Update matrix-authentication-service in Playwright tests

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

playwright/e2e/crypto/backups.spec.ts

@@ -29,7 +29,7 @@ masTest.describe("Encryption state after registration", () => {
         await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!");
 
         await app.settings.openUserSettings("Security & Privacy");
-        expect(page.getByText("This session is backing up your keys.")).toBeVisible();
+        await expect(page.getByText("This session is backing up your keys.")).toBeVisible();
     });
 
     masTest("user is prompted to set up recovery", async ({ page, mailhog, app }) => {

playwright/e2e/oidc/oidc-native.spec.ts

@@ -41,11 +41,11 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
 
         // Assert MAS sees the session as OIDC Native
         const newPage = await newPagePromise;
-        await newPage.getByText("Sessions").click();
+        await newPage.getByText("Devices").click();
         await newPage.getByText(deviceId).click();
         await expect(newPage.getByText("Element")).toBeVisible();
-        await expect(newPage.getByText("oauth2_session:")).toBeVisible();
         await expect(newPage.getByText("http://localhost:8080/")).toBeVisible();
+        await expect(newPage).toHaveURL(/\/oauth2_session/);
         await newPage.close();
 
         // Assert logging out revokes both tokens

playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml

@@ -83,102 +83,7 @@ experimental_features:
         enabled: true
 
         issuer: http://localhost:%MAS_PORT%/
-        # We have to bake in the metadata here as we need to override `introspection_endpoint`
+        introspection_endpoint: "http://localhost:%MAS_PORT%/oauth2/introspect",
-        issuer_metadata: {
-                "issuer": "http://localhost:%MAS_PORT%/",
-                "authorization_endpoint": "http://localhost:%MAS_PORT%/authorize",
-                "token_endpoint": "http://localhost:%MAS_PORT%/oauth2/token",
-                "jwks_uri": "http://localhost:%MAS_PORT%/oauth2/keys.json",
-                "registration_endpoint": "http://localhost:%MAS_PORT%/oauth2/registration",
-                "scopes_supported": ["openid", "email"],
-                "response_types_supported": ["code", "id_token", "code id_token"],
-                "response_modes_supported": ["form_post", "query", "fragment"],
-                "grant_types_supported":
-                    [
-                        "authorization_code",
-                        "refresh_token",
-                        "client_credentials",
-                        "urn:ietf:params:oauth:grant-type:device_code",
-                    ],
-                "token_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "token_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                "revocation_endpoint": "http://localhost:%MAS_PORT%/oauth2/revoke",
-                "revocation_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "revocation_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                # This is the only changed value
-                "introspection_endpoint": "http://host.containers.internal:%MAS_PORT%/oauth2/introspect",
-                "introspection_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "introspection_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                "code_challenge_methods_supported": ["plain", "S256"],
-                "userinfo_endpoint": "http://localhost:%MAS_PORT%/oauth2/userinfo",
-                "subject_types_supported": ["public"],
-                "id_token_signing_alg_values_supported":
-                    ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"],
-                "userinfo_signing_alg_values_supported":
-                    ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"],
-                "display_values_supported": ["page"],
-                "claim_types_supported": ["normal"],
-                "claims_supported": ["iss", "sub", "aud", "iat", "exp", "nonce", "auth_time", "at_hash", "c_hash"],
-                "claims_parameter_supported": false,
-                "request_parameter_supported": false,
-                "request_uri_parameter_supported": false,
-                "prompt_values_supported": ["none", "login", "create"],
-                "device_authorization_endpoint": "http://localhost:%MAS_PORT%/oauth2/device",
-                "org.matrix.matrix-authentication-service.graphql_endpoint": "http://localhost:%MAS_PORT%/graphql",
-                "account_management_uri": "http://localhost:%MAS_PORT%/account/",
-                "account_management_actions_supported":
-                    [
-                        "org.matrix.profile",
-                        "org.matrix.sessions_list",
-                        "org.matrix.session_view",
-                        "org.matrix.session_end",
-                    ],
-            }
 
         # Matches the `client_id` in the auth service config
         client_id: 0000000000000000000SYNAPSE
@@ -189,6 +94,3 @@ experimental_features:
 
         # Matches the `matrix.secret` in the auth service config
         admin_token: "AnotherRandomSecret"
-
-        # URL to advertise to clients where users can self-manage their account
-        account_management_url: "http://localhost:%MAS_PORT%/account"

playwright/plugins/matrix-authentication-service/config.yaml

@@ -125,6 +125,7 @@ passwords:
     schemes:
         - version: 1
           algorithm: argon2id
+    minimum_complexity: 0
 matrix:
     homeserver: localhost
     secret: AnotherRandomSecret
@@ -148,6 +149,8 @@ branding:
     tos_uri: null
     imprint: null
     logo_uri: null
+account:
+    password_registration_enabled: true
 experimental:
     access_token_ttl: 300
     compat_token_ttl: 300