diff --git a/playwright/e2e/crypto/backups.spec.ts b/playwright/e2e/crypto/backups.spec.ts index de40741c040..23a976bb1ba 100644 --- a/playwright/e2e/crypto/backups.spec.ts +++ b/playwright/e2e/crypto/backups.spec.ts @@ -33,7 +33,7 @@ masTest.describe("Encryption state after registration", () => { await registerAccountMas(page, mailhog.api, "alice", "alice@email.com", "Pa$sW0rD!"); await app.settings.openUserSettings("Security & Privacy"); - expect(page.getByText("This session is backing up your keys.")).toBeVisible(); + await expect(page.getByText("This session is backing up your keys.")).toBeVisible(); }); masTest("user is prompted to set up recovery", async ({ page, mailhog, app }) => { diff --git a/playwright/e2e/oidc/oidc-native.spec.ts b/playwright/e2e/oidc/oidc-native.spec.ts index f8dd24daa65..e2e7a816dd2 100644 --- a/playwright/e2e/oidc/oidc-native.spec.ts +++ b/playwright/e2e/oidc/oidc-native.spec.ts @@ -41,11 +41,11 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { // Assert MAS sees the session as OIDC Native const newPage = await newPagePromise; - await newPage.getByText("Sessions").click(); + await newPage.getByText("Devices").click(); await newPage.getByText(deviceId).click(); await expect(newPage.getByText("Element")).toBeVisible(); - await expect(newPage.getByText("oauth2_session:")).toBeVisible(); await expect(newPage.getByText("http://localhost:8080/")).toBeVisible(); + await expect(newPage).toHaveURL(/\/oauth2_session/); await newPage.close(); // Assert logging out revokes both tokens diff --git a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml index 802d97acade..64fea9a5a97 100644 --- a/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml +++ b/playwright/plugins/homeserver/synapse/templates/mas-oidc/homeserver.yaml @@ -82,103 +82,8 @@ experimental_features: msc3861: enabled: true - issuer: http://localhost:%MAS_PORT%/ - # We have to bake in the metadata here as we need to override `introspection_endpoint` - issuer_metadata: { - "issuer": "http://localhost:%MAS_PORT%/", - "authorization_endpoint": "http://localhost:%MAS_PORT%/authorize", - "token_endpoint": "http://localhost:%MAS_PORT%/oauth2/token", - "jwks_uri": "http://localhost:%MAS_PORT%/oauth2/keys.json", - "registration_endpoint": "http://localhost:%MAS_PORT%/oauth2/registration", - "scopes_supported": ["openid", "email"], - "response_types_supported": ["code", "id_token", "code id_token"], - "response_modes_supported": ["form_post", "query", "fragment"], - "grant_types_supported": - [ - "authorization_code", - "refresh_token", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - ], - "token_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "token_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "revocation_endpoint": "http://localhost:%MAS_PORT%/oauth2/revoke", - "revocation_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "revocation_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - # This is the only changed value - "introspection_endpoint": "http://host.containers.internal:%MAS_PORT%/oauth2/introspect", - "introspection_endpoint_auth_methods_supported": - ["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none"], - "introspection_endpoint_auth_signing_alg_values_supported": - [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "PS256", - "PS384", - "PS512", - "ES256", - "ES384", - "ES256K", - ], - "code_challenge_methods_supported": ["plain", "S256"], - "userinfo_endpoint": "http://localhost:%MAS_PORT%/oauth2/userinfo", - "subject_types_supported": ["public"], - "id_token_signing_alg_values_supported": - ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"], - "userinfo_signing_alg_values_supported": - ["RS256", "RS384", "RS512", "ES256", "ES384", "PS256", "PS384", "PS512", "ES256K"], - "display_values_supported": ["page"], - "claim_types_supported": ["normal"], - "claims_supported": ["iss", "sub", "aud", "iat", "exp", "nonce", "auth_time", "at_hash", "c_hash"], - "claims_parameter_supported": false, - "request_parameter_supported": false, - "request_uri_parameter_supported": false, - "prompt_values_supported": ["none", "login", "create"], - "device_authorization_endpoint": "http://localhost:%MAS_PORT%/oauth2/device", - "org.matrix.matrix-authentication-service.graphql_endpoint": "http://localhost:%MAS_PORT%/graphql", - "account_management_uri": "http://localhost:%MAS_PORT%/account/", - "account_management_actions_supported": - [ - "org.matrix.profile", - "org.matrix.sessions_list", - "org.matrix.session_view", - "org.matrix.session_end", - ], - } + issuer: http://host.containers.internal:%MAS_PORT%/ + introspection_endpoint: http://host.containers.internal:%MAS_PORT%/oauth2/introspect # Matches the `client_id` in the auth service config client_id: 0000000000000000000SYNAPSE @@ -189,6 +94,3 @@ experimental_features: # Matches the `matrix.secret` in the auth service config admin_token: "AnotherRandomSecret" - - # URL to advertise to clients where users can self-manage their account - account_management_url: "http://localhost:%MAS_PORT%/account" diff --git a/playwright/plugins/matrix-authentication-service/config.yaml b/playwright/plugins/matrix-authentication-service/config.yaml index e7ab83e736e..5ee69bdec5a 100644 --- a/playwright/plugins/matrix-authentication-service/config.yaml +++ b/playwright/plugins/matrix-authentication-service/config.yaml @@ -125,6 +125,7 @@ passwords: schemes: - version: 1 algorithm: argon2id + minimum_complexity: 0 matrix: homeserver: localhost secret: AnotherRandomSecret @@ -148,6 +149,8 @@ branding: tos_uri: null imprint: null logo_uri: null +account: + password_registration_enabled: true experimental: access_token_ttl: 300 compat_token_ttl: 300 diff --git a/playwright/plugins/matrix-authentication-service/index.ts b/playwright/plugins/matrix-authentication-service/index.ts index eeccd4f4950..775497ed968 100644 --- a/playwright/plugins/matrix-authentication-service/index.ts +++ b/playwright/plugins/matrix-authentication-service/index.ts @@ -18,10 +18,9 @@ import { HomeserverInstance } from "../homeserver"; import { Instance as MailhogInstance } from "../mailhog"; // Docker tag to use for `ghcr.io/matrix-org/matrix-authentication-service` image. -// We use a debug tag so that we have a shell and can run all 3 necessary commands in one run. -const TAG = "0.8.0-debug"; +const TAG = "0.12.0"; -export interface ProxyInstance { +interface Instance { containerId: string; postgresId: string; configDir: string; @@ -62,7 +61,7 @@ async function cfgDirFromTemplate(opts: { export class MatrixAuthenticationService { private readonly masDocker = new Docker(); private readonly postgresDocker = new PostgresDocker("mas"); - private instance: ProxyInstance; + private instance: Instance; public port: number; constructor(private context: BrowserContext) {} @@ -72,7 +71,7 @@ export class MatrixAuthenticationService { return { port: this.port }; } - async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise { + async start(homeserver: HomeserverInstance, mailhog: MailhogInstance): Promise { console.log(new Date(), "Starting mas..."); if (!this.port) await this.prepare(); @@ -87,15 +86,10 @@ export class MatrixAuthenticationService { console.log(new Date(), "starting mas container...", TAG); const containerId = await this.masDocker.run({ - image: "ghcr.io/matrix-org/matrix-authentication-service:" + TAG, + image: "ghcr.io/element-hq/matrix-authentication-service:" + TAG, containerName: "react-sdk-playwright-mas", - params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`, "--entrypoint", "sh"], - cmd: [ - "-c", - "mas-cli database migrate --config /config/config.yaml && " + - "mas-cli config sync --config /config/config.yaml && " + - "mas-cli server --config /config/config.yaml", - ], + params: ["-p", `${port}:8080/tcp`, "-v", `${configDir}:/config`], + cmd: ["server", "--config", "/config/config.yaml"], }); console.log(new Date(), "started!");