recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
recipe-maintainer/recipe-info/cryptpad/test.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

3.2 KiB
Raw Permalink Blame History

CryptPad Tests

Target

Dependencies

  • Authentik (authentik.<DOMAIN_SUFFIX>) — required for SSO/OIDC testing

Test Setup

Before running all tests, the following must be in place:

1. Deploy authentik

abra app deploy authentik.<DOMAIN_SUFFIX> --chaos --force --no-input

2. Deploy CryptPad

abra app deploy cryptpad.<DOMAIN_SUFFIX> --chaos --force --no-input

3. Run the Authentik integration setup

python3 recipe-info/cryptpad/setup_authentik_integration.py

This configures authentik as the OIDC provider for CryptPad:

  1. Creates an OAuth2 provider (cryptpad) via the authentik REST API
  2. Creates an Application linked to the provider
  3. Creates a test user (testuser / testpass123) with an APP_PASSWORD token
  4. Writes OIDC env vars to the CryptPad instance env file (enables compose.sso.yml)
  5. Writes credentials to authentik-test-credentials.<DOMAIN_SUFFIX>.toml

Important: The APP_PASSWORD token becomes invalid if authentik is redeployed. If the oidc_login.py test fails with "invalid, expired, revoked" token errors, re-run this setup script and redeploy CryptPad.

4. Redeploy CryptPad with SSO config

abra app deploy cryptpad.<DOMAIN_SUFFIX> --chaos --force --no-input

Wait ~2 minutes for the SSO plugin to install and CryptPad to rebuild.

Test Instance SSO Configuration

The test instance has SSO enabled via compose.sso.yml. The instance env file includes:

COMPOSE_FILE="compose.yml:compose.sso.yml"

Note: SSO is not enabled by default in .env.sample. The test instance has it enabled explicitly to test the SSO integration. If you need to reset the test instance without SSO, change COMPOSE_FILE to just "compose.yml" and redeploy.

Automated Tests

  • tests/health_check.py — Confirms the instance is reachable and returns HTTP 200.
  • tests/oidc_login.py — Tests SSO/OIDC integration with Authentik. Checks OIDC discovery, APP_PASSWORD token grant, and /ssoauth endpoint.

Credentials

Key Description
ak_client_id / ak_client_secret OIDC client ID and secret
ak_test_user / ak_test_pass Test user credentials (password for browser login)
ak_test_app_password APP_PASSWORD token for password grant (authentik requires this instead of regular passwords)
ak_test_email Test user email
ak_discovery_endpoint Authentik OIDC discovery URL

Stored in authentik-test-credentials.<DOMAIN_SUFFIX>.toml.

Manual Verification

  1. Open https://cryptpad.<DOMAIN_SUFFIX> in a browser.
  2. Confirm the CryptPad landing page loads without errors (not a white screen).
  3. Verify the sandbox domain https://sandbox.cryptpad.<DOMAIN_SUFFIX> is reachable.
  4. Register a user account and confirm it succeeds.
  5. Create a pad and verify real-time editing works.

SSO Manual Verification

  1. Confirm the CryptPad login page shows an SSO login button (labelled "Authentik").
  2. Click the SSO login button — it should redirect to Authentik.
  3. Log in with testuser / testpass123 on Authentik.
  4. After authentication, you should be redirected back to CryptPad and logged in.