Update package version to 1.35.2

| datasource      | package        | from   | to     |
| --------------- | -------------- | ------ | ------ |
| github-releases | go-gitea/gitea | 1.23.5 | 1.23.6 |

CHANGELOG.md

@@ -1615,3 +1615,134 @@
 * Update Gitea to 1.22.1
 * [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.1)
 
+[1.33.2]
+* Update Gitea to 1.22.2
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.2)
+* Replace v-html with v-text in search inputbox (#31966) (#31973)
+* Fix nuget/conan/container packages upload bugs (#31967) (#31982)
+* Refactor the usage of batch catfile (#31754) (#31889)
+* Fix overflowing content in action run log (#31842) (#31853)
+* Scroll images in project issues separately from the remaining issue (#31683) (#31823)
+* Add :focus-visible style to buttons (#31799) (#31819)
+* Fix the display of project type for deleted projects (#31732) (#31734)
+* Fix API owner ID should be zero when created repo secret (#31715) (#31811)
+* Set owner id to zero when GetRegistrationToken for repo (#31725) (#31729)
+* Fix API endpoint for registration-token (#31722) (#31728)
+* Add permission check when creating PR (#31033) (#31720)
+
+[1.33.3]
+* Update Gitea to 1.22.3
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.3)
+* Fix bug when a token is given public only (#32204) (#32218)
+* Increase cacheContextLifetime to reduce false reports (#32011) (#32023)
+* Don't join repository when loading action table data (#32127) (#32143)
+* Fix javascript error when an anonymous user visits migration page (#32144) (#32179)
+* Don't init signing keys if oauth2 provider is disabled (#32177)
+* Fix wrong status of Set up Job when first step is skipped (#32120) (#32125)
+* Fix bug when deleting a migrated branch (#32075) (#32123)
+* Truncate commit message during Discord webhook push events (#31970) (#32121)
+* Allow to set branch protection in an empty repository (#32095) (#32119)
+* Fix panic when cloning with wrong ssh format. (#32076) (#32118)
+[1.33.4]
+* Update gitea to 1.22.4
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.4)
+* Fix basic auth with webauthn (#32531) (#32536)
+* Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
+
+[1.33.5]
+* Update gitea to 1.22.5
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.5)
+* Upgrade crypto library ([#​32791](https://github.com/go-gitea/gitea/issues/32791))
+* Fix delete branch perm checking ([#​32654](https://github.com/go-gitea/gitea/issues/32654)) ([#​32707](https://github.com/go-gitea/gitea/issues/32707))
+* Add standard-compliant route to serve outdated R packages ([#​32783](https://github.com/go-gitea/gitea/issues/32783)) ([#​32789](https://github.com/go-gitea/gitea/issues/32789))
+* Fix internal server error when updating labels without write permission ([#​32776](https://github.com/go-gitea/gitea/issues/32776)) ([#​32785](https://github.com/go-gitea/gitea/issues/32785))
+* Add Swift login endpoint ([#​32693](https://github.com/go-gitea/gitea/issues/32693)) ([#​32701](https://github.com/go-gitea/gitea/issues/32701))
+* Fix fork page branch selection ([#​32711](https://github.com/go-gitea/gitea/issues/32711)) ([#​32725](https://github.com/go-gitea/gitea/issues/32725))
+* Fix word overflow in file search page ([#​32695](https://github.com/go-gitea/gitea/issues/32695)) ([#​32699](https://github.com/go-gitea/gitea/issues/32699))
+* Fix gogit `GetRefCommitID` ([#​32705](https://github.com/go-gitea/gitea/issues/32705)) ([#​32712](https://github.com/go-gitea/gitea/issues/32712))
+* Fix race condition in mermaid observer ([#​32599](https://github.com/go-gitea/gitea/issues/32599)) ([#​32673](https://github.com/go-gitea/gitea/issues/32673))
+* Fixe a keystring misuse and refactor duplicates keystrings ([#​32668](https://github.com/go-gitea/gitea/issues/32668)) ([#​32792](https://github.com/go-gitea/gitea/issues/32792))
+* Bump relative-time-element to v4.4.4 ([#​32739](https://github.com/go-gitea/gitea/issues/32739))
+* Make wiki pages visit fast ([#​32732](https://github.com/go-gitea/gitea/issues/32732)) ([#​32745](https://github.com/go-gitea/gitea/issues/32745))
+* Don't create action when syncing mirror pull refs ([#​32659](https://github.com/go-gitea/gitea/issues/32659)) ([#​32664](https://github.com/go-gitea/gitea/issues/32664))
+
+[1.33.6]
+* Update gitea to 1.22.6
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.22.6)
+* Fix misuse of PublicKeyCallback([#​32810](https://github.com/go-gitea/gitea/issues/32810))
+* Fix lfs migration ([#​32812](https://github.com/go-gitea/gitea/issues/32812)) ([#​32818](https://github.com/go-gitea/gitea/issues/32818))
+* Add missing two sync feed for refs/pull ([#​32815](https://github.com/go-gitea/gitea/issues/32815))
+* Avoid MacOS keychain dialog in integration tests ([#​32813](https://github.com/go-gitea/gitea/issues/32813)) ([#​32816](https://github.com/go-gitea/gitea/issues/32816))
+
+[1.34.0]
+* Update gitea to 1.23.0
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.0)
+* Rename config option `[camo].Allways` to `[camo].Always` ([#​32097](https://github.com/go-gitea/gitea/issues/32097))
+* Remove SHA1 for support for SSH RSA signing ([#​31857](https://github.com/go-gitea/gitea/issues/31857))
+* Use UTC as the default timezone when scheduling Actions cron tasks ([#​31742](https://github.com/go-gitea/gitea/issues/31742))
+* Delete Actions logs older than 1 year by default ([#​31735](https://github.com/go-gitea/gitea/issues/31735))
+* Make OIDC introspection authentication strictly require Client ID and secret ([#​31632](https://github.com/go-gitea/gitea/issues/31632))
+* Include file extension checks in attachment API ([#​32151](https://github.com/go-gitea/gitea/issues/32151))
+
+[1.34.1]
+* Update gitea to 1.23.1
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.1)
+* Move repo size to sidebar ([#​33155](https://github.com/go-gitea/gitea/issues/33155))
+* Fix editor markdown not incrementing in a numbered list ([#​33187](https://github.com/go-gitea/gitea/issues/33187)) [#​33193](https://github.com/go-gitea/gitea/issues/33193)
+
+[1.34.2]
+* Update gitea to 1.23.3
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.3)
+* Build Gitea with Golang v1.23.6 to fix security bugs
+* Fix a bug caused by status webhook template #33512
+
+[1.34.3]
+* Update gitea to 1.23.4
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.4)
+* Enhance routers for the Actions variable operations (#33547) (#33553)
+* Enhance routers for the Actions runner operations (#33549) (#33555)
+* Fix project issues list and counting (#33594) #33619
+* Add a transaction to pickTask (#33543) (#33563)
+* Fix mirror bug (#33597) (#33607)
+* Use default Git timeout when checking repo health (#33593) (#33598)
+* Fix PR's target branch dropdown (#33589) (#33591)
+* Fix various problems (artifact order, api empty slice, assignee check, fuzzy prompt, mirror proxy, adopt git) (#33569) (#33577)
+* Rework suggestion backend (#33538) (#33546)
+* Fix context usage (#33554) (#33557)
+
+[1.34.4]
+* Update gitea to 1.23.5
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.5)
+* Compile with Go 1.24.1
+* Bump x/oauth2 & x/crypto (#33704) (#33727)
+* Optimize user dashboard loading (#33686) (#33708)
+* Fix navbar dropdown item align (#33782)
+* Fix inconsistent closed issue list icon (#33722) (#33728)
+* Fix for Maven Package Naming Convention Handling (#33678) (#33679)
+* Improve Open-with URL encoding (#33666) (#33680)
+* Deleting repository should unlink all related packages (#33653) (#33673)
+* Fix omitempty bug (#33663) (#33670)
+* Upgrade go-crypto from 1.1.4 to 1.1.6 (#33745) (#33754)
+* Fix OCI image.version annotation for releases to use full semver (#33698) (#33701)
+* Try to fix ACME path when renew (#33668) (#33693)
+* Fix mCaptcha bug (#33659) (#33661)
+* Git graph: don't show detached commits (#33645) (#33650)
+
+[1.35.0]
+* Base image 5
+
+[1.35.1]
+* Fix hard coded mysql hostname
+
+[1.35.2]
+* Update gitea to 1.23.6
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.6)
+* Fix LFS URL (#33840) (#33843)
+* Update jwt and redis packages (#33984) (#33987)
+* Update golang crypto and net (#33989)
+* Drop timeout for requests made to the internal hook api (#33947) (#33970)
+* Fix maven panic when no package exists (#33888) (#33889)
+* Fix markdown render (#33870) (#33875)
+* Fix auto concurrency cancellation skips commit status updates (#33764) (#33849)
+* Fix oauth2 auth (#33961) (#33962)
+

CloudronManifest.json

@@ -4,16 +4,20 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.33.1",
-  "upstreamVersion": "1.22.1",
+  "version": "1.35.2",
+  "upstreamVersion": "1.23.6",
   "healthCheckPath": "/explore",
   "httpPort": 3000,
   "memoryLimit": 536870912,
   "addons": {
-    "mysql": { },
-    "sendmail": { "supportsDisplayName": true },
-    "localstorage": { },
-    "oidc": { "loginRedirectUri": "/user/oauth2/cloudron/callback" }
+    "mysql": {},
+    "sendmail": {
+      "supportsDisplayName": true
+    },
+    "localstorage": {},
+    "oidc": {
+      "loginRedirectUri": "/user/oauth2/cloudron/callback"
+    }
   },
   "tcpPorts": {
     "SSH_PORT": {
@@ -34,10 +38,23 @@
     "https://screenshots.cloudron.io/io.gitea.cloudronapp/4.png",
     "https://screenshots.cloudron.io/io.gitea.cloudronapp/5.png"
   ],
-  "tags": [ "version control", "git", "code hosting", "development", "github", "bitbucket", "gitlab" ],
+  "tags": [
+    "version control",
+    "git",
+    "code hosting",
+    "development",
+    "github",
+    "bitbucket",
+    "gitlab"
+  ],
   "changelog": "file://CHANGELOG.md",
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "7.5.1",
+  "checklist": {
+    "change-default-password": {
+      "message": "Change the default admin password"
+    }
+  },
+  "minBoxVersion": "8.1.0",
   "forumUrl": "https://forum.cloudron.io/category/19/gitea",
   "documentationUrl": "https://docs.cloudron.io/apps/gitea/"
 }

Dockerfile

@@ -1,27 +1,27 @@
-FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
+FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
 
 RUN apt-get update && \
-    apt-get install -y openssh-server git asciidoctor pandoc && \
+    apt-get install -y openssh-server git asciidoctor pandoc pipx && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
-RUN pip3 install jupyter
+
+# pipx --global does not work, not sure why
+RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install jupyter docutils --include-deps
 
 ADD supervisor/ /etc/supervisor/conf.d/
 
-RUN adduser --disabled-login --gecos 'Gitea' git
-# by default, git account is created as inactive which prevents login via openssh
-# https://github.com/gitlabhq/gitlabhq/issues/5304
-RUN passwd -d git
-
-RUN mkdir -p /home/git/gitea
+RUN useradd --comment "Gogs" --create-home --shell /bin/bash git
+RUN passwd -d git # by default, git account is created as inactive which prevents login via openssh. this disables password for account
 WORKDIR /home/git
 
 # for autosign feature
 ENV GNUPGHOME="/app/data/gnupg"
 
-ARG VERSION=1.22.1
+# renovate: datasource=github-releases depName=go-gitea/gitea versioning=semver extractVersion=^v(?<version>.+)$
+ARG GITEA_VERSION=1.23.6
 
-RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+RUN mkdir -p /home/git/gitea && \
+    curl -L https://github.com/go-gitea/gitea/releases/download/v${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
 # setup config paths

POSTINSTALL.md

@@ -3,8 +3,6 @@ This app is pre-setup with an admin account. The initial credentials are:
 **Username**: root<br/>
 **Password**: changeme<br/>
 
-Please change the admin password immediately.
-
 <sso>
 Use the `Local` authentication source for logging in as admin.
 </sso>

renovate.json5

@@ -0,0 +1,4 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["local>devops/renovator//default.renovate.json5"]
+}

sshd_config

@@ -1,80 +1,37 @@
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-
-# What ports, IPs and protocols we listen for
 Port 29418
-# Use these options to restrict which interfaces/protocols sshd will bind to
+
+AddressFamily any
 ListenAddress 0.0.0.0
 ListenAddress ::
-Protocol 2
-# HostKeys for protocol version 2
+
 HostKey /app/data/sshd/ssh_host_rsa_key
-HostKey /app/data/sshd/ssh_host_dsa_key
 HostKey /app/data/sshd/ssh_host_ecdsa_key
 HostKey /app/data/sshd/ssh_host_ed25519_key
 
-# Logging
-SyslogFacility AUTH
 LogLevel INFO
 
-# Authentication:
-LoginGraceTime 120
-PermitRootLogin prohibit-password
-StrictModes yes
-
-PubkeyAuthentication yes
-#AuthorizedKeysFile	%h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-
-# To enable empty passwords, change to yes (NOT RECOMMENDED)
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Change to no to disable tunnelled clear text passwords
-#PasswordAuthentication yes
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-X11Forwarding yes
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM no
+# no reverse DNS lookup
 UseDNS no
+UsePAM no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog no
+
+LoginGraceTime 120
+StrictModes yes
+PubkeyAuthentication yes
+PermitUserEnvironment yes
+PermitRootLogin no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PermitEmptyPasswords no
+HostbasedAuthentication no
+
+AllowUsers git
+
+Banner none
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AcceptEnv GIT_PROTOCOL LANG LC_*
+

start.sh

@@ -4,13 +4,14 @@ set -eu -o pipefail
 
 mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
+# CLOUDRON_OIDC_PROVIDER_NAME not supported as it will be used in rest route!
 setup_oidc_source() {
     set -eu
 
     echo "==> Setup OIDC source"
 
     now=$(date +%s)
-    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -e \
         "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
 }
 
@@ -40,7 +41,7 @@ setup_auth() {
         setup_oidc_source
     fi
 
-    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
     # be careful, not to create root user for existing LDAP based installs
     if [[ "${user_count}" == "0" ]]; then
         echo "==> Setting up root user for first run"

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^126.0.4",
+    "chromedriver": "^134.0.5",
     "expect.js": "^0.3.1",
-    "mocha": "^10.6.0",
-    "selenium-webdriver": "^4.22.0",
-    "superagent": "^9.0.2"
+    "mocha": "^11.1.0",
+    "selenium-webdriver": "^4.30.0",
+    "superagent": "^10.2.0"
   }
 }

test/test.js

@@ -1,11 +1,7 @@
 #!/usr/bin/env node
 
 /* jshint esversion: 8 */
-/* global it:false */
-/* global xit:false */
-/* global describe:false */
-/* global before:false */
-/* global after:false */
+/* global it, xit, describe, before, after, afterEach */
 
 'use strict';
 
@@ -29,21 +25,22 @@ describe('Application life cycle test', function () {
 
     const TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
     const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
-    const LOCATION = 'test';
+    const LOCATION = process.env.LOCATION || 'test';
     const SSH_PORT = 29420;
 
     let app, browser;
-    var athenticated_by_oidc = false;
 
     const repodir = '/tmp/testrepo';
     const reponame = 'testrepo';
 
     const username = process.env.USERNAME;
     const password = process.env.PASSWORD;
-    const email = process.env.EMAIL;
 
     before(function () {
-        browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
+        const chromeOptions = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.CI) chromeOptions.addArguments('no-sandbox', 'disable-dev-shm-usage', 'headless');
+        browser = new Builder().forBrowser('chrome').setChromeOptions(chromeOptions).build();
+        if (!fs.existsSync('./screenshots')) fs.mkdirSync('./screenshots');
     });
 
     after(function () {
@@ -51,8 +48,19 @@ describe('Application life cycle test', function () {
         fs.rmSync(repodir, { recursive: true, force: true });
     });
 
+    afterEach(async function () {
+        if (!process.env.CI || !app) return;
+
+        const currentUrl = await browser.getCurrentUrl();
+        if (!currentUrl.includes(app.domain)) return;
+        expect(this.currentTest.title).to.be.a('string');
+
+        const screenshotData = await browser.takeScreenshot();
+        fs.writeFileSync(`./screenshots/${new Date().getTime()}-${this.currentTest.title.replaceAll(' ', '_')}.png`, screenshotData, 'base64');
+    });
+
     function getAppInfo() {
-        var inspect = JSON.parse(execSync('cloudron inspect'));
+        const inspect = JSON.parse(execSync('cloudron inspect'));
         app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
         expect(app).to.be.an('object');
     }
@@ -99,7 +107,7 @@ describe('Application life cycle test', function () {
         await login('root', 'changeme');
     }
 
-    async function loginOIDC(username, password) {
+    async function loginOIDC(username, password, alreadyAuthenticated = true) {
         browser.manage().deleteAllCookies();
         await browser.get(`https://${app.fqdn}/user/login`);
         await browser.sleep(2000);
@@ -108,15 +116,13 @@ describe('Application life cycle test', function () {
         await browser.findElement(By.xpath('//a[contains(@class, "openidConnect") and contains(., "Sign in with cloudron")]')).click();
         await browser.sleep(2000);
 
-        if (!athenticated_by_oidc) {
-            await waitForElement(By.xpath('//input[@name="username"]'));
-            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
-            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
+        if (!alreadyAuthenticated) {
+            await waitForElement(By.id('inputUsername'));
+            await browser.findElement(By.id('inputUsername')).sendKeys(username);
+            await browser.findElement(By.id('inputPassword')).sendKeys(password);
             await browser.sleep(2000);
             await browser.findElement(By.id('loginSubmitButton')).click();
             await browser.sleep(2000);
-
-            athenticated_by_oidc = true;
         }
 
         await waitForElement(By.xpath('//img[contains(@class, "avatar")]'));
@@ -132,7 +138,8 @@ describe('Application life cycle test', function () {
     }
 
     async function addPublicKey() {
-        var publicKey = fs.readFileSync(__dirname + '/id_ed25519.pub', 'utf8');
+        const publicKey = fs.readFileSync(__dirname + '/id_ed25519.pub', 'utf8');
+        execSync(`chmod g-rw,o-rw ${__dirname}/id_ed25519`); // ssh will complain about perms later
 
         await browser.get('https://' + app.fqdn + '/user/settings/keys');
 
@@ -147,25 +154,9 @@ describe('Application life cycle test', function () {
         await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
     }
 
-    async function addPublicKeyOld() {
-        var publicKey = fs.readFileSync(__dirname + '/id_ed25519.pub', 'utf8');
-
-        await browser.get('https://' + app.fqdn + '/user/settings/keys');
-
-        await browser.wait(until.elementLocated(By.id('add-ssh-button')), TIMEOUT);
-        await browser.findElement(By.id('add-ssh-button')).click();
-        await browser.findElement(By.id('ssh-key-title')).sendKeys('testkey');
-        await browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
-        var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
-        await browser.executeScript('arguments[0].scrollIntoView(false)', button);
-        await browser.findElement(By.xpath('//button[contains(text(), "Add Key") and contains(@class, "green")]')).click();
-
-        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
-    }
-
     async function createRepo() {
-        var getRepoPage = await browser.get('https://' + app.fqdn + '/repo/create');
-
+        await browser.get(`https://${app.fqdn}/repo/create`);
+        await browser.wait(until.elementLocated(By.id('repo_name')));
         await browser.findElement(By.id('repo_name')).sendKeys(reponame);
         var button = browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]'));
         await browser.executeScript('arguments[0].scrollIntoView(true)', button);
@@ -179,14 +170,6 @@ describe('Application life cycle test', function () {
         }, TIMEOUT);
     }
 
-    async function checkCloneUrl() {
-        await browser.get('https://' + app.fqdn + '/' + username + '/' + reponame);
-        await browser.findElement(By.id('repo-clone-ssh')).click();
-
-        var cloneUrl = await browser.findElement(By.id('repo-clone-url')).getAttribute('value');
-        expect(cloneUrl).to.be(`ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git`);
-    }
-
     function cloneRepo() {
         fs.rmSync(repodir, { recursive: true, force: true });
         var env = Object.create(process.env);
@@ -207,13 +190,13 @@ describe('Application life cycle test', function () {
     }
 
     async function sendMail() {
-        await browser.get(`https://${app.fqdn}/admin/config`);
-
-        var button = await browser.findElement(By.xpath('//button[contains(text(), "Send")]'));
+        await browser.get(`https://${app.fqdn}/-/admin/config`);
+        await browser.sleep(3000);
+        const button = await browser.findElement(By.xpath('//button[contains(., "Send")]'));
         await browser.executeScript('arguments[0].scrollIntoView(true)', button);
         await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
-        await browser.findElement(By.xpath('//button[contains(text(), "Send")]')).click();
-        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "A testing email has been sent")]')), TIMEOUT);
+        await browser.findElement(By.xpath('//button[contains(., "Send")]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(., "A testing email has been sent")]')), TIMEOUT);
     }
 
     xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
@@ -225,7 +208,7 @@ describe('Application life cycle test', function () {
     it('can send mail', sendMail);
     it('can logout', logout);
 
-    it('can login', loginOIDC.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password, false));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
@@ -233,8 +216,6 @@ describe('Application life cycle test', function () {
 
     it('can create repo', createRepo);
 
-    it('displays correct clone url', checkCloneUrl);
-
     it('can clone the url', cloneRepo);
 
     it('can add and push a file', pushFile);
@@ -242,7 +223,6 @@ describe('Application life cycle test', function () {
     it('can restart app', function () { execSync('cloudron restart  --app ' + app.id); });
 
     xit('can login', loginOIDC.bind(null, username, password)); // no need to relogin since session persists
-    it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', fileExists);
 
@@ -265,7 +245,6 @@ describe('Application life cycle test', function () {
 
     it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
-    it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });