recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460eba090ba6765b05a929d32d16ca984cf66e5a
recipe-maintainer/recipe-info/cryptpad/test.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

92 lines
3.2 KiB
Markdown
Raw Blame History

# CryptPad Tests
## Target
- **URL:** https://cryptpad.<DOMAIN_SUFFIX>
- **Sandbox URL:** https://sandbox.cryptpad.<DOMAIN_SUFFIX>
## Dependencies
- **Authentik** (`authentik.<DOMAIN_SUFFIX>`) — required for SSO/OIDC testing
## Test Setup
Before running all tests, the following must be in place:
### 1. Deploy authentik
```bash
abra app deploy authentik.<DOMAIN_SUFFIX> --chaos --force --no-input
```
### 2. Deploy CryptPad
```bash
abra app deploy cryptpad.<DOMAIN_SUFFIX> --chaos --force --no-input
```
### 3. Run the Authentik integration setup
```bash
python3 recipe-info/cryptpad/setup_authentik_integration.py
```
This configures authentik as the OIDC provider for CryptPad:
1. Creates an OAuth2 provider (`cryptpad`) via the authentik REST API
2. Creates an Application linked to the provider
3. Creates a test user (`testuser` / `testpass123`) with an APP_PASSWORD token
4. Writes OIDC env vars to the CryptPad instance env file (enables `compose.sso.yml`)
5. Writes credentials to `authentik-test-credentials.<DOMAIN_SUFFIX>.toml`
**Important:** The APP_PASSWORD token becomes invalid if authentik is redeployed. If the `oidc_login.py` test fails with "invalid, expired, revoked" token errors, re-run this setup script and redeploy CryptPad.
### 4. Redeploy CryptPad with SSO config
```bash
abra app deploy cryptpad.<DOMAIN_SUFFIX> --chaos --force --no-input
```
Wait ~2 minutes for the SSO plugin to install and CryptPad to rebuild.
## Test Instance SSO Configuration
The test instance has SSO enabled via `compose.sso.yml`. The instance env file includes:
```
COMPOSE_FILE="compose.yml:compose.sso.yml"
```
Note: SSO is **not** enabled by default in `.env.sample`. The test instance has it enabled explicitly to test the SSO integration. If you need to reset the test instance without SSO, change `COMPOSE_FILE` to just `"compose.yml"` and redeploy.
## Automated Tests
- `tests/health_check.py` — Confirms the instance is reachable and returns HTTP 200.
- `tests/oidc_login.py` — Tests SSO/OIDC integration with Authentik. Checks OIDC discovery, APP_PASSWORD token grant, and `/ssoauth` endpoint.
### Credentials
| Key | Description |
|-----|-------------|
| `ak_client_id` / `ak_client_secret` | OIDC client ID and secret |
| `ak_test_user` / `ak_test_pass` | Test user credentials (password for browser login) |
| `ak_test_app_password` | APP_PASSWORD token for password grant (authentik requires this instead of regular passwords) |
| `ak_test_email` | Test user email |
| `ak_discovery_endpoint` | Authentik OIDC discovery URL |
Stored in `authentik-test-credentials.<DOMAIN_SUFFIX>.toml`.
## Manual Verification
1. Open https://cryptpad.<DOMAIN_SUFFIX> in a browser.
2. Confirm the CryptPad landing page loads without errors (not a white screen).
3. Verify the sandbox domain https://sandbox.cryptpad.<DOMAIN_SUFFIX> is reachable.
4. Register a user account and confirm it succeeds.
5. Create a pad and verify real-time editing works.
### SSO Manual Verification
6. Confirm the CryptPad login page shows an SSO login button (labelled "Authentik").
7. Click the SSO login button — it should redirect to Authentik.
8. Log in with `testuser` / `testpass123` on Authentik.
9. After authentication, you should be redirected back to CryptPad and logged in.
Reference in New Issue View Git Blame Copy Permalink