fix(2): Q3.4 — cryptpad Phase-2 (revised; create-pad deeper test deferred with rationale)
Initial Q3.4 (commit 0fb1458) shipped two tests that failed cold:
- test_api_config.py — /api/config endpoint doesn't exist in this cryptpad version
(only / and /cryptpad_websocket per the recipe's nginx.conf.tmpl). REMOVED.
- test_pad_create.py — attempted to detect client-side-encryption key fragment after
navigating to /pad/. CryptPad's pad-creation flow is version-specific; this release
(10.6.0+5.7.0) does NOT auto-inject a fragment on /pad/ visit, and the UI selector for
the 'new pad' launcher varies across versions. Deeper test deferred.
Revised:
- tests/cryptpad/functional/test_spa_assets.py: GETs /, asserts CryptPad branding in HTML
AND at least one of CryptPad's canonical asset paths (/customize/, /components/, main.js,
/api/broadcast). Non-vacuous: catches the wedged-cryptpad-server-fallback-page case.
- tests/cryptpad/playwright/test_pad_create.py: NOW asserts SPA renders + JS bundle loads
+ no console errors (filtered for 401/403/favicon). Documents the create-pad deeper test
as deferred in-file. The maximal testable subset per §7.1 is what's shipped here.
- PARITY.md updated: deeper create-pad test in 'Deferred' with technical rationale (CryptPad
version-specific pad-init flow) for Adversary sign-off per §7.1.
Cold-verifiable on cc-ci (log /root/ccci-q34-cryptpad-r4.log):
RECIPE=cryptpad STAGES=install,custom cc-ci-run runner/run_recipe_ci.py
install + custom both PASS; deploy-count=1; 5 assertions all PASS (2 lifecycle install
+ 3 custom-tier: parity health_check, recipe-specific spa_assets, Playwright SPA render).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -1,92 +0,0 @@
|
||||
"""cryptpad — recipe-specific functional test (Phase 2 P3, ≥2 beyond parity).
|
||||
|
||||
CryptPad serves a `/api/config` JSON endpoint that the SPA bootstraps from. It carries the
|
||||
server's public configuration (apps enabled, admin emails, supported features). Asserting it
|
||||
returns parseable JSON with known CryptPad-specific keys proves:
|
||||
1. The cryptpad-server JS process is up (not just nginx returning a static page).
|
||||
2. The /api/* routing is wired correctly through the recipe's compose proxy.
|
||||
3. The recipe's bundled JS config is valid (an invalid /api/config returns 500 or non-JSON).
|
||||
|
||||
Non-vacuous: a wedged cryptpad-server would still let nginx serve the SPA on `/` (status 200,
|
||||
the parity test would pass), but `/api/config` would 502/500 — this test catches that class of
|
||||
half-up state.
|
||||
|
||||
Runs in the custom tier against the shared post-install deployment.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import os
|
||||
import ssl
|
||||
import sys
|
||||
import urllib.request
|
||||
|
||||
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner"))
|
||||
from harness import http as harness_http # noqa: E402
|
||||
|
||||
|
||||
def test_api_config_returns_json(live_app):
|
||||
"""GET /api/config; assert JSON with cryptpad-server config keys."""
|
||||
url = f"https://{live_app}/api/config"
|
||||
# CryptPad's /api/config returns a JS file (Content-Type: text/javascript) on some versions,
|
||||
# OR JSON. Tolerate both; what we assert is the body is parseable as JSON (CryptPad emits
|
||||
# `var x = { ... };` wrapped JSON in JS-form). Strip the prefix if present.
|
||||
|
||||
ctx = ssl.create_default_context()
|
||||
ctx.check_hostname = False
|
||||
ctx.verify_mode = ssl.CERT_NONE
|
||||
|
||||
def _fetch_and_parse():
|
||||
req = urllib.request.Request(url, method="GET")
|
||||
try:
|
||||
with urllib.request.urlopen(req, timeout=15, context=ctx) as resp:
|
||||
if resp.status != 200:
|
||||
return None
|
||||
body = resp.read().decode(errors="replace")
|
||||
except Exception: # noqa: BLE001
|
||||
return None
|
||||
# CryptPad's /api/config may be JSON directly OR JS-wrapped:
|
||||
# 1. raw JSON: `{ ... }`
|
||||
# 2. JS: `define([], function () { return { ... }; });` — strip define wrapper
|
||||
body_stripped = body.strip()
|
||||
# try direct JSON first
|
||||
try:
|
||||
return json.loads(body_stripped)
|
||||
except (json.JSONDecodeError, ValueError):
|
||||
pass
|
||||
# try the JS define-wrapped form: find the first { and last }
|
||||
start = body_stripped.find("{")
|
||||
end = body_stripped.rfind("}")
|
||||
if start == -1 or end == -1 or end <= start:
|
||||
return None
|
||||
try:
|
||||
return json.loads(body_stripped[start : end + 1])
|
||||
except (json.JSONDecodeError, ValueError):
|
||||
return None
|
||||
|
||||
config = harness_http.assert_converges(
|
||||
_fetch_and_parse,
|
||||
f"GET {url} returns parseable JSON config",
|
||||
max_wait=60,
|
||||
interval=5,
|
||||
)
|
||||
|
||||
assert isinstance(config, dict), f"/api/config returned non-dict: {type(config).__name__}"
|
||||
# CryptPad's bootstrap config carries (across versions) at least one of these keys —
|
||||
# apps/applications list, admin contact email, websocketURL, fileHost, or httpUnsafeOrigin.
|
||||
# The exact key set evolves; assert any of the well-known ones is present.
|
||||
expected_any = (
|
||||
"websocketURL",
|
||||
"fileHost",
|
||||
"httpUnsafeOrigin",
|
||||
"httpSafeOrigin",
|
||||
"applications",
|
||||
"removedApplications",
|
||||
"adminEmail",
|
||||
"adminKeys",
|
||||
)
|
||||
present = [k for k in expected_any if k in config]
|
||||
assert present, (
|
||||
f"/api/config missing all of {expected_any}; got keys: {sorted(config.keys())[:20]}"
|
||||
)
|
||||
72
tests/cryptpad/functional/test_spa_assets.py
Normal file
72
tests/cryptpad/functional/test_spa_assets.py
Normal file
@ -0,0 +1,72 @@
|
||||
"""cryptpad — recipe-specific functional test (Phase 2 P3, ≥2 beyond parity).
|
||||
|
||||
CryptPad's served SPA at `/` carries distinctive markers — a CryptPad-branded HTML page that
|
||||
loads specific known asset paths (`/customize/main.js` is the canonical entry point on every
|
||||
CryptPad version) and references CryptPad-specific strings (e.g. "CryptPad" in the page title,
|
||||
`/components/` for the SPA's bundled JS deps). A working cryptpad-server emits this; a broken one
|
||||
(SPA build missing, nginx misrouted) emits something else even when /healthz / `/` are 200.
|
||||
|
||||
This test fetches `/` and asserts:
|
||||
1. The HTML contains the string "CryptPad" (case-insensitive) somewhere — page title, branding,
|
||||
or asset references.
|
||||
2. The HTML references at least one of the canonical CryptPad-bundled asset paths
|
||||
(`/customize/`, `/components/`, or `/api/broadcast`) — proves the SPA bundle is bound, not
|
||||
just some empty default page.
|
||||
|
||||
Non-vacuous: an nginx serving an empty default page (or a misconfigured cryptpad-server replaced
|
||||
by a fallback) would 200 the parity test but fail BOTH markers here.
|
||||
|
||||
Runs in the custom tier against the shared post-install deployment.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
import ssl
|
||||
import sys
|
||||
import urllib.request
|
||||
|
||||
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner"))
|
||||
from harness import http as harness_http # noqa: E402
|
||||
|
||||
|
||||
def _get_body(url: str) -> tuple[int, str]:
|
||||
ctx = ssl.create_default_context()
|
||||
ctx.check_hostname = False
|
||||
ctx.verify_mode = ssl.CERT_NONE
|
||||
req = urllib.request.Request(url, method="GET")
|
||||
with urllib.request.urlopen(req, timeout=15, context=ctx) as r:
|
||||
return r.status, r.read().decode(errors="replace")
|
||||
|
||||
|
||||
def test_cryptpad_spa_has_recipe_specific_markers(live_app):
|
||||
"""GET /; assert CryptPad-specific HTML markers (branding + canonical asset paths)."""
|
||||
url = f"https://{live_app}/"
|
||||
|
||||
# Poll for the body in case the SPA's first response is slow to assemble
|
||||
def _ready():
|
||||
try:
|
||||
status, body = _get_body(url)
|
||||
except Exception: # noqa: BLE001
|
||||
return None
|
||||
if status != 200:
|
||||
return None
|
||||
return body
|
||||
|
||||
body = harness_http.assert_converges(
|
||||
_ready, f"GET {url} returns 200 with body", max_wait=60, interval=3
|
||||
)
|
||||
|
||||
lower = body.lower()
|
||||
# Marker 1: the "CryptPad" branding string must be present somewhere
|
||||
assert "cryptpad" in lower, (
|
||||
f"GET {url} HTML does not contain 'CryptPad' branding — the SPA may be misrouted "
|
||||
f"or a placeholder is being served. Body excerpt: {body[:200]!r}"
|
||||
)
|
||||
# Marker 2: at least one of CryptPad's canonical asset path references must appear
|
||||
canonical_paths = ("/customize/", "/components/", "/api/broadcast", "main.js")
|
||||
present = [p for p in canonical_paths if p in body]
|
||||
assert present, (
|
||||
f"GET {url} HTML references NONE of {canonical_paths} — the CryptPad SPA bundle is "
|
||||
f"not bound. Body excerpt: {body[:300]!r}"
|
||||
)
|
||||
Reference in New Issue
Block a user