application service to masquerade + any applicable user in its namespace) + - what device the application service should be treated as controlling + (the device_id[^1] URI parameter allows an application service to masquerade + as any device that exists for the relevant user) + + [^1] Unstable and provided by MSC3202. + Must use `org.matrix.msc3202.device_id` in place of `device_id` for now. + + Returns: + 3-tuple of + (user ID?, device ID?, application service?) + + Postconditions: + - If an application service is returned, so is a user ID + - A user ID is never returned without an application service + - A device ID is never returned without a user ID or an application service + - The returned application service, if present, is permitted to control the + returned user ID. + - The returned device ID, if present, has been checked to be a valid device ID + for the returned user ID. + """ app_service = self.store.get_app_service_by_token( self.get_access_token_from_request(request) ) if app_service is None: - return None, None + return None, None, None if app_service.ip_range_whitelist: ip_address = IPAddress(request.getClientIP()) if ip_address not in app_service.ip_range_whitelist: - return None, None + return None, None, None # This will always be set by the time Twisted calls us. assert request.args is not None if b"user_id" not in request.args: - return app_service.sender, app_service + return app_service.sender, None, app_service user_id = request.args[b"user_id"][0].decode("utf8") await self.validate_appservice_can_control_user_id(app_service, user_id) if app_service.sender == user_id: - return app_service.sender, app_service + return app_service.sender, None, app_service - return user_id, app_service + return user_id, None, app_service async def get_user_by_access_token( self, From be8814fcaa2b354a2563fc7fbcf93d98cdc03216 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Wed, 8 Dec 2021 14:57:12 +0000 Subject: [PATCH 02/16] Expand get_user_by_req to support handling a device ID --- synapse/api/auth.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 1a245c8b5c21..26d6007a047d 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -155,9 +155,11 @@ async def get_user_by_req( access_token = self.get_access_token_from_request(request) - user_id, _, app_service = await self._get_appservice_user_id_and_device_id( - request - ) + ( + user_id, + device_id, + app_service, + ) = await self._get_appservice_user_id_and_device_id(request) if user_id and app_service: if ip_addr and self._track_appservice_user_ips: await self.store.insert_client_ip( @@ -165,16 +167,22 @@ async def get_user_by_req( access_token=access_token, ip=ip_addr, user_agent=user_agent, - device_id="dummy-device", # stubbed + device_id="dummy-device" + if device_id is None + else device_id, # stubbed ) - requester = create_requester(user_id, app_service=app_service) + requester = create_requester( + user_id, app_service=app_service, device_id=device_id + ) request.requester = user_id if user_id in self._force_tracing_for_users: opentracing.force_tracing() opentracing.set_tag("authenticated_entity", user_id) opentracing.set_tag("user_id", user_id) + if device_id is not None: + opentracing.set_tag("device_id", device_id) opentracing.set_tag("appservice_id", app_service.id) return requester From 7ea5022be8b7891dd8a01dc85ab31501bc2c212c Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Wed, 8 Dec 2021 15:00:13 +0000 Subject: [PATCH 03/16] Remove superfluous lines --- synapse/api/auth.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 26d6007a047d..5f7e9163c69b 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -333,8 +333,6 @@ async def _get_appservice_user_id_and_device_id( user_id = request.args[b"user_id"][0].decode("utf8") await self.validate_appservice_can_control_user_id(app_service, user_id) - if app_service.sender == user_id: - return app_service.sender, None, app_service return user_id, None, app_service From 9551a3ed678e729062194e615074500f44b73ba1 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Wed, 8 Dec 2021 15:01:12 +0000 Subject: [PATCH 04/16] Remove early return because we need more logic here --- synapse/api/auth.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 5f7e9163c69b..d34d9f8abee8 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -327,14 +327,15 @@ async def _get_appservice_user_id_and_device_id( # This will always be set by the time Twisted calls us. assert request.args is not None - if b"user_id" not in request.args: - return app_service.sender, None, app_service - - user_id = request.args[b"user_id"][0].decode("utf8") - await self.validate_appservice_can_control_user_id(app_service, user_id) - + if b"user_id" in request.args: + effective_user_id = request.args[b"user_id"][0].decode("utf8") + await self.validate_appservice_can_control_user_id( + app_service, effective_user_id + ) + else: + effective_user_id = app_service.sender - return user_id, None, app_service + return effective_user_id, None, app_service async def get_user_by_access_token( self, From 86ef692d5a36ed58a0f82a72b81f85853074ce90 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Wed, 8 Dec 2021 15:11:31 +0000 Subject: [PATCH 05/16] Add get_device_opt which returns None instead of raising if it doesn't exist --- synapse/storage/databases/main/devices.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/synapse/storage/databases/main/devices.py b/synapse/storage/databases/main/devices.py index 838a2a6a3dd0..afc516a978e8 100644 --- a/synapse/storage/databases/main/devices.py +++ b/synapse/storage/databases/main/devices.py @@ -112,6 +112,8 @@ async def get_device(self, user_id: str, device_id: str) -> Dict[str, Any]: A dict containing the device information Raises: StoreError: if the device is not found + See also: + `get_device_opt` which returns None instead if the device is not found """ return await self.db_pool.simple_select_one( table="devices", @@ -120,6 +122,26 @@ async def get_device(self, user_id: str, device_id: str) -> Dict[str, Any]: desc="get_device", ) + async def get_device_opt( + self, user_id: str, device_id: str + ) -> Optional[Dict[str, Any]]: + """Retrieve a device. Only returns devices that are not marked as + hidden. + + Args: + user_id: The ID of the user which owns the device + device_id: The ID of the device to retrieve + Returns: + A dict containing the device information, or None if the device does not exist. + """ + return await self.db_pool.simple_select_one( + table="devices", + keyvalues={"user_id": user_id, "device_id": device_id, "hidden": False}, + retcols=("user_id", "device_id", "display_name"), + desc="get_device", + allow_none=True, + ) + async def get_devices_by_user(self, user_id: str) -> Dict[str, Dict[str, str]]: """Retrieve all of a user's registered devices. Only returns devices that are not marked as hidden. From d3b0be57f961f5860d71e3e89daf93b493d40bd7 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Wed, 8 Dec 2021 15:12:32 +0000 Subject: [PATCH 06/16] Allow masquerading as a device by specifying the device_id URI parameter --- synapse/api/auth.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index d34d9f8abee8..65369afd1307 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -313,6 +313,8 @@ async def _get_appservice_user_id_and_device_id( - The returned device ID, if present, has been checked to be a valid device ID for the returned user ID. """ + DEVICE_ID_ARG_NAME = b"org.matrix.msc3202.device_id" + app_service = self.store.get_app_service_by_token( self.get_access_token_from_request(request) ) @@ -335,7 +337,22 @@ async def _get_appservice_user_id_and_device_id( else: effective_user_id = app_service.sender - return effective_user_id, None, app_service + effective_device_id: Optional[str] = None + + if DEVICE_ID_ARG_NAME in request.args: + effective_device_id = request.args[DEVICE_ID_ARG_NAME][0].decode("utf8") + # We only just set this so it can't be None! + assert effective_device_id is not None + device_opt = await self.store.get_device_opt( + effective_user_id, effective_device_id + ) + if device_opt is None: + raise AuthError( + 403, + f"Application service trying to use a device that doesn't exist ('{effective_device_id}' for {effective_user_id})", + ) + + return effective_user_id, effective_device_id, app_service async def get_user_by_access_token( self, From 8a078ce3720eab6996e709cf15728bda11584ec4 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Wed, 8 Dec 2021 15:59:53 +0000 Subject: [PATCH 07/16] Newsfile Signed-off-by: Olivier Wilkinson (reivilibre) --- changelog.d/11538.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/11538.feature diff --git a/changelog.d/11538.feature b/changelog.d/11538.feature new file mode 100644 index 000000000000..b6229e2b4522 --- /dev/null +++ b/changelog.d/11538.feature @@ -0,0 +1 @@ +Add experimental support for MSC3202: allowing application services to masquerade as specific devices. \ No newline at end of file From cc2bbcd4dce1f53dc057390cc740e25ba5e7fe64 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Thu, 9 Dec 2021 12:29:08 +0000 Subject: [PATCH 08/16] Switch to the 400 M_EXCLUSIVE error code for non-existent device IDs This is as a result of a discussion on the MSC --- synapse/api/auth.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 65369afd1307..fd48735e1cd9 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -347,9 +347,12 @@ async def _get_appservice_user_id_and_device_id( effective_user_id, effective_device_id ) if device_opt is None: + # For now, use 400 M_EXCLUSIVE if the device doesn't exist. + # This is an open thread of discussion on MSC3202 as of 2021-12-09. raise AuthError( - 403, + 400, f"Application service trying to use a device that doesn't exist ('{effective_device_id}' for {effective_user_id})", + Codes.EXCLUSIVE, ) return effective_user_id, effective_device_id, app_service From 7e398067f19037d41f98d98a2dce619ed10f891e Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Thu, 9 Dec 2021 12:48:36 +0000 Subject: [PATCH 09/16] Add a pair of tests for the ?device_id parameter for AS device masquerading --- tests/api/test_auth.py | 61 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py index 3aa9ba3c43ac..fe98c6d4dc1b 100644 --- a/tests/api/test_auth.py +++ b/tests/api/test_auth.py @@ -210,6 +210,67 @@ def test_get_user_by_req_appservice_valid_token_bad_user_id(self): request.requestHeaders.getRawHeaders = mock_getRawHeaders() self.get_failure(self.auth.get_user_by_req(request), AuthError) + def test_get_user_by_req_appservice_valid_token_valid_device_id(self): + """ + Tests that when an application service passes the device_id URL parameter + with the ID of a valid device for the user in question, + the requester instance tracks that device ID. + """ + masquerading_user_id = b"@doppelganger:matrix.org" + masquerading_device_id = b"DOPPELDEVICE" + app_service = Mock( + token="foobar", url="a_url", sender=self.test_user, ip_range_whitelist=None + ) + app_service.is_interested_in_user = Mock(return_value=True) + self.store.get_app_service_by_token = Mock(return_value=app_service) + # This just needs to return a truth-y value. + self.store.get_user_by_id = simple_async_mock({"is_guest": False}) + self.store.get_user_by_access_token = simple_async_mock(None) + # This also needs to just return a truth-y value + self.store.get_device_opt = simple_async_mock({"hidden": False}) + + request = Mock(args={}) + request.getClientIP.return_value = "127.0.0.1" + request.args[b"access_token"] = [self.test_token] + request.args[b"user_id"] = [masquerading_user_id] + request.args[b"org.matrix.msc3202.device_id"] = [masquerading_device_id] + request.requestHeaders.getRawHeaders = mock_getRawHeaders() + requester = self.get_success(self.auth.get_user_by_req(request)) + self.assertEquals( + requester.user.to_string(), masquerading_user_id.decode("utf8") + ) + self.assertEquals(requester.device_id, masquerading_device_id.decode("utf8")) + + def test_get_user_by_req_appservice_valid_token_invalid_device_id(self): + """ + Tests that when an application service passes the device_id URL parameter + with an ID that is not a valid device ID for the user in question, + the request fails with the appropriate error code. + """ + masquerading_user_id = b"@doppelganger:matrix.org" + masquerading_device_id = b"NOT_A_REAL_DEVICE_ID" + app_service = Mock( + token="foobar", url="a_url", sender=self.test_user, ip_range_whitelist=None + ) + app_service.is_interested_in_user = Mock(return_value=True) + self.store.get_app_service_by_token = Mock(return_value=app_service) + # This just needs to return a truth-y value. + self.store.get_user_by_id = simple_async_mock({"is_guest": False}) + self.store.get_user_by_access_token = simple_async_mock(None) + # This also needs to just return a truth-y value + self.store.get_device_opt = simple_async_mock(None) + + request = Mock(args={}) + request.getClientIP.return_value = "127.0.0.1" + request.args[b"access_token"] = [self.test_token] + request.args[b"user_id"] = [masquerading_user_id] + request.args[b"org.matrix.msc3202.device_id"] = [masquerading_device_id] + request.requestHeaders.getRawHeaders = mock_getRawHeaders() + + failure = self.get_failure(self.auth.get_user_by_req(request), AuthError) + self.assertEquals(failure.value.code, 400) + self.assertEquals(failure.value.errcode, Codes.EXCLUSIVE) + def test_get_user_from_macaroon(self): self.store.get_user_by_access_token = simple_async_mock( TokenLookupResult(user_id="@baldrick:matrix.org", device_id="device") From ae968eaa936513455b77768c92dd22ef0bf847a7 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Thu, 9 Dec 2021 13:10:18 +0000 Subject: [PATCH 10/16] Add an experimental flag to control device masquerading --- synapse/api/auth.py | 5 ++++- synapse/config/experimental.py | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index fd48735e1cd9..0bb4b77f8465 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -339,7 +339,10 @@ async def _get_appservice_user_id_and_device_id( effective_device_id: Optional[str] = None - if DEVICE_ID_ARG_NAME in request.args: + if ( + self.hs.config.experimental.msc3202_device_masquerading_enabled + and DEVICE_ID_ARG_NAME in request.args + ): effective_device_id = request.args[DEVICE_ID_ARG_NAME][0].decode("utf8") # We only just set this so it can't be None! assert effective_device_id is not None diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py index d78a15097c87..678c78d56512 100644 --- a/synapse/config/experimental.py +++ b/synapse/config/experimental.py @@ -49,3 +49,8 @@ def read_config(self, config: JsonDict, **kwargs): # MSC3030 (Jump to date API endpoint) self.msc3030_enabled: bool = experimental.get("msc3030_enabled", False) + + # The portion of MSC3202 which is related to device masquerading. + self.msc3202_device_masquerading_enabled: bool = experimental.get( + "msc3202_device_masquerading", False + ) From 11e2192b3224816578f054a325b2c16ed4a70580 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Thu, 9 Dec 2021 13:13:32 +0000 Subject: [PATCH 11/16] Update tests to enable experimental features --- tests/api/test_auth.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py index fe98c6d4dc1b..3c9ca5292205 100644 --- a/tests/api/test_auth.py +++ b/tests/api/test_auth.py @@ -31,6 +31,7 @@ from tests import unittest from tests.test_utils import simple_async_mock +from tests.unittest import override_config from tests.utils import mock_getRawHeaders @@ -210,6 +211,7 @@ def test_get_user_by_req_appservice_valid_token_bad_user_id(self): request.requestHeaders.getRawHeaders = mock_getRawHeaders() self.get_failure(self.auth.get_user_by_req(request), AuthError) + @override_config({"experimental_features": {"msc3202_device_masquerading": True}}) def test_get_user_by_req_appservice_valid_token_valid_device_id(self): """ Tests that when an application service passes the device_id URL parameter @@ -241,6 +243,7 @@ def test_get_user_by_req_appservice_valid_token_valid_device_id(self): ) self.assertEquals(requester.device_id, masquerading_device_id.decode("utf8")) + @override_config({"experimental_features": {"msc3202_device_masquerading": True}}) def test_get_user_by_req_appservice_valid_token_invalid_device_id(self): """ Tests that when an application service passes the device_id URL parameter From 63042ac19081f1804500f00424632918410506e8 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Mon, 13 Dec 2021 14:35:34 +0000 Subject: [PATCH 12/16] Use get_device (fixing in upstream develop) --- synapse/api/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 0bb4b77f8465..0bf58dff08a5 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -346,7 +346,7 @@ async def _get_appservice_user_id_and_device_id( effective_device_id = request.args[DEVICE_ID_ARG_NAME][0].decode("utf8") # We only just set this so it can't be None! assert effective_device_id is not None - device_opt = await self.store.get_device_opt( + device_opt = await self.store.get_device( effective_user_id, effective_device_id ) if device_opt is None: From 2becd5209df07553a759a359bf7c54876e97e64d Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Mon, 13 Dec 2021 14:47:57 +0000 Subject: [PATCH 13/16] TEMPORARY Revert "Use get_device (fixing in upstream develop)" This reverts commit 63042ac19081f1804500f00424632918410506e8. --- synapse/api/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 0bf58dff08a5..0bb4b77f8465 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -346,7 +346,7 @@ async def _get_appservice_user_id_and_device_id( effective_device_id = request.args[DEVICE_ID_ARG_NAME][0].decode("utf8") # We only just set this so it can't be None! assert effective_device_id is not None - device_opt = await self.store.get_device( + device_opt = await self.store.get_device_opt( effective_user_id, effective_device_id ) if device_opt is None: From 405f3f958045bfa6b14ded796896d0b8a249a546 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Mon, 13 Dec 2021 14:57:00 +0000 Subject: [PATCH 14/16] Fix comment --- tests/api/test_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py index 3c9ca5292205..6f15ce22d569 100644 --- a/tests/api/test_auth.py +++ b/tests/api/test_auth.py @@ -260,7 +260,7 @@ def test_get_user_by_req_appservice_valid_token_invalid_device_id(self): # This just needs to return a truth-y value. self.store.get_user_by_id = simple_async_mock({"is_guest": False}) self.store.get_user_by_access_token = simple_async_mock(None) - # This also needs to just return a truth-y value + # This also needs to just return a falsey value self.store.get_device_opt = simple_async_mock(None) request = Mock(args={}) From 15cb2f06789821c5984a51189454017b0a8dcab8 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Mon, 13 Dec 2021 14:35:34 +0000 Subject: [PATCH 15/16] Use get_device --- synapse/api/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 0bb4b77f8465..0bf58dff08a5 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -346,7 +346,7 @@ async def _get_appservice_user_id_and_device_id( effective_device_id = request.args[DEVICE_ID_ARG_NAME][0].decode("utf8") # We only just set this so it can't be None! assert effective_device_id is not None - device_opt = await self.store.get_device_opt( + device_opt = await self.store.get_device( effective_user_id, effective_device_id ) if device_opt is None: From f35234adc8d8e0bac4d4dc5fcb813adf35c14d99 Mon Sep 17 00:00:00 2001 From: "Olivier Wilkinson (reivilibre)" Date: Wed, 15 Dec 2021 10:11:21 +0000 Subject: [PATCH 16/16] Fix up: mock get_device in lieu of get_device_opt (since changes from develop) --- tests/api/test_auth.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py index 6f15ce22d569..a2dfa1ed0507 100644 --- a/tests/api/test_auth.py +++ b/tests/api/test_auth.py @@ -229,7 +229,7 @@ def test_get_user_by_req_appservice_valid_token_valid_device_id(self): self.store.get_user_by_id = simple_async_mock({"is_guest": False}) self.store.get_user_by_access_token = simple_async_mock(None) # This also needs to just return a truth-y value - self.store.get_device_opt = simple_async_mock({"hidden": False}) + self.store.get_device = simple_async_mock({"hidden": False}) request = Mock(args={}) request.getClientIP.return_value = "127.0.0.1" @@ -261,7 +261,7 @@ def test_get_user_by_req_appservice_valid_token_invalid_device_id(self): self.store.get_user_by_id = simple_async_mock({"is_guest": False}) self.store.get_user_by_access_token = simple_async_mock(None) # This also needs to just return a falsey value - self.store.get_device_opt = simple_async_mock(None) + self.store.get_device = simple_async_mock(None) request = Mock(args={}) request.getClientIP.return_value = "127.0.0.1"