OpenCloud
/
element-web
mirror of https://github.com/vector-im/element-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Iterate 

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
pull/28860/head
Michael Telatynski 2025-01-06 11:51:37 +00:00
parent f176473212
commit 75ba4f2b2a
No known key found for this signature in database
GPG Key ID: A2B008A5F49F5D0D
7 changed files with 221 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
playwright/e2e/crypto/backups.spec.ts
View File

@ -9,8 +9,9 @@ Please see LICENSE files in the repository root for full details.
import { type Page } from "@playwright/test"; import { type Page } from "@playwright/test";
import { test, expect } from "../../element-web-test"; import { test, expect } from "../../element-web-test";
import { test as masTest, registerAccountMas } from "../oidc"; import { registerAccountMas } from "../oidc";
import { isDendrite } from "../../plugins/homeserver/dendrite"; import { isDendrite } from "../../plugins/homeserver/dendrite";
import { masHomeserver } from "../../plugins/homeserver/synapse/masHomeserver.ts";
async function expectBackupVersionToBe(page: Page, version: string) { async function expectBackupVersionToBe(page: Page, version: string) {
await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(5) td")).toHaveText( await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(5) td")).toHaveText(
@ -20,10 +21,11 @@ async function expectBackupVersionToBe(page: Page, version: string) {
await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(6) td")).toHaveText(version); await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(6) td")).toHaveText(version);
} }
masTest.describe("Encryption state after registration", () => { test.describe("Encryption state after registration", () => {
masTest.skip(isDendrite, "does not yet support MAS"); test.use(masHomeserver);
test.skip(isDendrite, "does not yet support MAS");
masTest("Key backup is enabled by default", async ({ page, mailhogClient, app }) => { test("Key backup is enabled by default", async ({ page, mailhogClient, app }) => {
await page.goto("/#/login"); await page.goto("/#/login");
await page.getByRole("button", { name: "Continue" }).click(); await page.getByRole("button", { name: "Continue" }).click();
await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!");
@ -32,7 +34,7 @@ masTest.describe("Encryption state after registration", () => {
expect(page.getByText("This session is backing up your keys.")).toBeVisible(); expect(page.getByText("This session is backing up your keys.")).toBeVisible();
}); });
masTest("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => { test("user is prompted to set up recovery", async ({ page, mailhogClient, app }) => {
await page.goto("/#/login"); await page.goto("/#/login");
await page.getByRole("button", { name: "Continue" }).click(); await page.getByRole("button", { name: "Continue" }).click();
await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!"); await registerAccountMas(page, mailhogClient, "alice", "alice@email.com", "Pa$sW0rD!");

28
playwright/e2e/oidc/index.ts
View File

@ -9,33 +9,7 @@ Please see LICENSE files in the repository root for full details.
import { API, Messages } from "mailhog"; import { API, Messages } from "mailhog";
import { Page } from "@playwright/test"; import { Page } from "@playwright/test";
import { test as base, expect } from "../../element-web-test"; import { expect } from "../../element-web-test";
export const test = base.extend<{}>({
config: async ({ homeserver, mas, context }, use) => {
const issuer = `http://localhost:${mas.getMappedPort(8080)}/`;
const wellKnown = {
"m.homeserver": {
base_url: homeserver.baseUrl,
},
"org.matrix.msc2965.authentication": {
issuer,
account: `${issuer}account`,
},
};
// Ensure org.matrix.msc2965.authentication is in well-known
await context.route("https://localhost/.well-known/matrix/client", async (route) => {
await route.fulfill({ json: wellKnown });
});
await use({
default_server_config: wellKnown,
});
},
});
export { expect };
export async function registerAccountMas( export async function registerAccountMas(
page: Page, page: Page,

9
playwright/e2e/oidc/oidc-native.spec.ts
View File

@ -6,16 +6,19 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
Please see LICENSE files in the repository root for full details. Please see LICENSE files in the repository root for full details.
*/ */
import { test, expect, registerAccountMas } from "."; import { test, expect } from "../../element-web-test.ts";
import { registerAccountMas } from ".";
import { ElementAppPage } from "../../pages/ElementAppPage.ts"; import { ElementAppPage } from "../../pages/ElementAppPage.ts";
import { isDendrite } from "../../plugins/homeserver/dendrite"; import { isDendrite } from "../../plugins/homeserver/dendrite";
import { masHomeserver } from "../../plugins/homeserver/synapse/masHomeserver.ts";
test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
test.use(masHomeserver);
test.skip(isDendrite, "does not yet support MAS"); test.skip(isDendrite, "does not yet support MAS");
test.slow(); // trace recording takes a while here test.slow(); // trace recording takes a while here
test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhogClient, mas }) => { test("can register the oauth2 client and an account", async ({ context, page, homeserver, mailhogClient, mas }) => {
const tokenUri = `http://localhost:${mas.getMappedPort(8080)}/oauth2/token`; const tokenUri = `http://${mas.getHost()}:${mas.getMappedPort(8080)}/oauth2/token`;
const tokenApiPromise = page.waitForRequest( const tokenApiPromise = page.waitForRequest(
(request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code", (request) => request.url() === tokenUri && request.postDataJSON()["grant_type"] === "authorization_code",
); );
@ -49,7 +52,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
await newPage.close(); await newPage.close();
// Assert logging out revokes both tokens // Assert logging out revokes both tokens
const revokeUri = `http://localhost:${mas.getMappedPort(8080)}/oauth2/revoke`; const revokeUri = `http://${mas.getHost()}:${mas.getMappedPort(8080)}/oauth2/revoke`;
const revokeAccessTokenPromise = page.waitForRequest( const revokeAccessTokenPromise = page.waitForRequest(
(request) => request.url() === revokeUri && request.postDataJSON()["token_type_hint"] === "access_token", (request) => request.url() === revokeUri && request.postDataJSON()["token_type_hint"] === "access_token",
); );

2
playwright/e2e/sliding-sync/sliding-sync.spec.ts
View File

@ -31,7 +31,7 @@ const test = base.extend<{
}) })
.start(); .start();
const proxyAddress = `http://localhost:${container.getMappedPort(8008)}`; const proxyAddress = `http://${container.getHost()}:${container.getMappedPort(8008)}`;
await page.addInitScript((proxyAddress) => { await page.addInitScript((proxyAddress) => {
window.localStorage.setItem( window.localStorage.setItem(
"mx_local_settings", "mx_local_settings",

10
playwright/element-web-test.ts
View File

@ -165,8 +165,14 @@ export const test = base.extend<Fixtures>({
window.localStorage.setItem("mx_has_pickle_key", "false"); window.localStorage.setItem("mx_has_pickle_key", "false");
window.localStorage.setItem("mx_has_access_token", "true"); window.localStorage.setItem("mx_has_access_token", "true");
// Ensure the language is set to a consistent value window.localStorage.setItem(
window.localStorage.setItem("mx_local_settings", '{"language":"en"}'); "mx_local_settings",
JSON.stringify({
...JSON.parse(window.localStorage.getItem("mx_local_settings") || "{}"),
// Ensure the language is set to a consistent value
language: "en",
}),
);
}, },
{ baseUrl: homeserver.baseUrl, credentials }, { baseUrl: homeserver.baseUrl, credentials },
); );

191
playwright/plugins/homeserver/synapse/masHomeserver.ts Normal file
View File

@ -0,0 +1,191 @@
/*
Copyright 2024 New Vector Ltd.
Copyright 2023 The Matrix.org Foundation C.I.C.
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
Please see LICENSE files in the repository root for full details.
*/
import { Fixtures } from "@playwright/test";
import { Services } from "../../../services.ts";
import { MatrixAuthenticationServiceContainer } from "../../../testcontainers/mas.ts";
export const masHomeserver: Fixtures<Services, {}, Services> = {
mas: async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => {
const config = {
clients: [
{
client_id: "0000000000000000000SYNAPSE",
client_auth_method: "client_secret_basic",
client_secret: "SomeRandomSecret",
},
],
matrix: {
homeserver: "localhost",
secret: "AnotherRandomSecret",
endpoint: "http://synapse:8008",
},
};
const container = await new MatrixAuthenticationServiceContainer(postgres)
.withNetwork(network)
.withNetworkAliases("mas")
.withLogConsumer(logger.getConsumer("mas"))
.withConfig(config)
.start();
homeserver.withConfig({
enable_registration: undefined,
enable_registration_without_verification: undefined,
disable_msisdn_registration: undefined,
password_config: undefined,
experimental_features: {
msc3861: {
enabled: true,
issuer: "http://mas:8080/",
issuer_metadata: {
"issuer": `http://${container.getHost()}:${container.getMappedPort(8080)}/`,
"authorization_endpoint": "http://mas:8080/authorize",
"token_endpoint": "http://mas:8080/oauth2/token",
"jwks_uri": "http://mas:8080/oauth2/keys.json",
"registration_endpoint": "http://mas:8080/oauth2/registration",
"scopes_supported": ["openid", "email"],
"response_types_supported": ["code", "id_token", "code id_token"],
"response_modes_supported": ["form_post", "query", "fragment"],
"grant_types_supported": [
"authorization_code",
"refresh_token",
"client_credentials",
"urn:ietf:params:oauth:grant-type:device_code",
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"token_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"revocation_endpoint": "http://mas:8080/oauth2/revoke",
"revocation_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"revocation_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"introspection_endpoint": "http://mas:8080/oauth2/introspect",
"introspection_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"introspection_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"code_challenge_methods_supported": ["plain", "S256"],
"userinfo_endpoint": "http://mas:8080/oauth2/userinfo",
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"PS256",
"PS384",
"PS512",
"ES256K",
],
"userinfo_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"PS256",
"PS384",
"PS512",
"ES256K",
],
"display_values_supported": ["page"],
"claim_types_supported": ["normal"],
"claims_supported": [
"iss",
"sub",
"aud",
"iat",
"exp",
"nonce",
"auth_time",
"at_hash",
"c_hash",
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"prompt_values_supported": ["none", "login", "create"],
"device_authorization_endpoint": "http://mas:8080/oauth2/device",
"org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql",
"account_management_uri": "http://mas:8080/account/",
"account_management_actions_supported": [
"org.matrix.profile",
"org.matrix.sessions_list",
"org.matrix.session_view",
"org.matrix.session_end",
],
},
client_id: config.clients[0].client_id,
client_auth_method: config.clients[0].client_auth_method,
client_secret: config.clients[0].client_secret,
admin_token: config.matrix.secret,
account_management_url: `http://${container.getHost()}:${container.getMappedPort(8080)}/account`,
},
},
});
await use(container);
await container.stop();
},
};

184
playwright/services.ts
View File

@ -11,7 +11,6 @@ import { GenericContainer, Network, StartedNetwork, StartedTestContainer, Wait }
import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers/postgresql"; import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers/postgresql";
import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts"; import { StartedSynapseContainer, SynapseConfigOptions, SynapseContainer } from "./testcontainers/synapse.ts";
import { MatrixAuthenticationServiceContainer } from "./testcontainers/mas.ts";
import { ContainerLogger } from "./testcontainers/utils.ts"; import { ContainerLogger } from "./testcontainers/utils.ts";
export interface Services { export interface Services {
@ -26,7 +25,7 @@ export interface Services {
synapseConfigOptions: SynapseConfigOptions; synapseConfigOptions: SynapseConfigOptions;
_homeserver: SynapseContainer; _homeserver: SynapseContainer;
homeserver: StartedSynapseContainer; homeserver: StartedSynapseContainer;
mas: StartedTestContainer; mas?: StartedTestContainer;
} }
export const test = base.extend<Services>({ export const test = base.extend<Services>({
@ -88,7 +87,7 @@ export const test = base.extend<Services>({
const container = new SynapseContainer(request); const container = new SynapseContainer(request);
await use(container); await use(container);
}, },
homeserver: async ({ logger, network, _homeserver: homeserver, synapseConfigOptions }, use) => { homeserver: async ({ logger, network, _homeserver: homeserver, synapseConfigOptions, mas }, use) => {
const container = await homeserver const container = await homeserver
.withNetwork(network) .withNetwork(network)
.withNetworkAliases("homeserver") .withNetworkAliases("homeserver")
@ -99,179 +98,10 @@ export const test = base.extend<Services>({
await use(container); await use(container);
await container.stop(); await container.stop();
}, },
mas: async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => { // eslint-disable-next-line no-empty-pattern
const config = { mas: async ({}, use) => {
clients: [ // we stub the mas fixture to allow `homeserver` to depend on it to ensure
{ // when it is specified by `masHomeserver` it is started before the homeserver
client_id: "0000000000000000000SYNAPSE", await use(undefined);
client_auth_method: "client_secret_basic",
client_secret: "SomeRandomSecret",
},
],
matrix: {
homeserver: "localhost",
secret: "AnotherRandomSecret",
endpoint: "http://synapse:8008",
},
};
const container = await new MatrixAuthenticationServiceContainer(postgres)
.withNetwork(network)
.withNetworkAliases("mas")
.withLogConsumer(logger.getConsumer("mas"))
.withConfig(config)
.start();
homeserver.withConfig({
enable_registration: undefined,
enable_registration_without_verification: undefined,
disable_msisdn_registration: undefined,
experimental_features: {
msc3861: {
enabled: true,
issuer: "http://mas:8080/",
issuer_metadata: {
"issuer": `http://${container.getHost()}:${container.getMappedPort(8080)}/`,
"authorization_endpoint": "http://mas:8080/authorize",
"token_endpoint": "http://mas:8080/oauth2/token",
"jwks_uri": "http://mas:8080/oauth2/keys.json",
"registration_endpoint": "http://mas:8080/oauth2/registration",
"scopes_supported": ["openid", "email"],
"response_types_supported": ["code", "id_token", "code id_token"],
"response_modes_supported": ["form_post", "query", "fragment"],
"grant_types_supported": [
"authorization_code",
"refresh_token",
"client_credentials",
"urn:ietf:params:oauth:grant-type:device_code",
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"token_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"revocation_endpoint": "http://mas:8080/oauth2/revoke",
"revocation_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"revocation_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"introspection_endpoint": "http://mas:8080/oauth2/introspect",
"introspection_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none",
],
"introspection_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"code_challenge_methods_supported": ["plain", "S256"],
"userinfo_endpoint": "http://mas:8080/oauth2/userinfo",
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"PS256",
"PS384",
"PS512",
"ES256K",
],
"userinfo_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"PS256",
"PS384",
"PS512",
"ES256K",
],
"display_values_supported": ["page"],
"claim_types_supported": ["normal"],
"claims_supported": [
"iss",
"sub",
"aud",
"iat",
"exp",
"nonce",
"auth_time",
"at_hash",
"c_hash",
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"prompt_values_supported": ["none", "login", "create"],
"device_authorization_endpoint": "http://mas:8080/oauth2/device",
"org.matrix.matrix-authentication-service.graphql_endpoint": "http://mas:8080/graphql",
"account_management_uri": "http://mas:8080/account/",
"account_management_actions_supported": [
"org.matrix.profile",
"org.matrix.sessions_list",
"org.matrix.session_view",
"org.matrix.session_end",
],
},
client_id: config.clients[0].client_id,
client_auth_method: config.clients[0].client_auth_method,
client_secret: config.clients[0].client_secret,
admin_token: config.matrix.secret,
account_management_url: `http://${container.getHost()}:${container.getMappedPort(8080)}/account`,
},
},
});
await use(container);
await container.stop();
}, },
}); });