Update package version to 1.106.0

| datasource      | package            | from    | to      |
| --------------- | ------------------ | ------- | ------- |
| github-releases | element-hq/synapse | 1.125.0 | 1.126.0 |

CHANGELOG.md

@@ -1197,3 +1197,175 @@
 * Fix joining remote rooms when a module uses the `on_new_event` callback. This callback may now pass partial state events instead of the full state for remote rooms. Introduced in v1.76.0. (#16973)
 * Fix performance issue when joining very large rooms that can cause the server to lock up. Introduced in v1.100.0. Contributed by @ggogel. (#16968)
 
+[1.91.0]
+* Update Synapse to 1.104.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.104.0)
+* Fix regression when using OIDC provider. Introduced in v1.104.0rc1. (#17031)
+* Add an OIDC config to specify extra parameters for the authorization grant URL. IT can be useful to pass an ACR value for example. (#16971)
+* Add support for OIDC provider returning JWT. (#16972, #17031)
+* Fix a bug which meant that, under certain circumstances, we might never retry sending events or to-device messages over federation after a failure. (#16925)
+* Fix various long-standing bugs which could cause incorrect state to be returned from /sync in certain situations. (#16949)
+* Fix case in which m.fully_read marker would not get updated. Contributed by @SpiritCroc. (#16990)
+* Fix bug which did not retract a user's pending knocks at rooms when their account was deactivated. Contributed by @hanadi92. (#17010)
+
+[1.91.1]
+* Update Synapse to 1.105.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.105.0)
+* Stabilize support for MSC4010 which clarifies the interaction of push rules and account data. Contributed by @clokep. (#17022)
+* Stabilize support for MSC3981: /relations recursion. Contributed by @clokep. (#17023)
+* Add support for moving /pushrules off of main process. (#17037, #17038)
+* Fix various long-standing bugs which could cause incorrect state to be returned from /sync in certain situations. (#16930, #16932, #16942, #17064, #17065, #17066)
+* Fix server notice rooms not always being created as unencrypted rooms, even when encryption_enabled_by_default_for_room_type is in use (server notices are always unencrypted). (#17033)
+* Fix the .m.rule.encrypted_room_one_to_one and .m.rule.room_one_to_one default underride push rules being in the wrong order. Contributed by @Sumpy1. (#17043)
+
+[1.91.2]
+* Update Synapse to 1.105.1
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.105.1)
+* GHSA-3h7q-rfh9-xm4v / CVE-2024-31208 — High Severity . Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage.
+
+[1.92.0]
+* Update Synapse to 1.106.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.106.0)
+* Send an email if the address is already bound to an user account. (#16819)
+* Implement the rendezvous mechanism described by MSC4108. (#17056)
+* Support delegating the rendezvous mechanism described MSC4108 to an external implementation. (#17086)
+* Add validation to ensure that the limit parameter on /publicRooms is non-negative. (#16920)
+* Return 400 M_NOT_JSON upon receiving invalid JSON in query parameters across various client and admin endpoints, rather than an internal server error. (#16923)
+* Make the CSAPI endpoint /keys/device_signing/upload idempotent. (#16943)
+* Redact membership events if the user requested erasure upon deactivating. (#17076)
+
+[1.93.0]
+* Update Synapse to 1.107.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.107.0)
+
+[1.94.0]
+* Update Synapse to 1.108.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.108.0)
+* Add a feature that allows clients to query the configured federation whitelist. Disabled by default. (#16848, #17199)
+* Add the ability to allow numeric user IDs with a specific prefix when in the CAS flow. Contributed by Aurélien Grimpard. (#17098)
+* Fix bug where push rules would be empty in /sync for some accounts. Introduced in v1.93.0. (#17142)
+* Add support for optional whitespace around the Federation API's Authorization header's parameter commas. (#17145)
+* Fix bug where disabling room publication prevented public rooms being created on workers. (#17177, #17184)
+
+[1.95.0]
+* Update Synapse to 1.109.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.109.0)
+
+[1.96.0]
+* Update Synapse to 1.110.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.110.0)
+
+[1.97.0]
+* Update Synapse to 1.111.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.111.0)
+
+[1.97.1]
+* Update Synapse to 1.111.1
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.111.1)
+
+[1.97.2]
+* Update Synapse to 1.112.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.112.0)
+
+[1.97.3]
+* Update Synapse to 1.113.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.113.0)
+
+[1.97.4]
+* Update Synapse to 1.114.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.114.0)
+
+[1.97.5]
+* Update Synapse to 1.115.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.115.0)
+
+[1.97.6]
+* Update Synapse to 1.116.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.116.0)
+
+[1.98.0]
+* Update Synapse to 1.118.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.118.0)
+
+[1.98.1]
+* Update S3 Storage Provider to 1.5.0
+[1.99.0]
+* Update synapse to 1.119.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.118.0)
+* Support [MSC4151](https://github.com/matrix-org/matrix-spec-proposals/pull/4151)'s stable report room API. ([#​17374](https://github.com/element-hq/synapse/issues/17374))
+* Add experimental support for [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222) (Adding `state_after` to sync v2). ([#​17888](https://github.com/element-hq/synapse/issues/17888))
+* Fix bug with sliding sync where `$LAZY`-loading room members would not return `required_state` membership in incremental syncs. ([#​17809](https://github.com/element-hq/synapse/issues/17809))
+* Check if user has membership in a room before tagging it. Contributed by Lama Alosaimi. ([#​17839](https://github.com/element-hq/synapse/issues/17839))
+* Fix a bug in the admin redact endpoint where the background task would not run if a worker was specified in
+* Fix bug where some presence and typing timeouts can expire early. ([#​17850](https://github.com/element-hq/synapse/issues/17850))
+* Fix detection when the built Rust library was outdated when using source installations. ([#​17861](https://github.com/element-hq/synapse/issues/17861))
+* Fix a long-standing bug in Synapse which could cause one-time keys to be issued in the incorrect order, causing message decryption failures. ([#​17903](https://github.com/element-hq/synapse/pull/17903))
+* Fix experimental support for [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222) (Adding `state_after` to sync v2) where we would return the full state on incremental syncs when using lazy loaded members and there were no new events in the timeline. ([#​17915](https://github.com/element-hq/synapse/pull/17915))
+* Remove support for python 3.8. ([#​17908](https://github.com/element-hq/synapse/issues/17908))
+* Add a test for downloading and thumbnailing a CMYK JPEG. ([#​17786](https://github.com/element-hq/synapse/issues/17786))
+* Refactor database calls to remove `Generator` usage. ([#​17813](https://github.com/element-hq/synapse/issues/17813), [#​17814](https://github.com/element-hq/synapse/issues/17814), [#​17815](https://github.com/element-hq/synapse/issues/17815), [#​17816](https://github.com/element-hq/synapse/issues/17816), [#​17817](https://github.com/element-hq/synapse/issues/17817), [#​17818](https://github.com/element-hq/synapse/issues/17818), [#​17890](https://github.com/element-hq/synapse/issues/17890))
+* Include the destination in the error of 'Destination mismatch' on federation requests. ([#​17830](https://github.com/element-hq/synapse/issues/17830))
+* The nix flake inside the repository no longer tracks nixpkgs/master to not catch the latest bugs from a MR merged 5 minutes ago. ([#​17852](https://github.com/element-hq/synapse/issues/17852))
+* Minor speed-up of sliding sync by computing extensions results in parallel. ([#​17884](https://github.com/element-hq/synapse/issues/17884))
+* Bump the default Python version in the Synapse Dockerfile from 3.11 -> 3.12. ([#​17887](https://github.com/element-hq/synapse/issues/17887))
+* Remove usage of internal header encoding API. ([#​17894](https://github.com/element-hq/synapse/issues/17894))
+* Use unique name for each os.arch variant when uploading Wheel artifacts. ([#​17905](https://github.com/element-hq/synapse/issues/17905))
+* Fix tests to run with latest Twisted. ([#​17906](https://github.com/element-hq/synapse/pull/17906), [#​17907](https://github.com/element-hq/synapse/pull/17907), [#​17911](https://github.com/element-hq/synapse/pull/17911))
+* Update version constraint to allow the latest poetry-core 1.9.1. ([#​17902](https://github.com/element-hq/synapse/pull/17902))
+* Update the portdb CI to use Python 3.13 and Postgres 17 as latest dependencies. ([#​17909](https://github.com/element-hq/synapse/pull/17909))
+* Add an index to `current_state_delta_stream` table. ([#​17912](https://github.com/element-hq/synapse/issues/17912))
+* Fix building and attaching release artifacts during the release process. ([#​17921](https://github.com/element-hq/synapse/issues/17921))
+
+[1.100.0]
+* Update synapse to 1.120.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.118.0)
+* Fix a bug introduced in Synapse v1.120rc1 which would cause the newly-introduced `delete_old_otks` job to fail in worker-mode deployments. ([#​17960](https://github.com/element-hq/synapse/issues/17960))
+
+[1.100.1]
+* Update synapse to 1.120.2
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.118.0)
+
+[1.101.0]
+* Update synapse to 1.121.1
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.121.0)
+* Support for MSC4190: device management for Application Services. (#17705)
+* Update MSC4186 Sliding Sync to include invite, ban, kick, targets when $LAZY-loading room members. (#17947)
+* Use stable M_USER_LOCKED error code for locked accounts, as per Matrix 1.12. (#17965)
+* MSC4076: Add disable_badge_count to pusher configuration. (#17975)
+
+
+[1.101.1]
+* CLOUDRON_OIDC_PROVIDER_NAME implemented
+
+[1.102.0]
+* Update synapse to 1.122.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.122.0)
+
+[1.103.0]
+* Update synapse to 1.123.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.123.0)
+
+[1.104.0]
+* Update synapse to 1.124.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.124.0)
+
+[1.105.0]
+* Update synapse to 1.125.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.125.0)
+* Add functionality to be able to use multiple values in SSO feature attribute_requirements. (#17949)
+* Add experimental config options admin_token_path and client_secret_path for MSC3861. (#18004)
+* Add get_current_time_msec() method to the module API for sound time comparisons with Synapse. (#18144)
+* Update the response when a client attempts to add an invalid email address to the user's account from a 500, to a 400 with error text. (#18125)
+* Fix user directory search when using a legacy module with a check_username_for_spam callback. Broke in v1.122.0. (#18135)
+
+[1.106.0]
+* Update synapse to 1.126.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.126.0)
+* Define ratelimit configuration for delayed event management. (#18019)
+* Add form_secret_path config option. (#18090)
+* Add the --no-secrets-in-config command line option. (#18092)
+* Add background job to clear unreferenced state groups. (#18154)
+* Add support for specifying/overriding id_token_signing_alg_values_supported for an OpenID identity provider. (#18177)
+* Add worker_replication_secret_path config option. (#18191)
+* Add support for specifying/overriding redirect_uri in the authorization and token requests against an OpenID identity provider. (#18197)
+

CloudronManifest.json

@@ -5,24 +5,39 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.90.0",
+  "version": "1.106.0",
-  "upstreamVersion": "1.103.0",
+  "upstreamVersion": "1.126.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,
   "addons": {
     "localstorage": {},
-    "oidc": { "loginRedirectUri": "/_synapse/client/oidc/callback" },
+    "oidc": {
+      "loginRedirectUri": "/_synapse/client/oidc/callback"
+    },
     "postgresql": {},
-    "sendmail": { "supportsDisplayName": true },
+    "sendmail": {
-    "turn": { "optional": true }
+      "supportsDisplayName": true
+    },
+    "turn": {
+      "optional": true
+    }
   },
   "manifestVersion": 2,
   "website": "https://matrix.org",
   "contactEmail": "support@cloudron.io",
   "icon": "file://logo.png",
   "tags": [
-    "im", "collaboration", "voip", "videochat", "chat", "slack", "zulip", "federated"
+    "im",
+    "collaboration",
+    "voip",
+    "videochat",
+    "chat",
+    "slack",
+    "zulip",
+    "federated",
+    "element",
+    "riot"
   ],
   "mediaLinks": [
     "https://screenshots.cloudron.io/org.matrix.synapse/1.png",

Dockerfile

@@ -9,16 +9,17 @@ RUN virtualenv -p python3 /app/code/env
 ENV VIRTUAL_ENV=/app/code/env
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
-ARG VERSION=1.103.0
+# renovate: datasource=github-releases depName=element-hq/synapse versioning=semver extractVersion=^v(?<version>.+)$
+ARG SYNAPSE_VERSION=1.126.0
 
-# https://github.com/matrix-org/synapse-s3-storage-provider
+# renovate: datasource=github-releases depName=matrix-org/synapse-s3-storage-provider versioning=semver extractVersion=^v(?<version>.+)$
-ARG STORAGE_PROVIDER_VERSION=1beb6af95e1f5caedb8e6e7e1cc176cdb2106d37
+ARG S3PROVIDER_VERSION=1.5.0
 
 # Synapse (https://github.com/matrix-org/synapse/blob/master/INSTALL.md)
 # lxml - required for previews
 RUN pip install --upgrade pip && \
     pip install --upgrade setuptools && \
-    pip install matrix-synapse==v${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@${STORAGE_PROVIDER_VERSION} matrix-synapse[oidc]
+    pip install matrix-synapse==v${SYNAPSE_VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@v${S3PROVIDER_VERSION} matrix-synapse[oidc]
 
 # Updated suffix list
 RUN curl -L https://publicsuffix.org/list/public_suffix_list.dat -o /app/code/env/lib/python3.10/site-packages/publicsuffix2/public_suffix_list.dat

renovate.json5

@@ -0,0 +1,4 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["local>devops/renovator//default.renovate.json5"]
+}

start.sh

@@ -70,7 +70,7 @@ if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
     yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml # remove old ldap config
     echo " ==> Configuring OIDC auth"
     yq eval -i ".oidc_providers[0].idp_id=\"cloudron\"" /app/data/configs/homeserver.yaml
-    yq eval -i ".oidc_providers[0].idp_name=\"Cloudron\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".oidc_providers[0].idp_name=\"${CLOUDRON_OIDC_PROVIDER_NAME:-Cloudron}\"" /app/data/configs/homeserver.yaml
     yq eval -i ".oidc_providers[0].issuer=\"${CLOUDRON_OIDC_ISSUER}\"" /app/data/configs/homeserver.yaml
     yq eval -i ".oidc_providers[0].client_id=\"${CLOUDRON_OIDC_CLIENT_ID}\"" /app/data/configs/homeserver.yaml
     yq eval -i ".oidc_providers[0].client_secret=\"${CLOUDRON_OIDC_CLIENT_SECRET}\"" /app/data/configs/homeserver.yaml

test/package.json

@@ -9,9 +9,9 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^122.0.6",
+    "chromedriver": "^134.0.2",
     "expect.js": "^0.3.1",
-    "mocha": "^10.3.0",
+    "mocha": "^11.1.0",
-    "selenium-webdriver": "^4.18.1"
+    "selenium-webdriver": "^4.29.0"
   }
 }

test/test.js

@@ -1,11 +1,7 @@
 #!/usr/bin/env node
 
 /* jshint esversion: 8 */
-/* global it:false */
+/* global it, xit, describe, before, after, afterEach */
-/* global xit:false */
-/* global describe:false */
-/* global before:false */
-/* global after:false */
 
 'use strict';
 
@@ -13,11 +9,11 @@ require('chromedriver');
 
 const execSync = require('child_process').execSync,
     expect = require('expect.js'),
+    fs = require('fs'),
     path = require('path'),
     { Builder, By, Key, until } = require('selenium-webdriver'),
     { Options } = require('selenium-webdriver/chrome');
 
-
 if (!process.env.USERNAME || !process.env.PASSWORD) {
     console.log('USERNAME and PASSWORD env vars need to be set');
     process.exit(1);
@@ -27,7 +23,7 @@ describe('Application life cycle test', function () {
     this.timeout(0);
 
     const ELEMENT_LOCATION = 'element-test';
-    const LOCATION = 'test';
+    const LOCATION = process.env.LOCATION || 'test';
     const TEST_TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 10000;
     const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
     const USERNAME = process.env.USERNAME;
@@ -36,22 +32,40 @@ describe('Application life cycle test', function () {
     const ROOM_NAME = 'Test room ' + ROOM_ID;
     const MSG_TEXT = 'Test message ';
 
-    let browser, app;
+    let browser, app, elementApp;
-    let athenticated_by_oidc = false;
 
     before(function () {
-        const options = new Options().windowSize({ width: 1280, height: 1024 });
+        const chromeOptions = new Options().windowSize({ width: 1280, height: 1024 });
-        if (process.env.HEADLESS) options.addArguments('headless');
+        if (process.env.CI) chromeOptions.addArguments('no-sandbox', 'disable-dev-shm-usage', 'headless');
+        browser = new Builder().forBrowser('chrome').setChromeOptions(chromeOptions).build();
+        if (!fs.existsSync('./screenshots')) fs.mkdirSync('./screenshots');
 
-        browser = new Builder().forBrowser('chrome').setChromeOptions(options).build();
+        if (process.env.CI) execSync(`cloudron uninstall --app ${ELEMENT_LOCATION} || true`, EXEC_ARGS);
     });
 
     after(function () {
         browser.quit();
     });
 
-    function sleep(millis) {
+    afterEach(async function () {
-        return new Promise(resolve => setTimeout(resolve, millis));
+        if (!process.env.CI || !app) return;
+
+        const currentUrl = await browser.getCurrentUrl();
+        if (!currentUrl.includes(app.domain)) return;
+        expect(this.currentTest.title).to.be.a('string');
+
+        const screenshotData = await browser.takeScreenshot();
+        fs.writeFileSync(`./screenshots/${new Date().getTime()}-${this.currentTest.title.replaceAll(' ', '_')}.png`, screenshotData, 'base64');
+    });
+
+    async function clearCache() {
+        await browser.manage().deleteAllCookies();
+        await browser.quit();
+        browser = null;
+        const chromeOptions = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.CI) chromeOptions.addArguments('no-sandbox', 'disable-dev-shm-usage', 'headless');
+        chromeOptions.addArguments(`--user-data-dir=${await fs.promises.mkdtemp('/tmp/test-')}`); // --profile-directory=Default
+        browser = new Builder().forBrowser('chrome').setChromeOptions(chromeOptions).build();
     }
 
     async function waitForElement(elem) {
@@ -67,8 +81,8 @@ describe('Application life cycle test', function () {
 
     function getElementAppInfo() {
         const inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location.indexOf(ELEMENT_LOCATION) === 0; })[0];
+        elementApp = inspect.apps.filter(function (a) { return a.location.indexOf(ELEMENT_LOCATION) === 0; })[0];
-        expect(app).to.be.an('object');
+        expect(elementApp).to.be.an('object');
     }
 
     function getMessage() {
@@ -77,10 +91,11 @@ describe('Application life cycle test', function () {
 
     async function updateSynapseConfig() {
         console.log(`Setting Synapse Matrix server location to "https://${app.fqdn}"`);
+
         execSync(`cloudron exec --app ${ELEMENT_LOCATION} -- bash -c "jq '.default_server_config[\\"m.homeserver\\"].base_url = \\"https://${app.fqdn}\\"' /app/data/config.json | sponge /app/data/config.json"`);
         execSync(`cloudron restart --app ${ELEMENT_LOCATION}`);
         // wait when all services are up and running
-        await sleep(15000);
+        await browser.sleep(15000);
     }
 
     async function checkLandingPage() {
@@ -89,49 +104,94 @@ describe('Application life cycle test', function () {
     }
 
     async function registerUser() {
-        await browser.get(`https://${app.fqdn}/#/register`);
+        await browser.get(`https://${elementApp.fqdn}/#/register`);
         await waitForElement(By.xpath('//input[@label="Username"]'));
         await browser.findElement(By.xpath('//input[@label="Username"]')).sendKeys(USERNAME);
-        await browser.sleep(2000);
         await browser.findElement(By.xpath('//input[@label="Password"]')).sendKeys(PASSWORD);
-        await browser.sleep(2000);
         await browser.findElement(By.xpath('//input[@label="Confirm password"]')).sendKeys(PASSWORD);
-        await browser.sleep(2000);
         await browser.findElement(By.xpath('//input[@value="Register"]')).click();
-        await browser.sleep(2000);
+
-        await waitForElement(By.xpath('//h1[text()="You\'re in"]'));
+        await waitForElement(By.xpath('//h1[text()="You\'re in"] | //h1[contains(., "Welcome")]'));
-        await browser.sleep(2000);
+        if (await browser.findElements(By.xpath('//div[@role="button" and text()="Skip"]')).then(found => !!found.length)) {
-        await browser.findElement(By.xpath('//div[@role="button" and text()="Skip"]')).click();
+            await browser.findElement(By.xpath('//div[@role="button" and text()="Skip"]')).click();
-        await browser.sleep(2000);
+        }
+
         await waitForElement(By.xpath(`//h1[contains(., "Welcome")]`));
     }
 
-    async function loginOIDC(username, password) {
+    async function loginOIDC(username, password, alreadyAuthenticated, proceedWithReset) {
         browser.manage().deleteAllCookies();
-        await browser.get(`https://${app.fqdn}/#/login`);
+        await browser.get(`https://${elementApp.fqdn}/#/login`);
-        await browser.sleep(6000);
-
-        await waitForElement(By.xpath('//div[@role="button" and contains(., "Continue with Cloudron")]'));
-        await browser.findElement(By.xpath('//div[@role="button" and contains(., "Continue with Cloudron")]')).click();
         await browser.sleep(2000);
 
-        if (!athenticated_by_oidc) {
+        await waitForElement(By.css('.mx_Dropdown_arrow'));
+        await browser.findElement(By.css('.mx_Dropdown_arrow')).click();
+        await waitForElement(By.id('mx_LanguageDropdown__en'));
+        await browser.findElement(By.id('mx_LanguageDropdown__en')).click();
+        await browser.sleep(3000);
+
+        await waitForElement(By.xpath('//div[@role="button" and contains(., "Continue with")]'));
+        await browser.findElement(By.xpath('//div[@role="button" and contains(., "Continue with")]')).click();
+        if (!alreadyAuthenticated) {
             await waitForElement(By.xpath('//input[@name="username"]'));
             await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
             await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
-            await browser.sleep(2000);
             await browser.findElement(By.id('loginSubmitButton')).click();
-            await browser.sleep(2000);
-
-            athenticated_by_oidc = true;
         }
 
         await waitForElement(By.xpath('//p[@class="confirm-trust" and contains(., "Continuing will grant ")]'));
         await browser.findElement(By.xpath('//a[contains(., "Continue")]')).click();
-        await browser.sleep(2000);
 
-        if (await browser.findElements(By.xpath('//div[@aria-label="Skip verification for now"]')).then(found => !!found.length)) {
+        if (proceedWithReset) {
-            await skipVerification();
+            await waitForElement(By.xpath('//div[text()="Proceed with reset" or text()="Reset all"]'));
+
+            if (await browser.findElements(By.xpath('//div[text()="Reset all"]')).then(found => !!found.length)) {
+                await browser.findElement(By.xpath('//div[text()="Reset all"]')).click();
+            }
+
+            await waitForElement(By.xpath('//div[text()="Proceed with reset"]'));
+            await browser.findElement(By.xpath('//div[text()="Proceed with reset"]')).click();
+
+            await waitForElement(By.xpath('//button[@class="mx_Dialog_primary" and text()="Continue"]'));
+            await browser.findElement(By.xpath('//button[@class="mx_Dialog_primary" and text()="Continue"]')).click();
+
+            await waitForElement(By.xpath('//div[text()="Copy"]'));
+            await browser.findElement(By.xpath('//div[text()="Copy"]')).click();
+
+            await waitForElement(By.xpath('//button[@class="mx_Dialog_primary" and text()="Continue"]'));
+            await browser.findElement(By.xpath('//button[@class="mx_Dialog_primary" and text()="Continue"]')).click();
+            await waitForElement(By.xpath('//button[text()="Done"] | //div[text()="Single Sign On"]'));
+
+            if (await browser.findElements(By.xpath('//div[text()="Single Sign On"]')).then(found => !!found.length)) {
+
+                await browser.findElement(By.xpath('//div[text()="Single Sign On"]')).click();
+
+                const originalWindowHandle = await browser.getWindowHandle();
+                await browser.wait(async () => (await browser.getAllWindowHandles()).length === 2, 10000);
+                //Loop through until we find a new window handle
+                const windows = await browser.getAllWindowHandles();
+                windows.forEach(async handle => {
+                    if (handle !== originalWindowHandle) {
+                        await browser.switchTo().window(handle);
+                    }
+                });
+                await waitForElement(By.xpath('//a[contains(., "Continue with")]'));
+                await browser.findElement(By.xpath('//a[contains(., "Continue with")]')).click();
+
+                // switch back to the main window
+                await browser.switchTo().window(originalWindowHandle);
+
+                await waitForElement(By.xpath('//div[text()="Confirm"]'));
+                await browser.findElement(By.xpath('//div[text()="Confirm"]')).click();
+            }
+
+            await waitForElement(By.xpath('//button[text()="Done"]'));
+            await browser.findElement(By.xpath('//button[text()="Done"]')).click();
+
+            await waitForElement(By.xpath('//div[text()="Cancel"] | //h1[contains(., "Welcome")]'));
+            if (await browser.findElements(By.xpath('//div[text()="Cancel"]')).then(found => !!found.length)) {
+                await browser.findElement(By.xpath('//div[text()="Cancel"]')).click();
+            }
         }
 
         await browser.sleep(3000);
@@ -139,17 +199,13 @@ describe('Application life cycle test', function () {
     }
 
     async function login() {
-        await browser.get('https://' + app.fqdn + '/#/login');
+        await browser.get(`https://${elementApp.fqdn}/#/login`);
         await browser.wait(until.elementLocated(By.xpath('//input[@value="Sign in"]')), TEST_TIMEOUT);
         await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(USERNAME);
         await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(PASSWORD);
         await browser.findElement(By.xpath('//input[@value="Sign in"]')).click();
         await browser.sleep(5000);
-
+        await skipVerification();
-        if (await browser.findElements(By.xpath('//div[@aria-label="Skip verification for now"]')).then(found => !!found.length)) {
-            await skipVerification();
-        }
-
         await browser.wait(until.elementLocated(By.xpath('//span[text()="Rooms"]')), TEST_TIMEOUT);
     }
 
@@ -164,11 +220,11 @@ describe('Application life cycle test', function () {
     }
 
     async function logout() {
-        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.get(`https://${elementApp.fqdn}/#/home`);
         await browser.sleep(5000);
-        await waitForElement(By.xpath('//div[@role="button" and @title="User menu"]'));
+        await waitForElement(By.xpath('//div[@role="button" and @aria-label="User menu"]'));
 
-        await browser.findElement(By.xpath('//div[@role="button" and @title="User menu"]')).click();
+        await browser.findElement(By.xpath('//div[@role="button" and @aria-label="User menu"]')).click();
         await browser.sleep(2000);
 
         await browser.findElement(By.xpath('//li[@role="menuitem" and @aria-label="Sign out"]')).click();
@@ -183,24 +239,29 @@ describe('Application life cycle test', function () {
     }
 
     async function isLoggedIn() {
-        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.get(`https://${elementApp.fqdn}/#/home`);
         await browser.wait(until.elementLocated(By.xpath('//span[text()="Rooms"]')), TEST_TIMEOUT);
     }
 
     async function createRoom() {
-        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.get(`https://${elementApp.fqdn}/#/home`);
-        await browser.sleep(4000);
+        await browser.sleep(2000);
         await waitForElement(By.xpath('//div[@role="button" and @aria-label="Add room"]'));
         await browser.findElement(By.xpath('//div[@role="button" and @aria-label="Add room"]')).click();
-        await browser.sleep(2000);
+        await browser.sleep(1000);
+        await waitForElement(By.xpath('//li[@role="menuitem" and @aria-label="New room"]'));
         await browser.findElement(By.xpath('//li[@role="menuitem" and @aria-label="New room"]')).click();
-        await browser.sleep(2000);
+        await browser.sleep(1000);
 
+        await waitForElement(By.xpath('//input[@label="Name"]'));
         await browser.findElement(By.xpath('//input[@label="Name"]')).sendKeys(ROOM_NAME);
-        await browser.sleep(2000);
 
+        await browser.sleep(1000);
+
+        await waitForElement(By.xpath('//button[text()="Create room"]'));
         await browser.findElement(By.xpath('//button[text()="Create room"]')).click();
-        await browser.sleep(2000);
+
+        await browser.sleep(1000);
 
         await waitForElement(By.xpath('//div[@role="button" and @aria-label="Add room"]'));
 
@@ -208,7 +269,7 @@ describe('Application life cycle test', function () {
     }
 
     async function checkRoom() {
-        await browser.get('https://' + app.fqdn + '/#/home');
+        await browser.get(`https://${elementApp.fqdn}/#/home`);
         await browser.sleep(4000);
         await waitForElement(By.xpath('//div[@role="treeitem" and @aria-label="' + ROOM_NAME + '"]'));
         await browser.findElement(By.xpath('//div[@role="treeitem" and @aria-label="' + ROOM_NAME + '"]')).click();
@@ -233,22 +294,20 @@ describe('Application life cycle test', function () {
     it('can get app information', getAppInfo);
     it('check landing page', checkLandingPage);
 
-    it('can install element-web app', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
+    it('can install element-web app (no sso)', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
     it('update element-app config', updateSynapseConfig);
 
     it('can get Element app info', getElementAppInfo);
     it('can register new user', registerUser);
+
     it('create room', createRoom);
     it('can send message', sendMessage);
-
+    it('can logout', logout); // from auto-login
-    it('can logout', logout);
 
     it('can login', login);
     it('check room', checkRoom);
     it('can logout', logout);
 
-    it('can get app info', getAppInfo);
-
     it('uninstall element-web app', async function () {
         await browser.get('about:blank');
         execSync(`cloudron uninstall --app ${ELEMENT_LOCATION}`, EXEC_ARGS);
@@ -256,26 +315,24 @@ describe('Application life cycle test', function () {
     it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
 
     // SSO
-    it('install app', function () { execSync('cloudron install --location ' + LOCATION, EXEC_ARGS); });
+    it('install app (sso)', function () { execSync('cloudron install --location ' + LOCATION, EXEC_ARGS); });
     it('can get app info', getAppInfo);
 
-    it('can install element-web app', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
+    it('can install element-web app (sso)', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
+    it('can get Element app info', getElementAppInfo);
     it('update element-app config', updateSynapseConfig);
 
-    it('can get Element app info', getElementAppInfo);
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD, false, false));
-    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('create room', createRoom);
     it('can send message', sendMessage);
     it('can get app info', getAppInfo);
 
-    it('can restart app', function () { execSync(`cloudron restart ${app.id}`); });
+    it('can restart app', function () { execSync(`cloudron restart --app ${app.id}`); });
 
     it('backup app', function () { execSync(`cloudron backup create --app ${app.id}`, EXEC_ARGS); });
 
-    it('can get Element app info', getElementAppInfo);
     it('is logged in', isLoggedIn);
     it('check room', checkRoom);
-    it('can get app info', getAppInfo);
 
     it('restore app', async function () {
         const backups = JSON.parse(execSync(`cloudron backup list --raw --app ${app.id}`));
@@ -289,63 +346,64 @@ describe('Application life cycle test', function () {
         execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, EXEC_ARGS);
     });
 
-    it('can get Element app info', getElementAppInfo);
     it('is logged in', isLoggedIn);
     it('check room', checkRoom);
     it('can send message', sendMessage);
     it('can logout', logout);
     it('can get app info', getAppInfo);
 
-    it('move to different location', async function () {
+    // web ui also throws random errors after changing domain
+    xit('move to different location (skipped since no matrix support)', async function () {
         browser.manage().deleteAllCookies();
         await browser.get('about:blank');
 
         execSync(`cloudron configure --location ${LOCATION}2`, EXEC_ARGS);
         getAppInfo();
-        // wait when all services are up and running
+        await browser.sleep(15000);
-        await sleep(15000);
     });
-
+    xit('update element-app config', updateSynapseConfig);
-    it('update element-app config', updateSynapseConfig);
+    xit('can get Element app info', getElementAppInfo);
-
+    xit('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD, true, true));
-    it('can get Element app info', getElementAppInfo);
+    xit('check room', checkRoom);
-    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
+    xit('can send message', sendMessage);
-    it('check room', checkRoom);
-    it('can send message', sendMessage);
-
-    it('can logout', logout);
-    it('can get app info', getAppInfo);
 
     it('uninstall app', async function () {
         await browser.get('about:blank');
         execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
     });
 
+    it('uninstall element-web app', function () {
+        execSync(`cloudron uninstall --app ${ELEMENT_LOCATION}`, EXEC_ARGS);
+    });
+
     // test update
+    it('clear cache', clearCache);
     it('can install app for update', function () { execSync('cloudron install --appstore-id org.matrix.synapse --location ' + LOCATION, EXEC_ARGS); });
     it('can get app info', getAppInfo);
+
+    it('can install element-web app (update)', function () { execSync('cloudron install --appstore-id im.riot.cloudronapp --location ' + ELEMENT_LOCATION, EXEC_ARGS); });
+    it('can get Element app info', getElementAppInfo);
     it('update element-app config', updateSynapseConfig);
 
-    it('can get Element app info', getElementAppInfo);
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD, false, false));
-
-    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('is logged in', isLoggedIn);
     it('create room', createRoom);
     it('can send message', sendMessage);
     it('can logout', logout);
-    it('can get app info', getAppInfo);
+    it('clear cache', clearCache);
 
     it('can update', async function () {
         await browser.get('about:blank');
         execSync(`cloudron update --app ${app.id}`, EXEC_ARGS);
-        // wait when all services are up and running
+        await browser.sleep(15000);
-        await sleep(15000);
     });
 
     it('can get Element app info', getElementAppInfo);
-    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
+    it('can login via OIDC', loginOIDC.bind(null, USERNAME, PASSWORD, false, true));
+
     it('is logged in', isLoggedIn);
     it('check room', checkRoom);
+
     it('can send message', sendMessage);
     it('can get app info', getAppInfo);