Bring test deps up to date

Fixes #5

CHANGELOG

@@ -174,3 +174,229 @@
   * Emoji Autocomplete (#3433)
   * Implements generator cli for secrets (#3531)
 
+[1.6.1]
+* Update Gitea to 1.5.1
+* Security
+  * Don't disclose emails of all users when sending out emails (#4784)
+  * Improve URL validation for external wiki and external issues (#4710) (#4740)
+  * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
+* Bugfixes
+  * Fix missing release title in webhook (#4783) (#4800)
+  * Make sure to reset commit count in the cache on mirror syncing (#4770)
+  * Fixed bug where team with admin privelege type doesn't get any unit (#4759)
+  * Fix failure on creating pull request with assignees (#4583) (#4727)
+  * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
+
+[1.7.0]
+* Update base image
+
+[1.7.1]
+* Update Gitea to 1.5.2
+
+[1.7.2]
+* Update Gitea to 1.5.3
+* Security
+  * Fix remote command execution vulnerability in upstream library (#5177) (#5196)
+
+[1.8.0]
+* Update Gitea to 1.6.0
+
+[1.8.1]
+* Update Gitea to 1.6.1
+
+[1.8.2]
+* Update Gitea to 1.6.2
+* SECURITY
+  * Sanitize uploaded file names (#5571) (#5573)
+  * HTMLEncode user added text (#5570) (#5575)
+* BUGFIXES
+  * Fix indexer reindex bug when gitea restart (#5563) (#5564)
+  * Fix bug when a read perm user to edit his issue (#5516) (#5534)
+  * Detect force push failure on deletion of protected branches (#5522) (#5531)
+  * Fix forgot deletion of notification when delete repository (#5506) (#5514)
+  * Fix undeleted content when deleting user (#5429) (#5509)
+  * Fix empty wiki (#5504) (#5508)
+
+[1.8.3]
+* Update Gitea to 1.6.3
+* SECURITY: Prevent DeleteFilePost doing arbitrary deletion (#5631)
+* BUGFIX: Fix wrong text getting saved on editing second comment on an issue (#5608)
+
+[1.8.4]
+* Update Gitea to 1.6.4
+* Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
+* When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
+* Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
+
+[1.9.0]
+* Update Gitea to 1.7.0
+
+[1.9.1]
+* Update Gitea to 1.7.1
+* [Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.7.1)
+* Disable redirect for i18n (#5910) (#5916)
+* Only allow local login if password is non-empty (#5906) (#5908)
+* Fix go-get URL generation (#5905) (#5907)
+* Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
+* Request for public keys only if LDAP attribute is set (#5816) (#5819)
+* Fix delete correct temp directory (#5840) (#5839)
+* Fix an error while adding a dependency via UI (#5862) (#5876)
+* Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
+* When creating new repository fsck option should be enabled (#5817) (#5885)
+* Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
+* Fix bug when read public repo lfs file (#5913) (#5912)
+* Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
+* Fix compare button on upstream repo leading to 404 (#5877) (#5914)
+
+[1.9.2]
+* Update Gitea to 1.7.2
+* Remove all CommitStatus when a repo is deleted (#5940) (#5941)
+* Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
+* Silence console logger in gitea serv (#5887) (#5943)
+* Handle milestone webhook events for issues and PR (#5947) (#5955)
+* Show user who created the repository instead of the organization in action feed (#5948) (#5956)
+* Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
+* Fix bug when deleting a linked account will removed all (#5989) (#5990)
+* Fix empty ssh key importing in ldap (#5984) (#6009)
+* Fix metrics auth token detection (#6006) (#6017)
+* Create repository on organisation by default on its dashboard (#6026) (#6048)
+* Make sure labels are actually returned in API (#6053) (#6059)
+* Switch to more recent build of xgo (#6070) (#6072)
+* In basic auth check for tokens before call UserSignIn (#5725) (#6083)
+
+[1.9.3]
+* Update Gitea to 1.7.3
+* Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
+* Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
+* Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
+* Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
+* Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
+* Fix prohibit login check on authorization (#6106) (#6115)
+* Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
+* Fix deadlock in webhook PullRequest (#6102) (#6104)
+* Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
+* Fix compare button regression (#5929) (#6098)
+* Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
+
+[1.9.4]
+* Update Gitea to 1.7.4
+* Fix potential XSS vulnerability in repository description. (#6306) (#6308)
+* Fix wrong release commit id (#6224) (#6300)
+* Fix panic on empty signed commits (#6292) (#6300)
+* Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
+* Fix displaying dashboard even if required to change password (#6214) (#6215)
+
+[1.9.5]
+* Update Gitea to 1.7.5
+* unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
+* ParsePatch function to work with quoted diff --git strings (#6323) (#6332)
+
+[1.9.6]
+* Update Gitea to 1.7.6
+* Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
+* Allow resend of confirmation email when logged in (#6482) (#6487)
+
+[1.10.0]
+* Update Gitea to 1.8.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.8.0)
+* Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
+* Resolve 2FA bypass on API (#6676) (#6674)
+* Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
+* Expose issue stopwatch toggling via API (#5970)
+* Pull request conflict files detection (#5951)
+* Implement "conversation lock" for issue comments (#5073)
+* Feature: Archive repos (#5009)
+* Allow to set organization visibility (public, internal, private) (#1763)
+* Added URL mapping for Release attachments like on github.com (#1707)
+
+[1.10.1]
+* Update Gitea to 1.8.1
+
+[1.10.2]
+* Update Gitea to 1.8.2
+
+[1.11.0]
+* better custom app.ini integration
+* optional sso support
+
+[1.12.0]
+* Update Gitea to 1.8.3
+* Update manifest to v2
+
+[1.13.0]
+* Update Gitea to 1.9.0
+
+[1.13.1]
+* Update Gitea to 1.9.1
+
+[1.13.2]
+* Make sessions persist restarts
+
+[1.13.3]
+* Update Gitea to 1.9.2
+* Fix wrong sender when send slack webhook (#7918) (#7924)
+* Upload support text/plain; charset=utf8 (#7899)
+* Lfs/lock: round locked_at timestamp to second (#7872) (#7875)
+* Fix non existent milestone with 500 error (#7867) (#7873)
+* SECURITY
+  * Fix No PGP signature on 1.9.1 tag (#7874)
+  * Release built with go 1.12.9 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!msg/golang-announce/oeMaeUnkvVE/a49yvTLqAAAJ
+* ENHANCEMENT
+  * Fix pull creation with empty changes (#7920) (#7926)
+* BUILD
+  * Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)
+
+[1.13.4]
+* Update Gitea to 1.9.3
+* Fix go get from a private repository with Go 1.13 (#8100)
+* Strict name matching for Repository.GetTagID() (#8082)
+* Avoid ambiguity of branch/directory names for the git-diff-tree command (#8070)
+* Add change title notification for issues (#8064)
+* Run CORS handler first for /api routes (#7967) (#8053)
+* Evaluate emojis in commit messages in list view (#8044)
+* Fix failed to synchronize tags to releases for repository (#7990) (#7994)
+* Fix adding default Telegram webhook (#7972) (#7992)
+* Abort synchronization from LDAP source if there is some error (#7965)
+* Fix deformed emoji in commit message (#8071)
+* Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)
+
+[1.13.5]
+* Update Gitea to 1.9.4
+* Highlight issue references (#8101) (#8404)
+* Fix bug when migrating a private repository #7917 (#8403)
+* Change general form binding to gogs form (#8334) (#8402)
+* Fix editor commit to new branch if PR disabled (#8375) (#8401)
+* Fix milestone num_issues (#8221) (#8400)
+* Allow users with explicit read access to give approvals (#8398)
+* Fix commit status in PR #8316 and PR #8321 (#8339)
+* Fix API for edit and delete release attachment (#8290)
+* Fix assets on release webhook (#8283)
+* Fix release API URL generation (#8239)
+* Allow registration when button is hidden (#8238)
+* MS Teams webhook misses commit messages (backport v1.9) (#8225)
+
+[1.13.6]
+* Update Gitea to 1.9.5
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.9.5)
+* Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
+* Fix milestone close timestamp (#8728) (#8731)
+* Fix deadline on update issue or PR via API (#8699)
+* Fix 'New Issue Missing Milestone Comment' (#8678) (#8682)
+* Fix 500 when getting user as unauthenticated user (#8653) (#8662)
+* Use AppSubUrl for more redirections (#8647) (#8652)
+* Add SubURL to redirect path (#8632) (#8634) (#8640)
+* Fix #8582 by handling empty repos (#8587) (#8593)
+* Fix bug on pull requests when transfer head repository (#8571)
+* Add missed close in ServeBlobLFS (#8527) (#8543)
+* Return false if provided branch name is empty for IsBranchExist (#8485) (#8492)
+* Create .ssh dir as necessary (#8369) (#8486) (#8489)
+* Restore functionality for early gits (#7775) (#8476)
+* Add check for empty set when dropping indexes during migration (#8475)
+* Ensure Request Body Readers are closed in LFS server (#8454) (#8459)
+* Ensure that LFS files are relative to the LFS content path (#8455) (#8458)
+* Ignore mentions for users with no access (#8395) (#8484)
+
+[1.14.0]
+* Update Gitea to 1.10.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.10.0)
+

CloudronManifest.json

@@ -4,7 +4,7 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.6.0",
+  "version": "1.14.0",
   "healthCheckPath": "/healthcheck",
   "httpPort": 3000,
   "addons": {
@@ -20,10 +20,11 @@
       "defaultValue": 29418
     }
   },
-  "manifestVersion": 1,
+  "manifestVersion": 2,
   "website": "https://gitea.io",
   "contactEmail": "apps@cloudron.io",
   "icon": "file://logo.png",
+  "optionalSso": true,
   "mediaLinks": [
     "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/1.png",
     "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/2.png",
@@ -34,6 +35,6 @@
   "tags": [ "version control", "git", "code hosting", "development" ],
   "changelog": "file://CHANGELOG",
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "1.10.0",
+  "minBoxVersion": "4.1.4",
   "documentationUrl": "https://cloudron.io/documentation/apps/gitea/"
 }

DESCRIPTION.md

@@ -1,4 +1,4 @@
-This app packages Gitea <upstream>1.5.0</upstream>
+This app packages Gitea <upstream>1.10.0</upstream>
 
 Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.
 

Dockerfile

@@ -1,6 +1,6 @@
-FROM cloudron/base:0.10.0
+FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
 
-ENV VERSION 1.5.0
+ARG VERSION=1.10.0
 
 RUN apt-get update && \
     apt-get install -y openssh-server git && \
@@ -15,7 +15,7 @@ RUN adduser --disabled-login --gecos 'Gitea' git
 RUN passwd -d git
 
 RUN mkdir -p /home/git/gitea
-## TODO: use redis as well
+WORKDIR /home/git
 RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
@@ -31,9 +31,7 @@ RUN ln -s /app/data/gitconfig /home/git/.gitconfig
 
 ADD start.sh /home/git/start.sh
 
-# disable pam authentication for sshd
-RUN sed -e 's/UsePAM yes/UsePAM no/' -e 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config
-RUN echo "UseDNS no" >> /etc/ssh/sshd_config
+COPY sshd_config /etc/ssh/sshd_config
 
 CMD [ "/home/git/start.sh" ]
 

POSTINSTALL.md

@@ -1,12 +1,14 @@
-This app integrates with the Cloudron SSO. Admins on Cloudron automatically
-become admins on Gitea.
+A default admin user has been setup with the following credentials (use the `Local` authentication source when logging in):
 
-If you want to disable Cloudron SSO, do the following:
+```
+username: root
+password: changeme
+```
 
-* Admin Panel -> Authentication -> 'cloudron' -> Uncheck 'This authentication is activated'
-* Admin Panel -> Users -> Change Authentication Source to 'Local' and also give a password
+**Note:** Please change the password and email immediately after installation.
 
-You can edit `/app/data/app.ini` and add any custom configuration. See the 
-[configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet)
-for more information.
+<sso>
+This app integrates with the Cloudron SSO. Cloudron users can login and use Gitea
+using the `Cloudron` authentication source.
+</sso>
 

app.ini.template

@@ -95,3 +95,11 @@ PATH =
 [indexer]
 ; this setting is protected and can't be modified
 ISSUE_INDEXER_PATH = /app/data/appdata/indexers/issues.bleve
+
+[session]
+PROVIDER = file
+PROVIDER_CONFIG = /run/gitea/sessions
+COOKIE_SECURE = true
+COOKIE_NAME = cloudron_gitea
+GC_INTERVAL_TIME = 2592000
+

sshd_config

@@ -0,0 +1,79 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 29418
+# Use these options to restrict which interfaces/protocols sshd will bind to
+ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /app/data/sshd/ssh_host_rsa_key
+HostKey /app/data/sshd/ssh_host_dsa_key
+HostKey /app/data/sshd/ssh_host_ecdsa_key
+HostKey /app/data/sshd/ssh_host_ed25519_key
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin prohibit-password
+StrictModes yes
+
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM no
+UseDNS no

start.sh

@@ -2,32 +2,61 @@
 
 set -eu -o pipefail
 
-mkdir -p /run/gitea/tmp/uploads
+mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
 setup_ldap_source() {
     set -eu
 
-    # Wait for gitea to finish db setup, before we insert ldap source in db
-    while ! curl --fail http://localhost:3000/healthcheck; do
-        echo "Waiting for gitea to come up"
-        sleep 1
-    done
+    # Get the existing LDAP source status. This allows the user to disable LDAP
+    # Note that this method is deprecated since this app now supports optionalSso
+    ldap_status=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
+    [[ -z "${ldap_status}" ]] && ldap_status="1"
 
     now=$(date +%s)
 
-    # Get the existing LDAP source status. This allows the user to disable LDAP
-    ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
-    [[ -z "${ldap_status}" ]] && ldap_status="1"
-
-    if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
-        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
-        echo "LDAP Authentication was setup with status ${ldap_status}"
+    if mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" \
+        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${CLOUDRON_LDAP_SERVER}\",\"Port\":${CLOUDRON_LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${CLOUDRON_LDAP_BIND_DN}\",\"BindPassword\":\"${CLOUDRON_LDAP_BIND_PASSWORD}\",\"UserBase\":\"${CLOUDRON_LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
+        echo "==> LDAP Authentication was setup with activation status ${ldap_status}"
     else
-        echo "Failed to setup LDAP authentication"
+        echo "==> Failed to setup LDAP authentication"
         exit 1
     fi
 }
 
+setup_root_user() {
+    set -eu
+
+    if sudo -H -u git /home/git/gitea/gitea admin create-user --name root --password changeme --email test@cloudron.io --admin -c /run/gitea/app.ini; then
+        echo "==> root user added"
+    else
+        echo "==> Failed to add root user"
+        exit 1
+    fi
+}
+
+setup_auth() {
+    set -eu
+
+    # Wait for gitea to finish db setup, before we do any db operations
+    while ! curl --fail http://localhost:3000/healthcheck; do
+        echo "==> Waiting for gitea to come up"
+        sleep 1
+    done
+
+    echo "==> Gitea is up, setting up auth"
+
+    if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
+        setup_ldap_source
+    fi
+
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;")
+    # be careful, not to create root user for existing LDAP based installs
+    if [[ "${user_count}" == "0" ]]; then
+        echo "==> Setting up root user for first run"
+        setup_root_user
+    fi
+}
+
 # SSH_PORT can be unset to disable SSH
 disable_ssh="false"
 if [[ -z "${SSH_PORT:-}" ]]; then
@@ -50,35 +79,28 @@ fi
 chmod 0600 /app/data/sshd/*_key
 chmod 0644 /app/data/sshd/*.pub
 
-sed -e "s/^Port .*/Port ${SSH_PORT}/" \
-    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
-    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
-    /etc/ssh/sshd_config > /run/gitea/sshd_config
+sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config
 
-cp /home/git/app.ini.template "/run/gitea/app.ini"
+if [[ ! -f /app/data/app.ini ]]; then
+    echo -e "; Add customizations here - https://docs.gitea.io/en-us/config-cheat-sheet/" > /app/data/app.ini
 
-# create default user config file
-if ! [ -f /app/data/app.ini ]; then
-    cp /home/git/app.ini.template /app/data/app.ini
-fi
-
-if [ "$(crudini --get /app/data/app.ini security SECRET_KEY)" == "##SECRET_KEY" ]; then
-    echo "Generating new SECRET_KEY"
+    echo "==> Generating new SECRET_KEY"
     crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
 fi
 
 # merge user config file
+cp /home/git/app.ini.template "/run/gitea/app.ini"
 crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
 
 # override important values
 crudini --set "/run/gitea/app.ini" database DB_TYPE mysql
-crudini --set "/run/gitea/app.ini" database HOST "${MYSQL_HOST}:${MYSQL_PORT}"
-crudini --set "/run/gitea/app.ini" database NAME "${MYSQL_DATABASE}"
-crudini --set "/run/gitea/app.ini" database USER "${MYSQL_USERNAME}"
-crudini --set "/run/gitea/app.ini" database PASSWD "${MYSQL_PASSWORD}"
+crudini --set "/run/gitea/app.ini" database HOST "${CLOUDRON_MYSQL_HOST}:${CLOUDRON_MYSQL_PORT}"
+crudini --set "/run/gitea/app.ini" database NAME "${CLOUDRON_MYSQL_DATABASE}"
+crudini --set "/run/gitea/app.ini" database USER "${CLOUDRON_MYSQL_USERNAME}"
+crudini --set "/run/gitea/app.ini" database PASSWD "${CLOUDRON_MYSQL_PASSWORD}"
 crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"
 crudini --set "/run/gitea/app.ini" server PROTOCOL "http"
-crudini --set "/run/gitea/app.ini" server DOMAIN "${APP_DOMAIN}"
+crudini --set "/run/gitea/app.ini" server DOMAIN "${CLOUDRON_APP_DOMAIN}"
 crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"
 crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""
 crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"
@@ -87,21 +109,22 @@ crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
 crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
 crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
 crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
-crudini --set "/run/gitea/app.ini" mailer HOST "${MAIL_SMTP_SERVER}:${MAIL_SMTPS_PORT}"
-crudini --set "/run/gitea/app.ini" mailer USER "${MAIL_SMTP_USERNAME}"
-crudini --set "/run/gitea/app.ini" mailer PASSWD "${MAIL_SMTP_PASSWORD}"
-crudini --set "/run/gitea/app.ini" mailer FROM "${MAIL_FROM}"
+crudini --set "/run/gitea/app.ini" mailer HOST "${CLOUDRON_MAIL_SMTP_SERVER}:${CLOUDRON_MAIL_SMTPS_PORT}"
+crudini --set "/run/gitea/app.ini" mailer USER "${CLOUDRON_MAIL_SMTP_USERNAME}"
+crudini --set "/run/gitea/app.ini" mailer PASSWD "${CLOUDRON_MAIL_SMTP_PASSWORD}"
+crudini --set "/run/gitea/app.ini" mailer FROM "${CLOUDRON_MAIL_FROM}"
 crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
 crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
 crudini --set "/run/gitea/app.ini" log MODE "console"
 crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
 crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
 
+echo "==> Creating dirs and changing permissions"
 mkdir -p /app/data/repository /app/data/ssh /app/data/custom
-
 chown -R git:git /app/data /run/gitea
 
-( setup_ldap_source ) &
+# this expects app.ini to be available
+( setup_auth ) &
 
 exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
 

test/package.json

@@ -8,18 +8,12 @@
   },
   "author": "",
   "license": "ISC",
-  "devDependencies": {
-    "ejs": "^2.3.4",
-    "expect.js": "^0.3.1",
-    "mkdirp": "^0.5.1",
-    "mocha": "^2.3.4",
-    "rimraf": "^2.4.4",
-    "superagent": "^1.4.0"
-  },
   "dependencies": {
-    "chromedriver": "^2.38.2",
-    "selenium-server-standalone-jar": "^3.3.1",
-    "selenium-webdriver": "^3.3.0",
-    "superagent": "^1.8.5"
+    "selenium-webdriver": "^3.6.0",
+    "chromedriver": "^76.0.1",
+    "expect.js": "^0.3.1",
+    "mocha": "^6.2.2",
+    "rimraf": "^3.0.0",
+    "superagent": "^5.1.0"
   }
 }

test/test.js

@@ -9,60 +9,55 @@
 
 'use strict';
 
-require('chromedriver');
-
 var execSync = require('child_process').execSync,
-    ejs = require('ejs'),
     expect = require('expect.js'),
     fs = require('fs'),
-    mkdirp = require('mkdirp'),
     path = require('path'),
     rimraf = require('rimraf'),
     superagent = require('superagent'),
-    webdriver = require('selenium-webdriver');
+    { Builder, By, until } = require('selenium-webdriver'),
+    { Options } = require('selenium-webdriver/chrome');
 
-var by = require('selenium-webdriver').By,
-    until = require('selenium-webdriver').until,
-    Builder = require('selenium-webdriver').Builder;
-
-process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+if (!process.env.USERNAME || !process.env.PASSWORD || !process.env.EMAIL) {
+    console.log('USERNAME, PASSWORD and EMAIL env vars need to be set');
+    process.exit(1);
+}
 
 describe('Application life cycle test', function () {
     this.timeout(0);
-    var server, browser = new Builder().forBrowser('chrome').build();
+
+    var TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
+    var EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
     var LOCATION = 'test';
+    var SSH_PORT = 29420;
+
+    var browser;
+    var app;
+    var token;
+
     var repodir = '/tmp/testrepo';
-    var app, reponame = 'testrepo';
+    var reponame = 'testrepo';
+
     var username = process.env.USERNAME;
     var password = process.env.PASSWORD;
-    var TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
-    var email, token;
+    var email = process.env.EMAIL;
 
-    before(function (done) {
-        if (!process.env.USERNAME) return done(new Error('USERNAME env var not set'));
-        if (!process.env.PASSWORD) return done(new Error('PASSWORD env var not set'));
-
-        var seleniumJar= require('selenium-server-standalone-jar');
-        var SeleniumServer = require('selenium-webdriver/remote').SeleniumServer;
-        server = new SeleniumServer(seleniumJar.path, { port: 4444 });
-        server.start();
-
-        done();
+    before(function () {
+        browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
     });
 
     after(function (done) {
         browser.quit();
-        server.stop();
         rimraf.sync(repodir);
         done();
     });
 
-    function waitForUrl(url, done) {
-        browser.wait(function () {
+    function waitForUrl(url) {
+        return browser.wait(function () {
             return browser.getCurrentUrl().then(function (currentUrl) {
                 return currentUrl === url;
             });
-        }, TIMEOUT).then(function () { done(); });
+        }, TIMEOUT);
     }
 
     function getAppInfo() {
@@ -75,14 +70,14 @@ describe('Application life cycle test', function () {
 
     function setAvatarOld(done) {
         browser.get('https://' + app.fqdn + '/user/settings/avatar').then(function () {
-            return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+            return browser.findElement(By.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
         }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Update Avatar Setting")]')).click();
+            return browser.findElement(By.xpath('//button[contains(text(), "Update Avatar Setting")]')).click();
         }).then(function () {
             if (app.manifest.version === '1.0.3') {
-                return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"updated successfully")]')), TIMEOUT);
+                return browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"updated successfully")]')), TIMEOUT);
             } else {
-                return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"Your avatar setting has been updated.")]')), TIMEOUT);
+                return browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"Your avatar setting has been updated.")]')), TIMEOUT);
             }
         }).then(function () {
             done();
@@ -93,16 +88,16 @@ describe('Application life cycle test', function () {
         if (app.manifest.version === '1.5.4') return setAvatarOld(done);
 
         browser.get('https://' + app.fqdn + '/user/settings').then(function () {
-            var button = browser.findElement(by.xpath('//label[contains(text(), "Use Custom Avatar")]'));
+            var button = browser.findElement(By.xpath('//label[contains(text(), "Use Custom Avatar")]'));
             return browser.executeScript('arguments[0].scrollIntoView(false)', button);
         }).then(function () {
-            return browser.findElement(by.xpath('//label[contains(text(), "Use Custom Avatar")]')).click();
+            return browser.findElement(By.xpath('//label[contains(text(), "Use Custom Avatar")]')).click();
         }).then(function () {
-            return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+            return browser.findElement(By.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
         }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Update Avatar")]')).click();
+            return browser.findElement(By.xpath('//button[contains(text(), "Update Avatar")]')).click();
         }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"Your avatar has been updated.")]')), TIMEOUT);
+            return browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"Your avatar has been updated.")]')), TIMEOUT);
         }).then(function () {
             done();
         });
@@ -119,27 +114,41 @@ return done();
 
     function editFile(done) {
         browser.get('https://' + app.fqdn + '/' + username + '/' + reponame + '/_edit/master/newfile').then(function () {
-            var cm = browser.findElement(by.xpath('//div[contains(@class,"CodeMirror")]'));
+            var cm = browser.findElement(By.xpath('//div[contains(@class,"CodeMirror")]'));
             var text = 'yo';
             return browser.executeScript('arguments[0].CodeMirror.setValue("' + text + '");', cm);
         }).then(function () {
-            return browser.findElement(by.xpath('//input[@name="commit_summary"]')).sendKeys('Dummy edit');
+            return browser.findElement(By.xpath('//input[@name="commit_summary"]')).sendKeys('Dummy edit');
         }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Commit Changes")]')).click();
+            return browser.findElement(By.xpath('//button[contains(text(), "Commit Changes")]')).click();
         }).then(function () {
-            waitForUrl('https://' + app.fqdn + '/' + username + '/' + reponame + '/src/branch/master/newfile', done);
+            return waitForUrl('https://' + app.fqdn + '/' + username + '/' + reponame + '/src/branch/master/newfile');
+        }).then(function () {
+            done();
         });
     }
 
-    function login(done) {
+    function login(username, password, done) {
         browser.get('https://' + app.fqdn + '/user/login').then(function () {
-            return browser.findElement(by.id('user_name')).sendKeys(username);
+            return browser.findElement(By.id('user_name')).sendKeys(username);
         }).then(function () {
-            return browser.findElement(by.id('password')).sendKeys(password);
+            return browser.findElement(By.id('password')).sendKeys(password);
         }).then(function () {
-            return browser.findElement(by.tagName('form')).submit();
+            return browser.findElement(By.tagName('form')).submit();
         }).then(function () {
-            return browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT);
+            return browser.wait(until.elementLocated(By.linkText('Dashboard')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
+    function adminLogin(done) {
+        login('root', 'changeme', done);
+    }
+
+    function logout(done) {
+        browser.get('https://' + app.fqdn + '/user/logout').then(function () {
+            return waitForUrl('https://' + app.fqdn + '/explore/repos');
         }).then(function () {
             done();
         });
@@ -151,21 +160,21 @@ return done();
         const sshPage = 'https://' + app.fqdn + '/user/settings/keys';
 
         browser.get(sshPage).then(function () {
-            return browser.findElement(by.xpath('//div[text()="Add Key"]')).click();
+            return browser.findElement(By.xpath('//div[text()="Add Key"]')).click();
         }).then(function () {
-            return browser.findElement(by.id('ssh-key-title')).sendKeys('testkey');
+            return browser.findElement(By.id('ssh-key-title')).sendKeys('testkey');
         }).then(function () {
-            return browser.findElement(by.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
+            return browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
         }).then(function () {
-            var button = browser.findElement(by.xpath('//button[contains(text(), "Add Key")]'));
+            var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
             return browser.executeScript('arguments[0].scrollIntoView(false)', button);
         }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Add Key")]')).click();
+            return browser.findElement(By.xpath('//button[contains(text(), "Add Key")]')).click();
         }).then(function () {
             if (app.manifest.version === '1.0.3') {
-                return browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT);
+                return browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT);
             } else {
-                return browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
+                return browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
             }
         }).then(function () {
             done();
@@ -176,23 +185,23 @@ return done();
         var getRepoPage;
         if (app.manifest.version === '1.0.3') {
             getRepoPage = browser.get('https://' + app.fqdn).then(function () {
-                return browser.findElement(by.linkText('New Repository')).click();
+                return browser.findElement(By.linkText('New Repository')).click();
             }).then(function () {
-                return browser.wait(until.elementLocated(by.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
+                return browser.wait(until.elementLocated(By.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
             });
         } else {
             getRepoPage = browser.get('https://' + app.fqdn + '/repo/create');
         }
 
         getRepoPage.then(function () {
-            return browser.findElement(by.id('repo_name')).sendKeys(reponame);
+            return browser.findElement(By.id('repo_name')).sendKeys(reponame);
         }).then(function () {
-            var button = browser.findElement(by.xpath('//button[contains(text(), "Create Repository")]'));
+            var button = browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]'));
             return browser.executeScript('arguments[0].scrollIntoView(true)', button);
         }).then(function () {
-            return browser.findElement(by.id('auto-init')).click();
+            return browser.findElement(By.id('auto-init')).click();
         }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Create Repository")]')).click();
+            return browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]')).click();
         }).then(function () {
             browser.wait(function () {
                 return browser.getCurrentUrl().then(function (url) {
@@ -206,11 +215,11 @@ return done();
 
     function checkCloneUrl(done) {
         browser.get('https://' + app.fqdn + '/' + username + '/' + reponame).then(function () {
-            return browser.findElement(by.id('repo-clone-ssh')).click();
+            return browser.findElement(By.id('repo-clone-ssh')).click();
         }).then(function () {
-            return browser.findElement(by.id('repo-clone-url')).getAttribute('value');
+            return browser.findElement(By.id('repo-clone-url')).getAttribute('value');
         }).then(function (cloneUrl) {
-            expect(cloneUrl).to.be('ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git');
+            expect(cloneUrl).to.be(`ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git`);
             done();
         });
     }
@@ -219,14 +228,14 @@ return done();
         rimraf.sync(repodir);
         var env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
+        execSync(`git clone ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git ${repodir}`, { env: env });
         done();
     }
 
     function pushFile(done) {
         var env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('touch newfile && git add newfile && git commit -a -mx && git push ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + ' master',
+        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} master`,
                  { env: env, cwd: repodir });
         rimraf.sync('/tmp/testrepo');
         done();
@@ -234,8 +243,8 @@ return done();
 
     function addCustomFile(done) {
         fs.writeFileSync('/tmp/customfile.txt', 'GOGS TEST', 'utf8');
-        execSync('cloudron exec -- mkdir -p /app/data/custom/public');
-        execSync('cloudron push /tmp/customfile.txt /app/data/custom/public/customfile.txt');
+        execSync(`cloudron exec --app ${app.id} -- mkdir -p /app/data/custom/public`);
+        execSync(`cloudron push --app ${app.id} /tmp/customfile.txt /app/data/custom/public/customfile.txt`);
         fs.unlinkSync('/tmp/customfile.txt');
         done();
     }
@@ -254,28 +263,28 @@ return done();
     }
 
     function sendMail(done) {
-        browser.get('https://' + app.fqdn + '/admin/config').then(function () {
-            var button = browser.findElement(by.xpath('//button[@id="test-mail-btn"]'));
+        browser.get(`https://${app.fqdn}/admin/config`).then(function () {
+            var button = browser.findElement(By.xpath('//button[@id="test-mail-btn"]'));
             return browser.executeScript('arguments[0].scrollIntoView(true)', button);
         }).then(function () {
-            return browser.findElement(by.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
+            return browser.findElement(By.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
         }).then(function () {
-            return browser.findElement(by.xpath('//button[@id="test-mail-btn"]')).click();
+            return browser.findElement(By.xpath('//button[@id="test-mail-btn"]')).click();
         }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"A testing email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
+            return browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"A testing email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
         }).then(function () {
             done();
         });
     }
 
     xit('build app', function () {
-        execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron build', EXEC_ARGS);
     });
 
     it('can login', function (done) {
         var inspect = JSON.parse(execSync('cloudron inspect'));
 
-        superagent.post('https://' + inspect.apiEndpoint + '/api/v1/developer/login').send({
+        superagent.post(`https://${inspect.apiEndpoint}/api/v1/developer/login`).send({
             username: username,
             password: password
         }).end(function (error, result) {
@@ -284,7 +293,7 @@ return done();
 
             token = result.body.accessToken;
 
-            superagent.get('https://' + inspect.apiEndpoint + '/api/v1/profile')
+            superagent.get(`https://${inspect.apiEndpoint}/api/v1/profile`)
                 .query({ access_token: token }).end(function (error, result) {
                 if (error) return done(error);
                 if (result.statusCode !== 200) return done(new Error('Get profile failed with status ' + result.statusCode));
@@ -295,8 +304,8 @@ return done();
         });
     });
 
-    it('install app', function () {
-        execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    xit('install app', function () {
+        execSync(`cloudron install --new --wait --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS);
     });
 
     it('can get app information', getAppInfo);
@@ -309,8 +318,11 @@ return done();
         });
     });
 
-    it('can login', login);
+    it('can admin login', adminLogin);
     it('can send mail', sendMail);
+    it('can logout', logout);
+
+    it('can login', login.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
@@ -333,64 +345,97 @@ return done();
         done();
     });
 
-    it('can login', login);
+    xit('can login', login.bind(null, username, password)); // no need to relogin since session persists
     it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', fileExists);
 
     it('backup app', function () {
-        execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron backup create --app ' + app.id, EXEC_ARGS);
     });
 
     it('restore app', function () {
-        execSync('cloudron restore --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron restore --app ' + app.id, EXEC_ARGS);
     });
 
-    it('can login', login);
+    it('can login', login.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
 
-    it('move to different location', function () {
+    it('move to different location', function (done) {
         //browser.manage().deleteAllCookies(); // commented because of error "'Network.deleteCookie' wasn't found"
-        execSync('cloudron configure --wait --location ' + LOCATION + '2 --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron configure --wait --location ' + LOCATION + '2 --app ' + app.id, EXEC_ARGS);
+            var inspect = JSON.parse(execSync('cloudron inspect'));
+            app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
+            expect(app).to.be.an('object');
+
+            done();
+        });
     });
 
-    it('can login', login);
+    it('can login', login.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+            done();
+        });
     });
 
     // check if the _first_ login via email succeeds
     it('can login via email', function (done) {
-        execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync(`cloudron install --new --wait --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS);
         var inspect = JSON.parse(execSync('cloudron inspect'));
 
         app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
         expect(app).to.be.an('object');
 
-        login(function (error) {
+        login(email, password, function (error) {
             if (error) return done(error);
-            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-            done();
+
+            // ensure we don't hit NXDOMAIN in the mean time
+            browser.get('about:blank').then(function () {
+                execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+                done();
+            });
         });
     });
 
+    // No SSO
+    it('install app (no sso)', function () {
+        execSync(`cloudron install --new --wait --no-sso --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS);
+    });
+
+    it('can get app information', function () {
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+
+        expect(app).to.be.an('object');
+    });
+
+    it('can admin login (no sso)', adminLogin);
+    it('can logout', logout);
+
+    it('uninstall app (no sso)', function () {
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+    });
+
     // test update
     it('can install app', function () {
-        execSync('cloudron install --new --wait --appstore-id ' + app.manifest.id + ' --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync(`cloudron install --new --wait --appstore-id ${app.manifest.id} --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS);
     });
 
     it('can get app information', getAppInfo);
-    it('can login', login);
+    it('can login', login.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
     it('can add public key', addPublicKey);
@@ -399,16 +444,23 @@ return done();
     it('can add and push a file', pushFile);
 
     it('can update', function () {
-        execSync('cloudron install --wait --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron install --wait --app ' + app.id, EXEC_ARGS);
     });
 
-    it('can login', login);
-    it('can send mail', sendMail);
+    xit('can admin login', adminLogin);
+    xit('can send mail', sendMail);
+    xit('can logout', logout);
+
+    it('can login', login.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in cloned repo', fileExists);
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+            done();
+        });
     });
 });