tests: use stable MAS integration in Synapse (#30473)
* tests: use stable MAS integration in Synapse * Automatically follow MAS main branch * Update the pinned Synapse container image to latest develop * Update element-web-playwright-common to 1.4.5 * Fix the typing of the MAS config * Update playwright-common to 1.4.6 * Use the modern MAS -> Synapse API * Relax MAS rate limiting * Revert using the modern API explicitly, it is now the default * Better adjust the MAS rate limits
This commit is contained in:
Quentin Gliech
GitHub
@@ -21,6 +21,15 @@ jobs:
|
||||
env:
|
||||
IMAGE: ghcr.io/element-hq/synapse:develop
|
||||
|
||||
- name: Update MAS image
|
||||
run: |
|
||||
docker pull "$IMAGE"
|
||||
INSPECT=$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE")
|
||||
DIGEST=${INSPECT#*@}
|
||||
sed -i "s/const TAG.*/const TAG = \"main@$DIGEST\";/" playwright/testcontainers/mas.ts
|
||||
env:
|
||||
IMAGE: ghcr.io/element-hq/matrix-authentication-service:main
|
||||
|
||||
- name: Create Pull Request
|
||||
id: cpr
|
||||
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
|
||||
|
||||
@@ -187,7 +187,7 @@
|
||||
"@babel/runtime": "^7.12.5",
|
||||
"@casualbot/jest-sonar-reporter": "2.2.7",
|
||||
"@element-hq/element-call-embedded": "0.14.1",
|
||||
"@element-hq/element-web-playwright-common": "^1.4.4",
|
||||
"@element-hq/element-web-playwright-common": "^1.4.6",
|
||||
"@peculiar/webcrypto": "^1.4.3",
|
||||
"@playwright/test": "^1.50.1",
|
||||
"@principalstudio/html-webpack-inject-preload": "^1.2.7",
|
||||
|
||||
@@ -95,10 +95,6 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
|
||||
const result = await mas.manage("kill-sessions", userId);
|
||||
expect(result.output).toContain("Ended 1 active OAuth 2.0 session");
|
||||
|
||||
// Workaround for Synapse's 2 minute cache on MAS token validity
|
||||
// (https://github.com/element-hq/synapse/pull/18231)
|
||||
await homeserver.restart();
|
||||
|
||||
await page.goto("http://localhost:8080");
|
||||
await expect(
|
||||
page.getByText("For security, this session has been signed out. Please sign in again."),
|
||||
|
||||
@@ -1,38 +1,49 @@
|
||||
/*
|
||||
Copyright 2024 New Vector Ltd.
|
||||
Copyright 2024-2025 New Vector Ltd.
|
||||
Copyright 2023 The Matrix.org Foundation C.I.C.
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
|
||||
Please see LICENSE files in the repository root for full details.
|
||||
*/
|
||||
|
||||
import { MatrixAuthenticationServiceContainer } from "@element-hq/element-web-playwright-common/lib/testcontainers";
|
||||
|
||||
import { MatrixAuthenticationServiceContainer } from "../../../testcontainers/mas.ts";
|
||||
import { type Fixtures } from "../../../element-web-test.ts";
|
||||
|
||||
export const masHomeserver: Fixtures = {
|
||||
mas: [
|
||||
async ({ _homeserver: homeserver, logger, network, postgres, mailpit }, use) => {
|
||||
const config = {
|
||||
clients: [
|
||||
{
|
||||
client_id: "0000000000000000000SYNAPSE",
|
||||
client_auth_method: "client_secret_basic",
|
||||
client_secret: "SomeRandomSecret",
|
||||
},
|
||||
],
|
||||
matrix: {
|
||||
homeserver: "localhost",
|
||||
secret: "AnotherRandomSecret",
|
||||
endpoint: "http://homeserver:8008",
|
||||
},
|
||||
};
|
||||
const secret = "AnotherRandomSecret";
|
||||
|
||||
const limits = { burst: 10, per_second: 10 };
|
||||
const container = await new MatrixAuthenticationServiceContainer(postgres)
|
||||
.withNetwork(network)
|
||||
.withNetworkAliases("mas")
|
||||
.withLogConsumer(logger.getConsumer("mas"))
|
||||
.withConfig(config)
|
||||
.withConfig({
|
||||
matrix: {
|
||||
kind: "synapse",
|
||||
homeserver: "localhost",
|
||||
secret,
|
||||
endpoint: "http://homeserver:8008",
|
||||
},
|
||||
rate_limiting: {
|
||||
login: {
|
||||
per_ip: limits,
|
||||
per_account: limits,
|
||||
},
|
||||
registration: limits,
|
||||
email_authentication: {
|
||||
per_ip: limits,
|
||||
per_address: limits,
|
||||
emails_per_session: limits,
|
||||
attempt_per_session: limits,
|
||||
},
|
||||
account_recovery: {
|
||||
per_ip: limits,
|
||||
per_address: limits,
|
||||
},
|
||||
},
|
||||
})
|
||||
.start();
|
||||
|
||||
homeserver.withConfig({
|
||||
@@ -40,16 +51,10 @@ export const masHomeserver: Fixtures = {
|
||||
enable_registration_without_verification: undefined,
|
||||
disable_msisdn_registration: undefined,
|
||||
password_config: undefined,
|
||||
experimental_features: {
|
||||
msc3861: {
|
||||
enabled: true,
|
||||
issuer: `http://mas:8080/`,
|
||||
introspection_endpoint: "http://mas:8080/oauth2/introspect",
|
||||
client_id: config.clients[0].client_id,
|
||||
client_auth_method: config.clients[0].client_auth_method,
|
||||
client_secret: config.clients[0].client_secret,
|
||||
admin_token: config.matrix.secret,
|
||||
},
|
||||
matrix_authentication_service: {
|
||||
enabled: true,
|
||||
endpoint: "http://mas:8080/",
|
||||
secret,
|
||||
},
|
||||
});
|
||||
|
||||
@@ -59,28 +64,6 @@ export const masHomeserver: Fixtures = {
|
||||
{ scope: "worker" },
|
||||
],
|
||||
|
||||
config: async ({ homeserver, context, mas }, use) => {
|
||||
const issuer = `${mas.baseUrl}/`;
|
||||
const wellKnown = {
|
||||
"m.homeserver": {
|
||||
base_url: homeserver.baseUrl,
|
||||
},
|
||||
"org.matrix.msc2965.authentication": {
|
||||
issuer,
|
||||
account: `${issuer}account`,
|
||||
},
|
||||
};
|
||||
|
||||
// Ensure org.matrix.msc2965.authentication is in well-known
|
||||
await context.route("https://localhost/.well-known/matrix/client", async (route) => {
|
||||
await route.fulfill({ json: wellKnown });
|
||||
});
|
||||
|
||||
await use({
|
||||
default_server_config: wellKnown,
|
||||
});
|
||||
},
|
||||
|
||||
context: async ({ homeserverType, context }, use, testInfo) => {
|
||||
testInfo.skip(homeserverType !== "synapse", "does not yet support MAS");
|
||||
await use(context);
|
||||
|
||||
24
playwright/testcontainers/mas.ts
Normal file
24
playwright/testcontainers/mas.ts
Normal file
@@ -0,0 +1,24 @@
|
||||
/*
|
||||
Copyright 2025 New Vector Ltd.
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
|
||||
Please see LICENSE files in the repository root for full details.
|
||||
*/
|
||||
|
||||
import {
|
||||
MatrixAuthenticationServiceContainer as BaseMatrixAuthenticationServiceContainer,
|
||||
type StartedPostgreSqlContainer,
|
||||
} from "@element-hq/element-web-playwright-common/lib/testcontainers";
|
||||
|
||||
const TAG = "main@sha256:ee8ce7523f6aeeee9abacb00021428f6f864347581ae23feb17303e55f633f13";
|
||||
|
||||
/**
|
||||
* MatrixAuthenticationServiceContainer which freezes the docker digest to
|
||||
* stabilise tests, updated periodically by the `playwright-image-updates.yaml`
|
||||
* workflow.
|
||||
*/
|
||||
export class MatrixAuthenticationServiceContainer extends BaseMatrixAuthenticationServiceContainer {
|
||||
public constructor(db: StartedPostgreSqlContainer) {
|
||||
super(db, `ghcr.io/element-hq/matrix-authentication-service:${TAG}`);
|
||||
}
|
||||
}
|
||||
11
yarn.lock
11
yarn.lock
@@ -1726,10 +1726,10 @@
|
||||
resolved "https://registry.yarnpkg.com/@element-hq/element-web-module-api/-/element-web-module-api-1.4.1.tgz#a46526d58985190f9989bf1686ea872687d3c6e1"
|
||||
integrity sha512-A8yaQtX7QoKThzzZVU+VYOFhpiNyppEMuIQijK48RvhVp1nwmy0cTD6u/6Yn64saNwJjtna+Oy+Qzo/TfwwhxQ==
|
||||
|
||||
"@element-hq/element-web-playwright-common@^1.4.4":
|
||||
version "1.4.4"
|
||||
resolved "https://registry.yarnpkg.com/@element-hq/element-web-playwright-common/-/element-web-playwright-common-1.4.4.tgz#d58dba7b5b4198f2fc137e1bdd1ad82c2cee46fb"
|
||||
integrity sha512-QnWz8dlRuQHZYZT9ewrcN++l7gQ0Kf+oZwMCi0k1TBf8Za40r5ibNrgZqZYyCoItBc8LGTVL3yOrUfzN4Dm2Qw==
|
||||
"@element-hq/element-web-playwright-common@^1.4.6":
|
||||
version "1.4.6"
|
||||
resolved "https://registry.yarnpkg.com/@element-hq/element-web-playwright-common/-/element-web-playwright-common-1.4.6.tgz#a94d5d4ea94627aec430dd904c43f509a2e6c4b2"
|
||||
integrity sha512-LJ4V6e6NrF2ikNCsxR93PFwDfcRUTY3b2reXwlFJeo44pj8vTYFxkuJwokibFx6+x1zkXWAIMh/0saTMRUXdSA==
|
||||
dependencies:
|
||||
"@axe-core/playwright" "^4.10.1"
|
||||
"@testcontainers/postgresql" "^11.0.0"
|
||||
@@ -4714,13 +4714,14 @@
|
||||
|
||||
"@vector-im/matrix-wysiwyg-wasm@link:../../../.cache/yarn/v6/npm-@vector-im-matrix-wysiwyg-2.39.0-a6238e517f23a2f3025d9c65445914771c63b163-integrity/node_modules/bindings/wysiwyg-wasm":
|
||||
version "0.0.0"
|
||||
uid ""
|
||||
|
||||
"@vector-im/matrix-wysiwyg@2.39.0":
|
||||
version "2.39.0"
|
||||
resolved "https://registry.yarnpkg.com/@vector-im/matrix-wysiwyg/-/matrix-wysiwyg-2.39.0.tgz#a6238e517f23a2f3025d9c65445914771c63b163"
|
||||
integrity sha512-OROXnzPcQWrCMoUpIrCKEC4FYU+9SsRomUgu+VbJwWtBDkCbfvLD4z6w/mgiADw3iTUpBPgmcWJoGxesFuB20Q==
|
||||
dependencies:
|
||||
"@vector-im/matrix-wysiwyg-wasm" "link:../../../.cache/yarn/v6/npm-@vector-im-matrix-wysiwyg-2.39.0-a6238e517f23a2f3025d9c65445914771c63b163-integrity/node_modules/bindings/wysiwyg-wasm"
|
||||
"@vector-im/matrix-wysiwyg-wasm" "link:../../../Library/Caches/Yarn/v6/npm-@vector-im-matrix-wysiwyg-2.39.0-a6238e517f23a2f3025d9c65445914771c63b163-integrity/node_modules/bindings/wysiwyg-wasm"
|
||||
|
||||
"@vitest/expect@3.2.4":
|
||||
version "3.2.4"
|
||||
|
||||
Reference in New Issue
Block a user