Update package version to 1.35.3

| datasource      | package        | from   | to     |
| --------------- | -------------- | ------ | ------ |
| github-releases | go-gitea/gitea | 1.23.6 | 1.23.7 |

CHANGELOG

@@ -1,5 +0,0 @@
-[0.1.0]
-* Initial package (forked from Gogs app)
-
-[0.1.1]
-* Removed reference to Gogs

CloudronManifest.json

@@ -4,14 +4,20 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "0.1.1",
-  "healthCheckPath": "/healthcheck",
+  "version": "1.35.3",
+  "upstreamVersion": "1.23.7",
+  "healthCheckPath": "/explore",
   "httpPort": 3000,
+  "memoryLimit": 536870912,
   "addons": {
-    "mysql": { },
-    "sendmail": { },
-    "localstorage": { },
-    "ldap": { }
+    "mysql": {},
+    "sendmail": {
+      "supportsDisplayName": true
+    },
+    "localstorage": {},
+    "oidc": {
+      "loginRedirectUri": "/user/oauth2/cloudron/callback"
+    }
   },
   "tcpPorts": {
     "SSH_PORT": {
@@ -20,22 +26,35 @@
       "defaultValue": 29418
     }
   },
-  "manifestVersion": 1,
+  "manifestVersion": 2,
   "website": "https://gitea.io",
   "contactEmail": "apps@cloudron.io",
   "icon": "file://logo.png",
+  "optionalSso": true,
   "mediaLinks": [
-    "https://i.imgur.com/3iEQsux.jpg",
-    "https://i.imgur.com/glqFnj8.jpg",
-    "https://i.imgur.com/ad1FEpi.jpg",
-    "https://i.imgur.com/q81EcGa.jpg",
-    "https://i.imgur.com/L2CQeN0.jpg",
-    "https://i.imgur.com/cNuvMum.jpg",
-    "https://i.imgur.com/xCYRqaF.jpg",
-    "https://i.imgur.com/ILpRBCe.jpg",
-    "https://i.imgur.com/0BHnrcL.jpg"
+    "https://screenshots.cloudron.io/io.gitea.cloudronapp/1.png",
+    "https://screenshots.cloudron.io/io.gitea.cloudronapp/2.png",
+    "https://screenshots.cloudron.io/io.gitea.cloudronapp/3.png",
+    "https://screenshots.cloudron.io/io.gitea.cloudronapp/4.png",
+    "https://screenshots.cloudron.io/io.gitea.cloudronapp/5.png"
   ],
-  "tags": [ "version control", "git", "code hosting", "development" ],
-  "changelog": "file://CHANGELOG",
-  "postInstallMessage": "file://POSTINSTALL.md"
+  "tags": [
+    "version control",
+    "git",
+    "code hosting",
+    "development",
+    "github",
+    "bitbucket",
+    "gitlab"
+  ],
+  "changelog": "file://CHANGELOG.md",
+  "postInstallMessage": "file://POSTINSTALL.md",
+  "checklist": {
+    "change-default-password": {
+      "message": "Change the default admin password"
+    }
+  },
+  "minBoxVersion": "8.1.0",
+  "forumUrl": "https://forum.cloudron.io/category/19/gitea",
+  "documentationUrl": "https://docs.cloudron.io/apps/gitea/"
 }

DESCRIPTION.md

@@ -1,6 +1,4 @@
-Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab. The initial development have been done on Gogs but we have forked it and named it Gitea. If you want to read more about the reasons why we have done that please read this blog post.
-
-This app packages Gitea <upstream>1.1.1</upstream>
+Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.
 
 ### Purpose
 
@@ -20,9 +18,7 @@ The goal of this project is to make the easiest, fastest, and most painless way
 - Gravatar and custom source
 - Mail service
 - Administration panel
-- Supports MySQL, PostgreSQL, SQLite3 and [TiDB](https://github.com/pingcap/tidb) (experimental)
-- Multi-language support ([15 languages](https://crowdin.com/project/gogs))
 
 ### Bug reports
 
-Open bugs on [Github](https://git.cloudron.io/dswd/gitea-app/issues)
+Open bugs on [Github](https://git.cloudron.io/cloudron/gitea-app/issues)

Dockerfile

@@ -1,22 +1,27 @@
-FROM cloudron/base:0.10.0
-
-ENV VERSION 1.1.1
+FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
 
 RUN apt-get update && \
-    apt-get install -y openssh-server && \
+    apt-get install -y openssh-server git asciidoctor pandoc pipx && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
 
+# pipx --global does not work, not sure why
+RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install jupyter docutils --include-deps
+
 ADD supervisor/ /etc/supervisor/conf.d/
 
-RUN adduser --disabled-login --gecos 'Gitea' git
-# by default, git account is created as inactive which prevents login via openssh
-# https://github.com/gitlabhq/gitlabhq/issues/5304
-RUN passwd -d git
+RUN useradd --comment "Gogs" --create-home --shell /bin/bash git
+RUN passwd -d git # by default, git account is created as inactive which prevents login via openssh. this disables password for account
+WORKDIR /home/git
 
-RUN mkdir -p /home/git/gitea
-## TODO: use redis as well
-RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+# for autosign feature
+ENV GNUPGHOME="/app/data/gnupg"
+
+# renovate: datasource=github-releases depName=go-gitea/gitea versioning=semver extractVersion=^v(?<version>.+)$
+ARG GITEA_VERSION=1.23.7
+
+RUN mkdir -p /home/git/gitea && \
+    curl -L https://github.com/go-gitea/gitea/releases/download/v${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
 # setup config paths
@@ -31,9 +36,7 @@ RUN ln -s /app/data/gitconfig /home/git/.gitconfig
 
 ADD start.sh /home/git/start.sh
 
-# disable pam authentication for sshd
-RUN sed -e 's/UsePAM yes/UsePAM no/' -e 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config
-RUN echo "UseDNS no" >> /etc/ssh/sshd_config
+COPY sshd_config /etc/ssh/sshd_config
 
 CMD [ "/home/git/start.sh" ]
 

POSTINSTALL.md

@@ -1,12 +1,8 @@
-This app integrates with the Cloudron SSO. Admins on Cloudron automatically
-become admins on Gitea.
+This app is pre-setup with an admin account. The initial credentials are:
 
-If you want to disable Cloudron SSO, do the following:
-
-* Admin Panel -> Authentication -> 'cloudron' -> Uncheck 'This authentication is activated'
-* Admin Panel -> Users -> Change Authentication Source to 'Local' and also give a password
-
-You can create a `/app/data/app.ini` with any custom configuration. See the 
-[configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet)
-for more information.
+**Username**: root<br/>
+**Password**: changeme<br/>
 
+<sso>
+Use the `Local` authentication source for logging in as admin.
+</sso>

app.ini.template

@@ -2,7 +2,9 @@ APP_NAME = Gitea
 RUN_USER = git
 RUN_MODE = prod
 
+
 [database]
+; those settings are protected and can't be modified
 DB_TYPE = mysql
 HOST = ##MYSQL_HOST:##MYSQL_PORT
 NAME = ##MYSQL_DATABASE
@@ -11,7 +13,9 @@ PASSWD = ##MYSQL_PASSWORD
 SSL_MODE = disable
 PATH =
 
+
 [server]
+; those settings are protected and can't be modified
 PROTOCOL = http
 DOMAIN = ##DOMAIN
 ROOT_URL = https://%(DOMAIN)s/
@@ -20,55 +24,111 @@ HTTP_PORT = 3000
 DISABLE_SSH = ##DISABLE_SSH
 SSH_PORT = ##SSH_PORT
 APP_DATA_PATH = /app/data/appdata
+
 ; Landing page for non-logged users, can be "home" or "explore"
 LANDING_PAGE = explore
 
+
 [repository]
+; this setting is protected and can't be modified
 ROOT = /app/data/repository
+
 SCRIPT_TYPE = bash
 
+
 [repository.upload]
 ENABLED = true
+
+; this setting is protected and can't be modified
 TEMP_PATH = /run/gitea/tmp/uploads
 
+
 [release.attachment]
 ENABLED = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+[oauth2_client]
+ENABLE_AUTO_REGISTRATION = true
+USERNAME = sub
+UPDATE_AVATAR = false
+ACCOUNT_LINKING = auto
+
 [mailer]
 ENABLED = true
-HOST = ##MAIL_SERVER:##MAIL_PORT
+
+; those settings are protected and can't be modified
+SMTP_ADDR = ##MAIL_SERVER
+SMTP_PORT = ##MAIL_PORT
 USER = ##MAIL_SMTP_USERNAME
 PASSWD = ##MAIL_SMTP_PASSWORD
 FROM = ##MAIL_FROM
-SKIP_VERIFY = true
+PROTOCOL = smtps
+FORCE_TRUST_SERVER_CERT = true
+
 
 [security]
+; those settings are protected and can't be modified
 INSTALL_LOCK = true
 SECRET_KEY = ##SECRET_KEY
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
 
 [service]
 DISABLE_REGISTRATION = false
 SHOW_REGISTRATION_BUTTON = false
 ENABLE_NOTIFY_MAIL = true
 
+
 [log]
-; Either "console", "file", "conn", "smtp" or "database", default is "console"
+; those settings are protected and can't be modified
 MODE = console
 ; used for xorm.log
 ROOT_PATH = /run/gitea
 
+
 [picture]
 ; APP_DATA_PATH/avatars
 AVATAR_UPLOAD_PATH =
 GRAVATAR_SOURCE = gravatar
 DISABLE_GRAVATAR = false
 
+
 [attachment]
 ENABLE = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+
 [indexer]
+; this setting is protected and can't be modified
 ISSUE_INDEXER_PATH = /app/data/appdata/indexers/issues.bleve
+
+[session]
+PROVIDER = file
+PROVIDER_CONFIG = /run/gitea/sessions
+COOKIE_SECURE = true
+COOKIE_NAME = cloudron_gitea
+GC_INTERVAL_TIME = 2592000
+
+[markup.asciidoc]
+ENABLED = true
+FILE_EXTENSIONS = .adoc,.asciidoc
+RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
+; Input is not a standard input but a file
+IS_INPUT_FILE = false
+
+[markup.restructuredtext]
+ENABLED = true
+FILE_EXTENSIONS = .rst
+RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
+IS_INPUT_FILE = false
+
+[markup.jupyter]
+ENABLED = true
+FILE_EXTENSIONS = .ipynb
+RENDER_COMMAND = "jupyter nbconvert --stdin --stdout --to html --template basic"
+IS_INPUT_FILE = false
+
+[markup.sanitizer.jupyter.img]
+ALLOW_DATA_URI_IMAGES = true

renovate.json5

@@ -0,0 +1,4 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["local>devops/renovator//default.renovate.json5"]
+}

sshd_config

@@ -0,0 +1,37 @@
+Port 29418
+
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+HostKey /app/data/sshd/ssh_host_rsa_key
+HostKey /app/data/sshd/ssh_host_ecdsa_key
+HostKey /app/data/sshd/ssh_host_ed25519_key
+
+LogLevel INFO
+
+# no reverse DNS lookup
+UseDNS no
+UsePAM no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog no
+
+LoginGraceTime 120
+StrictModes yes
+PubkeyAuthentication yes
+PermitUserEnvironment yes
+PermitRootLogin no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PermitEmptyPasswords no
+HostbasedAuthentication no
+
+AllowUsers git
+
+Banner none
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AcceptEnv GIT_PROTOCOL LANG LC_*
+

start.sh

@@ -2,29 +2,50 @@
 
 set -eu -o pipefail
 
-mkdir -p /run/gitea/tmp/uploads
+mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
-setup_ldap_source() {
+# CLOUDRON_OIDC_PROVIDER_NAME not supported as it will be used in rest route!
+setup_oidc_source() {
     set -eu
 
-    # Wait for gitea to finish db setup, before we insert ldap source in db
-    while ! curl --fail http://localhost:3000/healthcheck; do
-        echo "Waiting for gitea to come up"
+    echo "==> Setup OIDC source"
+
+    now=$(date +%s)
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
+}
+
+setup_root_user() {
+    set -eu
+
+    if sudo -H -u git /home/git/gitea/gitea admin user create --username root --password changeme --email admin@cloudron.local --admin -c /run/gitea/app.ini; then
+        echo "==> root user added"
+    else
+        echo "==> Failed to add root user"
+        exit 1
+    fi
+}
+
+setup_auth() {
+    set -eu
+
+    # Wait for gitea to finish db setup, before we do any db operations
+    while ! curl --fail http://localhost:3000/explore; do
+        echo "==> Waiting for gitea to come up"
         sleep 1
     done
 
-    now=$(date +%s)
+    echo "==> Gitea is up, setting up auth"
 
-    # Get the existing LDAP source status. This allows the user to disable LDAP
-    ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
-    [[ -z "${ldap_status}" ]] && ldap_status="1"
+    if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+        setup_oidc_source
+    fi
 
-    if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
-        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
-        echo "LDAP Authentication was setup with status ${ldap_status}"
-    else
-        echo "Failed to setup LDAP authentication"
-        exit 1
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
+    # be careful, not to create root user for existing LDAP based installs
+    if [[ "${user_count}" == "0" ]]; then
+        echo "==> Setting up root user for first run"
+        setup_root_user
     fi
 }
 
@@ -50,35 +71,55 @@ fi
 chmod 0600 /app/data/sshd/*_key
 chmod 0644 /app/data/sshd/*.pub
 
-sed -e "s/^Port .*/Port ${SSH_PORT}/" \
-    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
-    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
-    /etc/ssh/sshd_config > /run/gitea/sshd_config
+sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config
 
-sed -e "s/##DOMAIN/${APP_DOMAIN}/g" \
-    -e "s/##SSH_PORT/${SSH_PORT}/g" \
-    -e "s/##DISABLE_SSH/${disable_ssh}/g" \
-    -e "s/##MYSQL_HOST/${MYSQL_HOST}/g" \
-    -e "s/##MYSQL_PORT/${MYSQL_PORT}/g" \
-    -e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/g" \
-    -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/g" \
-    -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/g" \
-    -e "s/##MAIL_SERVER/${MAIL_SMTP_SERVER}/g" \
-    -e "s/##MAIL_PORT/${MAIL_SMTP_PORT}/g" \
-    -e "s/##MAIL_FROM/${MAIL_FROM}/g" \
-    -e "s/##MAIL_SMTP_USERNAME/${MAIL_SMTP_USERNAME}/g" \
-    -e "s/##MAIL_SMTP_PASSWORD/${MAIL_SMTP_PASSWORD}/g" \
-    -e "s/##SECRET_KEY/$(pwgen -1 -s)/g" \
-    /home/git/app.ini.template > "/run/gitea/app.ini"
+if [[ ! -f /app/data/app.ini ]]; then
+    echo -e "; Add customizations here - https://docs.gitea.io/en-us/config-cheat-sheet/" > /app/data/app.ini
 
-# merge any user config file
-[[ -f /app/data/app.ini ]] && cat "/app/data/app.ini" >> "/run/gitea/app.ini"
+    echo "==> Generating new SECRET_KEY"
+    crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
+fi
 
-mkdir -p /app/data/repository /app/data/ssh
+# merge user config file
+cp /home/git/app.ini.template "/run/gitea/app.ini"
+crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
 
+# override important values
+crudini --set "/run/gitea/app.ini" database DB_TYPE mysql
+crudini --set "/run/gitea/app.ini" database HOST "${CLOUDRON_MYSQL_HOST}:${CLOUDRON_MYSQL_PORT}"
+crudini --set "/run/gitea/app.ini" database NAME "${CLOUDRON_MYSQL_DATABASE}"
+crudini --set "/run/gitea/app.ini" database USER "${CLOUDRON_MYSQL_USERNAME}"
+crudini --set "/run/gitea/app.ini" database PASSWD "${CLOUDRON_MYSQL_PASSWORD}"
+crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"
+crudini --set "/run/gitea/app.ini" server PROTOCOL "http"
+crudini --set "/run/gitea/app.ini" server DOMAIN "${CLOUDRON_APP_DOMAIN}"
+crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"
+crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""
+crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"
+crudini --set "/run/gitea/app.ini" server DISABLE_SSH "${disable_ssh}"
+crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
+crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
+crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
+crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
+crudini --set "/run/gitea/app.ini" mailer SMTP_ADDR "${CLOUDRON_MAIL_SMTP_SERVER}"
+crudini --set "/run/gitea/app.ini" mailer SMTP_PORT "${CLOUDRON_MAIL_SMTPS_PORT}"
+crudini --set "/run/gitea/app.ini" mailer PROTOCOL smtps
+crudini --set "/run/gitea/app.ini" mailer USER "${CLOUDRON_MAIL_SMTP_USERNAME}"
+crudini --set "/run/gitea/app.ini" mailer PASSWD "${CLOUDRON_MAIL_SMTP_PASSWORD}"
+crudini --set "/run/gitea/app.ini" mailer FROM "${CLOUDRON_MAIL_FROM_DISPLAY_NAME:-Gitea} <${CLOUDRON_MAIL_FROM}>"
+crudini --set "/run/gitea/app.ini" mailer FORCE_TRUST_SERVER_CERT "true"
+crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
+crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_LIMIT 1
+crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_TRUSTED_PROXIES "*"
+crudini --set "/run/gitea/app.ini" log MODE "console"
+crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
+crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
+
+echo "==> Creating dirs and changing permissions"
+mkdir -p /app/data/repository /app/data/ssh /app/data/custom /app/data/gnupg
 chown -R git:git /app/data /run/gitea
 
-( setup_ldap_source ) &
+# this expects app.ini to be available
+( setup_auth ) &
 
 exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
-

supervisor/gitea.conf

@@ -9,4 +9,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-environment=HOME="/home/git",USER="git"
+environment=HOME="/home/git",USER="git",GITEA_CUSTOM="/app/data/custom"

supervisor/sshd.conf

@@ -8,4 +8,3 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-

test/git_ssh_wrapper.sh

@@ -2,4 +2,4 @@
 
 readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
-ssh -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${SCRIPT_DIR}/id_rsa "$@"
+ssh -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${SCRIPT_DIR}/id_ed25519 "$@"

test/id_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDECyFdxcmgOemNvs0wUhkgzfj9IS2OTG6bU5AXfNkXfgAAAJAoNQg/KDUI
+PwAAAAtzc2gtZWQyNTUxOQAAACDECyFdxcmgOemNvs0wUhkgzfj9IS2OTG6bU5AXfNkXfg
+AAAEC9nIZlzus9hn/b99E/cnSE2Vpycx0invItrrzgOX9qwMQLIV3FyaA56Y2+zTBSGSDN
++P0hLY5MbptTkBd82Rd+AAAADW5lYnVsb25AbHVuYXI=
+-----END OPENSSH PRIVATE KEY-----

test/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQLIV3FyaA56Y2+zTBSGSDN+P0hLY5MbptTkBd82Rd+ nebulon@lunar

test/id_rsa

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA14L+HdwPXRHC2A+fyRv1FTsRE/OPl0Z0KnEigzIIdA65CzTy
-l3m3ATNFI1o/Ies7RW6rsr9UHuLLufNVg1NwIBdns8sPE4pSZSjfdPnznifIIs7y
-wL/vn2D3JEhpA8EOasSy0c+z+6X23evsLB3D81y7ICsBc16Q147WZ6D+QMUP+A4b
-wlmEcy0hAoPx/jnnPlRDVOK1ZnBvuAaHBkcBh+sA272BhB6Kv13MBu0wctDjKw5w
-cNmgVWbzBBtK1L8BZVMDKmKWZ2PKP4GkkpnAvkD0+4sdARe148faV8HHigAKKNN7
-vt+njs6nHuS4ksJL1E9cKGHdBJudJc3p24iI7QIDAQABAoIBABm5ojnQPek/KIIA
-A3PPKYc6QMSf60EEgPNcA+GjRE0OQNpsnJSmS8kR5KvepvCWksGr/0Tb/9+b9POi
-b0+40waRpKhakdckSMeYhGwDNihn2UUGbQXDI4hj27xyBE8VaXInPq063OIqInjF
-I7D0cKKJLDEf0RGDdUi13TQLjK4QX78W/9S8d5ClznAVi4wUBb1urs7fAoVetn/i
-PnlEj9KZHio4mCg28djTudAoWzjzUikRqKRYY5QNEJ13abVoLqIRSRHC1DzwpxVv
-Y88l4hmm6IcmWGo0O9lpu5IJFvEmngfpmyaVbeLE0fhLPFWcEHARw37SThTZVQeY
-Tx1816UCgYEA9j5dyNbFcC4YL9i9DQyut658bYziY2vsAvZNMMf249IJGbZOxlZK
-ylB00zlbO/2uNh12Y9z6BN2hO2lER3O3SM75tCnvXR0+qG+xmfjLcRVczEkU10+r
-8UxKBgg7Sf9uvfeONefEYPwiwzFoWgdaFSrR2sCmuoHPwfc9i+PSp+8CgYEA4Azq
-DToKdv6VBWPlNXT6OW3+HUPeHF087Ve03+3orCckZ+d2DImEOvWdt+pDeGQJJcq+
-o+SzZk9FjFOIiQehuA44OFrvcbag9YAlm1JQYYrRTdZEJz3iSucXCzJH/P5TrB84
-BHvzgCklZzZ0IpEFxzMe8oNS6XfJmilh6I98YOMCgYBybOy7xUGeLW1D3p2LENen
-t0dOyObyeFYF0lpwTpulphZgglz8wWCjvttqw/5nVCy+LNa09RyhYjPoHbSC13zW
-MofKdqoqRMq3DqAjAn/XHqwuqc8rdnRZ/q9vOigC7NWTJRRKbFbPEps8xRrOqxfr
-OiimVFul02ito6xP8yAStQKBgQDHbPdPup/h9wzx9U7p3Ct1vt/3cJddK+i1YeIP
-iBYYVebjzXSYCDd4u3MdZxmTKYey6dnyy/ibUmgXVassPWzHBXEpSFflIaf3nY7b
-x9LgX82ZuOSFAWJRRYyPXLwTBtW3WTplU2cUZotyaVfKBMfd3TToq9e7E/KQk9Eg
-Tcdp/QKBgCyKD1gGU/H1bsQOuWHuFR1v7v82V1DLVjyn5kllej0tlfTLO/5uUsEE
-SIjGHfTHxgpww9HN9BPyy8xdQMAc6p7UyvJAIyhg679AQBrMLLvhE5niaGu4jQOa
-ZVY6nZUQNCwgxJwnUkFnOyXDYjzjyxZOCAWPxghYbS+IEl1GzhZU
------END RSA PRIVATE KEY-----

test/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXgv4d3A9dEcLYD5/JG/UVOxET84+XRnQqcSKDMgh0DrkLNPKXebcBM0UjWj8h6ztFbquyv1Qe4su581WDU3AgF2ezyw8TilJlKN90+fOeJ8gizvLAv++fYPckSGkDwQ5qxLLRz7P7pfbd6+wsHcPzXLsgKwFzXpDXjtZnoP5AxQ/4DhvCWYRzLSECg/H+Oec+VENU4rVmcG+4BocGRwGH6wDbvYGEHoq/XcwG7TBy0OMrDnBw2aBVZvMEG0rUvwFlUwMqYpZnY8o/gaSSmcC+QPT7ix0BF7Xjx9pXwceKAAoo03u+36eOzqce5LiSwkvUT1woYd0Em50lzenbiIjt girish@beast

test/package.json

@@ -8,17 +8,11 @@
   },
   "author": "",
   "license": "ISC",
-  "devDependencies": {
-    "ejs": "^2.3.4",
-    "expect.js": "^0.3.1",
-    "mkdirp": "^0.5.1",
-    "mocha": "^2.3.4",
-    "rimraf": "^2.4.4",
-    "superagent": "^1.4.0"
-  },
   "dependencies": {
-    "selenium-server-standalone-jar": "^3.3.1",
-    "selenium-webdriver": "^3.3.0",
-    "superagent": "^1.8.5"
+    "chromedriver": "^135.0.0",
+    "expect.js": "^0.3.1",
+    "mocha": "^11.1.0",
+    "selenium-webdriver": "^4.31.0",
+    "superagent": "^10.2.0"
   }
 }

test/test.js

@@ -1,299 +1,298 @@
 #!/usr/bin/env node
 
-/* jslint node:true */
-/* global it:false */
-/* global xit:false */
-/* global describe:false */
-/* global before:false */
-/* global after:false */
+/* jshint esversion: 8 */
+/* global it, xit, describe, before, after, afterEach */
 
 'use strict';
 
-var execSync = require('child_process').execSync,
-    ejs = require('ejs'),
+require('chromedriver');
+
+const execSync = require('child_process').execSync,
     expect = require('expect.js'),
     fs = require('fs'),
-    mkdirp = require('mkdirp'),
     path = require('path'),
-    rimraf = require('rimraf'),
     superagent = require('superagent'),
-    webdriver = require('selenium-webdriver');
+    { Builder, By, until } = require('selenium-webdriver'),
+    { Options } = require('selenium-webdriver/chrome');
 
-var by = require('selenium-webdriver').By,
-    until = require('selenium-webdriver').until,
-    Builder = require('selenium-webdriver').Builder;
-
-process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+if (!process.env.USERNAME || !process.env.PASSWORD || !process.env.EMAIL) {
+    console.log('USERNAME, PASSWORD and EMAIL env vars need to be set');
+    process.exit(1);
+}
 
 describe('Application life cycle test', function () {
     this.timeout(0);
-    var server, browser = new Builder().forBrowser('chrome').build();
-    var LOCATION = 'test';
-    var repodir = '/tmp/testrepo';
-    var app, reponame = 'testrepo';
-    var username = process.env.USERNAME;
-    var password = process.env.PASSWORD;
-    var TIMEOUT = process.env.TIMEOUT || 5000;
-    var email, token;
 
-    before(function (done) {
-        if (!process.env.USERNAME) return done(new Error('USERNAME env var not set'));
-        if (!process.env.PASSWORD) return done(new Error('PASSWORD env var not set'));
+    const TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
+    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
+    const LOCATION = process.env.LOCATION || 'test';
+    const SSH_PORT = 29420;
 
-        var seleniumJar= require('selenium-server-standalone-jar');
-        var SeleniumServer = require('selenium-webdriver/remote').SeleniumServer;
-        server = new SeleniumServer(seleniumJar.path, { port: 4444 });
-        server.start();
+    let app, browser;
 
-        done();
+    const repodir = '/tmp/testrepo';
+    const reponame = 'testrepo';
+
+    const username = process.env.USERNAME;
+    const password = process.env.PASSWORD;
+
+    before(function () {
+        const chromeOptions = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.CI) chromeOptions.addArguments('no-sandbox', 'disable-dev-shm-usage', 'headless');
+        browser = new Builder().forBrowser('chrome').setChromeOptions(chromeOptions).build();
+        if (!fs.existsSync('./screenshots')) fs.mkdirSync('./screenshots');
     });
 
-    after(function (done) {
+    after(function () {
         browser.quit();
-        server.stop();
-        rimraf.sync(repodir);
-        done();
+        fs.rmSync(repodir, { recursive: true, force: true });
     });
 
-    function waitForUrl(url, done) {
-        browser.wait(function () {
-            return browser.getCurrentUrl().then(function (currentUrl) {
-                return currentUrl === url;
-            });
-        }, TIMEOUT).then(function () { done(); });
-    }
+    afterEach(async function () {
+        if (!process.env.CI || !app) return;
 
-    function setAvatar(done) {
-        browser.get('https://' + app.fqdn + '/user/settings/avatar');
+        const currentUrl = await browser.getCurrentUrl();
+        if (!currentUrl.includes(app.domain)) return;
+        expect(this.currentTest.title).to.be.a('string');
 
-        browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png')).then(function () {
-            browser.findElement(by.xpath('//button[contains(text(), "Update Avatar Setting")]')).click();
-
-            browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"updated successfully")]')), TIMEOUT).then(function () { done(); });
-        });
-    }
-
-    function checkAvatar(done) {
-        superagent.get('https://' + app.fqdn + '/avatars/a3e6f3316fc1738e29d621e6a26e93d3').end(function (error, result) {
-            expect(error).to.be(null);
-            expect(result.statusCode).to.be(200);
-            done();
-        });
-    }
-
-    function editFile(done) {
-        browser.get('https://' + app.fqdn + '/' + username + '/' + reponame + '/_edit/master/newfile');
-
-        var cm = browser.findElement(by.xpath('//div[contains(@class,"CodeMirror")]'));
-        var text = 'yo';
-        browser.executeScript('arguments[0].CodeMirror.setValue("' + text + '");', cm).then(function () {
-            browser.findElement(by.xpath('//input[@name="commit_summary"]')).sendKeys('Dummy edit');
-            browser.findElement(by.xpath('//button[contains(text(), "Commit Changes")]')).click();
-
-            waitForUrl('https://' + app.fqdn + '/' + username + '/' + reponame + '/src/master/newfile', done);
-        });
-    }
-
-    xit('build app', function () {
-        execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        const screenshotData = await browser.takeScreenshot();
+        fs.writeFileSync(`./screenshots/${new Date().getTime()}-${this.currentTest.title.replaceAll(' ', '_')}.png`, screenshotData, 'base64');
     });
 
-    it('can login', function (done) {
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-
-        superagent.post('https://' + inspect.apiEndpoint + '/api/v1/developer/login').send({
-            username: username,
-            password: password
-        }).end(function (error, result) {
-            if (error) return done(error);
-            if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
-
-            token = result.body.token;
-
-            superagent.get('https://' + inspect.apiEndpoint + '/api/v1/profile')
-                .query({ access_token: token }).end(function (error, result) {
-                if (error) return done(error);
-                if (result.statusCode !== 200) return done(new Error('Get profile failed with status ' + result.statusCode));
-
-                email = result.body.email;
-                done();
-            });
-        });
-    });
-
-
-    it('install app', function () {
-        execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-
-    it('can get app information', function () {
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-
+    function getAppInfo() {
+        const inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
         expect(app).to.be.an('object');
-    });
+    }
 
-    it('can get the main page', function (done) {
-        superagent.get('https://' + app.fqdn).end(function (error, result) {
-            expect(error).to.be(null);
-            expect(result.status).to.eql(200);
+    async function waitForElement(elem) {
+        await browser.wait(until.elementLocated(elem), TIMEOUT);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TIMEOUT);
+    }
 
-            done();
-        });
-    });
+    function sleep(millis) {
+        return new Promise(resolve => setTimeout(resolve, millis));
+    }
 
-    it('can login', function (done) {
-        browser.get('https://' + app.fqdn + '/user/login');
-        browser.findElement(by.id('user_name')).sendKeys(username);
-        browser.findElement(by.id('password')).sendKeys(password);
-        browser.findElement(by.tagName('form')).submit();
-        browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT).then(function () { done(); });
-    });
+    async function setAvatar() {
+        await browser.get('https://' + app.fqdn + '/user/settings');
 
-    it('can set avatar', setAvatar);
-    it('can get avatar', checkAvatar);
+        var button = await browser.findElement(By.xpath('//label[contains(text(), "Use Custom Avatar")]'));
+        await browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        await browser.findElement(By.xpath('//label[contains(text(), "Use Custom Avatar")]')).click();
+        await browser.findElement(By.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+        await browser.findElement(By.xpath('//button[contains(text(), "Update Avatar")]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"Your avatar has been updated.")]')), TIMEOUT);
+    }
 
-    it('can add public key', function (done) {
-        browser.get('https://' + app.fqdn + '/user/settings/ssh');
-        var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');
+    async function checkAvatar() {
+        await browser.get(`https://${app.fqdn}/${username}`);
 
-        browser.findElement(by.xpath('//div[text()="Add Key"]')).click();
-        browser.findElement(by.id('ssh-key-title')).sendKeys('testkey');
-        browser.findElement(by.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
-        browser.findElement(by.xpath('//button[contains(text(), "Add Key")]')).click();
-        browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT).then(function () { done(); });
-    });
+        const avatarSrc = await browser.findElement(By.xpath('//div[@id="profile-avatar"]/a/img')).getAttribute('src');
 
-    it('can create repo', function (done) {
-        browser.get('https://' + app.fqdn);
-        browser.findElement(by.linkText('New Repository')).click();
-        browser.wait(until.elementLocated(by.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
-        browser.findElement(by.id('repo_name')).sendKeys(reponame);
-        browser.findElement(by.id('auto-init')).click();
-        browser.findElement(by.xpath('//button[contains(text(), "Create Repository")]')).click();
-        browser.wait(function () {
+        const response = await superagent.get(avatarSrc);
+        expect(response.statusCode).to.equal(200);
+    }
+
+    async function login(username, password) {
+        await browser.get('https://' + app.fqdn + '/user/login');
+
+        await browser.findElement(By.id('user_name')).sendKeys(username);
+        await browser.findElement(By.id('password')).sendKeys(password);
+        await browser.findElement(By.xpath('//form[@action="/user/login"]//button')).click();
+        await browser.wait(until.elementLocated(By.xpath('//img[contains(@class, "avatar")]')), TIMEOUT);
+    }
+
+    async function adminLogin() {
+        await login('root', 'changeme');
+    }
+
+    async function loginOIDC(username, password, alreadyAuthenticated = true) {
+        browser.manage().deleteAllCookies();
+        await browser.get(`https://${app.fqdn}/user/login`);
+        await browser.sleep(2000);
+
+
+        await browser.findElement(By.xpath('//a[contains(@class, "openidConnect") and contains(., "Sign in with cloudron")]')).click();
+        await browser.sleep(2000);
+
+        if (!alreadyAuthenticated) {
+            await waitForElement(By.id('inputUsername'));
+            await browser.findElement(By.id('inputUsername')).sendKeys(username);
+            await browser.findElement(By.id('inputPassword')).sendKeys(password);
+            await browser.sleep(2000);
+            await browser.findElement(By.id('loginSubmitButton')).click();
+            await browser.sleep(2000);
+        }
+
+        await waitForElement(By.xpath('//img[contains(@class, "avatar")]'));
+    }
+
+    async function logout() {
+        await browser.get('https://' + app.fqdn);
+
+        await browser.findElement(By.xpath('//img[contains(@class, "avatar")]')).click();
+        await sleep(2000);
+        await browser.findElement(By.xpath('//a[@data-url="/user/logout"]')).click();
+        await sleep(2000);
+    }
+
+    async function addPublicKey() {
+        const publicKey = fs.readFileSync(__dirname + '/id_ed25519.pub', 'utf8');
+        execSync(`chmod g-rw,o-rw ${__dirname}/id_ed25519`); // ssh will complain about perms later
+
+        await browser.get('https://' + app.fqdn + '/user/settings/keys');
+
+        await browser.wait(until.elementLocated(By.id('add-ssh-button')), TIMEOUT);
+        await browser.findElement(By.id('add-ssh-button')).click();
+        await browser.findElement(By.id('ssh-key-title')).sendKeys('testkey');
+        await browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
+        var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
+        await browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        await browser.findElement(By.xpath('//form//button[contains(text(),"Add Key")]')).click();
+
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
+    }
+
+    async function createRepo() {
+        await browser.get(`https://${app.fqdn}/repo/create`);
+        await browser.wait(until.elementLocated(By.id('repo_name')));
+        await browser.findElement(By.id('repo_name')).sendKeys(reponame);
+        var button = browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]'));
+        await browser.executeScript('arguments[0].scrollIntoView(true)', button);
+        await browser.findElement(By.id('auto-init')).click();
+        await browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]')).click();
+
+        await browser.wait(function () {
             return browser.getCurrentUrl().then(function (url) {
                 return url === 'https://' + app.fqdn + '/' + username + '/' + reponame;
             });
-        }, TIMEOUT).then(function () { done(); });
-    });
+        }, TIMEOUT);
+    }
 
-    it('displays correct clone url', function (done) {
-        browser.get('https://' + app.fqdn + '/' + username + '/' + reponame);
-        browser.findElement(by.id('repo-clone-ssh')).click();
-        browser.findElement(by.id('repo-clone-url')).getAttribute('value').then(function (cloneUrl) {
-            expect(cloneUrl).to.be('ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git');
-            done();
-        });
-    });
-
-    it('can clone the url', function (done) {
+    function cloneRepo() {
+        fs.rmSync(repodir, { recursive: true, force: true });
         var env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
-        done();
-    });
+        execSync(`git clone ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git ${repodir}`, { env: env });
+    }
 
-    it('can add and push a file', function (done) {
-        var env = Object.create(process.env);
+    function pushFile() {
+        const env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('touch newfile && git add newfile && git commit -a -mx && git push ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + ' master',
+        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} main`,
                  { env: env, cwd: repodir });
-        rimraf.sync('/tmp/testrepo');
-        done();
-    });
+        fs.rmSync(repodir, { recursive: true, force: true });
+    }
 
-    it('can edit file', editFile);
-
-    it('can restart app', function (done) {
-        execSync('cloudron restart');
-        done();
-    });
-
-    it('can clone the url', function (done) {
-        var env = Object.create(process.env);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
+    function fileExists() {
         expect(fs.existsSync(repodir + '/newfile')).to.be(true);
-        rimraf.sync(repodir);
-        done();
-    });
+    }
 
-    it('backup app', function () {
-        execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
+    async function sendMail() {
+        await browser.get(`https://${app.fqdn}/-/admin/config`);
+        await browser.sleep(3000);
+        const button = await browser.findElement(By.xpath('//button[contains(., "Send")]'));
+        await browser.executeScript('arguments[0].scrollIntoView(true)', button);
+        await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
+        await browser.findElement(By.xpath('//button[contains(., "Send")]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(., "A testing email has been sent")]')), TIMEOUT);
+    }
 
-    it('restore app', function () {
-        execSync('cloudron restore --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
+    xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
+    it('install app', function () { execSync(`cloudron install --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
 
+    it('can get app information', getAppInfo);
+
+    it('can admin login', adminLogin);
+    it('can send mail', sendMail);
+    it('can logout', logout);
+
+    it('can login', loginOIDC.bind(null, username, password, false));
+    it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
-    it('can clone the url', function (done) {
-        var env = Object.create(process.env);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
-        expect(fs.existsSync(repodir + '/newfile')).to.be(true);
-        rimraf.sync(repodir);
-        done();
-    });
+    it('can add public key', addPublicKey);
 
-    it('move to different location', function () {
-        browser.manage().deleteAllCookies();
-        execSync('cloudron configure --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
-    });
+    it('can create repo', createRepo);
 
-    it('can login', function (done) {
-        browser.get('https://' + app.fqdn + '/user/login');
-        browser.findElement(by.id('user_name')).sendKeys(username);
-        browser.findElement(by.id('password')).sendKeys(password);
-        browser.findElement(by.tagName('form')).submit();
-        browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT).then(function () { done(); });
-    });
+    it('can clone the url', cloneRepo);
 
+    it('can add and push a file', pushFile);
+
+    it('can restart app', function () { execSync('cloudron restart  --app ' + app.id); });
+
+    xit('can login', loginOIDC.bind(null, username, password)); // no need to relogin since session persists
+    it('can clone the url', cloneRepo);
+    it('file exists in repo', fileExists);
+
+    it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
+    it('restore app', function () { execSync('cloudron restore --app ' + app.id, EXEC_ARGS); });
+
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
+    it('can clone the url', cloneRepo);
+    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
 
-    it('displays correct clone url', function (done) {
-        browser.get('https://' + app.fqdn + '/' + username + '/' + reponame);
-        browser.findElement(by.id('repo-clone-ssh')).click();
-        browser.findElement(by.id('repo-clone-url')).getAttribute('value').then(function (cloneUrl) {
-            expect(cloneUrl).to.be('ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git');
-            done();
-        });
+    it('move to different location', async function () {
+        //browser.manage().deleteAllCookies(); // commented because of error "'Network.deleteCookie' wasn't found"
+        // ensure we don't hit NXDOMAIN in the mean time
+        await browser.get('about:blank');
+
+        execSync('cloudron configure --location ' + LOCATION + '2 --app ' + app.id, EXEC_ARGS);
+    });
+    it('can get app information', getAppInfo);
+
+    it('can login', loginOIDC.bind(null, username, password));
+    it('can get avatar', checkAvatar);
+    it('can clone the url', cloneRepo);
+    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
+
+    it('uninstall app', async function () {
+        // ensure we don't hit NXDOMAIN in the mean time
+        await browser.get('about:blank');
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
     });
 
-    it('can clone the url', function (done) {
-        var env = Object.create(process.env);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
-        expect(fs.existsSync(repodir + '/newfile')).to.be(true);
-        rimraf.sync(repodir);
-        done();
+    // No SSO
+    it('install app (no sso)', function () { execSync(`cloudron install --no-sso --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
+
+    it('can get app information', getAppInfo);
+    it('can admin login (no sso)', adminLogin);
+    it('can logout', logout);
+
+    it('uninstall app (no sso)', async function () {
+        await browser.get('about:blank');
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
     });
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
+    // test update
+    it('can install app', function () { execSync(`cloudron install --appstore-id ${app.manifest.id} --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
 
-    // check if the _first_ login via email succeeds
-    it('can login via email', function (done) {
-        execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
+    it('can get app information', getAppInfo);
+    it('can login', loginOIDC.bind(null, username, password));
+    it('can set avatar', setAvatar);
+    it('can get avatar', checkAvatar);
+    it('can add public key', addPublicKey);
+    it('can create repo', createRepo);
+    it('can clone the url', cloneRepo);
+    it('can add and push a file', pushFile);
 
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-        expect(app).to.be.an('object');
+    it('can update', function () { execSync('cloudron update --app ' + app.id, EXEC_ARGS); });
+    it('can get app information', getAppInfo);
 
-        browser.get('https://' + app.fqdn + '/user/login');
-        browser.findElement(by.id('user_name')).sendKeys(email);
-        browser.findElement(by.id('password')).sendKeys(password);
-        browser.findElement(by.tagName('form')).submit();
-        browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT).then(function () {
-            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-            done();
-        });
+    it('can admin login', adminLogin);
+    it('can send mail', sendMail);
+    it('can logout', logout);
+
+    it('can login', loginOIDC.bind(null, username, password));
+    it('can get avatar', checkAvatar);
+    it('can clone the url', cloneRepo);
+    it('file exists in cloned repo', fileExists);
+
+    it('uninstall app', async function () {
+        // ensure we don't hit NXDOMAIN in the mean time
+        await browser.get('about:blank');
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
     });
 });