Version 1.94.0

when external registration is enabled, this means that we don't move
all of the external users as oidc accounts

CHANGELOG

@@ -1,259 +0,0 @@
-[0.1.0]
-* Initial version
-
-[0.1.1]
-* Removed the Riot part of the installation due to security
-* Changed from Sqlite to Postgres
-* Added LDAP support
-* Fixed upload limit in nginx_matrix.conf
-* Added bogus index.html so cloudron recognizes the matrix server as online
-* Added coturn as TURN server
-
-[0.1.2]
-* Updated logo (transparent)
-* Enabled email settings
-
-[0.1.3]
-* Changed log location of nginx due to backup crashes
-
-[0.1.4]
-* Changed log location of synapse due to backup crashes
-* Updated some configs
-
-[0.1.5]
-* Update to synapse v0.31.2
-
-[0.1.6]
-* Update to synapse v0.33.8
-
-[0.1.7]
-* Update to synapse v0.33.9
-
-[0.1.8]
-* Update to synapse v0.99.0
-* Fixed missing LDAP stuff
-
-[0.1.9]
-* Update to synapse v0.99.3
-
-[0.2.0]
-* Update to synapse v0.99.4
-
-[0.2.1]
-* Update to synapse v0.99.5.1
-
-[0.2.2]
-* Update to synapse v0.99.5.2
-
-[0.2.3]
-* Update to synapse v1.0.0
-* Fixed url preview
-* Fixed voip
-
-[0.2.4]
-* Fixed federation
-
-[0.2.5]
-* Update to synapse v1.1.0
-
-[0.2.6]
-* Update to synapse v1.2.1
-
-[0.2.7]
-* Update to synapse v1.3.0
-
-[0.2.8]
-* Update to synapse v1.3.1
-
-[0.2.9]
-* Update to synapse v1.4.0 (lots of changes)
-
-[0.3.0]
-* Update to synapse v1.4.1
-
-[0.3.1]
-* Update to synapse v1.5.1
-
-[0.3.3]
-* Update to synapse v1.6.0
-
-[0.3.4]
-* Update to synapse v1.6.1
-
-[0.3.5]
-* Update to synapse v1.8.0
-
-[0.3.6]
-* Update to synapse v1.9.1
-
-[0.3.7]
-* Update to synapse v1.10.0
-
-[0.3.8]
-* Update to synapse v1.11.0
-
-[0.4.0]
-* Update to synapse v1.12.0
-
-[0.4.1]
-* Update to synapse v1.12.2
-
-[0.5.0]
-* New reworked app
-
-[0.6.0]
-* Fix title
-
-[0.7.0]
-* Set turn_uris to an array and not a string
-
-[0.7.1]
-* Users will now automatically join the #discuss channel (only in new installations)
-
-[1.0.0]
-* Use latest base image
-* Update to synapse v1.12.4
-
-[1.1.0]
-* Update Synapse to 1.13.0
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.13.0)
-* Set Referrer-Policy header to no-referrer on media downloads. (#7009)
-* Admin API POST /_synapse/admin/v1/join/<roomIdOrAlias> to join users to a room like auto_join_rooms for creation of users. (#7051)
-* Add options to prevent users from changing their profile or associated 3PIDs. (#7096)
-* Allow server admins to define and enforce a password policy (MSC2000). (#7118)
-* Improve the support for SSO authentication on the login fallback page. (#7152, #7235)
-* Always whitelist the login fallback in the SSO configuration if public_baseurl is set. (#7153)
-* Admin users are no longer required to be in a room to create an alias for it. (#7191)
-* Require admin privileges to enable room encryption by default. This does not affect existing rooms. (#7230)
-
-[1.2.0]
-* Update Synapse to 1.14.0
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.14.0)
-
-[1.3.0]
-* Add optional sso support
-
-[1.4.0]
-* Update Synapse to 1.15.1
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.15.0)
-* Advertise support for Client-Server API r0.6.0 and remove related unstable feature flags. (#6585)
-* Add an option to disable autojoining rooms for guest accounts. (#6637)
-* Add admin APIs to allow server admins to manage users' devices. Contributed by @dklimpel. (#7481)
-* Add support for generating thumbnails for WebP images. Previously, users would see an empty box instead of preview image. Contributed by @WGH-. (#7586)
-* Support the standardized m.login.sso user-interactive authentication flow. (#7630)
-
-[1.5.0]
-* Update Synapse to 1.15.2
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.15.2)
-* A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. (96e9afe6)
-* HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. (ea26e9a9)
-
-[1.6.0]
-* Update Synapse to 1.16.0
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.16.0)
-* Add an option to enable encryption by default for new rooms. (#7639)
-* Add support for running multiple media repository workers. See docs/workers.md for instructions. (#7706)
-* Media can now be marked as safe from quarantined. (#7718)
-* Expand the configuration options for auto-join rooms. (#7763)
-
-[1.6.1]
-* Update Synapse to 1.16.1
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.16.1)
-* Drop table local_rejections_stream which was incorrectly added in Synapse 1.16.0. (#7816, b1beb3ff5)
-
-[1.7.0]
-* Update Synapse to 1.17.0
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.17.0)
-* Fix inconsistent handling of upper and lower case in email addresses when used as identifiers for login, etc. Contributed by @dklimpel. (#7021)
-* Fix "Tried to close a non-active scope!" error messages when opentracing is enabled. (#7732)
-* Fix incorrect error message when database CTYPE was set incorrectly. (#7760)
-* Fix to not ignore set_tweak actions in Push Rules that have no value, as permitted by the specification. (#7766)
-* Fix synctl to handle empty config files correctly. Contributed by @kotovalexarian. (#7779)
-* Fixes a long standing bug in worker mode where worker information was saved in the devices table instead of the original IP address and user agent. (#7797)
-* Fix 'stuck invites' which happen when we are unable to reject a room invite received over federation. (#7804, #7809, #7810)
-
-[1.8.0]
-* Update Synapse to 1.18.0
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.18.0)
-* Include room states on invite events that are sent to application services. Contributed by @Sorunome. (#6455)
-* Add delete room admin endpoint (POST /_synapse/admin/v1/rooms/<room_id>/delete). Contributed by @dklimpel. (#7613, #7953)
-* Add experimental support for running multiple federation sender processes. (#7798)
-* Add the option to validate the iss and aud claims for JWT logins. (#7827)
-* Add support for handling registration requests across multiple client reader workers. (#7830)
-* Add an admin API to list the users in a room. Contributed by Awesome Technologies Innovationslabor GmbH. (#7842)
-* Allow email subjects to be customised through Synapse's configuration. (#7846)
-* Add the ability to re-activate an account from the admin API. (#7847, #7908)
-* Support oEmbed for media previews. (#7920)
-
-[1.9.0]
-* Update Synapse to 1.19.0
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.19.0)
-* Add option to allow server admins to join rooms which fail complexity checks. Contributed by @lugino-emeritus. (#7902)
-* Add an option to purge room or not with delete room admin endpoint (POST /_synapse/admin/v1/rooms/<room_id>/delete). Contributed by @dklimpel. (#7964)
-* Add rate limiting to users joining rooms. (#8008)
-* Add a /health endpoint to every configured HTTP listener that can be used as a health check endpoint by load balancers. (#8048)
-* Allow login to be blocked based on the values of SAML attributes. (#8052)
-* Allow guest access to the GET /_matrix/client/r0/rooms/{room_id}/members endpoint, according to MSC2689. Contributed by Awesome Technologies Innovationslabor GmbH. (#7314)
-
-[1.9.1]
-* Update Synapse to 1.19.1
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.19.1)
-* Fix a bug introduced in v1.19.0 where appservices with ratelimiting disabled would still be ratelimited when joining rooms. (#8139)
-* Fix a bug introduced in v1.19.0 that would cause e.g. profile updates to fail due to incorrect application of rate limits on join requests. (#8153)
-
-[1.10.0]
-* Update Synapse to 1.19.3
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.19.3)
-* Partially mitigate bug where newly joined servers couldn't get past events in a room when there is a malformed event. (#8350)
-* Make index.html customizable
-
-[1.11.0]
-* Update Synapse to 1.20.1
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.20.0)
-* Add an endpoint to query your shared rooms with another user as an implementation of MSC2666. (#7785)
-* Iteratively encode JSON to avoid blocking the reactor. (#8013, #8116)
-* Add support for shadow-banning users (ignoring any message send requests). (#8034, #8092, #8095, #8142, #8152, #8157, #8158, #8176)
-* Use the default template file when its equivalent is not found in a custom template directory. (#8037, #8107, #8252)
-* Add unread messages count to sync responses, as specified in MSC2654. (#8059, #8254, #8270, #8274)
-* Optimise /federation/v1/user/devices/ API by only returning devices with encryption keys. (#8198)
-
-[1.12.0]
-* Update Synapse to 1.21.0
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.21.0)
-* Require the user to confirm that their password should be reset after clicking the email confirmation link. (#8004)
-* Add an admin API GET /_synapse/admin/v1/event_reports to read entries of table event_reports. Contributed by @dklimpel. (#8217)
-* Consolidate the SSO error template across all configuration. (#8248, #8405)
-* Add a configuration option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number. (#8275, #8417)
-* Add experimental support for sharding event persister. (#8294, #8387, #8396, #8419)
-* Add the room topic and avatar to the room details admin API. (#8305)
-* Add an admin API for querying rooms where a user is a member. Contributed by @dklimpel. (#8306)
-
-[1.12.1]
-* Updat Synapse to 1.21.1
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.21.1)
-
-[1.12.2]
-* Update Synapse to 1.21.2
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.21.2)
-* Security: HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. All server administrators are encouraged to upgrade
-* Fix rare bug where sending an event would fail due to a racey assertion. (#8530)
-
-[1.13.0]
-* Update Synapse to 1.22.0
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.22.0)
-* Add ability for ThirdPartyEventRules modules to query and manipulate whether a room is in the public rooms directory. (#8292, #8467)
-* Add support for olm fallback keys (MSC2732). (#8312, #8501)
-* Add support for running background tasks in a separate worker process. (#8369, #8458, #8489, #8513, #8544, #8599)
-* Add support for device dehydration (MSC2697). (#8380)
-* Add support for MSC2409, which allows sending typing, read receipts, and presence events to appservices. (#8437, #8590)
-* Change default room version to "6", per MSC2788. (#8461)
-* Add the ability to send non-membership events into a room via the ModuleApi. (#8479)
-* Increase default upload size limit from 10M to 50M. Contributed by @Akkowicz. (#8502)
-* Add support for modifying event content in ThirdPartyRules modules. (#8535, #8564)
-
-[1.13.1]
-* Update Synapse to 1.22.1
-* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.22.1)
-* Fix a bug where an appservice may not be forwarded events for a room it was recently invited to. Broke in v1.22.0. (#8676)
-* Fix Object of type frozendict is not JSON serializable exceptions when using third-party event rules. Broke in v1.22.0. (#8678)
-

CloudronManifest.json

@@ -3,34 +3,34 @@
   "title": "Matrix Synapse",
   "author": "Matrix synapse authors",
   "description": "file://DESCRIPTION.md",
-  "changelog": "file://CHANGELOG",
+  "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.13.1",
+  "version": "1.94.0",
+  "upstreamVersion": "1.108.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,
   "addons": {
     "localstorage": {},
-    "ldap": {},
+    "oidc": { "loginRedirectUri": "/_synapse/client/oidc/callback" },
     "postgresql": {},
-    "sendmail": {},
-    "turn": {}
+    "sendmail": { "supportsDisplayName": true },
+    "turn": { "optional": true }
   },
   "manifestVersion": 2,
   "website": "https://matrix.org",
   "contactEmail": "support@cloudron.io",
   "icon": "file://logo.png",
   "tags": [
-    "im", "collaboration", "voip", "videochat", "chat", "slack", "zulip"
+    "im", "collaboration", "voip", "videochat", "chat", "slack", "zulip", "federated"
   ],
   "mediaLinks": [
     "https://screenshots.cloudron.io/org.matrix.synapse/1.png",
     "https://screenshots.cloudron.io/org.matrix.synapse/2.png",
     "https://screenshots.cloudron.io/org.matrix.synapse/3.png"
   ],
-  "changelog": "file://CHANGELOG",
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "5.3.0",
+  "minBoxVersion": "7.5.1",
   "forumUrl": "https://forum.cloudron.io/category/50/matrix-synapse-riot",
   "documentationUrl": "https://docs.cloudron.io/apps/synapse/",
   "optionalSso": true

DESCRIPTION.md

@@ -1,12 +1,10 @@
-This app packages Synapse <upstream>1.22.1</upstream>.
-
 **This package only provides the Matrix backend. A variety of clients are available
 [here](https://matrix.org/clients/). Riot is a popular web frontend for Matrix and
 is available as a separate app.**
 
-Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP.
+## About
 
-## Matrix
+Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP.
 
 Matrix specifies a set of pragmatic RESTful HTTP JSON APIs as an open standard, which handle:
 
@@ -18,7 +16,7 @@ Matrix specifies a set of pragmatic RESTful HTTP JSON APIs as an open standard,
 * Using 3rd Party IDs (3PIDs) such as email addresses, phone numbers, Facebook accounts to authenticate, identify and discover users on Matrix.
 * Placing 1:1 VoIP and Video calls
 
-## Synapse
+## What is Synapse?
 
 Synapse is a reference "homeserver" implementation of Matrix from the core development
 team at matrix.org, written in Python/Twisted.

Dockerfile

@@ -1,26 +1,29 @@
-FROM cloudron/base:2.0.0@sha256:f9fea80513aa7c92fe2e7bf3978b54c8ac5222f47a9a32a7f8833edf0eb5a4f4
+FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
 
 RUN mkdir -p /app/pkg
 
 WORKDIR /app/code
 
-ARG VERSION=v1.22.1
-
 # https://pythonspeed.com/articles/activate-virtualenv-dockerfile/
 RUN virtualenv -p python3 /app/code/env
 ENV VIRTUAL_ENV=/app/code/env
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
+ARG VERSION=1.108.0
+
+# https://github.com/matrix-org/synapse-s3-storage-provider
+ARG STORAGE_PROVIDER_VERSION=1beb6af95e1f5caedb8e6e7e1cc176cdb2106d37
+
 # Synapse (https://github.com/matrix-org/synapse/blob/master/INSTALL.md)
 # lxml - required for previews
 RUN pip install --upgrade pip && \
     pip install --upgrade setuptools && \
-    pip install matrix-synapse==${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2
+    pip install matrix-synapse==v${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@${STORAGE_PROVIDER_VERSION} matrix-synapse[oidc]
 
-RUN curl -sL https://github.com/mikefarah/yq/releases/download/3.2.1/yq_linux_amd64 -o /usr/bin/yq && \
-    chmod +x /usr/bin/yq
+# Updated suffix list
+RUN curl -L https://publicsuffix.org/list/public_suffix_list.dat -o /app/code/env/lib/python3.10/site-packages/publicsuffix2/public_suffix_list.dat
 
-RUN ln -sf /app/data/index.html /app/code/env/lib/python3.6/site-packages/synapse/static/index.html
+RUN ln -sf /app/data/index.html /app/code/env/lib/python3.10/site-packages/synapse/static/index.html
 
 RUN chown -R cloudron.cloudron /app/code
 

POSTINSTALL.md

@@ -1,8 +1,6 @@
 Account ids are created with the username and the second level domain under which the
-app is installed e.g. `@$CLOUDRON-USERNAME@$CLOUDRON-APP-DOMAIN`.
+app is installed e.g. `@$CLOUDRON-USERNAME:$CLOUDRON-APP-DOMAIN`.
 
-For federation to work, the second level domain has to be configured to serve up the
-`.well-known/domain.com/matrix` URI. See the 
-[federation docs](https://cloudron.io/documentation/apps/synapse/) on
-how to do this.
+For federation to work, the delegation URI `https://$CLOUDRON-APP-DOMAIN/.well-known/matrix/server`
+must be configured. See the [docs](https://docs.cloudron.io/apps/synapse/#post-installation) on how to do this.
 

homeserver.yaml.template

@@ -72,6 +72,7 @@ federation_ip_range_blacklist:
   - 'fc00::/7'
 
 enable_registration: false
+enable_registration_without_verification: true
 registration_shared_secret: "somesecret"
 allow_guest_access: false
 

start.sh

@@ -16,67 +16,91 @@ if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
         --config-directory /app/data/configs \
         --data-directory /app/data/data \
         --generate-config \
-        --report-stats=no 
+        --report-stats=no
 
     # fix logging configuration
     cp /app/pkg/homeserver.yaml.template /app/data/configs/homeserver.yaml
     mv /app/data/configs/${server_name}.log.config /app/data/configs/log.config
-    yq w -i /app/data/configs/homeserver.yaml log_config /app/data/configs/log.config
-    yq w -i /app/data/configs/log.config handlers.file.filename /run/synapse/homeserver.log
+    yq eval -i ".log_config=\"/app/data/configs/log.config\"" /app/data/configs/homeserver.yaml
+
+    # delete default file and buffer handlers
+    yq eval -i "del(.handlers.file)" /app/data/configs/log.config
+    yq eval -i "del(.handlers.buffer)" /app/data/configs/log.config
 
     mv /app/data/configs/${server_name}.signing.key /app/data/configs/signing.key
 
-    yq w -i /app/data/configs/homeserver.yaml server_name "${server_name}"
-    yq w -i /app/data/configs/homeserver.yaml registration_shared_secret "$(pwgen -1s 64)"
+    yq eval -i ".server_name=\"${server_name}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".registration_shared_secret=\"$(pwgen -1s 64)\"" /app/data/configs/homeserver.yaml
 
-    yq w -i /app/data/configs/homeserver.yaml auto_join_rooms "[]"
-    yq w -i /app/data/configs/homeserver.yaml auto_join_rooms\[0\] "#discuss:${server_name}"
+    yq eval -i ".auto_join_rooms=[]" /app/data/configs/homeserver.yaml
+    yq eval -i ".auto_join_rooms[0]=\"#discuss:${server_name}\"" /app/data/configs/homeserver.yaml
 
-    if [[ -z "${CLOUDRON_LDAP_SERVER:-}" ]]; then
-        yq w -i /app/data/configs/homeserver.yaml enable_registration true
-        yq w -i /app/data/configs/homeserver.yaml password_config.pepper "$(pwgen -1s 12)"
+    if [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+        yq eval -i ".enable_registration=true" /app/data/configs/homeserver.yaml
+        # just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123
+        yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml
     fi
+    yq eval -i ".password_config.pepper=\"$(pwgen -1s 12)\"" /app/data/configs/homeserver.yaml # always set this so that users can enable password login if needed
 fi
 
+echo "==> Ensure we log to console"
+yq eval -i ".root.handlers=[\"console\"]" /app/data/configs/log.config
+yq eval -i ".loggers.twisted.handlers=[\"console\"]" /app/data/configs/log.config
+
 [[ ! -f /app/data/index.html ]] && cp /app/pkg/index.html /app/data/index.html
 
 echo "==> Configuring synapse"
-yq w -i /app/data/configs/homeserver.yaml public_baseurl "${CLOUDRON_APP_ORIGIN}"
+yq eval -i ".public_baseurl=\"${CLOUDRON_APP_ORIGIN}\"" /app/data/configs/homeserver.yaml
 
 # database
-yq w -i /app/data/configs/homeserver.yaml database.args.user "${CLOUDRON_POSTGRESQL_USERNAME}"
-yq w -i /app/data/configs/homeserver.yaml database.args.password "${CLOUDRON_POSTGRESQL_PASSWORD}"
-yq w -i /app/data/configs/homeserver.yaml database.args.database "${CLOUDRON_POSTGRESQL_DATABASE}"
-yq w -i /app/data/configs/homeserver.yaml database.args.host "${CLOUDRON_POSTGRESQL_HOST}"
+yq eval -i ".database.args.user=\"${CLOUDRON_POSTGRESQL_USERNAME}\"" /app/data/configs/homeserver.yaml
+yq eval -i ".database.args.password=\"${CLOUDRON_POSTGRESQL_PASSWORD}\"" /app/data/configs/homeserver.yaml
+yq eval -i ".database.args.database=\"${CLOUDRON_POSTGRESQL_DATABASE}\"" /app/data/configs/homeserver.yaml
+yq eval -i ".database.args.host=\"${CLOUDRON_POSTGRESQL_HOST}\"" /app/data/configs/homeserver.yaml
 
 # email
-yq w -i /app/data/configs/homeserver.yaml email.smtp_host "${CLOUDRON_MAIL_SMTP_SERVER}"
-yq w -i /app/data/configs/homeserver.yaml email.smtp_port "${CLOUDRON_MAIL_SMTP_PORT}"
-yq w -i /app/data/configs/homeserver.yaml email.smtp_user "${CLOUDRON_MAIL_SMTP_USERNAME}"
-yq w -i /app/data/configs/homeserver.yaml email.smtp_pass "${CLOUDRON_MAIL_SMTP_PASSWORD}"
-yq w -i /app/data/configs/homeserver.yaml email.notif_from "%(app)s <${CLOUDRON_MAIL_FROM}>"
+yq eval -i ".email.smtp_host=\"${CLOUDRON_MAIL_SMTP_SERVER}\"" /app/data/configs/homeserver.yaml
+yq eval -i ".email.smtp_port=${CLOUDRON_MAIL_SMTP_PORT}" /app/data/configs/homeserver.yaml
+yq eval -i ".email.smtp_user=\"${CLOUDRON_MAIL_SMTP_USERNAME}\"" /app/data/configs/homeserver.yaml
+yq eval -i ".email.smtp_pass=\"${CLOUDRON_MAIL_SMTP_PASSWORD}\"" /app/data/configs/homeserver.yaml
+yq eval -i ".email.notif_from=\"${CLOUDRON_MAIL_FROM_DISPLAY_NAME:-Matrix} <${CLOUDRON_MAIL_FROM}>\"" /app/data/configs/homeserver.yaml
 
-# ldap
-if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
-    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.uri' "${CLOUDRON_LDAP_URL}"
-    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.start_tls' false
-    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.base' "${CLOUDRON_LDAP_USERS_BASE_DN}"
-    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_dn' "${CLOUDRON_LDAP_BIND_DN}"
-    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_password' "${CLOUDRON_LDAP_BIND_PASSWORD}"
-    yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.filter' "(objectClass=user)"
+# oidc
+if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+    yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml # remove old ldap config
+    echo " ==> Configuring OIDC auth"
+    yq eval -i ".oidc_providers[0].idp_id=\"cloudron\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].idp_name=\"Cloudron\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].issuer=\"${CLOUDRON_OIDC_ISSUER}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].client_id=\"${CLOUDRON_OIDC_CLIENT_ID}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].client_secret=\"${CLOUDRON_OIDC_CLIENT_SECRET}\"" /app/data/configs/homeserver.yaml
+
+    yq eval -i ".oidc_providers[0].scopes=[\"openid\", \"email\", \"profile\"]" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].authorization_endpoint=\"${CLOUDRON_OIDC_AUTH_ENDPOINT}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].token_endpoint=\"${CLOUDRON_OIDC_TOKEN_ENDPOINT}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].userinfo_endpoint=\"${CLOUDRON_OIDC_PROFILE_ENDPOINT}\"" /app/data/configs/homeserver.yaml
+    # https://s3lph.me/ldap-to-oidc-migration-3-matrix.html
+    yq eval -i ".oidc_providers[0].allow_existing_users=true" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].skip_verification=true" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].user_mapping_provider.config.localpart_template=\"{{ user.sub }}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].user_mapping_provider.config.display_name_template=\"{{ user.name }}\"" /app/data/configs/homeserver.yaml
 else
-    yq w -i /app/data/configs/homeserver.yaml password_config.localdb_enabled true
+    yq eval -i ".password_config.localdb_enabled=true" /app/data/configs/homeserver.yaml
+    # just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123
+    yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml
 fi
 
 # turn (https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md#synapse-setup)
-yq w -i /app/data/configs/homeserver.yaml turn_uris "[]"
-yq w -i /app/data/configs/homeserver.yaml turn_uris\[0\] "turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=udp"
-yq w -i /app/data/configs/homeserver.yaml turn_uris\[1\] "turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=tcp"
-yq w -i /app/data/configs/homeserver.yaml turn_shared_secret "${CLOUDRON_TURN_SECRET}"
+if [[ -n "${CLOUDRON_TURN_SERVER:-}" ]]; then
+    yq eval -i ".turn_uris=[]" /app/data/configs/homeserver.yaml
+    yq eval -i ".turn_uris[0]=\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=udp\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".turn_uris[1]=\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=tcp\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".turn_shared_secret=\"${CLOUDRON_TURN_SECRET}\"" /app/data/configs/homeserver.yaml
+fi
 
 # fix permissions
 echo "==> Fixing permissions"
 chown -R cloudron.cloudron /app/data /run/synapse
 
 echo "==> Starting synapse"
-gosu cloudron:cloudron python3 -m synapse.app.homeserver --config-path /app/data/configs/homeserver.yaml
+gosu cloudron:cloudron python3 -m synapse.app.homeserver --config-path /app/data/configs/homeserver.yaml -n

test/package.json

@@ -9,14 +9,9 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^86.0.0",
-    "ejs": "^3.1.5",
+    "chromedriver": "^125.0.2",
     "expect.js": "^0.3.1",
-    "mkdirp": "^1.0.4",
-    "mocha": "^8.1.3",
-    "rimraf": "^3.0.2",
-    "selenium-server-standalone-jar": "^3.141.59",
-    "selenium-webdriver": "^3.6.0",
-    "superagent": "^6.1.0"
+    "mocha": "^10.4.0",
+    "selenium-webdriver": "^4.21.0"
   }
 }

test/test.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 
-/* jslint node:true */
+/* jshint esversion: 8 */
 /* global it:false */
 /* global xit:false */
 /* global describe:false */
@@ -11,246 +11,350 @@
 
 require('chromedriver');
 
-var execSync = require('child_process').execSync,
+const execSync = require('child_process').execSync,
     expect = require('expect.js'),
     path = require('path'),
-    superagent = require('superagent'),
-    webdriver = require('selenium-webdriver');
+    { Builder, By, Key, until } = require('selenium-webdriver'),
+    { Options } = require('selenium-webdriver/chrome');
 
-var by = require('selenium-webdriver').By,
-    until = require('selenium-webdriver').until,
-    Key = require('selenium-webdriver').Key;
+
+if (!process.env.USERNAME || !process.env.PASSWORD) {
+    console.log('USERNAME and PASSWORD env vars need to be set');
+    process.exit(1);
+}
 
 describe('Application life cycle test', function () {
     this.timeout(0);
-    var server, browser = new webdriver.Builder().forBrowser('chrome').build();
 
-    var LOCATION = 'test';
-    var app;
-    var username = process.env.USERNAME;
-    var password = process.env.PASSWORD;
-    var TIMEOUT = process.env.TIMEOUT | 30000;
-    var token, roomId;
+    const ELEMENT_LOCATION = 'element-test';
+    const LOCATION = 'test';
+    const TEST_TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 10000;
+    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
+    const USERNAME = process.env.USERNAME;
+    const PASSWORD = process.env.PASSWORD;
+    const ROOM_ID = Math.floor((Math.random() * 100) + 1);
+    const ROOM_NAME = 'Test room ' + ROOM_ID;
+    const MSG_TEXT = 'Test message ';
 
-    before(function (done) {
-        if (!process.env.USERNAME) return done(new Error('USERNAME env var not set'));
-        if (!process.env.PASSWORD) return done(new Error('PASSWORD env var not set'));
+    let browser, app;
+    let athenticated_by_oidc = false;
 
-        var seleniumJar= require('selenium-server-standalone-jar');
-        var SeleniumServer = require('selenium-webdriver/remote').SeleniumServer;
-        server = new SeleniumServer(seleniumJar.path, { port: 4444 });
-        server.start();
+    before(function () {
+        const options = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.HEADLESS) options.addArguments('headless');
 
-        done();
+        browser = new Builder().forBrowser('chrome').setChromeOptions(options).build();
     });
 
-    after(function (done) {
+    after(function () {
         browser.quit();
-        server.stop();
-        done();
     });
 
-    function checkLandingPage(done) {
-        browser.get('https://' + app.fqdn).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//h1[contains(text(),"Synapse is running")]')), TIMEOUT);
-        }).then(function () {
-            done();
-        });
+    function sleep(millis) {
+        return new Promise(resolve => setTimeout(resolve, millis));
     }
 
-    // https://matrix.org/docs/spec/client_server/latest#user-interactive-api-in-the-rest-api
-    function registerUser(done) {
-        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/register?kind=user').send({
-            username: username,
-            password: password,
-            inhibit_login: false
-        }).end(function (error, result) {
-            // we will first get a 401
-            let session = result.body.session;
-            console.log('session is', session);
-            if (result.statusCode !== 401) return done(new Error('Expecting a 401 ' + result.statusCode));
-
-            superagent.post('https://' + app.fqdn + '/_matrix/client/r0/register?kind=user').send({
-                auth: {
-                    type: 'm.login.dummy',
-                    session: session
-                },
-                username: username,
-                password: password,
-                inhibit_login: false
-            }).end(function (error, result) {
-                if (error) return done(error);
-                if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
-
-                console.log('registered user with id', result.user_id);
-
-                done();
-            });
-        });
+    async function waitForElement(elem) {
+        await browser.wait(until.elementLocated(elem), TEST_TIMEOUT);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TEST_TIMEOUT);
     }
 
-    // https://matrix.org/docs/spec/client_server/latest
-    function checkLogin(done) {
-        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/login').send({
-            type: 'm.login.password',
-            user: username,
-            password: password
-        }).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
-
-            token = result.body.access_token;
-            if (!token) return done(new Error('No token'));
-
-            done();
-        });
+    function getAppInfo() {
+        const inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
+        expect(app).to.be.an('object');
     }
 
-    function checkAutoJoinRoom(done) {
-        superagent.get('https://' + app.fqdn + '/_matrix/client/r0/joined_rooms?access_token=' + token).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Room listing failed with status ' + result.statusCode));
-
-            if (result.body.joined_rooms.length !== 1) return done(new Error('User must have auto-joined discuss channel:' + result.statusCode));
-            done();
-        });
+    function getElementAppInfo() {
+        const inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location.indexOf(ELEMENT_LOCATION) === 0; })[0];
+        expect(app).to.be.an('object');
     }
 
-    function createRoom(done) {
-        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/createRoom?access_token=' + token).send({
-            room_alias_name: 'general'
-        }).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Room creation failed with status ' + result.statusCode));
-
-            roomId = result.body.room_id;
-            if (!roomId) return done(new Error('No room id'));
-
-            done();
-        });
+    function getMessage() {
+        return MSG_TEXT + Math.floor((Math.random() * 100) + 1);
     }
 
-    function checkRoom(done) {
-        superagent.get('https://' + app.fqdn + '/_matrix/client/r0/joined_rooms?access_token=' + token).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Room listing failed with status ' + result.statusCode));
-
-            if (!result.body.joined_rooms.includes(roomId)) return done(new Error('No room in list: ' + JSON.stringify(result.body)));
-
-            done();
-        });
+    async function updateSynapseConfig() {
+        console.log(`Setting Synapse Matrix server location to "https://${app.fqdn}"`);
+        execSync(`cloudron exec --app ${ELEMENT_LOCATION} -- bash -c "jq '.default_server_config[\\"m.homeserver\\"].base_url = \\"https://${app.fqdn}\\"' /app/data/config.json | sponge /app/data/config.json"`);
+        execSync(`cloudron restart --app ${ELEMENT_LOCATION}`);
+        // wait when all services are up and running
+        await sleep(15000);
     }
 
-    xit('build app', function () {
-        execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
+    async function checkLandingPage() {
+        await browser.get(`https://${app.fqdn}`);
+        await browser.wait(until.elementLocated(By.xpath('//h1[contains(text(),"Synapse is running")]')), TEST_TIMEOUT);
+    }
+
+    async function registerUser() {
+        await browser.get(`https://${app.fqdn}/#/register`);
+        await waitForElement(By.xpath('//input[@label="Username"]'));
+        await browser.findElement(By.xpath('//input[@label="Username"]')).sendKeys(USERNAME);
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//input[@label="Password"]')).sendKeys(PASSWORD);
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//input[@label="Confirm password"]')).sendKeys(PASSWORD);
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//input[@value="Register"]')).click();
+        await browser.sleep(2000);
+        await waitForElement(By.xpath('//h1[text()="You\'re in"]'));
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//div[@role="button" and text()="Skip"]')).click();
+        await browser.sleep(2000);
+        await waitForElement(By.xpath(`//h1[contains(., "Welcome")]`));
+    }
+
+    async function loginOIDC(username, password) {
+        browser.manage().deleteAllCookies();
+        await browser.get(`https://${app.fqdn}/#/login`);
+        await browser.sleep(6000);
+
+        await waitForElement(By.xpath('//div[@role="button" and contains(., "Continue with Cloudron")]'));
+        await browser.findElement(By.xpath('//div[@role="button" and contains(., "Continue with Cloudron")]')).click();
+        await browser.sleep(2000);
+
+        if (!athenticated_by_oidc) {
+            await waitForElement(By.xpath('//input[@name="username"]'));
+            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
+            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
+            await browser.sleep(2000);
+            await browser.findElement(By.id('loginSubmitButton')).click();
+            await browser.sleep(2000);
+
+            athenticated_by_oidc = true;
+        }
+
+        await waitForElement(By.xpath('//p[@class="confirm-trust" and contains(., "Continuing will grant ")]'));
+        await browser.findElement(By.xpath('//a[contains(., "Continue")]')).click();
+        await browser.sleep(2000);
+
+        //if (await browser.findElements(By.xpath('//div[@aria-label="Skip verification for now"]')).then(found => !!found.length)) {
+//            await skipVerification();
+        //}
+
+        await browser.sleep(3000);
+        await waitForElement(By.xpath(`//h1[contains(., "Welcome")]`));
+    }
+
+    async function login() {
+        await browser.get('https://' + app.fqdn + '/#/login');
+        await browser.wait(until.elementLocated(By.xpath('//input[@value="Sign in"]')), TEST_TIMEOUT);
+        await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(USERNAME);
+        await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(PASSWORD);
+        await browser.findElement(By.xpath('//input[@value="Sign in"]')).click();
+        await browser.sleep(5000);
+
+        if (await browser.findElements(By.xpath('//div[@aria-label="Skip verification for now"]')).then(found => !!found.length)) {
+            await skipVerification();
+        }
+
+        await browser.wait(until.elementLocated(By.xpath('//span[text()="Rooms"]')), TEST_TIMEOUT);
+    }
+
+    async function skipVerification() {
+        await browser.wait(until.elementLocated(By.xpath('//div[@aria-label="Skip verification for now"]')), TEST_TIMEOUT);
+        await browser.sleep(5000);
+        await browser.findElement(By.xpath('//div[@aria-label="Skip verification for now"]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//div[contains(text(), "verify later")]')), TEST_TIMEOUT);
+        await browser.sleep(5000);
+        await browser.findElement(By.xpath('//div[contains(text(), "verify later")]')).click();
+        await browser.sleep(5000);
+    }
+
+    async function logout() {
+        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.sleep(5000);
+        await waitForElement(By.xpath('//div[@role="button" and @aria-label="User menu"]'));
+
+        await browser.findElement(By.xpath('//div[@role="button" and @aria-label="User menu"]')).click();
+        await browser.sleep(2000);
+
+        await browser.findElement(By.xpath('//li[@role="menuitem" and @aria-label="Sign out"]')).click();
+        await browser.sleep(2000);
+
+//        if (await browser.findElements(By.xpath('//button[contains(text(), "I don\'t want my encrypted messages")]')).then(found => !!found.length)) {
+            await browser.findElement(By.xpath('//button[contains(text(), "I don\'t want my encrypted messages")]')).click();
+            await browser.sleep(3000);
+//        }
+
+        await waitForElement(By.xpath('//h1[text()="Sign in"]'));
+    }
+
+    async function isLoggedIn() {
+        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.wait(until.elementLocated(By.xpath('//span[text()="Rooms"]')), TEST_TIMEOUT);
+    }
+
+    async function createRoom() {
+        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.sleep(4000);
+        await waitForElement(By.xpath('//div[@role="button" and @aria-label="Add room"]'));
+        await browser.findElement(By.xpath('//div[@role="button" and @aria-label="Add room"]')).click();
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//li[@role="menuitem" and @aria-label="New room"]')).click();
+        await browser.sleep(2000);
+
+        await browser.findElement(By.xpath('//input[@label="Name"]')).sendKeys(ROOM_NAME);
+        await browser.sleep(2000);
+
+        await browser.findElement(By.xpath('//button[text()="Create room"]')).click();
+        await browser.sleep(2000);
+
+        await waitForElement(By.xpath('//div[@role="button" and @aria-label="Add room"]'));
+
+        await waitForElement(By.xpath('//div[@class="mx_RoomTile_titleContainer"]/div[@title="' + ROOM_NAME + '"]'));
+    }
+
+    async function checkRoom() {
+        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.sleep(4000);
+        await waitForElement(By.xpath('//div[@role="treeitem" and @aria-label="' + ROOM_NAME + '"]'));
+        await browser.findElement(By.xpath('//div[@role="treeitem" and @aria-label="' + ROOM_NAME + '"]')).click();
+        await browser.sleep(2000);
+        await waitForElement(By.xpath('//h2[text()="' + ROOM_NAME + '"]'));
+    }
+
+    async function sendMessage() {
+        await checkRoom();
+
+        await browser.findElement(By.xpath('//div[contains(@class, "mx_BasicMessageComposer_input")]')).sendKeys(getMessage());
+        await browser.sleep(2000);
+
+        await browser.findElement(By.xpath('//div[@role="button" and @aria-label="Send message"]')).click();
+        await browser.sleep(2000);
+    }
+
+    xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
 
     // No SSO
-    it('install app (no sso)', function () {
-        execSync('cloudron install --no-sso --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-
-    it('can get app information', function () {
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-
-        expect(app).to.be.an('object');
-    });
-
+    it('install app (no sso)', function () { execSync('cloudron install --no-sso --location ' + LOCATION, EXEC_ARGS); });
+    it('can get app information', getAppInfo);
     it('check landing page', checkLandingPage);
-    it('can register new user', registerUser);
-    it('can login', checkLogin);
-    it('check autojoin', checkAutoJoinRoom);
-    it('create room', createRoom);
-    it('check room', checkRoom);
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('can install element-web app (no sso)', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
+    it('update element-app config', updateSynapseConfig);
+
+    it('can get Element app info', getElementAppInfo);
+    it('can register new user', registerUser);
+    it('create room', createRoom);
+    it('can send message', sendMessage);
+
+    it('can logout', logout);
+
+    it('can login', login);
+    it('check room', checkRoom);
+    it('can logout', logout);
+
+    it('can get app info', getAppInfo);
+
+    it('uninstall element-web app', async function () {
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${ELEMENT_LOCATION}`, EXEC_ARGS);
     });
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
 
     // SSO
-    it('install app', function () {
-        execSync('cloudron install --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
+    it('install app (sso)', function () { execSync('cloudron install --location ' + LOCATION, EXEC_ARGS); });
+    it('can get app info', getAppInfo);
 
-    it('can get app information', function () {
-        var inspect = JSON.parse(execSync('cloudron inspect'));
+    it('can install element-web app (sso)', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
+    it('update element-app config', updateSynapseConfig);
 
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-
-        expect(app).to.be.an('object');
-    });
-
-    it('check landing page', checkLandingPage);
-    it('can login', checkLogin);
-    it('check autojoin', checkAutoJoinRoom);
+    it('can get Element app info', getElementAppInfo);
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('create room', createRoom);
-    it('check room', checkRoom);
+    it('can send message', sendMessage);
+    it('can get app info', getAppInfo);
 
-    it('can restart app', function (done) {
-        execSync('cloudron restart');
-        done();
+    it('can restart app', function () { execSync(`cloudron restart ${app.id}`); });
+
+    it('backup app', function () { execSync(`cloudron backup create --app ${app.id}`, EXEC_ARGS); });
+
+    it('can get Element app info', getElementAppInfo);
+    it('is logged in', isLoggedIn);
+    it('check room', checkRoom);
+    it('can get app info', getAppInfo);
+
+    it('restore app', async function () {
+        const backups = JSON.parse(execSync(`cloudron backup list --raw --app ${app.id}`));
+
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
+        execSync(`cloudron install --location ${LOCATION}`, EXEC_ARGS);
+
+        getAppInfo();
+
+        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, EXEC_ARGS);
     });
 
-    it('check landing page', checkLandingPage);
+    it('can get Element app info', getElementAppInfo);
+    it('is logged in', isLoggedIn);
     it('check room', checkRoom);
+    it('can send message', sendMessage);
+    it('can logout', logout);
+    it('can get app info', getAppInfo);
 
-    it('backup app', function () {
-        execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-
-    it('check landing page', checkLandingPage);
-    it('check room', checkRoom);
-
-    it('restore app', function () {
-        const backups = JSON.parse(execSync('cloudron backup list --raw'));
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        execSync('cloudron install --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-
-    it('check landing page', checkLandingPage);
-    it('check room', checkRoom);
-
-    it('move to different location', function () {
+    it('move to different location', async function () {
         browser.manage().deleteAllCookies();
-        execSync('cloudron configure --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
+        await browser.get('about:blank');
+
+        execSync(`cloudron configure --location ${LOCATION}2`, EXEC_ARGS);
+        getAppInfo();
+        // wait when all services are up and running
+        await sleep(15000);
     });
 
-    it('check landing page', checkLandingPage);
-    it('check room', checkRoom);
+    it('update element-app config', updateSynapseConfig);
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('can get Element app info', getElementAppInfo);
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
+    it('check room', checkRoom);
+    it('can send message', sendMessage);
+
+    it('can logout', logout);
+    it('can get app info', getAppInfo);
+
+    it('uninstall app', async function () {
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
     });
 
     // test update
-    it('can install app', function () {
-        execSync('cloudron install --appstore-id org.matrix.synapse --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-        expect(app).to.be.an('object');
-    });
+    it('can install app for update', function () { execSync('cloudron install --appstore-id org.matrix.synapse --location ' + LOCATION, EXEC_ARGS); });
+    it('can get app info', getAppInfo);
+    it('update element-app config', updateSynapseConfig);
 
-    it('check landing page', checkLandingPage);
-    it('can login', checkLogin);
+    it('can get Element app info', getElementAppInfo);
+
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
+    it('is logged in', isLoggedIn);
     it('create room', createRoom);
-    it('check room', checkRoom);
+    it('can send message', sendMessage);
+    it('can logout', logout);
+    it('can get app info', getAppInfo);
 
-    it('can update', function () {
-        execSync('cloudron update --app ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('can update', async function () {
+        await browser.get('about:blank');
+        execSync(`cloudron update --app ${app.id}`, EXEC_ARGS);
+        // wait when all services are up and running
+        await sleep(15000);
     });
 
-    it('check landing page', checkLandingPage);
+    it('can get Element app info', getElementAppInfo);
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
+    it('is logged in', isLoggedIn);
     it('check room', checkRoom);
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('can send message', sendMessage);
+    it('can get app info', getAppInfo);
+
+    it('uninstall app', async function () {
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
+    });
+
+    it('uninstall element-web app', function () {
+        execSync(`cloudron uninstall --app ${ELEMENT_LOCATION}`, EXEC_ARGS);
     });
 });
-