Version 1.82.0

when external registration is enabled, this means that we don't move
all of the external users as oidc accounts

CHANGELOG.md

@@ -1103,3 +1103,14 @@
 * [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.95.1)
 * GHSA-mp92-3jfm-3575 / CVE-2023-43796 — Moderate Severity
 
+[1.81.0]
+* Update Synapse to 1.96.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.96.1)
+* Add experimental support to allow multiple workers to write to receipts stream. (#16432)
+* Add a new module API for controller presence. (#16544)
+* Add a new module API callback that allows adding extra fields to events' unsigned section when sent down to clients. (#16549)
+* Improve the performance of claiming encryption keys. (#16565, #16570)
+
+[1.82.0]
+* Switch LDAP authentication to OIDC login
+

CloudronManifest.json

@@ -5,14 +5,14 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.80.1",
-  "upstreamVersion": "1.95.1",
+  "version": "1.82.0",
+  "upstreamVersion": "1.96.1",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,
   "addons": {
     "localstorage": {},
-    "ldap": {},
+    "oidc": { "loginRedirectUri": "/_synapse/client/oidc/callback" },
     "postgresql": {},
     "sendmail": { "supportsDisplayName": true },
     "turn": { "optional": true }

Dockerfile

@@ -9,7 +9,7 @@ RUN virtualenv -p python3 /app/code/env
 ENV VIRTUAL_ENV=/app/code/env
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
-ARG VERSION=1.95.1
+ARG VERSION=1.96.1
 
 # https://github.com/matrix-org/synapse-s3-storage-provider
 ARG STORAGE_PROVIDER_VERSION=1beb6af95e1f5caedb8e6e7e1cc176cdb2106d37

start.sh

@@ -35,7 +35,7 @@ if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
     yq eval -i ".auto_join_rooms=[]" /app/data/configs/homeserver.yaml
     yq eval -i ".auto_join_rooms[0]=\"#discuss:${server_name}\"" /app/data/configs/homeserver.yaml
 
-    if [[ -z "${CLOUDRON_LDAP_SERVER:-}" ]]; then
+    if [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
         yq eval -i ".enable_registration=true" /app/data/configs/homeserver.yaml
         yq eval -i ".password_config.pepper=\"$(pwgen -1s 12)\"" /app/data/configs/homeserver.yaml
         # just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123
@@ -65,15 +65,25 @@ yq eval -i ".email.smtp_user=\"${CLOUDRON_MAIL_SMTP_USERNAME}\"" /app/data/confi
 yq eval -i ".email.smtp_pass=\"${CLOUDRON_MAIL_SMTP_PASSWORD}\"" /app/data/configs/homeserver.yaml
 yq eval -i ".email.notif_from=\"${CLOUDRON_MAIL_FROM_DISPLAY_NAME:-Matrix} <${CLOUDRON_MAIL_FROM}>\"" /app/data/configs/homeserver.yaml
 
-# ldap
-if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
-    yq eval -i ".password_providers[0].config.uri=\"${CLOUDRON_LDAP_URL}\"" /app/data/configs/homeserver.yaml
-    yq eval -i ".password_providers[0].config.start_tls=false" /app/data/configs/homeserver.yaml
-    yq eval -i ".password_providers[0].config.base=\"${CLOUDRON_LDAP_USERS_BASE_DN}\"" /app/data/configs/homeserver.yaml
-    yq eval -i ".password_providers[0].config.bind_dn=\"${CLOUDRON_LDAP_BIND_DN}\"" /app/data/configs/homeserver.yaml
-    yq eval -i ".password_providers[0].config.bind_password=\"${CLOUDRON_LDAP_BIND_PASSWORD}\"" /app/data/configs/homeserver.yaml
-    yq eval -i ".password_providers[0].config.filter=\"(objectClass=user)\"" /app/data/configs/homeserver.yaml
+# oidc
+if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+    yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml # remove old ldap config
+    echo " ==> Configuring OIDC auth"
+    yq eval -i ".oidc_providers[0].idp_id=\"cloudron\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].idp_name=\"Cloudron\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].issuer=\"${CLOUDRON_OIDC_ISSUER}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].client_id=\"${CLOUDRON_OIDC_CLIENT_ID}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].client_secret=\"${CLOUDRON_OIDC_CLIENT_SECRET}\"" /app/data/configs/homeserver.yaml
 
+    yq eval -i ".oidc_providers[0].scopes=[\"openid\", \"email\", \"profile\"]" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].authorization_endpoint=\"${CLOUDRON_OIDC_AUTH_ENDPOINT}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].token_endpoint=\"${CLOUDRON_OIDC_TOKEN_ENDPOINT}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].userinfo_endpoint=\"${CLOUDRON_OIDC_PROFILE_ENDPOINT}\"" /app/data/configs/homeserver.yaml
+    # https://s3lph.me/ldap-to-oidc-migration-3-matrix.html
+    yq eval -i ".oidc_providers[0].allow_existing_users=true" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].skip_verification=true" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].user_mapping_provider.config.localpart_template=\"{{ user.sub }}\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].user_mapping_provider.config.display_name_template=\"{{ user.name }}\"" /app/data/configs/homeserver.yaml
 else
     yq eval -i ".password_config.localdb_enabled=true" /app/data/configs/homeserver.yaml
     # just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123

test/package-lock.json

@@ -9,17 +9,17 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^119.0.0",
+        "chromedriver": "^119.0.1",
         "expect.js": "^0.3.1",
         "mocha": "^10.2.0",
-        "selenium-webdriver": "^4.14.0",
+        "selenium-webdriver": "^4.15.0",
         "superagent": "^8.1.2"
       }
     },
     "node_modules/@testim/chrome-version": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.3.tgz",
-      "integrity": "sha512-g697J3WxV/Zytemz8aTuKjTGYtta9+02kva3C1xc7KXB8GdbfE1akGJIsZLyY/FSh2QrnE+fiB7vmWU3XNcb6A=="
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.4.tgz",
+      "integrity": "sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g=="
     },
     "node_modules/@types/node": {
       "version": "16.11.7",
@@ -105,9 +105,9 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "node_modules/axios": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.4.0.tgz",
-      "integrity": "sha512-S4XCWMEmzvo64T9GfvQDOXgYRDJ/wsSZc7Jvdgx5u1sd0JwsuPLqb3SYmusag+edF6ziyMensPVqLTSc1PiSEA==",
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz",
+      "integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==",
       "dependencies": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -236,18 +236,18 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "119.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-119.0.0.tgz",
-      "integrity": "sha512-3TmabGT7xg57/Jbsg6B/Kqk3HaSbCP1ZHkR5zNft5vT/IWKjZCAGTH9waMI+i5KHSEiMH0zOw/WF98l+1Npkpw==",
+      "version": "119.0.1",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-119.0.1.tgz",
+      "integrity": "sha512-lpCFFLaXPpvElTaUOWKdP74pFb/sJhWtWqMjn7Ju1YriWn8dT5JBk84BGXMPvZQs70WfCYWecxdMmwfIu1Mupg==",
       "hasInstallScript": true,
       "dependencies": {
-        "@testim/chrome-version": "^1.1.3",
-        "axios": "^1.4.0",
-        "compare-versions": "^6.0.0",
+        "@testim/chrome-version": "^1.1.4",
+        "axios": "^1.6.0",
+        "compare-versions": "^6.1.0",
         "extract-zip": "^2.0.1",
         "https-proxy-agent": "^5.0.1",
         "proxy-from-env": "^1.1.0",
-        "tcp-port-used": "^1.0.1"
+        "tcp-port-used": "^1.0.2"
       },
       "bin": {
         "chromedriver": "bin/chromedriver"
@@ -294,9 +294,9 @@
       }
     },
     "node_modules/compare-versions": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.0.0.tgz",
-      "integrity": "sha512-s2MzYxfRsE9f/ow8hjn7ysa7pod1xhHdQMsgiJtKx6XSNf4x2N1KG4fjrkUmXcP/e9Y2ZX4zB6sHIso0Lm6evQ=="
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz",
+      "integrity": "sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg=="
     },
     "node_modules/component-emitter": {
       "version": "1.3.0",
@@ -479,9 +479,9 @@
       }
     },
     "node_modules/follow-redirects": {
-      "version": "1.15.2",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
-      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+      "version": "1.15.3",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz",
+      "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==",
       "funding": [
         {
           "type": "individual",
@@ -1166,9 +1166,9 @@
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
     "node_modules/selenium-webdriver": {
-      "version": "4.14.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.14.0.tgz",
-      "integrity": "sha512-637rs8anqMKHbWxcBZpyG3Gcs+rBUtAUiqk0O/knUqH4Paj3MFUZrz88/pVGOLNryEVy2z92fZomT8p1ENl1gA==",
+      "version": "4.15.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.15.0.tgz",
+      "integrity": "sha512-BNG1bq+KWiBGHcJ/wULi0eKY0yaDqFIbEmtbsYJmfaEghdCkXBsx1akgOorhNwjBipOr0uwpvNXqT6/nzl+zjg==",
       "dependencies": {
         "jszip": "^3.10.1",
         "tmp": "^0.2.1",
@@ -1468,9 +1468,9 @@
   },
   "dependencies": {
     "@testim/chrome-version": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.3.tgz",
-      "integrity": "sha512-g697J3WxV/Zytemz8aTuKjTGYtta9+02kva3C1xc7KXB8GdbfE1akGJIsZLyY/FSh2QrnE+fiB7vmWU3XNcb6A=="
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.4.tgz",
+      "integrity": "sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g=="
     },
     "@types/node": {
       "version": "16.11.7",
@@ -1538,9 +1538,9 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "axios": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.4.0.tgz",
-      "integrity": "sha512-S4XCWMEmzvo64T9GfvQDOXgYRDJ/wsSZc7Jvdgx5u1sd0JwsuPLqb3SYmusag+edF6ziyMensPVqLTSc1PiSEA==",
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz",
+      "integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==",
       "requires": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -1633,17 +1633,17 @@
       }
     },
     "chromedriver": {
-      "version": "119.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-119.0.0.tgz",
-      "integrity": "sha512-3TmabGT7xg57/Jbsg6B/Kqk3HaSbCP1ZHkR5zNft5vT/IWKjZCAGTH9waMI+i5KHSEiMH0zOw/WF98l+1Npkpw==",
+      "version": "119.0.1",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-119.0.1.tgz",
+      "integrity": "sha512-lpCFFLaXPpvElTaUOWKdP74pFb/sJhWtWqMjn7Ju1YriWn8dT5JBk84BGXMPvZQs70WfCYWecxdMmwfIu1Mupg==",
       "requires": {
-        "@testim/chrome-version": "^1.1.3",
-        "axios": "^1.4.0",
-        "compare-versions": "^6.0.0",
+        "@testim/chrome-version": "^1.1.4",
+        "axios": "^1.6.0",
+        "compare-versions": "^6.1.0",
         "extract-zip": "^2.0.1",
         "https-proxy-agent": "^5.0.1",
         "proxy-from-env": "^1.1.0",
-        "tcp-port-used": "^1.0.1"
+        "tcp-port-used": "^1.0.2"
       }
     },
     "cliui": {
@@ -1678,9 +1678,9 @@
       }
     },
     "compare-versions": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.0.0.tgz",
-      "integrity": "sha512-s2MzYxfRsE9f/ow8hjn7ysa7pod1xhHdQMsgiJtKx6XSNf4x2N1KG4fjrkUmXcP/e9Y2ZX4zB6sHIso0Lm6evQ=="
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz",
+      "integrity": "sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg=="
     },
     "component-emitter": {
       "version": "1.3.0",
@@ -1814,9 +1814,9 @@
       "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ=="
     },
     "follow-redirects": {
-      "version": "1.15.2",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
-      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
+      "version": "1.15.3",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz",
+      "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q=="
     },
     "form-data": {
       "version": "4.0.0",
@@ -2300,9 +2300,9 @@
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
     "selenium-webdriver": {
-      "version": "4.14.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.14.0.tgz",
-      "integrity": "sha512-637rs8anqMKHbWxcBZpyG3Gcs+rBUtAUiqk0O/knUqH4Paj3MFUZrz88/pVGOLNryEVy2z92fZomT8p1ENl1gA==",
+      "version": "4.15.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.15.0.tgz",
+      "integrity": "sha512-BNG1bq+KWiBGHcJ/wULi0eKY0yaDqFIbEmtbsYJmfaEghdCkXBsx1akgOorhNwjBipOr0uwpvNXqT6/nzl+zjg==",
       "requires": {
         "jszip": "^3.10.1",
         "tmp": "^0.2.1",

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^119.0.0",
+    "chromedriver": "^119.0.1",
     "expect.js": "^0.3.1",
     "mocha": "^10.2.0",
-    "selenium-webdriver": "^4.14.0",
+    "selenium-webdriver": "^4.15.0",
     "superagent": "^8.1.2"
   }
 }

test/test.js

@@ -1,214 +1,359 @@
 #!/usr/bin/env node
 
 /* jshint esversion: 8 */
-/* global describe */
-/* global before */
-/* global after */
-/* global it */
-/* global xit */
+/* global it:false */
+/* global xit:false */
+/* global describe:false */
+/* global before:false */
+/* global after:false */
 
 'use strict';
 
 require('chromedriver');
 
-var execSync = require('child_process').execSync,
+const execSync = require('child_process').execSync,
     expect = require('expect.js'),
     path = require('path'),
-    superagent = require('superagent'),
     { Builder, By, Key, until } = require('selenium-webdriver'),
     { Options } = require('selenium-webdriver/chrome');
 
+
+if (!process.env.USERNAME || !process.env.PASSWORD) {
+    console.log('USERNAME and PASSWORD env vars need to be set');
+    process.exit(1);
+}
+
 describe('Application life cycle test', function () {
     this.timeout(0);
 
+    const ELEMENT_LOCATION = 'element-test';
     const LOCATION = 'test';
-    const TEST_TIMEOUT = 10000;
+    const TEST_TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 10000;
     const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
+    const USERNAME = process.env.USERNAME;
+    const PASSWORD = process.env.PASSWORD;
+    const ROOM_ID = Math.floor((Math.random() * 100) + 1);
+    const ROOM_NAME = 'Test room ' + ROOM_ID;
+    const MSG_TEXT = 'Test message ';
 
-    const username = process.env.USERNAME;
-    const password = process.env.PASSWORD;
-
-    var app, browser;
-    var token, roomId;
+    let browser, app;
+    let athenticated_by_oidc = false;
 
     before(function () {
-        if (!process.env.USERNAME) throw new Error('USERNAME env var not set');
-        if (!process.env.PASSWORD) throw new Error('PASSWORD env var not set');
+        const options = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.HEADLESS) options.addArguments('headless');
 
-        browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
+        browser = new Builder().forBrowser('chrome').setChromeOptions(options).build();
     });
 
     after(function () {
         browser.quit();
     });
 
+    function sleep(millis) {
+        return new Promise(resolve => setTimeout(resolve, millis));
+    }
+
+    async function waitForElement(elem) {
+        await browser.wait(until.elementLocated(elem), TEST_TIMEOUT);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TEST_TIMEOUT);
+    }
+
     function getAppInfo() {
-        var inspect = JSON.parse(execSync('cloudron inspect'));
+        const inspect = JSON.parse(execSync('cloudron inspect'));
         app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
         expect(app).to.be.an('object');
     }
 
+    function getElementAppInfo() {
+        const inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location.indexOf(ELEMENT_LOCATION) === 0; })[0];
+        expect(app).to.be.an('object');
+    }
+
+    function getMessage() {
+        return MSG_TEXT + Math.floor((Math.random() * 100) + 1);
+    }
+
+    async function updateSynapseConfig() {
+        console.log(`Setting Synapse Matrix server location to "https://${app.fqdn}"`);
+        execSync(`cloudron exec --app ${ELEMENT_LOCATION} -- bash -c "jq '.default_server_config[\\"m.homeserver\\"].base_url = \\"https://${app.fqdn}\\"' /app/data/config.json | sponge /app/data/config.json"`);
+        execSync(`cloudron restart --app ${ELEMENT_LOCATION}`);
+        // wait when all services are up and running
+        await sleep(15000);
+    }
+
     async function checkLandingPage() {
         await browser.get(`https://${app.fqdn}`);
         await browser.wait(until.elementLocated(By.xpath('//h1[contains(text(),"Synapse is running")]')), TEST_TIMEOUT);
     }
 
-    // https://matrix.org/docs/spec/client_server/latest#user-interactive-api-in-the-rest-api
-    function registerUser(done) {
-        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/register?kind=user').send({
-            username: username,
-            password: password,
-            inhibit_login: false
-        }).end(function (error, result) {
-            // we will first get a 401
-            let session = result.body.session;
-            console.log('session is', session);
-            if (result.statusCode !== 401) return done(new Error('Expecting a 401 ' + result.statusCode));
-
-            superagent.post('https://' + app.fqdn + '/_matrix/client/r0/register?kind=user').send({
-                auth: {
-                    type: 'm.login.dummy',
-                    session: session
-                },
-                username: username,
-                password: password,
-                inhibit_login: false
-            }).end(function (error, result) {
-                if (error) return done(error);
-                if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
-
-                console.log('registered user with id', result.body.user_id);
-
-                done();
-            });
-        });
+    async function registerUser() {
+        await browser.get(`https://${app.fqdn}/#/register`);
+        await waitForElement(By.xpath('//input[@label="Username"]'));
+        await browser.findElement(By.xpath('//input[@label="Username"]')).sendKeys(USERNAME);
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//input[@label="Password"]')).sendKeys(PASSWORD);
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//input[@label="Confirm password"]')).sendKeys(PASSWORD);
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//input[@value="Register"]')).click();
+        await browser.sleep(2000);
+        await waitForElement(By.xpath('//h1[text()="You\'re in"]'));
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//div[@role="button" and text()="Skip"]')).click();
+        await browser.sleep(2000);
+        await waitForElement(By.xpath(`//h1[contains(., "Welcome")]`));
     }
 
-    // https://matrix.org/docs/spec/client_server/latest
-    function checkLogin(done) {
-        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/login').send({
-            type: 'm.login.password',
-            user: username,
-            password: password
-        }).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
+    async function loginOIDC(username, password) {
+        browser.manage().deleteAllCookies();
+        await browser.get(`https://${app.fqdn}/#/login`);
+        await browser.sleep(6000);
 
-            token = result.body.access_token;
-            if (!token) return done(new Error('No token'));
+        await waitForElement(By.xpath('//div[@role="button" and contains(., "Continue with Cloudron")]'));
+        await browser.findElement(By.xpath('//div[@role="button" and contains(., "Continue with Cloudron")]')).click();
+        await browser.sleep(2000);
 
-            done();
-        });
+        if (!athenticated_by_oidc) {
+            await waitForElement(By.xpath('//input[@name="username"]'));
+            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
+            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
+            await browser.sleep(2000);
+            await browser.findElement(By.xpath('//button[@type="submit" and contains(text(), "Sign in")]')).click();
+            await browser.sleep(2000);
+
+            athenticated_by_oidc = true;
+        }
+
+        await waitForElement(By.xpath('//p[@class="confirm-trust" and contains(., "Continuing will grant ")]'));
+        await browser.findElement(By.xpath('//a[contains(., "Continue")]')).click();
+        await browser.sleep(2000);
+
+        if (await browser.findElements(By.xpath('//div[@aria-label="Skip verification for now"]')).then(found => !!found.length)) {
+            await skipVerification();
+        }
+
+        await browser.sleep(3000);
+        await waitForElement(By.xpath(`//h1[contains(., "Welcome")]`));
     }
 
-    function checkAutoJoinRoom(done) {
-        superagent.get('https://' + app.fqdn + '/_matrix/client/r0/joined_rooms?access_token=' + token).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Room listing failed with status ' + result.statusCode));
+    async function login() {
+        await browser.get('https://' + app.fqdn + '/#/login');
+        await browser.wait(until.elementLocated(By.xpath('//input[@value="Sign in"]')), TEST_TIMEOUT);
+        await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(USERNAME);
+        await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(PASSWORD);
+        await browser.findElement(By.xpath('//input[@value="Sign in"]')).click();
+        await browser.sleep(5000);
 
-            if (result.body.joined_rooms.length !== 1) return done(new Error('User must have auto-joined discuss channel:' + result.statusCode));
-            done();
-        });
+        if (await browser.findElements(By.xpath('//div[@aria-label="Skip verification for now"]')).then(found => !!found.length)) {
+            await skipVerification();
+        }
+
+        await browser.wait(until.elementLocated(By.xpath('//span[text()="Rooms"]')), TEST_TIMEOUT);
     }
 
-    function createRoom(done) {
-        superagent.post('https://' + app.fqdn + '/_matrix/client/r0/createRoom?access_token=' + token).send({
-            room_alias_name: 'general'
-        }).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Room creation failed with status ' + result.statusCode));
-
-            roomId = result.body.room_id;
-            if (!roomId) return done(new Error('No room id'));
-
-            done();
-        });
+    async function skipVerification() {
+        await browser.wait(until.elementLocated(By.xpath('//div[@aria-label="Skip verification for now"]')), TEST_TIMEOUT);
+        await browser.sleep(5000);
+        await browser.findElement(By.xpath('//div[@aria-label="Skip verification for now"]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//div[contains(text(), "verify later")]')), TEST_TIMEOUT);
+        await browser.sleep(5000);
+        await browser.findElement(By.xpath('//div[contains(text(), "verify later")]')).click();
+        await browser.sleep(5000);
     }
 
-    function checkRoom(done) {
-        superagent.get('https://' + app.fqdn + '/_matrix/client/r0/joined_rooms?access_token=' + token).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Room listing failed with status ' + result.statusCode));
+    async function logout() {
+        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.sleep(5000);
+        await waitForElement(By.xpath('//div[@role="button" and @title="User menu"]'));
 
-            if (!result.body.joined_rooms.includes(roomId)) return done(new Error('No room in list: ' + JSON.stringify(result.body)));
+        await browser.findElement(By.xpath('//div[@role="button" and @title="User menu"]')).click();
+        await browser.sleep(2000);
 
-            done();
-        });
+        await browser.findElement(By.xpath('//li[@role="menuitem" and @aria-label="Sign out"]')).click();
+        await browser.sleep(2000);
+
+        if (await browser.findElements(By.xpath('//button[contains(text(), "I don\'t want my encrypted messages")]')).then(found => !!found.length)) {
+            await browser.findElement(By.xpath('//button[contains(text(), "I don\'t want my encrypted messages")]')).click();
+            await browser.sleep(3000);
+        }
+
+        await waitForElement(By.xpath('//h1[text()="Sign in"]'));
+    }
+
+    async function isLoggedIn() {
+        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.wait(until.elementLocated(By.xpath('//span[text()="Rooms"]')), TEST_TIMEOUT);
+    }
+
+    async function createRoom() {
+        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.sleep(4000);
+        await waitForElement(By.xpath('//div[@role="button" and @aria-label="Add room"]'));
+        await browser.findElement(By.xpath('//div[@role="button" and @aria-label="Add room"]')).click();
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//li[@role="menuitem" and @aria-label="New room"]')).click();
+        await browser.sleep(2000);
+
+        await browser.findElement(By.xpath('//input[@label="Name"]')).sendKeys(ROOM_NAME);
+        await browser.sleep(2000);
+
+        await browser.findElement(By.xpath('//button[text()="Create room"]')).click();
+        await browser.sleep(2000);
+
+        await waitForElement(By.xpath('//div[@role="button" and @aria-label="Add room"]'));
+
+        await waitForElement(By.xpath('//div[@class="mx_RoomTile_titleContainer"]/div[@title="' + ROOM_NAME + '"]'));
+    }
+
+    async function checkRoom() {
+        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.sleep(4000);
+        await waitForElement(By.xpath('//div[@role="treeitem" and @aria-label="' + ROOM_NAME + '"]'));
+        await browser.findElement(By.xpath('//div[@role="treeitem" and @aria-label="' + ROOM_NAME + '"]')).click();
+        await browser.sleep(2000);
+        await waitForElement(By.xpath('//h2[text()="' + ROOM_NAME + '"]'));
+    }
+
+    async function sendMessage() {
+        await checkRoom();
+
+        await browser.findElement(By.xpath('//div[contains(@class, "mx_BasicMessageComposer_input")]')).sendKeys(getMessage());
+        await browser.sleep(2000);
+
+        await browser.findElement(By.xpath('//div[@role="button" and @aria-label="Send message"]')).click();
+        await browser.sleep(2000);
     }
 
     xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
 
     // No SSO
     it('install app (no sso)', function () { execSync('cloudron install --no-sso --location ' + LOCATION, EXEC_ARGS); });
-
     it('can get app information', getAppInfo);
-
     it('check landing page', checkLandingPage);
-    it('can register new user', registerUser);
-    it('can login', checkLogin);
-    it('check autojoin', checkAutoJoinRoom);
-    it('create room', createRoom);
-    it('check room', checkRoom);
 
+    it('can install element-web app', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
+    it('update element-app config', updateSynapseConfig);
+
+    it('can get Element app info', getElementAppInfo);
+    it('can register new user', registerUser);
+    it('create room', createRoom);
+    it('can send message', sendMessage);
+
+    it('can logout', logout);
+
+    it('can login', login);
+    it('check room', checkRoom);
+    it('can logout', logout);
+
+    it('can get app info', getAppInfo);
+
+    it('uninstall element-web app', async function () {
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${ELEMENT_LOCATION}`, EXEC_ARGS);
+    });
     it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
 
     // SSO
     it('install app', function () { execSync('cloudron install --location ' + LOCATION, EXEC_ARGS); });
+    it('can get app info', getAppInfo);
 
-    it('can get app information', getAppInfo);
+    it('can install element-web app', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
+    it('update element-app config', updateSynapseConfig);
 
-    it('check landing page', checkLandingPage);
-    it('can login', checkLogin);
-    it('check autojoin', checkAutoJoinRoom);
+    it('can get Element app info', getElementAppInfo);
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('create room', createRoom);
+    it('can send message', sendMessage);
+    it('can get app info', getAppInfo);
+
+    it('can restart app', function () { execSync(`cloudron restart ${app.id}`); });
+
+    it('backup app', function () { execSync(`cloudron backup create --app ${app.id}`, EXEC_ARGS); });
+
+    it('can get Element app info', getElementAppInfo);
+    it('is logged in', isLoggedIn);
     it('check room', checkRoom);
+    it('can get app info', getAppInfo);
 
-    it('can restart app', function () { execSync('cloudron restart'); });
+    it('restore app', async function () {
+        const backups = JSON.parse(execSync(`cloudron backup list --raw --app ${app.id}`));
 
-    it('check landing page', checkLandingPage);
-    it('check room', checkRoom);
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
+        execSync(`cloudron install --location ${LOCATION}`, EXEC_ARGS);
 
-    it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
-
-    it('check landing page', checkLandingPage);
-    it('check room', checkRoom);
-
-    it('restore app', function () {
-        const backups = JSON.parse(execSync('cloudron backup list --raw'));
-        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
-        execSync('cloudron install --location ' + LOCATION, EXEC_ARGS);
         getAppInfo();
+
         execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, EXEC_ARGS);
     });
 
-    it('check landing page', checkLandingPage);
+    it('can get Element app info', getElementAppInfo);
+    it('is logged in', isLoggedIn);
     it('check room', checkRoom);
+    it('can send message', sendMessage);
+    it('can logout', logout);
+    it('can get app info', getAppInfo);
 
-    it('move to different location', function () {
+    it('move to different location', async function () {
         browser.manage().deleteAllCookies();
-        execSync('cloudron configure --location ' + LOCATION + '2', EXEC_ARGS);
+        await browser.get('about:blank');
+
+        execSync(`cloudron configure --location ${LOCATION}2`, EXEC_ARGS);
         getAppInfo();
+        // wait when all services are up and running
+        await sleep(15000);
     });
 
-    it('check landing page', checkLandingPage);
-    it('check room', checkRoom);
+    it('update element-app config', updateSynapseConfig);
 
-    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
+    it('can get Element app info', getElementAppInfo);
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
+    it('check room', checkRoom);
+    it('can send message', sendMessage);
+
+    it('can logout', logout);
+    it('can get app info', getAppInfo);
+
+    it('uninstall app', async function () {
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
+    });
 
     // test update
     it('can install app', function () { execSync('cloudron install --appstore-id org.matrix.synapse --location ' + LOCATION, EXEC_ARGS); });
+    it('can get app info', getAppInfo);
+    it('update element-app config', updateSynapseConfig);
 
-    it('can get app information', getAppInfo);
+    it('can get Element app info', getElementAppInfo);
 
-    it('check landing page', checkLandingPage);
-    it('can login', checkLogin);
+    it('can login', login);
     it('create room', createRoom);
+    it('can send message', sendMessage);
+    it('can logout', logout);
+    it('can get app info', getAppInfo);
+
+    it('can update', async function () {
+        await browser.get('about:blank');
+        execSync(`cloudron update --app ${app.id}`, EXEC_ARGS);
+        // wait when all services are up and running
+        await sleep(15000);
+    });
+
+    it('can get Element app info', getElementAppInfo);
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
+    it('is logged in', isLoggedIn);
     it('check room', checkRoom);
+    it('can send message', sendMessage);
+    it('can get app info', getAppInfo);
 
-    it('can update', function () { execSync('cloudron update --app ' + LOCATION, EXEC_ARGS); });
+    it('uninstall app', async function () {
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
+    });
 
-    it('check landing page', checkLandingPage);
-    it('check room', checkRoom);
-
-    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
+    it('uninstall element-web app', function () {
+        execSync(`cloudron uninstall --app ${ELEMENT_LOCATION}`, EXEC_ARGS);
+    });
 });