OpenCloud
/
element-web
mirror of https://github.com/vector-im/element-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Iterate 

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
pull/28860/head
Michael Telatynski 2025-01-06 13:06:03 +00:00
parent 99af4a49a7
commit 4fce0013c8
No known key found for this signature in database
GPG Key ID: A2B008A5F49F5D0D
5 changed files with 53 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
playwright/e2e/crypto/backups.spec.ts
View File

@ -31,7 +31,7 @@ test.describe("Encryption state after registration", () => {
await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!");
await app.settings.openUserSettings("Security & Privacy"); await app.settings.openUserSettings("Security & Privacy");
expect(page.getByText("This session is backing up your keys.")).toBeVisible(); await expect(page.getByText("This session is backing up your keys.")).toBeVisible();
}); });
test("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => { test("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => {

8
playwright/e2e/oidc/oidc-native.spec.ts
View File

@ -18,7 +18,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
test.slow(); // trace recording takes a while here test.slow(); // trace recording takes a while here
test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhogClient, mas }) => { test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhogClient, mas }) => {
const tokenUri = `http://${mas.getHost()}:${mas.getMappedPort(8080)}/oauth2/token`; const tokenUri = `${mas.baseUrl}/oauth2/token`;
const tokenApiPromise = page.waitForRequest( const tokenApiPromise = page.waitForRequest(
(request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code", (request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code",
); );
@ -44,15 +44,15 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
// Assert MAS sees the session as OIDC Native // Assert MAS sees the session as OIDC Native
const newPage = await newPagePromise; const newPage = await newPagePromise;
await newPage.getByText("Sessions").click(); await newPage.getByText("Devices").click();
await newPage.getByText(deviceId).click(); await newPage.getByText(deviceId).click();
await expect(newPage.getByText("Element")).toBeVisible(); await expect(newPage.getByText("Element")).toBeVisible();
await expect(newPage.getByText("oauth2_session:")).toBeVisible();
await expect(newPage.getByText("http://localhost:8080/")).toBeVisible(); await expect(newPage.getByText("http://localhost:8080/")).toBeVisible();
await expect(newPage).toHaveURL(/\/oauth2_session/);
await newPage.close(); await newPage.close();
// Assert logging out revokes both tokens // Assert logging out revokes both tokens
const revokeUri = `http://${mas.getHost()}:${mas.getMappedPort(8080)}/oauth2/revoke`; const revokeUri = `${mas.baseUrl}/oauth2/revoke`;
const revokeAccessTokenPromise = page.waitForRequest( const revokeAccessTokenPromise = page.waitForRequest(
(request) => request.url() === revokeUri && request.postDataJSON()["token_type_hint"] === "access_token", (request) => request.url() === revokeUri && request.postDataJSON()["token_type_hint"] === "access_token",
); );

166
playwright/plugins/homeserver/synapse/masHomeserver.ts
View File

@ -6,12 +6,14 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com
Please see LICENSE files in the repository root for full details. Please see LICENSE files in the repository root for full details.
*/ */
import { Fixtures } from "@playwright/test"; import { Fixtures, PlaywrightTestArgs } from "@playwright/test";
import { Services } from "../../../services.ts"; import { Services } from "../../../services.ts";
import { Fixtures as BaseFixtures } from "../../../element-web-test.ts";
import { MatrixAuthenticationServiceContainer } from "../../../testcontainers/mas.ts"; import { MatrixAuthenticationServiceContainer } from "../../../testcontainers/mas.ts";
export const masHomeserver: Fixtures<Services, {}, Services> = { type Fixture = PlaywrightTestArgs & Services & BaseFixtures;
export const masHomeserver: Fixtures<Fixture, {}, Fixture> = {
mas: async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => { mas: async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => {
const config = { const config = {
clients: [ clients: [
@ -24,7 +26,7 @@ export const masHomeserver: Fixtures<Services, {}, Services> = {
matrix: { matrix: {
homeserver: "localhost", homeserver: "localhost",
secret: "AnotherRandomSecret", secret: "AnotherRandomSecret",
endpoint: "http://synapse:8008", endpoint: "http://homeserver:8008",
}, },
}; };
@ -43,144 +45,12 @@ export const masHomeserver: Fixtures<Services, {}, Services> = {
experimental_features: { experimental_features: {
msc3861: { msc3861: {
enabled: true, enabled: true,
issuer: "http://mas:8080/", issuer: `http://mas:8080/`,
issuer_metadata: { introspection_endpoint: "http://mas:8080/oauth2/introspect",
"issuer": `http://${container.getHost()}:${container.getMappedPort(8080)}/`,
"authorization_endpoint": "http://mas:8080/authorize",
"token_endpoint": "http://mas:8080/oauth2/token",
"jwks_uri": "http://mas:8080/oauth2/keys.json",
"registration_endpoint": "http://mas:8080/oauth2/registration",
"scopes_supported": ["openid", "email"],
"response_types_supported": ["code", "id_token", "code id_token"],
"response_modes_supported": ["form_post", "query", "fragment"],
"grant_types_supported": [
"authorization_code",
"refresh_token",
"client_credentials",
"urn:ietf:params:oauth:grant-type:device_code",
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"token_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"revocation_endpoint": "http://mas:8080/oauth2/revoke",
"revocation_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"revocation_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"introspection_endpoint": "http://mas:8080/oauth2/introspect",
"introspection_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"introspection_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"code_challenge_methods_supported": ["plain", "S256"],
"userinfo_endpoint": "http://mas:8080/oauth2/userinfo",
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"PS256",
"PS384",
"PS512",
"ES256K",
],
"userinfo_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"PS256",
"PS384",
"PS512",
"ES256K",
],
"display_values_supported": ["page"],
"claim_types_supported": ["normal"],
"claims_supported": [
"iss",
"sub",
"aud",
"iat",
"exp",
"nonce",
"auth_time",
"at_hash",
"c_hash",
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"prompt_values_supported": ["none", "login", "create"],
"device_authorization_endpoint": "http://mas:8080/oauth2/device",
"org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql",
"account_management_uri": "http://mas:8080/account/",
"account_management_actions_supported": [
"org.matrix.profile",
"org.matrix.sessions_list",
"org.matrix.session_view",
"org.matrix.session_end",
],
},
client_id: config.clients[0].client_id, client_id: config.clients[0].client_id,
client_auth_method: config.clients[0].client_auth_method, client_auth_method: config.clients[0].client_auth_method,
client_secret: config.clients[0].client_secret, client_secret: config.clients[0].client_secret,
admin_token: config.matrix.secret, admin_token: config.matrix.secret,
account_management_url: `http://${container.getHost()}:${container.getMappedPort(8080)}/account`,
}, },
}, },
}); });
@ -188,4 +58,26 @@ export const masHomeserver: Fixtures<Services, {}, Services> = {
await use(container); await use(container);
await container.stop(); await container.stop();
}, },
config: async ({ homeserver, context, mas }, use) => {
const issuer = `${mas.baseUrl}/`;
const wellKnown = {
"m.homeserver": {
base_url: homeserver.baseUrl,
},
"org.matrix.msc2965.authentication": {
issuer,
account: `${issuer}account`,
},
};
// Ensure org.matrix.msc2965.authentication is in well-known
await context.route("https://localhost/.well-known/matrix/client", async (route) => {
await route.fulfill({ json: wellKnown });
});
await use({
default_server_config: wellKnown,
});
},
}; };

3
playwright/services.ts
View File

@ -12,6 +12,7 @@ import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers
import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts"; import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts";
import { ContainerLogger } from "./testcontainers/utils.ts"; import { ContainerLogger } from "./testcontainers/utils.ts";
import { StartedMatrixAuthenticationServiceContainer } from "./testcontainers/mas.ts";
export interface Services { export interface Services {
logger: ContainerLogger; logger: ContainerLogger;
@ -25,7 +26,7 @@ export interface Services {
synapseConfigOptions: SynapseConfigOptions; synapseConfigOptions: SynapseConfigOptions;
_homeserver: SynapseContainer; _homeserver: SynapseContainer;
homeserver: StartedSynapseContainer; homeserver: StartedSynapseContainer;
mas?: StartedTestContainer; mas?: StartedMatrixAuthenticationServiceContainer;
} }
export const test = base.extend<Services>({ export const test = base.extend<Services>({

21
playwright/testcontainers/mas.ts
View File

@ -5,7 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com
Please see LICENSE files in the repository root for full details. Please see LICENSE files in the repository root for full details.
*/ */
import { GenericContainer, StartedTestContainer, Wait } from "testcontainers"; import { AbstractStartedContainer, GenericContainer, StartedTestContainer, Wait } from "testcontainers";
import { StartedPostgreSqlContainer } from "@testcontainers/postgresql"; import { StartedPostgreSqlContainer } from "@testcontainers/postgresql";
import * as YAML from "yaml"; import * as YAML from "yaml";
@ -133,6 +133,7 @@ const DEFAULT_CONFIG = {
algorithm: "argon2id", algorithm: "argon2id",
}, },
], ],
minimum_complexity: 0,
}, },
policy: { policy: {
wasm_module: "/usr/local/share/mas-cli/policy.wasm", wasm_module: "/usr/local/share/mas-cli/policy.wasm",
@ -158,6 +159,9 @@ const DEFAULT_CONFIG = {
imprint: null, imprint: null,
logo_uri: null, logo_uri: null,
}, },
account: {
password_registration_enabled: true,
},
experimental: { experimental: {
access_token_ttl: 300, access_token_ttl: 300,
compat_token_ttl: 300, compat_token_ttl: 300,
@ -168,7 +172,7 @@ export class MatrixAuthenticationServiceContainer extends GenericContainer {
private config: typeof DEFAULT_CONFIG; private config: typeof DEFAULT_CONFIG;
constructor(db: StartedPostgreSqlContainer) { constructor(db: StartedPostgreSqlContainer) {
super("ghcr.io/matrix-org/matrix-authentication-service:0.8.0"); super("ghcr.io/element-hq/matrix-authentication-service:0.12.0");
this.config = deepCopy(DEFAULT_CONFIG); this.config = deepCopy(DEFAULT_CONFIG);
this.config.database.username = db.getUsername(); this.config.database.username = db.getUsername();
@ -187,7 +191,7 @@ export class MatrixAuthenticationServiceContainer extends GenericContainer {
return this; return this;
} }
public override async start(): Promise<StartedTestContainer> { public override async start(): Promise<StartedMatrixAuthenticationServiceContainer> {
const port = await getFreePort(); const port = await getFreePort();
this.config.http.public_base = `http://localhost:${port}/`; this.config.http.public_base = `http://localhost:${port}/`;
@ -203,6 +207,15 @@ export class MatrixAuthenticationServiceContainer extends GenericContainer {
}, },
]); ]);
return super.start(); return new StartedMatrixAuthenticationServiceContainer(await super.start(), `http://localhost:${port}`);
}
}
export class StartedMatrixAuthenticationServiceContainer extends AbstractStartedContainer {
constructor(
container: StartedTestContainer,
public readonly baseUrl: string,
) {
super(container);
} }
} }