Update matrix-authentication-service in Playwright tests

playwright/e2e/crypto/backups.spec.ts

@@ -29,7 +29,7 @@ masTest.describe("Encryption state after registration", () => {
         await registerAccountMas(page, mailhog.api, "alice", "[email protected]", "Pa$sW0rD!");
 
         await app.settings.openUserSettings("Security & Privacy");
-        expect(page.getByText("This session is backing up your keys.")).toBeVisible();
+        await expect(page.getByText("This session is backing up your keys.")).toBeVisible();
     });
 
     masTest("user is prompted to set up recovery", async ({ page, mailhog, app }) => {

playwright/e2e/oidc/oidc-native.spec.ts

@@ -41,11 +41,11 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
 
         // Assert MAS sees the session as OIDC Native
         const newPage = await newPagePromise;
-        await newPage.getByText("Sessions").click();
+        await newPage.getByText("Devices").click();
         await newPage.getByText(deviceId).click();
         await expect(newPage.getByText("Element")).toBeVisible();
-        await expect(newPage.getByText("oauth2_session:")).toBeVisible();
         await expect(newPage.getByText("http://localhost:8080/")).toBeVisible();
+        await expect(newPage).toHaveURL(/\/oauth2_session/);
         await newPage.close();
 
         // Assert logging out revokes both tokens

playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml

@@ -82,103 +82,8 @@ experimental_features:
     msc3861:
         enabled: true
 
-        issuer: http://localhost:%MAS_PORT%/
-        # We have to bake in the metadata here as we need to override `introspection_endpoint`
-        issuer_metadata: {
-                "issuer": "http://localhost:%MAS_PORT%/",
-                "authorization_endpoint": "http://localhost:%MAS_PORT%/authorize",
-                "token_endpoint": "http://localhost:%MAS_PORT%/oauth2/token",
-                "jwks_uri": "http://localhost:%MAS_PORT%/oauth2/keys.json",
-                "registration_endpoint": "http://localhost:%MAS_PORT%/oauth2/registration",
-                "scopes_supported": ["openid", "email"],
-                "response_types_supported": ["code", "id_token", "code id_token"],
-                "response_modes_supported": ["form_post", "query", "fragment"],
-                "grant_types_supported":
-                    [
-                        "authorization_code",
-                        "refresh_token",
-                        "client_credentials",
-                        "urn:ietf:params:oauth:grant-type:device_code",
-                    ],
-                "token_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "token_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                "revocation_endpoint": "http://localhost:%MAS_PORT%/oauth2/revoke",
-                "revocation_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "revocation_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                # This is the only changed value
-                "introspection_endpoint": "http://host.containers.internal:%MAS_PORT%/oauth2/introspect",
-                "introspection_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "introspection_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                "code_challenge_methods_supported": ["plain", "S256"],
-                "userinfo_endpoint": "http://localhost:%MAS_PORT%/oauth2/userinfo",
-                "subject_types_supported": ["public"],
-                "id_token_signing_alg_values_supported":
-                    ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"],
-                "userinfo_signing_alg_values_supported":
-                    ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"],
-                "display_values_supported": ["page"],
-                "claim_types_supported": ["normal"],
-                "claims_supported": ["iss", "sub", "aud", "iat", "exp", "nonce", "auth_time", "at_hash", "c_hash"],
-                "claims_parameter_supported": false,
-                "request_parameter_supported": false,
-                "request_uri_parameter_supported": false,
-                "prompt_values_supported": ["none", "login", "create"],
-                "device_authorization_endpoint": "http://localhost:%MAS_PORT%/oauth2/device",
-                "org.matrix.matrix-authentication-service.graphql_endpoint": "http://localhost:%MAS_PORT%/graphql",
-                "account_management_uri": "http://localhost:%MAS_PORT%/account/",
-                "account_management_actions_supported":
-                    [
-                        "org.matrix.profile",
-                        "org.matrix.sessions_list",
-                        "org.matrix.session_view",
-                        "org.matrix.session_end",
-                    ],
-            }
+        issuer: http://host.containers.internal:%MAS_PORT%/
+        introspection_endpoint: http://host.containers.internal:%MAS_PORT%/oauth2/introspect
 
         # Matches the `client_id` in the auth service config
         client_id: 0000000000000000000SYNAPSE
@@ -189,6 +94,3 @@ experimental_features:
 
         # Matches the `matrix.secret` in the auth service config
         admin_token: "AnotherRandomSecret"
-
-        # URL to advertise to clients where users can self-manage their account
-        account_management_url: "http://localhost:%MAS_PORT%/account"

playwright/plugins/matrix-authentication-service/config.yaml

@@ -125,6 +125,7 @@ passwords:
     schemes:
         - version: 1
           algorithm: argon2id
+    minimum_complexity: 0
 matrix:
     homeserver: localhost
     secret: AnotherRandomSecret
@@ -148,6 +149,8 @@ branding:
     tos_uri: null
     imprint: null
     logo_uri: null
+account:
+    password_registration_enabled: true
 experimental:
     access_token_ttl: 300
     compat_token_ttl: 300

playwright/plugins/matrix-authentication-service/index.ts

@@ -18,10 +18,9 @@ import { HomeserverInstance } from "../homeserver";
 import { Instance as MailhogInstance } from "../mailhog";
 
 // Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image.
-// We use a debug tag so that we have a shell and can run all 3 necessary commands in one run.
-const TAG = "0.8.0-debug";
+const TAG = "0.12.0";
 
-export interface ProxyInstance {
+interface Instance {
     containerId: string;
     postgresId: string;
     configDir: string;
@@ -62,7 +61,7 @@ async function cfgDirFromTemplate(opts: {
 export class MatrixAuthenticationService {
     private readonly masDocker = new Docker();
     private readonly postgresDocker = new PostgresDocker("mas");
-    private instance: ProxyInstance;
+    private instance: Instance;
     public port: number;
 
     constructor(private context: BrowserContext) {}
@@ -72,7 +71,7 @@ export class MatrixAuthenticationService {
         return { port: this.port };
     }
 
-    async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise<ProxyInstance> {
+    async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise<Instance> {
         console.log(new Date(), "Starting mas...");
 
         if (!this.port) await this.prepare();
@@ -87,15 +86,10 @@ export class MatrixAuthenticationService {
 
         console.log(new Date(), "starting mas container...", TAG);
         const containerId = await this.masDocker.run({
-            image: "ghcr.io/matrix-org/matrix-authentication-service:" + TAG,
+            image: "ghcr.io/element-hq/matrix-authentication-service:" + TAG,
             containerName: "react-sdk-playwright-mas",
-            params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`, "--entrypoint", "sh"],
-            cmd: [
-                "-c",
-                "mas-cli database migrate --config /config/config.yaml && " +
-                    "mas-cli config sync --config /config/config.yaml && " +
-                    "mas-cli server --config /config/config.yaml",
-            ],
+            params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`],
+            cmd: ["server", "--config", "/config/config.yaml"],
         });
         console.log(new Date(), "started!");