From 4eefa275ab14f6eb0f7472e9e8d89683274776af Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 13:10:05 +0000 Subject: [PATCH 1/5] Update matrix-authentication-service in Playwright tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/e2e/crypto/backups.spec.ts | 2 +- playwright/e2e/oidc/oidc-native.spec.ts | 4 +- .../templates/mas-oidc/homeserver.yaml | 100 +----------------- .../matrix-authentication-service/config.yaml | 3 + 4 files changed, 7 insertions(+), 102 deletions(-) diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index 5936c2ede5f..9d98534a47c 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -29,7 +29,7 @@ masTest.describe("Encryption state after registration", () => { await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!"); await app.settings.openUserSettings("Security & Privacy"); - expect(page.getByText("This session is backing up your keys.")).toBeVisible(); + await expect(page.getByText("This session is backing up your keys.")).toBeVisible(); }); masTest("user is prompted to set up recovery", async ({ page, mailhog, app }) => { diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index f8dd24daa65..e2e7a816dd2 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -41,11 +41,11 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { // Assert MAS sees the session as OIDC Native const newPage = await newPagePromise; - await newPage.getByText("Sessions").click(); + await newPage.getByText("Devices").click(); await newPage.getByText(deviceId).click(); await expect(newPage.getByText("Element")).toBeVisible(); - await expect(newPage.getByText("oauth2_session:")).toBeVisible(); await expect(newPage.getByText("http://localhost:8080/")).toBeVisible(); + await expect(newPage).toHaveURL(/\/oauth2_session/); await newPage.close(); // Assert logging out revokes both tokens diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml index 802d97acade..147944b89f8 100644 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml +++ b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml @@ -83,102 +83,7 @@ experimental_features: enabled: true issuer: http://localhost:%MAS_PORT%/ - # We have to bake in the metadata here as we need to override `introspection_endpoint` - issuer_metadata: { - "issuer": "http://localhost:%MAS_PORT%/", - "authorization_endpoint": "http://localhost:%MAS_PORT%/authorize", - "token_endpoint": "http://localhost:%MAS_PORT%/oauth2/token", - "jwks_uri": "http://localhost:%MAS_PORT%/oauth2/keys.json", - "registration_endpoint": "http://localhost:%MAS_PORT%/oauth2/registration", - "scopes_supported": ["openid", "email"], - "response_types_supported": ["code", "id_token", "code id_token"], - "response_modes_supported": ["form_post", "query", "fragment"], - "grant_types_supported": - [ - "authorization_code", - "refresh_token", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - ], - "token_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "token_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "revocation_endpoint": "http://localhost:%MAS_PORT%/oauth2/revoke", - "revocation_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "revocation_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - # This is the only changed value - "introspection_endpoint": "http://host.containers.internal:%MAS_PORT%/oauth2/introspect", - "introspection_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "introspection_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "code_challenge_methods_supported": ["plain", "S256"], - "userinfo_endpoint": "http://localhost:%MAS_PORT%/oauth2/userinfo", - "subject_types_supported": ["public"], - "id_token_signing_alg_values_supported": - ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"], - "userinfo_signing_alg_values_supported": - ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"], - "display_values_supported": ["page"], - "claim_types_supported": ["normal"], - "claims_supported": ["iss", "sub", "aud", "iat", "exp", "nonce", "auth_time", "at_hash", "c_hash"], - "claims_parameter_supported": false, - "request_parameter_supported": false, - "request_uri_parameter_supported": false, - "prompt_values_supported": ["none", "login", "create"], - "device_authorization_endpoint": "http://localhost:%MAS_PORT%/oauth2/device", - "org.matrix.matrix-authentication-service.graphql_endpoint": "http://localhost:%MAS_PORT%/graphql", - "account_management_uri": "http://localhost:%MAS_PORT%/account/", - "account_management_actions_supported": - [ - "org.matrix.profile", - "org.matrix.sessions_list", - "org.matrix.session_view", - "org.matrix.session_end", - ], - } + introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect", # Matches the `client_id` in the auth service config client_id: 0000000000000000000SYNAPSE @@ -189,6 +94,3 @@ experimental_features: # Matches the `matrix.secret` in the auth service config admin_token: "AnotherRandomSecret" - - # URL to advertise to clients where users can self-manage their account - account_management_url: "http://localhost:%MAS_PORT%/account" diff --git a/playwright/plugins/matrix-authentication-service/config.yaml b/playwright/plugins/matrix-authentication-service/config.yaml index e7ab83e736e..5ee69bdec5a 100644 --- a/playwright/plugins/matrix-authentication-service/config.yaml +++ b/playwright/plugins/matrix-authentication-service/config.yaml @@ -125,6 +125,7 @@ passwords: schemes: - version: 1 algorithm: argon2id + minimum_complexity: 0 matrix: homeserver: localhost secret: AnotherRandomSecret @@ -148,6 +149,8 @@ branding: tos_uri: null imprint: null logo_uri: null +account: + password_registration_enabled: true experimental: access_token_ttl: 300 compat_token_ttl: 300 From 1cd1dcd65240827d8fe53b4eeeb70e4254346e77 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 13:12:59 +0000 Subject: [PATCH 2/5] delint Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../homeserver/synapse/templates/mas-oidc/homeserver.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml index 147944b89f8..c2badec759b 100644 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml +++ b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml @@ -83,7 +83,7 @@ experimental_features: enabled: true issuer: http://localhost:%MAS_PORT%/ - introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect", + introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect" # Matches the `client_id` in the auth service config client_id: 0000000000000000000SYNAPSE From 84126e8ed0b864c9f06ee38237511bfed99974c4 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 13:31:15 +0000 Subject: [PATCH 3/5] Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../homeserver/synapse/templates/mas-oidc/homeserver.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml index c2badec759b..64fea9a5a97 100644 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml +++ b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml @@ -82,8 +82,8 @@ experimental_features: msc3861: enabled: true - issuer: http://localhost:%MAS_PORT%/ - introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect" + issuer: http://host.containers.internal:%MAS_PORT%/ + introspection_endpoint: http://host.containers.internal:%MAS_PORT%/oauth2/introspect # Matches the `client_id` in the auth service config client_id: 0000000000000000000SYNAPSE From d506dec51a3f950f4262f4415bc27e7808eccd45 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 15:09:39 +0000 Subject: [PATCH 4/5] Actually do the update Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- .../plugins/matrix-authentication-service/index.ts | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/playwright/plugins/matrix-authentication-service/index.ts b/playwright/plugins/matrix-authentication-service/index.ts index eeccd4f4950..d752b92e524 100644 --- a/playwright/plugins/matrix-authentication-service/index.ts +++ b/playwright/plugins/matrix-authentication-service/index.ts @@ -18,8 +18,7 @@ import { HomeserverInstance } from "../homeserver"; import { Instance as MailhogInstance } from "../mailhog"; // Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image. -// We use a debug tag so that we have a shell and can run all 3 necessary commands in one run. -const TAG = "0.8.0-debug"; +const TAG = "0.12.0"; export interface ProxyInstance { containerId: string; @@ -87,15 +86,10 @@ export class MatrixAuthenticationService { console.log(new Date(), "starting mas container...", TAG); const containerId = await this.masDocker.run({ - image: "ghcr.io/matrix-org/matrix-authentication-service:" + TAG, + image: "ghcr.io/element-hq/matrix-authentication-service:" + TAG, containerName: "react-sdk-playwright-mas", - params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`, "--entrypoint", "sh"], - cmd: [ - "-c", - "mas-cli database migrate --config /config/config.yaml && " + - "mas-cli config sync --config /config/config.yaml && " + - "mas-cli server --config /config/config.yaml", - ], + params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`], + cmd: ["mas-cli", "server", "--config", "/config/config.yaml"], }); console.log(new Date(), "started!"); From 4cacb832b07c44d682eed8d54289a8a189031a5d Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 6 Jan 2025 15:45:44 +0000 Subject: [PATCH 5/5] Fix mas run Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- playwright/plugins/matrix-authentication-service/index.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/playwright/plugins/matrix-authentication-service/index.ts b/playwright/plugins/matrix-authentication-service/index.ts index d752b92e524..775497ed968 100644 --- a/playwright/plugins/matrix-authentication-service/index.ts +++ b/playwright/plugins/matrix-authentication-service/index.ts @@ -20,7 +20,7 @@ import { Instance as MailhogInstance } from "../mailhog"; // Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image. const TAG = "0.12.0"; -export interface ProxyInstance { +interface Instance { containerId: string; postgresId: string; configDir: string; @@ -61,7 +61,7 @@ async function cfgDirFromTemplate(opts: { export class MatrixAuthenticationService { private readonly masDocker = new Docker(); private readonly postgresDocker = new PostgresDocker("mas"); - private instance: ProxyInstance; + private instance: Instance; public port: number; constructor(private context: BrowserContext) {} @@ -71,7 +71,7 @@ export class MatrixAuthenticationService { return { port: this.port }; } - async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise { + async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise { console.log(new Date(), "Starting mas..."); if (!this.port) await this.prepare(); @@ -89,7 +89,7 @@ export class MatrixAuthenticationService { image: "ghcr.io/element-hq/matrix-authentication-service:" + TAG, containerName: "react-sdk-playwright-mas", params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`], - cmd: ["mas-cli", "server", "--config", "/config/config.yaml"], + cmd: ["server", "--config", "/config/config.yaml"], }); console.log(new Date(), "started!");