Update matrix-authentication-service in Playwright tests (#28876)

* Update matrix-authentication-service in Playwright tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * delint Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Actually do the update Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix mas run Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2025-01-06 17:24:11 +00:00 · 2025-01-06 17:24:11 +00:00 · b16088d098
parent 29624f7bcb
commit b16088d098
5 changed files with 15 additions and 116 deletions
--- a/playwright/e2e/crypto/backups.spec.ts
+++ b/playwright/e2e/crypto/backups.spec.ts
@ -33,7 +33,7 @@ masTest.describe("Encryption state after registration", () => {
        await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!");

        await app.settings.openUserSettings("Security & Privacy");
-        expect(page.getByText("This session is backing up your keys.")).toBeVisible();
+        await expect(page.getByText("This session is backing up your keys.")).toBeVisible();
    });

    masTest("user is prompted to set up recovery", async ({ page, mailhog, app }) => {
--- a/playwright/e2e/oidc/oidc-native.spec.ts
+++ b/playwright/e2e/oidc/oidc-native.spec.ts
@ -41,11 +41,11 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {

        // Assert MAS sees the session as OIDC Native
        const newPage = await newPagePromise;
-        await newPage.getByText("Sessions").click();
+        await newPage.getByText("Devices").click();
        await newPage.getByText(deviceId).click();
        await expect(newPage.getByText("Element")).toBeVisible();
-        await expect(newPage.getByText("oauth2_session:")).toBeVisible();
        await expect(newPage.getByText("http://localhost:8080/")).toBeVisible();
+        await expect(newPage).toHaveURL(/\/oauth2_session/);
        await newPage.close();

        // Assert logging out revokes both tokens
--- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml
+++ b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml
@ -82,103 +82,8 @@ experimental_features:
    msc3861:
        enabled: true

-        issuer: http://localhost:%MAS_PORT%/
-        # We have to bake in the metadata here as we need to override `introspection_endpoint`
-        issuer_metadata: {
-                "issuer": "http://localhost:%MAS_PORT%/",
-                "authorization_endpoint": "http://localhost:%MAS_PORT%/authorize",
-                "token_endpoint": "http://localhost:%MAS_PORT%/oauth2/token",
-                "jwks_uri": "http://localhost:%MAS_PORT%/oauth2/keys.json",
-                "registration_endpoint": "http://localhost:%MAS_PORT%/oauth2/registration",
-                "scopes_supported": ["openid", "email"],
-                "response_types_supported": ["code", "id_token", "code id_token"],
-                "response_modes_supported": ["form_post", "query", "fragment"],
-                "grant_types_supported":
-                    [
-                        "authorization_code",
-                        "refresh_token",
-                        "client_credentials",
-                        "urn:ietf:params:oauth:grant-type:device_code",
-                    ],
-                "token_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "token_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                "revocation_endpoint": "http://localhost:%MAS_PORT%/oauth2/revoke",
-                "revocation_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "revocation_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                # This is the only changed value
-                "introspection_endpoint": "http://host.containers.internal:%MAS_PORT%/oauth2/introspect",
-                "introspection_endpoint_auth_methods_supported":
-                    ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
-                "introspection_endpoint_auth_signing_alg_values_supported":
-                    [
-                        "HS256",
-                        "HS384",
-                        "HS512",
-                        "RS256",
-                        "RS384",
-                        "RS512",
-                        "PS256",
-                        "PS384",
-                        "PS512",
-                        "ES256",
-                        "ES384",
-                        "ES256K",
-                    ],
-                "code_challenge_methods_supported": ["plain", "S256"],
-                "userinfo_endpoint": "http://localhost:%MAS_PORT%/oauth2/userinfo",
-                "subject_types_supported": ["public"],
-                "id_token_signing_alg_values_supported":
-                    ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"],
-                "userinfo_signing_alg_values_supported":
-                    ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"],
-                "display_values_supported": ["page"],
-                "claim_types_supported": ["normal"],
-                "claims_supported": ["iss", "sub", "aud", "iat", "exp", "nonce", "auth_time", "at_hash", "c_hash"],
-                "claims_parameter_supported": false,
-                "request_parameter_supported": false,
-                "request_uri_parameter_supported": false,
-                "prompt_values_supported": ["none", "login", "create"],
-                "device_authorization_endpoint": "http://localhost:%MAS_PORT%/oauth2/device",
-                "org.matrix.matrix-authentication-service.graphql_endpoint": "http://localhost:%MAS_PORT%/graphql",
-                "account_management_uri": "http://localhost:%MAS_PORT%/account/",
-                "account_management_actions_supported":
-                    [
-                        "org.matrix.profile",
-                        "org.matrix.sessions_list",
-                        "org.matrix.session_view",
-                        "org.matrix.session_end",
-                    ],
-            }
+        issuer: http://host.containers.internal:%MAS_PORT%/
+        introspection_endpoint: http://host.containers.internal:%MAS_PORT%/oauth2/introspect

        # Matches the `client_id` in the auth service config
        client_id: 0000000000000000000SYNAPSE
@ -189,6 +94,3 @@ experimental_features:

        # Matches the `matrix.secret` in the auth service config
        admin_token: "AnotherRandomSecret"
-
-        # URL to advertise to clients where users can self-manage their account
-        account_management_url: "http://localhost:%MAS_PORT%/account"
--- a/playwright/plugins/matrix-authentication-service/config.yaml
+++ b/playwright/plugins/matrix-authentication-service/config.yaml
@ -125,6 +125,7 @@ passwords:
    schemes:
        - version: 1
          algorithm: argon2id
+    minimum_complexity: 0
 matrix:
    homeserver: localhost
    secret: AnotherRandomSecret
@ -148,6 +149,8 @@ branding:
    tos_uri: null
    imprint: null
    logo_uri: null
+account:
+    password_registration_enabled: true
 experimental:
    access_token_ttl: 300
    compat_token_ttl: 300
--- a/playwright/plugins/matrix-authentication-service/index.ts
+++ b/playwright/plugins/matrix-authentication-service/index.ts
@ -18,10 +18,9 @@ import { HomeserverInstance } from "../homeserver";
 import { Instance as MailhogInstance } from "../mailhog";

 // Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image.
-// We use a debug tag so that we have a shell and can run all 3 necessary commands in one run.
-const TAG = "0.8.0-debug";
+const TAG = "0.12.0";

-export interface ProxyInstance {
+interface Instance {
    containerId: string;
    postgresId: string;
    configDir: string;
@ -62,7 +61,7 @@ async function cfgDirFromTemplate(opts: {
 export class MatrixAuthenticationService {
    private readonly masDocker = new Docker();
    private readonly postgresDocker = new PostgresDocker("mas");
-    private instance: ProxyInstance;
+    private instance: Instance;
    public port: number;

    constructor(private context: BrowserContext) {}
@ -72,7 +71,7 @@ export class MatrixAuthenticationService {
        return { port: this.port };
    }

-    async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise<ProxyInstance> {
+    async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise<Instance> {
        console.log(new Date(), "Starting mas...");

        if (!this.port) await this.prepare();
@ -87,15 +86,10 @@ export class MatrixAuthenticationService {

        console.log(new Date(), "starting mas container...", TAG);
        const containerId = await this.masDocker.run({
-            image: "ghcr.io/matrix-org/matrix-authentication-service:" + TAG,
+            image: "ghcr.io/element-hq/matrix-authentication-service:" + TAG,
            containerName: "react-sdk-playwright-mas",
-            params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`, "--entrypoint", "sh"],
-            cmd: [
-                "-c",
-                "mas-cli database migrate --config /config/config.yaml && " +
-                    "mas-cli config sync --config /config/config.yaml && " +
-                    "mas-cli server --config /config/config.yaml",
-            ],
+            params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`],
+            cmd: ["server", "--config", "/config/config.yaml"],
        });
        console.log(new Date(), "started!");