Update matrix-authentication-service in Playwright tests (#28876)

* Update matrix-authentication-service in Playwright tests

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* delint

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Iterate

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Actually do the update

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix mas run

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
pull/28885/head
Michael Telatynski 2025-01-06 17:24:11 +00:00 committed by GitHub
parent 29624f7bcb
commit b16088d098
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 15 additions and 116 deletions

View File

@ -33,7 +33,7 @@ masTest.describe("Encryption state after registration", () => {
await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!");
await app.settings.openUserSettings("Security & Privacy");
expect(page.getByText("This session is backing up your keys.")).toBeVisible();
await expect(page.getByText("This session is backing up your keys.")).toBeVisible();
});
masTest("user is prompted to set up recovery", async ({ page, mailhog, app }) => {

View File

@ -41,11 +41,11 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
// Assert MAS sees the session as OIDC Native
const newPage = await newPagePromise;
await newPage.getByText("Sessions").click();
await newPage.getByText("Devices").click();
await newPage.getByText(deviceId).click();
await expect(newPage.getByText("Element")).toBeVisible();
await expect(newPage.getByText("oauth2_session:")).toBeVisible();
await expect(newPage.getByText("http://localhost:8080/")).toBeVisible();
await expect(newPage).toHaveURL(/\/oauth2_session/);
await newPage.close();
// Assert logging out revokes both tokens

View File

@ -82,103 +82,8 @@ experimental_features:
msc3861:
enabled: true
issuer: http://localhost:%MAS_PORT%/
# We have to bake in the metadata here as we need to override `introspection_endpoint`
issuer_metadata: {
"issuer": "http://localhost:%MAS_PORT%/",
"authorization_endpoint": "http://localhost:%MAS_PORT%/authorize",
"token_endpoint": "http://localhost:%MAS_PORT%/oauth2/token",
"jwks_uri": "http://localhost:%MAS_PORT%/oauth2/keys.json",
"registration_endpoint": "http://localhost:%MAS_PORT%/oauth2/registration",
"scopes_supported": ["openid", "email"],
"response_types_supported": ["code", "id_token", "code id_token"],
"response_modes_supported": ["form_post", "query", "fragment"],
"grant_types_supported":
[
"authorization_code",
"refresh_token",
"client_credentials",
"urn:ietf:params:oauth:grant-type:device_code",
],
"token_endpoint_auth_methods_supported":
["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
"token_endpoint_auth_signing_alg_values_supported":
[
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"revocation_endpoint": "http://localhost:%MAS_PORT%/oauth2/revoke",
"revocation_endpoint_auth_methods_supported":
["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
"revocation_endpoint_auth_signing_alg_values_supported":
[
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
# This is the only changed value
"introspection_endpoint": "http://host.containers.internal:%MAS_PORT%/oauth2/introspect",
"introspection_endpoint_auth_methods_supported":
["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"],
"introspection_endpoint_auth_signing_alg_values_supported":
[
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES256K",
],
"code_challenge_methods_supported": ["plain", "S256"],
"userinfo_endpoint": "http://localhost:%MAS_PORT%/oauth2/userinfo",
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported":
["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"],
"userinfo_signing_alg_values_supported":
["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"],
"display_values_supported": ["page"],
"claim_types_supported": ["normal"],
"claims_supported": ["iss", "sub", "aud", "iat", "exp", "nonce", "auth_time", "at_hash", "c_hash"],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"prompt_values_supported": ["none", "login", "create"],
"device_authorization_endpoint": "http://localhost:%MAS_PORT%/oauth2/device",
"org.matrix.matrix-authentication-service.graphql_endpoint": "http://localhost:%MAS_PORT%/graphql",
"account_management_uri": "http://localhost:%MAS_PORT%/account/",
"account_management_actions_supported":
[
"org.matrix.profile",
"org.matrix.sessions_list",
"org.matrix.session_view",
"org.matrix.session_end",
],
}
issuer: http://host.containers.internal:%MAS_PORT%/
introspection_endpoint: http://host.containers.internal:%MAS_PORT%/oauth2/introspect
# Matches the `client_id` in the auth service config
client_id: 0000000000000000000SYNAPSE
@ -189,6 +94,3 @@ experimental_features:
# Matches the `matrix.secret` in the auth service config
admin_token: "AnotherRandomSecret"
# URL to advertise to clients where users can self-manage their account
account_management_url: "http://localhost:%MAS_PORT%/account"

View File

@ -125,6 +125,7 @@ passwords:
schemes:
- version: 1
algorithm: argon2id
minimum_complexity: 0
matrix:
homeserver: localhost
secret: AnotherRandomSecret
@ -148,6 +149,8 @@ branding:
tos_uri: null
imprint: null
logo_uri: null
account:
password_registration_enabled: true
experimental:
access_token_ttl: 300
compat_token_ttl: 300

View File

@ -18,10 +18,9 @@ import { HomeserverInstance } from "../homeserver";
import { Instance as MailhogInstance } from "../mailhog";
// Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image.
// We use a debug tag so that we have a shell and can run all 3 necessary commands in one run.
const TAG = "0.8.0-debug";
const TAG = "0.12.0";
export interface ProxyInstance {
interface Instance {
containerId: string;
postgresId: string;
configDir: string;
@ -62,7 +61,7 @@ async function cfgDirFromTemplate(opts: {
export class MatrixAuthenticationService {
private readonly masDocker = new Docker();
private readonly postgresDocker = new PostgresDocker("mas");
private instance: ProxyInstance;
private instance: Instance;
public port: number;
constructor(private context: BrowserContext) {}
@ -72,7 +71,7 @@ export class MatrixAuthenticationService {
return { port: this.port };
}
async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise<ProxyInstance> {
async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise<Instance> {
console.log(new Date(), "Starting mas...");
if (!this.port) await this.prepare();
@ -87,15 +86,10 @@ export class MatrixAuthenticationService {
console.log(new Date(), "starting mas container...", TAG);
const containerId = await this.masDocker.run({
image: "ghcr.io/matrix-org/matrix-authentication-service:" + TAG,
image: "ghcr.io/element-hq/matrix-authentication-service:" + TAG,
containerName: "react-sdk-playwright-mas",
params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`, "--entrypoint", "sh"],
cmd: [
"-c",
"mas-cli database migrate --config /config/config.yaml && " +
"mas-cli config sync --config /config/config.yaml && " +
"mas-cli server --config /config/config.yaml",
],
params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`],
cmd: ["server", "--config", "/config/config.yaml"],
});
console.log(new Date(), "started!");