diff --git a/.github/workflows/playwright-image-updates.yaml b/.github/workflows/playwright-image-updates.yaml index 7ca8ec0ac42..f9488eff64b 100644 --- a/.github/workflows/playwright-image-updates.yaml +++ b/.github/workflows/playwright-image-updates.yaml @@ -21,6 +21,15 @@ jobs: env: IMAGE: ghcr.io/element-hq/synapse:develop + - name: Update MAS image + run: | + docker pull "$IMAGE" + INSPECT=$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE") + DIGEST=${INSPECT#*@} + sed -i "s/const TAG.*/const TAG = \"main@$DIGEST\";/" playwright/testcontainers/mas.ts + env: + IMAGE: ghcr.io/element-hq/matrix-authentication-service:main + - name: Create Pull Request id: cpr uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 diff --git a/package.json b/package.json index bfc9634b48d..e28e1ebd47c 100644 --- a/package.json +++ b/package.json @@ -187,7 +187,7 @@ "@babel/runtime": "^7.12.5", "@casualbot/jest-sonar-reporter": "2.2.7", "@element-hq/element-call-embedded": "0.14.1", - "@element-hq/element-web-playwright-common": "^1.4.4", + "@element-hq/element-web-playwright-common": "^1.4.6", "@peculiar/webcrypto": "^1.4.3", "@playwright/test": "^1.50.1", "@principalstudio/html-webpack-inject-preload": "^1.2.7", diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index 8b49942dd35..acb23c0a817 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -95,10 +95,6 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { const result = await mas.manage("kill-sessions", userId); expect(result.output).toContain("Ended 1 active OAuth 2.0 session"); - // Workaround for Synapse's 2 minute cache on MAS token validity - // (https://github.com/element-hq/synapse/pull/18231) - await homeserver.restart(); - await page.goto("http://localhost:8080"); await expect( page.getByText("For security, this session has been signed out. Please sign in again."), diff --git a/playwright/plugins/homeserver/synapse/masHomeserver.ts b/playwright/plugins/homeserver/synapse/masHomeserver.ts index 342737d80d4..84d73018fc1 100644 --- a/playwright/plugins/homeserver/synapse/masHomeserver.ts +++ b/playwright/plugins/homeserver/synapse/masHomeserver.ts @@ -1,38 +1,49 @@ /* -Copyright 2024 New Vector Ltd. +Copyright 2024-2025 New Vector Ltd. Copyright 2023 The Matrix.org Foundation C.I.C. SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial Please see LICENSE files in the repository root for full details. */ -import { MatrixAuthenticationServiceContainer } from "@element-hq/element-web-playwright-common/lib/testcontainers"; - +import { MatrixAuthenticationServiceContainer } from "../../../testcontainers/mas.ts"; import { type Fixtures } from "../../../element-web-test.ts"; export const masHomeserver: Fixtures = { mas: [ async ({ _homeserver: homeserver, logger, network, postgres, mailpit }, use) => { - const config = { - clients: [ - { - client_id: "0000000000000000000SYNAPSE", - client_auth_method: "client_secret_basic", - client_secret: "SomeRandomSecret", - }, - ], - matrix: { - homeserver: "localhost", - secret: "AnotherRandomSecret", - endpoint: "http://homeserver:8008", - }, - }; + const secret = "AnotherRandomSecret"; + const limits = { burst: 10, per_second: 10 }; const container = await new MatrixAuthenticationServiceContainer(postgres) .withNetwork(network) .withNetworkAliases("mas") .withLogConsumer(logger.getConsumer("mas")) - .withConfig(config) + .withConfig({ + matrix: { + kind: "synapse", + homeserver: "localhost", + secret, + endpoint: "http://homeserver:8008", + }, + rate_limiting: { + login: { + per_ip: limits, + per_account: limits, + }, + registration: limits, + email_authentication: { + per_ip: limits, + per_address: limits, + emails_per_session: limits, + attempt_per_session: limits, + }, + account_recovery: { + per_ip: limits, + per_address: limits, + }, + }, + }) .start(); homeserver.withConfig({ @@ -40,16 +51,10 @@ export const masHomeserver: Fixtures = { enable_registration_without_verification: undefined, disable_msisdn_registration: undefined, password_config: undefined, - experimental_features: { - msc3861: { - enabled: true, - issuer: `http://mas:8080/`, - introspection_endpoint: "http://mas:8080/oauth2/introspect", - client_id: config.clients[0].client_id, - client_auth_method: config.clients[0].client_auth_method, - client_secret: config.clients[0].client_secret, - admin_token: config.matrix.secret, - }, + matrix_authentication_service: { + enabled: true, + endpoint: "http://mas:8080/", + secret, }, }); @@ -59,28 +64,6 @@ export const masHomeserver: Fixtures = { { scope: "worker" }, ], - config: async ({ homeserver, context, mas }, use) => { - const issuer = `${mas.baseUrl}/`; - const wellKnown = { - "m.homeserver": { - base_url: homeserver.baseUrl, - }, - "org.matrix.msc2965.authentication": { - issuer, - account: `${issuer}account`, - }, - }; - - // Ensure org.matrix.msc2965.authentication is in well-known - await context.route("https://localhost/.well-known/matrix/client", async (route) => { - await route.fulfill({ json: wellKnown }); - }); - - await use({ - default_server_config: wellKnown, - }); - }, - context: async ({ homeserverType, context }, use, testInfo) => { testInfo.skip(homeserverType !== "synapse", "does not yet support MAS"); await use(context); diff --git a/playwright/testcontainers/mas.ts b/playwright/testcontainers/mas.ts new file mode 100644 index 00000000000..6ee49ba6ef7 --- /dev/null +++ b/playwright/testcontainers/mas.ts @@ -0,0 +1,24 @@ +/* +Copyright 2025 New Vector Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial +Please see LICENSE files in the repository root for full details. +*/ + +import { + MatrixAuthenticationServiceContainer as BaseMatrixAuthenticationServiceContainer, + type StartedPostgreSqlContainer, +} from "@element-hq/element-web-playwright-common/lib/testcontainers"; + +const TAG = "main@sha256:ee8ce7523f6aeeee9abacb00021428f6f864347581ae23feb17303e55f633f13"; + +/** + * MatrixAuthenticationServiceContainer which freezes the docker digest to + * stabilise tests, updated periodically by the `playwright-image-updates.yaml` + * workflow. + */ +export class MatrixAuthenticationServiceContainer extends BaseMatrixAuthenticationServiceContainer { + public constructor(db: StartedPostgreSqlContainer) { + super(db, `ghcr.io/element-hq/matrix-authentication-service:${TAG}`); + } +} diff --git a/yarn.lock b/yarn.lock index 3494f7f50a9..e2863986775 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1726,10 +1726,10 @@ resolved "https://registry.yarnpkg.com/@element-hq/element-web-module-api/-/element-web-module-api-1.4.1.tgz#a46526d58985190f9989bf1686ea872687d3c6e1" integrity sha512-A8yaQtX7QoKThzzZVU+VYOFhpiNyppEMuIQijK48RvhVp1nwmy0cTD6u/6Yn64saNwJjtna+Oy+Qzo/TfwwhxQ== -"@element-hq/element-web-playwright-common@^1.4.4": - version "1.4.4" - resolved "https://registry.yarnpkg.com/@element-hq/element-web-playwright-common/-/element-web-playwright-common-1.4.4.tgz#d58dba7b5b4198f2fc137e1bdd1ad82c2cee46fb" - integrity sha512-QnWz8dlRuQHZYZT9ewrcN++l7gQ0Kf+oZwMCi0k1TBf8Za40r5ibNrgZqZYyCoItBc8LGTVL3yOrUfzN4Dm2Qw== +"@element-hq/element-web-playwright-common@^1.4.6": + version "1.4.6" + resolved "https://registry.yarnpkg.com/@element-hq/element-web-playwright-common/-/element-web-playwright-common-1.4.6.tgz#a94d5d4ea94627aec430dd904c43f509a2e6c4b2" + integrity sha512-LJ4V6e6NrF2ikNCsxR93PFwDfcRUTY3b2reXwlFJeo44pj8vTYFxkuJwokibFx6+x1zkXWAIMh/0saTMRUXdSA== dependencies: "@axe-core/playwright" "^4.10.1" "@testcontainers/postgresql" "^11.0.0" @@ -4592,13 +4592,14 @@ "@vector-im/matrix-wysiwyg-wasm@link:../../../.cache/yarn/v6/npm-@vector-im-matrix-wysiwyg-2.39.0-a6238e517f23a2f3025d9c65445914771c63b163-integrity/node_modules/bindings/wysiwyg-wasm": version "0.0.0" + uid "" "@vector-im/matrix-wysiwyg@2.39.0": version "2.39.0" resolved "https://registry.yarnpkg.com/@vector-im/matrix-wysiwyg/-/matrix-wysiwyg-2.39.0.tgz#a6238e517f23a2f3025d9c65445914771c63b163" integrity sha512-OROXnzPcQWrCMoUpIrCKEC4FYU+9SsRomUgu+VbJwWtBDkCbfvLD4z6w/mgiADw3iTUpBPgmcWJoGxesFuB20Q== dependencies: - "@vector-im/matrix-wysiwyg-wasm" "link:../../../.cache/yarn/v6/npm-@vector-im-matrix-wysiwyg-2.39.0-a6238e517f23a2f3025d9c65445914771c63b163-integrity/node_modules/bindings/wysiwyg-wasm" + "@vector-im/matrix-wysiwyg-wasm" "link:../../../Library/Caches/Yarn/v6/npm-@vector-im-matrix-wysiwyg-2.39.0-a6238e517f23a2f3025d9c65445914771c63b163-integrity/node_modules/bindings/wysiwyg-wasm" "@vitest/expect@3.2.4": version "3.2.4"