Bump version

we generate a dynamic password because users might forget to change the admin password (with the oidc login being so click friendly)

CloudronManifest.json

@@ -5,23 +5,35 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG",
   "tagline": "Distributed object storage",
-  "version": "1.135.0",
+  "version": "3.13.38",
+  "upstreamVersion": "RELEASE.2024-09-09T16-59-28Z",
   "healthCheckPath": "/minio/login",
+  "memoryLimit": 2147483648,
   "httpPort": 8000,
-  "addons": {
-    "localstorage": {}
+  "httpPorts": {
+    "API_SERVER_DOMAIN": {
+      "title": "API Server Domain",
+      "description": "The domain name for MinIO (S3) API requests",
+      "containerPort": 9000,
+      "defaultValue": "minio-api"
+    }
   },
+  "addons": {
+    "localstorage": {},
+    "oidc": { "loginRedirectUri": "/oauth_callback" }
+  },
+  "optionalSso": true,
   "manifestVersion": 2,
   "website": "http://www.minio.io",
-  "minBoxVersion": "5.3.0",
+  "minBoxVersion": "7.1.2",
   "forumUrl": "https://forum.cloudron.io/category/69/minio",
-  "documentationUrl": "https://cloudron.io/documentation/apps/minio/",
+  "documentationUrl": "https://docs.cloudron.io/apps/minio/",
   "contactEmail": "support@cloudron.io",
   "icon": "logo.png",
   "tags": [ "storage", "hosting", "s3", "objectstore" ],
   "mediaLinks": [
-    "https://screenshots.cloudron.io/io.minio.cloudronapp/minio-browser-gateway.png",
-    "https://screenshots.cloudron.io/io.minio.cloudronapp/minio-browser.png"
+    "https://screenshots.cloudron.io/io.minio.cloudronapp/pic1.png",
+    "https://screenshots.cloudron.io/io.minio.cloudronapp/pic2.png"
   ],
   "postInstallMessage": "file://POSTINSTALL.md"
 }

DESCRIPTION.md

@@ -1,29 +1,29 @@
-This app packages Minio <upstream>2020-09-08T23-05-18Z</upstream>.
+## About
 
 Minio is a distributed object storage server built for cloud applications and devops.
 
-### Features
+## Features
 
-#### Amazon S3 Compatible
+### Amazon S3 Compatible
 
 Minio implements Amazon S3 v4 APIs. Minio also includes client SDKs and a console utility.
 
-#### Minimalist Design
+### Minimalist Design
 
 Minio is deeply influenced by minimalism. We believe that only simple things scale.
 
-#### Apache License 2.0
+### Apache License 2.0
 
 Minio is free software, released under Apache license v2.0. Minio has an active developer and user community.
 
-#### Lambda Functions
+### Lambda Functions
 
 Minio triggers Lambda functions through event notification service. In addition Minio also supports simple queueing service for AMQP, Elasticsearch, Redis, NATS and Postgres targets.
 
-#### Erasure Code & Bitrot Protection
+### Erasure Code & Bitrot Protection
 
 Minio protects data against hardware failures and silent data corruption using erasure code and checksums. You may lose half the number of drives and still recover from it.
 
-#### Written in Go
+### Written in Go
 
 Go is an emerging language of choice for modern cloud infrastructure projects. Go language enables Minio to be highly concurrent and lightweight.

Dockerfile

@@ -1,14 +1,16 @@
-FROM cloudron/base:2.0.0@sha256:f9fea80513aa7c92fe2e7bf3978b54c8ac5222f47a9a32a7f8833edf0eb5a4f4
-
-ARG VERSION=RELEASE.2020-09-08T23-05-18Z
-
-RUN mkdir -p /app/code \
-    && wget https://dl.min.io/server/minio/release/linux-amd64/minio.${VERSION} -O /app/code/minio \
-    && chmod +x /app/code/minio
+FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
 
+RUN mkdir -p /app/code
 WORKDIR /app/code
 
-ADD start.sh /app/code/start.sh
-ADD minio-credentials /app/code/minio-credentials
+ARG VERSION=RELEASE.2024-09-09T16-59-28Z
+
+# sometimes here https://dl.min.io/server/minio/release/linux-amd64/archive/
+# RUN wget https://dl.min.io/server/minio/release/linux-amd64/minio.${VERSION} -O /app/code/minio && chmod +x /app/code/minio
+RUN wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio.${VERSION} -O /app/code/minio && chmod +x /app/code/minio
+# https://dl.min.io/client/mc/release/linux-amd64/
+RUN wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /app/code/mc && chmod +x /app/code/mc
+
+COPY env.sh.template start.sh /app/code/
 
 CMD [ "/app/code/start.sh" ]

POSTINSTALL.md

@@ -1,7 +1,19 @@
+<nosso>
 Please use the following credentials to login:
 
 **Username**: minioadmin<br/>
 **Password**: minioadmin<br/>
 
 Please change the credentials immediately by following this [guide](https://cloudron.io/documentation/apps/minio/#admin-credentials).
+</nosso>
 
+<sso>
+
+Please use the following credentials to login via 'Other Authentication Methods' -> 'Use Credentials':
+
+**Username**: minioadmin<br/>
+**Password**: See `MINIO_ROOT_PASSWORD` in `/app/data/env.sh` <a href="/frontend/filemanager.html#/viewer/app/$CLOUDRON-APP-ID/env.sh">Open File Manager</a><br/>
+
+Cloudron users have `readwrite` access policy. See the [docs](https://cloudron.io/documentation/apps/minio/#admin-credentials) on how to change it.
+
+</nosso>

README.md

@@ -34,3 +34,11 @@ npm install
 PATH=$PATH:node_modules/.bin mocha --bail test.js
 ```
 
+## Notes
+
+MinIO Console is an embedded web-based object browser built into MinIO Server
+
+## Multi-domain
+
+MINIO_DOMAIN=domain.com env var can be set to server DNS style requests as bucket.domain.com . This requires the platform code to set aliases for the httpPorts and not the primaryport.
+

env.sh.template

@@ -0,0 +1,4 @@
+# Add custom minio configuration to this file. Restart the app for changes to take effect.
+
+export CLOUDRON_MINIO_STARTUP_ARGS='server /app/data/data'
+

minio-credentials

@@ -1,41 +0,0 @@
-#!/usr/bin/env node
-
-'use strict';
-
-const fs = require('fs');
-
-const MINIO_CONFIG = '/app/data/data/.minio.sys/config/config.json';
-
-function usage() {
-    console.log('Usage:\n');
-    console.log('\tminio-credentials get');
-    console.log('\tminio-credentials set <access key> <secret key>');
-    console.log();
-}
-
-let config = JSON.parse(fs.readFileSync(MINIO_CONFIG, 'utf8'));
-let adminCredentials = config['credentials']['_'];
-let accessKey = adminCredentials.filter(kv => kv.key === 'access_key')[0];
-let secretKey = adminCredentials.filter(kv => kv.key === 'secret_key')[0];
-
-if (process.argv[2] === 'get') {
-    console.log('Access Key:', accessKey.value);
-    console.log('Secret Key:', secretKey.value);
-} else if (process.argv[2] === 'set') {
-    if (process.argv.length !== 5) return usage();
-
-    // https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html
-    if (process.argv[4].length < 5) return console.log('secret key must be atleast 5 characters');
-    if (!/^[\w+=,.@-]+$/.test(process.argv[3])) return console.log('access key has invalid characters');
-
-    accessKey.value = process.argv[3];
-    if (process.argv[4].length < 8) return console.log('secret key must be atleast 8 characters');
-
-    secretKey.value = process.argv[4];
-
-    fs.writeFileSync(MINIO_CONFIG, JSON.stringify(config), 'utf8');
-    console.log('Credentials updated. Restart minio app for new credentials to take effect.\n');
-} else {
-    usage();
-}
-

start.sh

@@ -4,11 +4,47 @@ set -eu
 
 mkdir -p /app/data/data /run/minio/config /run/minio/certs
 
+# env vars take precedence over config.yaml (https://github.com/minio/minio/blob/master/docs/distributed/CONFIG.md#things-to-know)
+if [[ ! -f /app/data/env.sh ]]; then
+    echo "=> First run"
+    cp /app/code/env.sh.template /app/data/env.sh
+    # minio does not show the password login by default when OIDC is setup (https://github.com/minio/minio/discussions/16928)
+    # we generate a dynamic password because users might forget to change the admin password (with the oidc login being so click friendly)
+    if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+        echo -e "export MINIO_ROOT_USER=minioadmin\nexport MINIO_ROOT_PASSWORD=$(pwgen -1s 20)\n\n" >> /app/data/env.sh
+    else
+        echo -e "export MINIO_ROOT_USER=minioadmin\nexport MINIO_ROOT_PASSWORD=minioadmin\n\n" >> /app/data/env.sh
+    fi
+fi
+
+source /app/data/env.sh
+
+# https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_SERVER_URL
+export MINIO_SERVER_URL="https://${API_SERVER_DOMAIN}"
+export MINIO_BROWSER_REDIRECT_URL="https://${CLOUDRON_APP_DOMAIN}"
+
+if [[ ! -d /app/data/mc_config ]]; then
+    mkdir -p /app/data/mc_config
+    /app/code/mc --config-dir /app/data/mc_config &> /dev/null || true
+fi
+
+if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+    export MINIO_IDENTITY_OPENID_DISPLAY_NAME="Cloudron"
+    export MINIO_IDENTITY_OPENID_CONFIG_URL="${CLOUDRON_OIDC_DISCOVERY_URL}"
+    export MINIO_IDENTITY_OPENID_CLIENT_ID="${CLOUDRON_OIDC_CLIENT_ID}"
+    export MINIO_IDENTITY_OPENID_CLIENT_SECRET="${CLOUDRON_OIDC_CLIENT_SECRET}"
+    export MINIO_IDENTITY_OPENID_SCOPES="openid profile email"
+    if [[ -z "${MINIO_IDENTITY_OPENID_ROLE_POLICY:-}" ]]; then
+        export MINIO_IDENTITY_OPENID_ROLE_POLICY="readwrite"
+    fi
+
+    export MINIO_IDENTITY_OPENID_COMMENT="Cloudron OIDC"
+fi
+
+# minio is used for backups at times and has a large number of files. optimize by checking if files are actually in correct chown state
 echo "==> Changing ownership"
-chown -R cloudron:cloudron /app/data
+[[ $(stat --format '%U' /app/data/data) != "cloudron" ]] && chown -R cloudron:cloudron /app/data
 
-# the --config-dir is deprecated and not used. but without it, minio will try to create $HOME/.minio :/ same for --certs-dir
 echo "==> Starting minio"
-exec /usr/local/bin/gosu cloudron:cloudron /app/code/minio --certs-dir /run/minio/certs --config-dir /run/minio/config --quiet server --address :8000 /app/data/data
-
+exec /usr/local/bin/gosu cloudron:cloudron /app/code/minio --quiet ${CLOUDRON_MINIO_STARTUP_ARGS} --address :9000 --console-address :8000
 

test/package.json

@@ -9,14 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^85.0.0",
-    "ejs": "^3.1.5",
+    "chromedriver": "^128.0.1",
     "expect.js": "^0.3.1",
-    "mkdirp": "^1.0.4",
-    "mocha": "^8.1.3",
-    "rimraf": "^3.0.2",
-    "selenium-server-standalone-jar": "^3.141.59",
-    "selenium-webdriver": "^3.6.0",
-    "superagent": "^6.1.0"
+    "mocha": "^10.7.3",
+    "selenium-webdriver": "^4.24.0",
+    "superagent": "^10.1.0"
   }
 }

test/test.js

@@ -1,234 +1,296 @@
 #!/usr/bin/env node
 
+/* jshint esversion: 8 */
+/* global describe */
+/* global before */
+/* global after */
+/* global it */
+/* global xit */
+
 'use strict';
 
 require('chromedriver');
 
-var execSync = require('child_process').execSync,
+const execSync = require('child_process').execSync,
     expect = require('expect.js'),
+    fs = require('fs'),
     path = require('path'),
-    webdriver = require('selenium-webdriver');
+    superagent = require('superagent'),
+    timers = require('timers/promises'),
+    { Builder, By, until } = require('selenium-webdriver'),
+    { Options } = require('selenium-webdriver/chrome');
 
-var by = require('selenium-webdriver').By,
-    until = require('selenium-webdriver').until,
-    Key = require('selenium-webdriver').Key,
-    Builder = require('selenium-webdriver').Builder;
-
-var bucket = 'cloudrontestbucket';
-
-process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+if (!process.env.USERNAME || !process.env.PASSWORD) {
+    console.log('USERNAME and PASSWORD env vars need to be set');
+    process.exit(1);
+}
 
 describe('Application life cycle test', function () {
     this.timeout(0);
 
-    var server, browser = new Builder().forBrowser('chrome').build();
+    const LOCATION = 'test';
+    const TEST_TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 30000;
+    const BUCKET = 'cloudrontestbucket';
+    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
 
-    before(function (done) {
-        var seleniumJar= require('selenium-server-standalone-jar');
-        var SeleniumServer = require('selenium-webdriver/remote').SeleniumServer;
-        server = new SeleniumServer(seleniumJar.path, { port: 4444 });
-        server.start();
+    let browser, app;
+    let athenticated_by_oidc = false, rootPassword;
+    let username = process.env.USERNAME;
+    let password = process.env.PASSWORD;
 
-        done();
+    before(function () {
+        browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
     });
 
-    after(function (done) {
+    after(function () {
         browser.quit();
-        server.stop();
-        done();
     });
 
-    var LOCATION = 'test';
-    var TEST_TIMEOUT = 10000;
-    var app;
-
-    function pageLoaded() {
-        return browser.wait(until.elementLocated(by.className('page-load pl-0 pl-1')), TEST_TIMEOUT);
+    async function waitForElement(elem) {
+        await browser.wait(until.elementLocated(elem), TEST_TIMEOUT);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TEST_TIMEOUT);
     }
 
-    function visible(selector) {
-        return browser.wait(until.elementLocated(selector), TEST_TIMEOUT).then(function () {
-            return browser.wait(until.elementIsVisible(browser.findElement(selector)), TEST_TIMEOUT);
-        });
-    }
-
-    function login(accessKey, secretKey, callback) {
-        browser.manage().deleteAllCookies();
-        browser.get('https://' + app.fqdn).then(function () {
-            return visible(by.id('accessKey'));
-        }).then(function () {
-            return browser.findElement(by.id('accessKey')).sendKeys(accessKey);
-        }).then(function () {
-            return browser.findElement(by.id('secretKey')).sendKeys(secretKey);
-        }).then(function () {
-            // return browser.findElement(by.className('lw-btn')).click();
-            return browser.findElement(by.tagName('form')).submit();
-        }).then(function () {
-            return browser.wait(until.elementLocated(by.id('top-right-menu')), TEST_TIMEOUT);
-        }).then(function () {
-            callback();
-        });
-    }
-
-    function logout(callback) {
-        browser.get('https://' + app.fqdn);
-
-        pageLoaded().then(function () {
-            return visible(by.id('top-right-menu'));
-        }).then(function () {
-            return browser.findElement(by.id('top-right-menu')).click();
-        }).then(function () {
-            return visible(by.xpath('//*[text()="Sign Out "]'));
-        }).then(function () {
-            return browser.findElement(by.xpath('//*[text()="Sign Out "]')).click();
-        }).then(function () {
-            return browser.wait(until.elementLocated(by.id('accessKey')), TEST_TIMEOUT);
-        }).then(function () {
-            callback();
-        });
-    }
-
-    function addBucket(callback) {
-        browser.get('https://' + app.fqdn);
-
-        pageLoaded().then(function () {
-            return visible(by.className('fa-plus'));
-        }).then(function () {
-            return browser.findElement(by.className('fa-plus')).click();
-        }).then(function () {
-            const c = 'fa-hdd';
-            return visible(by.className(c));
-        }).then(function () {
-            const c = 'fa-hdd';
-            return browser.findElement(by.className(c)).click();
-        }).then(function () {
-            return visible(by.xpath('//*[@class="modal-body"]/form/div/input'));
-        }).then(function () {
-            return browser.findElement(by.xpath('//*[@class="modal-body"]/form/div/input')).sendKeys(bucket);
-        }).then(function () {
-            return browser.findElement(by.xpath('//*[@class="modal-body"]/form')).submit();
-        }).then(function () {
-            return visible(by.xpath('//*[@class="main"]/a[text()="' + bucket + '"]'));
-        }).then(function () {
-            callback();
-        });
-    }
-
-    function checkBucket(callback) {
-        browser.get('https://' + app.fqdn);
-
-        pageLoaded().then(function () {
-            return browser.findElement(by.xpath(`//a[contains(text(), ${bucket})]`));
-        }).then(function () {
-            callback();
-        });
-    }
-
-    function openSettings(callback) {
-        browser.get('https://' + app.fqdn);
-
-        pageLoaded().then(function () {
-            return visible(by.id('top-right-menu'));
-        }).then(function () {
-            return browser.findElement(by.id('top-right-menu')).click();
-        }).then(function () {
-            return visible(by.xpath('//*[contains(text(), "Change Password")]'));
-        }).then(function () {
-            return browser.findElement(by.xpath('//*[contains(text(),"Change Password")]')).click();
-        }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//*[contains(text(), "Change Password")]')), TEST_TIMEOUT);
-        }).then(function () {
-            callback();
-        });
-    }
-
-    xit('build app', function () {
-        execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-
-    it('install app', function () {
-        execSync('cloudron install --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-
-    it('can get app information', function () {
+    function getAppInfo() {
         var inspect = JSON.parse(execSync('cloudron inspect'));
-
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-
+        app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
         expect(app).to.be.an('object');
+    }
+
+    async function login(username, password, expandLoginForm=true) {
+        await browser.manage().deleteAllCookies();
+        await browser.get('about:blank');
+        await browser.sleep(2000);
+        await browser.get(`https://${app.fqdn}/login`);
+        await browser.sleep(2000);
+
+        if (expandLoginForm) {
+            await waitForElement(By.xpath('//div[@id="alternativeMethods-select"]/div[contains(., "Other Authentication Methods")]'));
+            await browser.findElement(By.xpath('//div[@id="alternativeMethods-select"]/div[contains(., "Other Authentication Methods")]')).click();
+            await browser.sleep(2000);
+            await browser.findElement(By.xpath('//li[contains(., "Use Credentials")] | //div[@label="Use Credentials"]')).click();
+            await browser.sleep(2000);
+        }
+        await waitForElement(By.id('accessKey'));
+        await browser.findElement(By.id('accessKey')).sendKeys(username);
+        await browser.findElement(By.id('secretKey')).sendKeys(password);
+        await browser.findElement(By.xpath('//button[@id="do-login"]')).click();
+        await waitForElement(By.xpath('//span[contains(text(), "Buckets")]'));
+        await timers.setTimeout(5000);
+    }
+
+    async function loginOIDC(username, password) {
+        browser.manage().deleteAllCookies();
+        await browser.get(`https://${app.fqdn}/login`);
+        await browser.sleep(10000);
+
+        await browser.findElement(By.xpath('//button[contains(., "Cloudron")]')).click();
+        await browser.sleep(10000);
+
+        if (!athenticated_by_oidc) {
+            await waitForElement(By.xpath('//input[@name="username"]'));
+            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
+            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
+            await browser.sleep(2000);
+            await browser.findElement(By.id('loginSubmitButton')).click();
+            await browser.sleep(2000);
+
+            athenticated_by_oidc = true;
+        }
+
+        await waitForElement(By.xpath('//span[contains(text(), "Buckets")]'));
+    }
+
+    async function logout() {
+        await browser.get(`https://${app.fqdn}/`);
+        await waitForElement(By.xpath('//span[contains(text(), "Buckets")]'));
+        const button = await browser.findElement(By.xpath('//button[@id="sign-out"]'));
+        await browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        await button.click();
+        await browser.sleep(10000); // needed!
+        await waitForElement(By.xpath('//*[@id="accessKey"] | //button[contains(., "Cloudron")]'));
+    }
+
+    async function addBucket() {
+        await browser.get(`https://${app.fqdn}/buckets`);
+        await waitForElement(By.xpath('//button[@id="create-bucket"]'));
+        await browser.findElement(By.xpath('//button[@id="create-bucket"]')).click();
+        await browser.sleep(2000);
+        await browser.findElement(By.xpath('//input[@id="bucket-name"]')).sendKeys(BUCKET);
+        await browser.findElement(By.xpath('//button[@id="create-bucket"]')).click();
+        await waitForElement(By.xpath(`//h1[contains(text(), "${BUCKET}")]`));
+        await timers.setTimeout(5000);
+    }
+
+    async function checkBucket() {
+        await browser.get(`https://${app.fqdn}/buckets`);
+        await waitForElement(By.xpath(`//h1[contains(text(), "${BUCKET}")]`));
+    }
+
+    async function checkRedirect() {
+        const response = await superagent.get(`https://${app.secondaryDomains[0].fqdn}`).set('User-Agent', 'Mozilla/5.0').redirects(0).ok(() => true);
+        expect(response.status).to.be(307);
+        expect(response.headers.location).to.be(`https://${app.fqdn}`);
+    }
+
+    async function checkApi() {
+        const response = await superagent.get(`https://${app.secondaryDomains[0].fqdn}`).ok(() => true);
+        expect(response.status).to.be(403);
+        expect(response.body.toString('utf8')).to.contain('<Code>AccessDenied</Code>');
+    }
+
+    async function changeAdminCredentials() {
+        let data = fs.readFileSync(path.join(__dirname, '../env.sh.template'), 'utf8');
+        data += '\nexport MINIO_ROOT_USER=minioakey\nexport MINIO_ROOT_PASSWORD=minioskey\n';
+        fs.writeFileSync('/tmp/env.sh', data);
+        execSync(`cloudron push --app ${app.id} /tmp/env.sh /app/data/env.sh`, EXEC_ARGS);
+        execSync(`cloudron restart --app ${app.id}`, EXEC_ARGS);
+        await timers.setTimeout(10000);
+    }
+
+    async function getAdminCredentials() {
+        execSync(`cloudron pull --app ${app.id} /app/data/env.sh /tmp/env.sh`, EXEC_ARGS);
+        const data = fs.readFileSync('/tmp/env.sh', 'utf8');
+        const m = data.match(/MINIO_ROOT_PASSWORD=(.*)/);
+        if (!m) throw new Error('Could not detect root password');
+        rootPassword = m[1].trim();
+        console.log(`root password is [${rootPassword}]`);
+    }
+
+    xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
+
+    // // no SSO
+    it('install app (no SSO)', async function () {
+        execSync(`cloudron install --no-sso --location ${LOCATION} --secondary-domains API_SERVER_DOMAIN=${LOCATION}-api`, EXEC_ARGS);
+        await timers.setTimeout(10000);
     });
 
-    it('can login', login.bind(null, 'minioadmin', 'minioadmin'));
+    it('can get app information', getAppInfo);
+
+    it('can admin login', login.bind(null, 'minioadmin', 'minioadmin', false));
     it('can add bucket', addBucket);
-    it('can open settings', openSettings);
     it('can logout', logout);
+    it('does redirect', checkRedirect);
+    it('check api', checkApi);
 
-    it('can change credentials', function () {
-    execSync('cloudron exec --app ' + app.id + ' -- /app/code/minio-credentials set minioakey minioskey', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('can change admin credentials', changeAdminCredentials);
+    it('can restart app', async function () {
+        execSync(`cloudron restart --app ${app.id}`, EXEC_ARGS);
+        await timers.setTimeout(10000);
     });
 
-    it('can restart app', function (done) {
-        execSync('cloudron restart');
-        done();
+    it('can admin login', login.bind(null, 'minioakey', 'minioskey', false));
+    it('has bucket', checkBucket);
+    it('can logout', logout);
+    it('does redirect', checkRedirect);
+    it('check api', checkApi);
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
+
+    // SSO
+    it('install app (SSO)', async function () {
+        execSync(`cloudron install --location ${LOCATION} --secondary-domains API_SERVER_DOMAIN=${LOCATION}-api`, EXEC_ARGS);
+        await timers.setTimeout(10000);
     });
 
-    it('can login', login.bind(null, 'minioakey', 'minioskey'));
+    it('can get app information', getAppInfo);
+    it('can get admin credentials', getAdminCredentials);
+    it('can admin login', async function () { await login('minioadmin', rootPassword); });
+    it('can add bucket', addBucket);
+    it('can logout', logout);
+    it('does redirect', checkRedirect);
+    it('check api', checkApi);
+
+    it('can OIDC login', loginOIDC.bind(null, username, password));
     it('has bucket', checkBucket);
     it('can logout', logout);
 
-    it('backup app', function () {
-        execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('can change admin credentials', changeAdminCredentials);
+
+    it('can restart app', async function () {
+        execSync(`cloudron restart --app ${app.id}`, EXEC_ARGS);
+        await timers.setTimeout(10000);
     });
 
-    it('restore app', function () {
-        const backups = JSON.parse(execSync('cloudron backup list --raw'));
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        execSync('cloudron install --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-
-    it('can login', login.bind(null, 'minioakey', 'minioskey'));
+    it('can admin login', login.bind(null, 'minioakey', 'minioskey'));
+    it('has bucket', checkBucket);
+    it('can logout', logout);
+    it('does redirect', checkRedirect);
+    it('check api', checkApi);
+
+    it('can OIDC login', loginOIDC.bind(null, username, password));
     it('has bucket', checkBucket);
-    it('can open settings', openSettings);
     it('can logout', logout);
 
-    it('move to different location', function () {
+    it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
+    it('restore app', async function () {
+        const backups = JSON.parse(execSync(`cloudron backup list --raw --app ${app.id}`));
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+        execSync('cloudron install --location ' + LOCATION, EXEC_ARGS);
+        getAppInfo();
+        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, EXEC_ARGS);
+        await timers.setTimeout(10000);
+    });
+
+    it('can get app information', getAppInfo);
+    it('can admin login', login.bind(null, 'minioakey', 'minioskey'));
+    it('has bucket', checkBucket);
+    it('can logout', logout);
+
+    it('can OIDC login', loginOIDC.bind(null, username, password));
+    it('has bucket', checkBucket);
+    it('can logout', logout);
+
+    it('does redirect', checkRedirect);
+    it('check api', checkApi);
+
+    it('move to different location', async function () {
         browser.manage().deleteAllCookies();
-        execSync('cloudron configure --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
+        execSync('cloudron configure --location ' + LOCATION + '2', EXEC_ARGS);
+        await timers.setTimeout(10000);
     });
+    it('can get app information', getAppInfo);
 
-    it('can login', login.bind(null, 'minioakey', 'minioskey'));
+    it('can admin login', login.bind(null, 'minioakey', 'minioskey'));
     it('has bucket', checkBucket);
     it('can logout', logout);
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
+    it('can OIDC login', loginOIDC.bind(null, username, password));
+    it('has bucket', checkBucket);
+    it('can logout', logout);
+
+    it('does redirect', checkRedirect);
+    it('check api', checkApi);
+
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
 
     // test update
-    it('can install app', function () {
-        execSync('cloudron install --appstore-id io.minio.cloudronapp --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-        expect(app).to.be.an('object');
-    });
+    it('can install app for update', function () { execSync('cloudron install --appstore-id io.minio.cloudronapp --location ' + LOCATION, EXEC_ARGS); });
+    it('can get app information', getAppInfo);
 
-    it('can login', login.bind(null, 'minioadmin', 'minioadmin'));
+    it('can get admin credentials', getAdminCredentials);
+    it('can admin login', async function () { await login('minioadmin', rootPassword); });
     it('can add buckets', addBucket);
     it('can logout', logout);
-    it('can update', function () {
-        execSync('cloudron update --app ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-    it('can login', login.bind(null, 'minioadmin', 'minioadmin'));
+
+    it('can OIDC login', loginOIDC.bind(null, username, password));
     it('has bucket', checkBucket);
     it('can logout', logout);
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
+
+    it('can update', function () { execSync(`cloudron update --app ${LOCATION}`, EXEC_ARGS); });
+    it('can configure', function () { execSync(`cloudron configure --app ${LOCATION} --location ${LOCATION} --secondary-domains API_SERVER_DOMAIN=${LOCATION}-api`, EXEC_ARGS); });
+    it('can get app information', getAppInfo);
+
+    it('can admin login', async function () { await login('minioadmin', rootPassword); });
+    it('has bucket', checkBucket);
+    it('can logout', logout);
+
+    it('can OIDC login', loginOIDC.bind(null, username, password));
+    it('has bucket', checkBucket);
+    it('can logout', logout);
+
+    it('does redirect', checkRedirect);
+    it('check api', checkApi);
+
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
 });