# CryptPad Tests ## Target - **URL:** https://cryptpad. - **Sandbox URL:** https://sandbox.cryptpad. ## Dependencies - **Authentik** (`authentik.`) — required for SSO/OIDC testing ## Test Setup Before running all tests, the following must be in place: ### 1. Deploy authentik ```bash abra app deploy authentik. --chaos --force --no-input ``` ### 2. Deploy CryptPad ```bash abra app deploy cryptpad. --chaos --force --no-input ``` ### 3. Run the Authentik integration setup ```bash python3 recipe-info/cryptpad/setup_authentik_integration.py ``` This configures authentik as the OIDC provider for CryptPad: 1. Creates an OAuth2 provider (`cryptpad`) via the authentik REST API 2. Creates an Application linked to the provider 3. Creates a test user (`testuser` / `testpass123`) with an APP_PASSWORD token 4. Writes OIDC env vars to the CryptPad instance env file (enables `compose.sso.yml`) 5. Writes credentials to `authentik-test-credentials..toml` **Important:** The APP_PASSWORD token becomes invalid if authentik is redeployed. If the `oidc_login.py` test fails with "invalid, expired, revoked" token errors, re-run this setup script and redeploy CryptPad. ### 4. Redeploy CryptPad with SSO config ```bash abra app deploy cryptpad. --chaos --force --no-input ``` Wait ~2 minutes for the SSO plugin to install and CryptPad to rebuild. ## Test Instance SSO Configuration The test instance has SSO enabled via `compose.sso.yml`. The instance env file includes: ``` COMPOSE_FILE="compose.yml:compose.sso.yml" ``` Note: SSO is **not** enabled by default in `.env.sample`. The test instance has it enabled explicitly to test the SSO integration. If you need to reset the test instance without SSO, change `COMPOSE_FILE` to just `"compose.yml"` and redeploy. ## Automated Tests - `tests/health_check.py` — Confirms the instance is reachable and returns HTTP 200. - `tests/oidc_login.py` — Tests SSO/OIDC integration with Authentik. Checks OIDC discovery, APP_PASSWORD token grant, and `/ssoauth` endpoint. ### Credentials | Key | Description | |-----|-------------| | `ak_client_id` / `ak_client_secret` | OIDC client ID and secret | | `ak_test_user` / `ak_test_pass` | Test user credentials (password for browser login) | | `ak_test_app_password` | APP_PASSWORD token for password grant (authentik requires this instead of regular passwords) | | `ak_test_email` | Test user email | | `ak_discovery_endpoint` | Authentik OIDC discovery URL | Stored in `authentik-test-credentials..toml`. ## Manual Verification 1. Open https://cryptpad. in a browser. 2. Confirm the CryptPad landing page loads without errors (not a white screen). 3. Verify the sandbox domain https://sandbox.cryptpad. is reachable. 4. Register a user account and confirm it succeeds. 5. Create a pad and verify real-time editing works. ### SSO Manual Verification 6. Confirm the CryptPad login page shows an SSO login button (labelled "Authentik"). 7. Click the SSO login button — it should redirect to Authentik. 8. Log in with `testuser` / `testpass123` on Authentik. 9. After authentication, you should be redirected back to CryptPad and logged in.