Version 1.3.0

fixes #1

.dockerignore

@@ -3,4 +3,5 @@
 .dockerignore
 node_modules
 screenshots/*
+test/*
 

.gitignore

@@ -0,0 +1,2 @@
+node_modules/
+

CHANGELOG

@@ -101,3 +101,35 @@
 [0.5.0]
 * New reworked app
 
+[0.6.0]
+* Fix title
+
+[0.7.0]
+* Set turn_uris to an array and not a string
+
+[0.7.1]
+* Users will now automatically join the #discuss channel (only in new installations)
+
+[1.0.0]
+* Use latest base image
+* Update to synapse v1.12.4
+
+[1.1.0]
+* Update Synapse to 1.13.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.13.0)
+* Set Referrer-Policy header to no-referrer on media downloads. (#7009)
+* Admin API POST /_synapse/admin/v1/join/<roomIdOrAlias> to join users to a room like auto_join_rooms for creation of users. (#7051)
+* Add options to prevent users from changing their profile or associated 3PIDs. (#7096)
+* Allow server admins to define and enforce a password policy (MSC2000). (#7118)
+* Improve the support for SSO authentication on the login fallback page. (#7152, #7235)
+* Always whitelist the login fallback in the SSO configuration if public_baseurl is set. (#7153)
+* Admin users are no longer required to be in a room to create an alias for it. (#7191)
+* Require admin privileges to enable room encryption by default. This does not affect existing rooms. (#7230)
+
+[1.2.0]
+* Update Synapse to 1.14.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.14.0)
+
+[1.3.0]
+* Add optional sso support
+

CloudronManifest.json

@@ -1,11 +1,11 @@
 {
   "id": "org.matrix.synapse",
-  "title": "An Open network for secure, decentralized communication",
+  "title": "Matrix Synapse",
   "author": "Matrix synapse authors",
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG",
-  "tagline": "Matrix homeserver",
+  "tagline": "Secure & decentralized communication",
-  "version": "0.5.0",
+  "version": "1.3.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,
@@ -24,12 +24,13 @@
     "im", "collaboration", "voip", "videochat", "chat"
   ],
   "mediaLinks": [
-    "https://cloudron-app-screenshots.s3.amazonaws.com/org.matrix.synapse/924b87f40eacc15e444cd45cc93d2ead0aa440c2/1.png",
+    "https://cloudron-app-screenshots.s3.amazonaws.com/org.matrix.synapse/606cd9d4ccc3bee11a49f91444a2dad8947cbc7c/1.png",
-    "https://cloudron-app-screenshots.s3.amazonaws.com/org.matrix.synapse/924b87f40eacc15e444cd45cc93d2ead0aa440c2/2.png",
+    "https://cloudron-app-screenshots.s3.amazonaws.com/org.matrix.synapse/606cd9d4ccc3bee11a49f91444a2dad8947cbc7c/2.png",
-    "https://cloudron-app-screenshots.s3.amazonaws.com/org.matrix.synapse/924b87f40eacc15e444cd45cc93d2ead0aa440c2/3.png"
+    "https://cloudron-app-screenshots.s3.amazonaws.com/org.matrix.synapse/606cd9d4ccc3bee11a49f91444a2dad8947cbc7c/3.png"
   ],
   "changelog": "file://CHANGELOG",
   "postInstallMessage": "file://POSTINSTALL.md",
   "minBoxVersion": "5.1.4",
-  "documentationUrl": "https://cloudron.io/documentation/apps/synapse/"
+  "documentationUrl": "https://cloudron.io/documentation/apps/synapse/",
+  "optionalSso": true
 }

DESCRIPTION.md

@@ -1,4 +1,4 @@
-This app packages Synapse <upstream>1.12.3</upstream>.
+This app packages Synapse <upstream>1.14.0</upstream>.
 
 **This package only provides the Matrix backend. A variety of clients are available
 [here](https://matrix.org/clients/). Riot is a popular web frontend for Matrix and

Dockerfile

@@ -1,16 +1,10 @@
-FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
+FROM cloudron/base:2.0.0@sha256:f9fea80513aa7c92fe2e7bf3978b54c8ac5222f47a9a32a7f8833edf0eb5a4f4
 
 RUN mkdir -p /app/pkg
 
 WORKDIR /app/code
 
-ARG VERSION=v1.12.3
+ARG VERSION=v1.14.0
-
-RUN apt update && \
-    apt install -y build-essential python3-dev libffi-dev \
-        python3-pip python-setuptools sqlite3 libxml2-dev \
-        libssl-dev python-virtualenv libjpeg-dev libxslt1-dev libldap2-dev libsasl2-dev && \
-    rm -rf /var/cache/apt /var/lib/apt/lists
 
 # https://pythonspeed.com/articles/activate-virtualenv-dockerfile/
 RUN virtualenv -p python3 /app/code/env

homeserver.yaml.template

@@ -1,6 +1,7 @@
 # https://github.com/matrix-org/synapse/blob/master/docs/sample_config.yaml
 
-server_name: "matrix.example.com"
+# if you change this, change the auto_join_rooms below as well
+server_name: "example.com"
 
 pid_file: /run/synapse/homeserver.pid
 
@@ -97,8 +98,9 @@ max_upload_size: 200M
 max_image_pixels: "32M"
 dynamic_thumbnails: false
 
-#auto_join_rooms:
+autocreate_auto_join_rooms: true
-#  - "#discuss:example.com"
+auto_join_rooms:
+  - "#discuss:example.com"
 
 trusted_key_servers:
   - server_name: "matrix.org"

start.sh

@@ -28,6 +28,14 @@ if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
 
     yq w -i /app/data/configs/homeserver.yaml server_name "${server_name}"
     yq w -i /app/data/configs/homeserver.yaml registration_shared_secret "$(pwgen -1s 64)"
+
+    yq w -i /app/data/configs/homeserver.yaml auto_join_rooms "[]"
+    yq w -i /app/data/configs/homeserver.yaml auto_join_rooms\[0\] "#discuss:${server_name}"
+
+    if [[ -z "${CLOUDRON_LDAP_SERVER:-}" ]]; then
+        yq w -i /app/data/configs/homeserver.yaml enable_registration true
+        yq w -i /app/data/configs/homeserver.yaml password_config.pepper "$(pwgen -1s 12)"
+    fi
 fi
 
 echo "==> Configuring synapse"
@@ -47,15 +55,21 @@ yq w -i /app/data/configs/homeserver.yaml email.smtp_pass "${CLOUDRON_MAIL_SMTP_
 yq w -i /app/data/configs/homeserver.yaml email.notif_from "%(app)s <${CLOUDRON_MAIL_FROM}>"
 
 # ldap
-yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.uri' "${CLOUDRON_LDAP_URL}"
+if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
-yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.start_tls' false
+    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.uri' "${CLOUDRON_LDAP_URL}"
-yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.base' "${CLOUDRON_LDAP_USERS_BASE_DN}"
+    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.start_tls' false
-yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_dn' "${CLOUDRON_LDAP_BIND_DN}"
+    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.base' "${CLOUDRON_LDAP_USERS_BASE_DN}"
-yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_password' "${CLOUDRON_LDAP_BIND_PASSWORD}"
+    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_dn' "${CLOUDRON_LDAP_BIND_DN}"
-yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.filter' "(objectClass=user)"
+    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_password' "${CLOUDRON_LDAP_BIND_PASSWORD}"
+    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.filter' "(objectClass=user)"
+else
+    yq w -i /app/data/configs/homeserver.yaml password_config.localdb_enabled true
+fi
 
 # turn (https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md#synapse-setup)
-yq w -i /app/data/configs/homeserver.yaml turn_uris "[\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=udp\", \"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=tcp\"]"
+yq w -i /app/data/configs/homeserver.yaml turn_uris "[]"
+yq w -i /app/data/configs/homeserver.yaml turn_uris\[0\] "turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=udp"
+yq w -i /app/data/configs/homeserver.yaml turn_uris\[1\] "turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=tcp"
 yq w -i /app/data/configs/homeserver.yaml turn_shared_secret "${CLOUDRON_TURN_SECRET}"
 
 # fix permissions

test/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "test",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "chromedriver": "^83.0.0",
+    "ejs": "^3.1.3",
+    "expect.js": "^0.3.1",
+    "mkdirp": "^1.0.4",
+    "mocha": "^7.2.0",
+    "rimraf": "^3.0.2",
+    "selenium-server-standalone-jar": "^3.141.59",
+    "selenium-webdriver": "^3.6.0",
+    "superagent": "^5.2.2"
+  }
+}

test/test.js

@@ -0,0 +1,251 @@
+#!/usr/bin/env node
+
+/* jslint node:true */
+/* global it:false */
+/* global xit:false */
+/* global describe:false */
+/* global before:false */
+/* global after:false */
+
+'use strict';
+
+require('chromedriver');
+
+var execSync = require('child_process').execSync,
+    expect = require('expect.js'),
+    path = require('path'),
+    superagent = require('superagent'),
+    webdriver = require('selenium-webdriver');
+
+var by = require('selenium-webdriver').By,
+    until = require('selenium-webdriver').until,
+    Key = require('selenium-webdriver').Key;
+
+describe('Application life cycle test', function () {
+    this.timeout(0);
+    var server, browser = new webdriver.Builder().forBrowser('chrome').build();
+
+    var LOCATION = 'test';
+    var app;
+    var username = process.env.USERNAME;
+    var password = process.env.PASSWORD;
+    var TIMEOUT = process.env.TIMEOUT | 30000;
+    var token, roomId;
+
+    before(function (done) {
+        if (!process.env.USERNAME) return done(new Error('USERNAME env var not set'));
+        if (!process.env.PASSWORD) return done(new Error('PASSWORD env var not set'));
+
+        var seleniumJar= require('selenium-server-standalone-jar');
+        var SeleniumServer = require('selenium-webdriver/remote').SeleniumServer;
+        server = new SeleniumServer(seleniumJar.path, { port: 4444 });
+        server.start();
+
+        done();
+    });
+
+    after(function (done) {
+        browser.quit();
+        server.stop();
+        done();
+    });
+
+    function checkLandingPage(done) {
+        browser.get('https://' + app.fqdn).then(function () {
+            return browser.wait(until.elementLocated(by.xpath('//h1[contains(text(),"Synapse is running")]')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
+    // https://matrix.org/docs/spec/client_server/latest#user-interactive-api-in-the-rest-api
+    function registerUser(done) {
+        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/register?kind=user').send({
+            username: username,
+            password: password,
+            inhibit_login: false
+        }).end(function (error, result) {
+            // we will first get a 401
+            let session = result.body.session;
+            console.log('session is', session);
+            if (result.statusCode !== 401) return done(new Error('Expecting a 401 ' + result.statusCode));
+
+            superagent.post('https://' + app.fqdn + '/_matrix/client/r0/register?kind=user').send({
+                auth: {
+                    type: 'm.login.dummy',
+                    session: session
+                },
+                username: username,
+                password: password,
+                inhibit_login: false
+            }).end(function (error, result) {
+                if (error) return done(error);
+                if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
+
+                console.log('registered user with id', result.user_id);
+
+                done();
+            });
+        });
+    }
+
+    // https://matrix.org/docs/spec/client_server/latest
+    function checkLogin(done) {
+        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/login').send({
+            type: 'm.login.password',
+            user: username,
+            password: password
+        }).end(function (error, result) {
+            if (error) return done(error);
+            if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
+
+            token = result.body.access_token;
+            if (!token) return done(new Error('No token'));
+
+            done();
+        });
+    }
+
+    function checkAutoJoinRoom(done) {
+        superagent.get('https://' + app.fqdn + '/_matrix/client/r0/joined_rooms?access_token=' + token).end(function (error, result) {
+            if (error) return done(error);
+            if (result.statusCode !== 200) return done(new Error('Room listing failed with status ' + result.statusCode));
+
+            if (result.body.joined_rooms.length !== 1) return done(new Error('User must have auto-joined discuss channel:' + result.statusCode));
+            done();
+        });
+    }
+
+    function createRoom(done) {
+        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/createRoom?access_token=' + token).send({
+            room_alias_name: 'general'
+        }).end(function (error, result) {
+            if (error) return done(error);
+            if (result.statusCode !== 200) return done(new Error('Room creation failed with status ' + result.statusCode));
+
+            roomId = result.body.room_id;
+            if (!roomId) return done(new Error('No room id'));
+
+            done();
+        });
+    }
+
+    function checkRoom(done) {
+        superagent.get('https://' + app.fqdn + '/_matrix/client/r0/joined_rooms?access_token=' + token).end(function (error, result) {
+            if (error) return done(error);
+            if (result.statusCode !== 200) return done(new Error('Room listing failed with status ' + result.statusCode));
+
+            if (!result.body.joined_rooms.includes(roomId)) return done(new Error('No room in list: ' + JSON.stringify(result.body)));
+
+            done();
+        });
+    }
+
+    xit('build app', function () {
+        execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    // No SSO
+    it('install app (no sso)', function () {
+        execSync('cloudron install --no-sso --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('can get app information', function () {
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+
+        expect(app).to.be.an('object');
+    });
+
+    it('check landing page', checkLandingPage);
+    it('can register new user', registerUser);
+    it('can login', checkLogin);
+    it('check autojoin', checkAutoJoinRoom);
+    it('create room', createRoom);
+    it('check room', checkRoom);
+
+    it('uninstall app', function () {
+        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    // SSO
+    it('install app', function () {
+        execSync('cloudron install --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('can get app information', function () {
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+
+        expect(app).to.be.an('object');
+    });
+
+    it('check landing page', checkLandingPage);
+    it('can login', checkLogin);
+    it('check autojoin', checkAutoJoinRoom);
+    it('create room', createRoom);
+    it('check room', checkRoom);
+
+    it('can restart app', function (done) {
+        execSync('cloudron restart');
+        done();
+    });
+
+    it('check landing page', checkLandingPage);
+    it('check room', checkRoom);
+
+    it('backup app', function () {
+        execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('check landing page', checkLandingPage);
+    it('check room', checkRoom);
+
+    it('restore app', function () {
+        execSync('cloudron restore --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('check landing page', checkLandingPage);
+    it('check room', checkRoom);
+
+    it('move to different location', function () {
+        browser.manage().deleteAllCookies();
+        execSync('cloudron configure --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
+        expect(app).to.be.an('object');
+    });
+
+    it('check landing page', checkLandingPage);
+    it('check room', checkRoom);
+
+    it('uninstall app', function () {
+        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    // test update
+    it('can install app', function () {
+        execSync('cloudron install --appstore-id org.matrix.synapse --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+        expect(app).to.be.an('object');
+    });
+
+    it('check landing page', checkLandingPage);
+    it('can login', checkLogin);
+    it('create room', createRoom);
+    it('check room', checkRoom);
+
+    it('can update', function () {
+        execSync('cloudron update --app ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('check landing page', checkLandingPage);
+    it('check room', checkRoom);
+    it('uninstall app', function () {
+        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+});
+