From 042f8fc62bb8ce923722153ae6e0653424b83cc0 Mon Sep 17 00:00:00 2001 From: Jordy Cabannes Date: Fri, 12 Apr 2024 16:48:52 +0200 Subject: [PATCH] fix: application-server module various fixes - rename "application-server" in "administration-console-api" - administration-console-api uses matrix application server instance of tom-server instead of extend matrix-application-server package - use postgresql instead of sqlite for administration-console-api integration tests --- .../src/routes/index.ts | 57 +- .../src/routes/routes.test.ts | 1 + .../__testData__/build-userdb.ts | 79 ++ .../__testData__/db/init-llng-db.sh | 95 ++ .../db/init-synapse-and-create-users-table.sh | 23 + .../__testData__/db/init-synapse-db.sh | 6 + .../__testData__/db/init-twake-db.sh | 6 + .../__testData__/docker-compose.yml | 86 ++ .../generate-self-signed-certificate.sh | 50 + .../integration-tests-config.json | 33 + .../__testData__/ldap/Dockerfile | 0 .../ldap/ldif/base_ldap_users.ldif | 0 .../ldap/ldif/config-20230322180123.ldif | 0 .../__testData__/llng/lmConf-1.json | 456 +++++++ .../__testData__/llng/ssl.conf | 0 .../__testData__/mock-tests-config.json} | 21 +- .../__testData__/nginx/ssl/9da13359.0 | 1 + .../nginx/ssl/auth.example.com.crt | 30 + .../nginx/ssl/auth.example.com.key | 52 + .../__testData__/nginx/ssl/ca.key | 52 + .../__testData__/nginx/ssl/ca.pem | 32 + .../nginx/ssl/matrix.example.com.crt | 30 + .../nginx/ssl/matrix.example.com.key | 52 + .../__testData__/registration-mock.yaml | 10 + .../__testData__/synapse-data/homeserver.yaml | 23 +- .../matrix.example.com.log.config | 0 .../controllers/room.ts | 62 +- .../index.test.ts | 1181 +++++++++-------- .../index.ts | 122 +- .../middlewares/auth.test.ts | 0 .../middlewares/auth.ts | 0 .../middlewares/validation.test.ts | 0 .../middlewares/validation.ts | 0 .../models/room.ts | 0 .../routes/index.ts | 26 +- .../types.ts | 0 .../__testData__/build-userdb.ts | 66 - .../__testData__/docker-compose.yml | 43 - .../__testData__/llng/lmConf-1.json | 457 ------- .../nginx/ssl/auth.example.com.crt | 24 - .../nginx/ssl/auth.example.com.key | 28 - .../nginx/ssl/matrix.example.com.crt | 34 - .../nginx/ssl/matrix.example.com.key | 52 - packages/tom-server/src/index.test.ts | 9 +- packages/tom-server/src/index.ts | 13 +- 45 files changed, 1917 insertions(+), 1395 deletions(-) create mode 100644 packages/tom-server/src/administration-console-api/__testData__/build-userdb.ts create mode 100644 packages/tom-server/src/administration-console-api/__testData__/db/init-llng-db.sh create mode 100644 packages/tom-server/src/administration-console-api/__testData__/db/init-synapse-and-create-users-table.sh create mode 100644 packages/tom-server/src/administration-console-api/__testData__/db/init-synapse-db.sh create mode 100644 packages/tom-server/src/administration-console-api/__testData__/db/init-twake-db.sh create mode 100644 packages/tom-server/src/administration-console-api/__testData__/docker-compose.yml create mode 100755 packages/tom-server/src/administration-console-api/__testData__/generate-self-signed-certificate.sh create mode 100644 packages/tom-server/src/administration-console-api/__testData__/integration-tests-config.json rename packages/tom-server/src/{application-server => administration-console-api}/__testData__/ldap/Dockerfile (100%) rename packages/tom-server/src/{application-server => administration-console-api}/__testData__/ldap/ldif/base_ldap_users.ldif (100%) rename packages/tom-server/src/{application-server => administration-console-api}/__testData__/ldap/ldif/config-20230322180123.ldif (100%) create mode 100644 packages/tom-server/src/administration-console-api/__testData__/llng/lmConf-1.json rename packages/tom-server/src/{application-server => administration-console-api}/__testData__/llng/ssl.conf (100%) rename packages/tom-server/src/{application-server/__testData__/config.json => administration-console-api/__testData__/mock-tests-config.json} (54%) create mode 120000 packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/9da13359.0 create mode 100644 packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/auth.example.com.crt create mode 100644 packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/auth.example.com.key create mode 100644 packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/ca.key create mode 100644 packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/ca.pem create mode 100644 packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/matrix.example.com.crt create mode 100644 packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/matrix.example.com.key create mode 100644 packages/tom-server/src/administration-console-api/__testData__/registration-mock.yaml rename packages/tom-server/src/{application-server => administration-console-api}/__testData__/synapse-data/homeserver.yaml (80%) rename packages/tom-server/src/{application-server => administration-console-api}/__testData__/synapse-data/matrix.example.com.log.config (100%) rename packages/tom-server/src/{application-server => administration-console-api}/controllers/room.ts (80%) rename packages/tom-server/src/{application-server => administration-console-api}/index.test.ts (57%) rename packages/tom-server/src/{application-server => administration-console-api}/index.ts (53%) rename packages/tom-server/src/{application-server => administration-console-api}/middlewares/auth.test.ts (100%) rename packages/tom-server/src/{application-server => administration-console-api}/middlewares/auth.ts (100%) rename packages/tom-server/src/{application-server => administration-console-api}/middlewares/validation.test.ts (100%) rename packages/tom-server/src/{application-server => administration-console-api}/middlewares/validation.ts (100%) rename packages/tom-server/src/{application-server => administration-console-api}/models/room.ts (100%) rename packages/tom-server/src/{application-server => administration-console-api}/routes/index.ts (87%) rename packages/tom-server/src/{application-server => administration-console-api}/types.ts (100%) delete mode 100644 packages/tom-server/src/application-server/__testData__/build-userdb.ts delete mode 100644 packages/tom-server/src/application-server/__testData__/docker-compose.yml delete mode 100644 packages/tom-server/src/application-server/__testData__/llng/lmConf-1.json delete mode 100644 packages/tom-server/src/application-server/__testData__/nginx/ssl/auth.example.com.crt delete mode 100644 packages/tom-server/src/application-server/__testData__/nginx/ssl/auth.example.com.key delete mode 100644 packages/tom-server/src/application-server/__testData__/nginx/ssl/matrix.example.com.crt delete mode 100644 packages/tom-server/src/application-server/__testData__/nginx/ssl/matrix.example.com.key diff --git a/packages/matrix-application-server/src/routes/index.ts b/packages/matrix-application-server/src/routes/index.ts index bd7808ba..a2c1cfb7 100644 --- a/packages/matrix-application-server/src/routes/index.ts +++ b/packages/matrix-application-server/src/routes/index.ts @@ -75,16 +75,14 @@ export default class MASRouter { * 500: * $ref: '#/components/responses/InternalServerError' */ - this.routes - .route('/_matrix/app/v1/transactions/:txnId') - .put( - this._middlewares( - transaction(this._appServer), - validation(Endpoints.TRANSACTIONS), - this.defaultAuthMiddleware - ) - ) - .all(allowCors, methodNotAllowed, errorMiddleware) + this.addRoute( + this.routes, + '/_matrix/app/v1/transactions/:txnId', + EHttpMethod.PUT, + transaction(this._appServer), + validation(Endpoints.TRANSACTIONS), + this.defaultAuthMiddleware + ) /** * @openapi @@ -116,16 +114,14 @@ export default class MASRouter { * 500: * $ref: '#/components/responses/InternalServerError' */ - this.routes - .route('/_matrix/app/v1/users/:userId') - .get( - this._middlewares( - query, - validation(Endpoints.USERS), - this.defaultAuthMiddleware - ) - ) - .all(allowCors, methodNotAllowed, errorMiddleware) + this.addRoute( + this.routes, + '/_matrix/app/v1/users/:userId', + EHttpMethod.GET, + query, + validation(Endpoints.USERS), + this.defaultAuthMiddleware + ) /** * @openapi @@ -157,16 +153,14 @@ export default class MASRouter { * 500: * $ref: '#/components/responses/InternalServerError' */ - this.routes - .route('/_matrix/app/v1/rooms/:roomAlias') - .get( - this._middlewares( - query, - validation(Endpoints.ROOMS), - this.defaultAuthMiddleware - ) - ) - .all(allowCors, methodNotAllowed, errorMiddleware) + this.addRoute( + this.routes, + '/_matrix/app/v1/rooms/:roomAlias', + EHttpMethod.GET, + query, + validation(Endpoints.ROOMS), + this.defaultAuthMiddleware + ) this.routes .route(/^\/(users|rooms|transactions)\/[a-zA-Z0-9]*/g) @@ -192,13 +186,14 @@ export default class MASRouter { } public addRoute( + router: Router, path: string, method: EHttpMethod, controller: expressAppHandler, validators: ValidationChain[], authMiddleware?: expressAppHandler ): void { - const route: IRoute = this.routes.route(path) + const route: IRoute = router.route(path) switch (method) { case EHttpMethod.DELETE: route.delete(this._middlewares(controller, validators, authMiddleware)) diff --git a/packages/matrix-application-server/src/routes/routes.test.ts b/packages/matrix-application-server/src/routes/routes.test.ts index 7747d121..295cda60 100644 --- a/packages/matrix-application-server/src/routes/routes.test.ts +++ b/packages/matrix-application-server/src/routes/routes.test.ts @@ -73,6 +73,7 @@ describe('MASRouter', () => { const keys = Object.keys(newRoutes) keys.forEach((method) => { router.addRoute( + router.routes, newRoutes[method].path, method as EHttpMethod, (req, res, next) => {}, diff --git a/packages/tom-server/src/administration-console-api/__testData__/build-userdb.ts b/packages/tom-server/src/administration-console-api/__testData__/build-userdb.ts new file mode 100644 index 00000000..83d68032 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/build-userdb.ts @@ -0,0 +1,79 @@ +import sqlite3 from 'sqlite3' +import { type Config } from '../../types' + +let created = false + +const createQuery = + 'CREATE TABLE users (uid varchar(8), mobile varchar(12), mail varchar(32), sn varchar(32))' +const insertQueries = [ + "INSERT INTO users VALUES('dwho', '33612345678', 'dwho@company.com', 'Dwho')", + "INSERT INTO users VALUES('rtyler', '33687654321', 'rtyler@company.com', 'Rtyler')" +] + +// eslint-disable-next-line @typescript-eslint/promise-function-async +export const buildUserDB = (conf: Config): Promise => { + if (created) return Promise.resolve() + return new Promise((resolve, reject) => { + const matrixDb = new sqlite3.Database(conf.matrix_database_host) + matrixDb.run( + 'CREATE TABLE users (name text, desactivated text, admin integer)', + (err) => { + if (err != null) { + reject(err) + } else { + matrixDb.run( + "INSERT INTO users VALUES('@dwho:example.com', '', 0)", + (err) => { + if (err != null) { + reject(err) + } else { + matrixDb.close((err) => { + /* istanbul ignore if */ + if (err != null) { + console.error(err) + reject(err) + } else { + const userDb = new sqlite3.Database( + conf.userdb_host as string + ) + userDb.run(createQuery, (err) => { + if (err != null) { + reject(err) + } else { + Promise.all( + insertQueries.map( + // eslint-disable-next-line @typescript-eslint/promise-function-async + (query) => + new Promise((_resolve, _reject) => { + userDb.run(query, (err) => { + err != null ? _reject(err) : _resolve(true) + }) + }) + ) + ) + .then(() => { + userDb.close((err) => { + /* istanbul ignore if */ + if (err != null) { + console.error(err) + reject(err) + } else { + created = true + resolve() + } + }) + }) + + .catch(reject) + } + }) + } + }) + } + } + ) + } + } + ) + }) +} \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/db/init-llng-db.sh b/packages/tom-server/src/administration-console-api/__testData__/db/init-llng-db.sh new file mode 100644 index 00000000..ba2e587e --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/db/init-llng-db.sh @@ -0,0 +1,95 @@ +#!/bin/sh +set -e + +DATABASE=${PG_DATABASE:-lemonldapng} +USER=${PG_USER:-lemonldap} +PASSWORD=${PG_PASSWORD:-lemonldap} +TABLE=${PG_TABLE:-lmConfig} +PTABLE=${PG_PERSISTENT_SESSIONS_TABLE:-psessions} +STABLE=${PG_SESSIONS_TABLE:-sessions} +SAMLTABLE=${PG_SAML_TABLE:-samlsessions} +OIDCTABLE=${PG_OIDC_TABLE:-oidcsessions} +CASTABLE=${PG_CAS_TABLE:-cassessions} + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER $USER PASSWORD '$PASSWORD'; + CREATE DATABASE $DATABASE; +EOSQL +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$DATABASE" <<-EOSQL + CREATE TABLE $TABLE ( + cfgNum integer not null primary key, + data text + ); + GRANT ALL PRIVILEGES ON TABLE $TABLE TO $USER; + + CREATE TABLE $PTABLE ( + id varchar(64) not null primary key, + a_session jsonb + ); + CREATE INDEX i_p__session_kind ON psessions ((a_session ->> '_session_kind')); + CREATE INDEX i_p__httpSessionType ON psessions ((a_session ->> '_httpSessionType')); + CREATE INDEX i_p__session_uid ON psessions ((a_session ->> '_session_uid')); + CREATE INDEX i_p_ipAddr ON psessions ((a_session ->> 'ipAddr')); + CREATE INDEX i_p__whatToTrace ON psessions ((a_session ->> '_whatToTrace')); + GRANT ALL PRIVILEGES ON TABLE $PTABLE TO $USER; + + CREATE UNLOGGED TABLE $STABLE ( + id varchar(64) not null primary key, + a_session jsonb + ); + CREATE INDEX i_s__whatToTrace ON sessions ((a_session ->> '_whatToTrace')); + CREATE INDEX i_s__session_kind ON sessions ((a_session ->> '_session_kind')); + CREATE INDEX i_s__utime ON sessions ((cast (a_session ->> '_utime' as bigint))); + CREATE INDEX i_s_ipAddr ON sessions ((a_session ->> 'ipAddr')); + CREATE INDEX i_s__httpSessionType ON sessions ((a_session ->> '_httpSessionType')); + CREATE INDEX i_s_user ON sessions ((a_session ->> 'user')); + GRANT ALL PRIVILEGES ON TABLE $STABLE TO $USER; + + CREATE UNLOGGED TABLE $SAMLTABLE ( + id varchar(64) not null primary key, + a_session jsonb + ); + CREATE INDEX i_a__session_kind ON $SAMLTABLE ((a_session ->> '_session_kind')); + CREATE INDEX i_a__utime ON $SAMLTABLE ((cast(a_session ->> '_utime' as bigint))); + CREATE INDEX i_a_ProxyID ON $SAMLTABLE ((a_session ->> 'ProxyID')); + CREATE INDEX i_a__nameID ON $SAMLTABLE ((a_session ->> '_nameID')); + CREATE INDEX i_a__assert_id ON $SAMLTABLE ((a_session ->> '_assert_id')); + CREATE INDEX i_a__art_id ON $SAMLTABLE ((a_session ->> '_art_id')); + CREATE INDEX i_a__saml_id ON $SAMLTABLE ((a_session ->> '_saml_id')); + GRANT ALL PRIVILEGES ON TABLE $SAMLTABLE TO $USER; + + CREATE UNLOGGED TABLE $OIDCTABLE ( + id varchar(64) not null primary key, + a_session jsonb + ); + CREATE INDEX i_o__session_kind ON $OIDCTABLE ((a_session ->> '_session_kind')); + CREATE INDEX i_o__utime ON $OIDCTABLE ((cast(a_session ->> '_utime' as bigint ))); + GRANT ALL PRIVILEGES ON TABLE $OIDCTABLE TO $USER; + + CREATE UNLOGGED TABLE $CASTABLE ( + id varchar(64) not null primary key, + a_session jsonb + ); + CREATE INDEX i_c__session_kind ON $CASTABLE ((a_session ->> '_session_kind')); + CREATE INDEX i_c__utime ON $CASTABLE ((cast(a_session ->> '_utime' as bigint))); + CREATE INDEX i_c__cas_id ON $CASTABLE ((a_session ->> '_cas_id')); + CREATE INDEX i_c_pgtIou ON $CASTABLE ((a_session ->> 'pgtIou')); + GRANT ALL PRIVILEGES ON TABLE $CASTABLE TO $USER; +EOSQL + +if test -e /llng-conf/conf.json; then + SERIALIZED=`perl -MJSON -e '$/=undef; + open F, "/llng-conf/conf.json" or die $!; + $a=JSON::from_json(); + $a->{cfgNum}=1; + $a=JSON::to_json($a); + $a=~s/'\''/'\'\''/g; + $a =~ s/\\\\/\\\\\\\\/g; + print $a;'` + echo "set val '$SERIALIZED'" >&2 + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$DATABASE" <<-EOSQL + \\set val '$SERIALIZED' + INSERT INTO $TABLE (cfgNum, data) VALUES (1, :'val'); + \\unset val +EOSQL +fi \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/db/init-synapse-and-create-users-table.sh b/packages/tom-server/src/administration-console-api/__testData__/db/init-synapse-and-create-users-table.sh new file mode 100644 index 00000000..86991a34 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/db/init-synapse-and-create-users-table.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +psql -U postgres <<-EOSQL + CREATE USER synapse PASSWORD 'synapse!1'; + CREATE DATABASE synapse TEMPLATE='template0' LOCALE='C' ENCODING='UTF8' OWNER='synapse'; +EOSQL +psql -v ON_ERROR_STOP=1 --username "synapse" --dbname "synapse" <<-EOSQL + CREATE TABLE users ( + name text, + password_hash text, + creation_ts bigint, + admin smallint DEFAULT 0 NOT NULL, + upgrade_ts bigint, + is_guest smallint DEFAULT 0 NOT NULL, + appservice_id text, + consent_version text, + consent_server_notice_sent text, + user_type text, + deactivated smallint DEFAULT 0 NOT NULL, + shadow_banned boolean, + consent_ts bigint + ); +EOSQL \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/db/init-synapse-db.sh b/packages/tom-server/src/administration-console-api/__testData__/db/init-synapse-db.sh new file mode 100644 index 00000000..2a6f1859 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/db/init-synapse-db.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +psql -U postgres <<-EOSQL + CREATE USER synapse PASSWORD 'synapse!1'; + CREATE DATABASE synapse TEMPLATE='template0' LOCALE='C' ENCODING='UTF8' OWNER='synapse'; +EOSQL \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/db/init-twake-db.sh b/packages/tom-server/src/administration-console-api/__testData__/db/init-twake-db.sh new file mode 100644 index 00000000..54c55708 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/db/init-twake-db.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +psql -U postgres <<-EOSQL + CREATE USER twake PASSWORD 'twake!1'; + CREATE DATABASE twakedb TEMPLATE='template0' LOCALE='C' ENCODING='UTF8' OWNER='twake'; +EOSQL \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/docker-compose.yml b/packages/tom-server/src/administration-console-api/__testData__/docker-compose.yml new file mode 100644 index 00000000..bd0dd3a8 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/docker-compose.yml @@ -0,0 +1,86 @@ +version: '3.8' + +networks: + admin-console-test: + +services: + postgresql: + image: postgres:13-bullseye + volumes: + - ./synapse-data/matrix.example.com.log.config:/data/matrix.example.com.log.config + - ./db/init-synapse-db.sh:/docker-entrypoint-initdb.d/init-synapse-db.sh + - ./db/init-llng-db.sh:/docker-entrypoint-initdb.d/init-llng-db.sh + - ./db/init-twake-db.sh:/docker-entrypoint-initdb.d/init-twake-db.sh + - ./llng/lmConf-1.json:/llng-conf/conf.json + environment: + - POSTGRES_PASSWORD=synapse!! + healthcheck: + test: ['CMD-SHELL', 'pg_isready'] + interval: 10s + timeout: 5s + retries: 5 + ports: + - 5434:5432 + networks: + - admin-console-test + + synapse: + image: matrixdotorg/synapse:v1.89.0 + container_name: synapse-tom-1 + volumes: + - ./synapse-data:/data + - ./nginx/ssl/ca.pem:/etc/ssl/certs/ca.pem + - ./nginx/ssl/9da13359.0:/etc/ssl/certs/9da13359.0 + - ./nginx/ssl/matrix.example.com.crt:/etc/ssl/certs/matrix.example.com.crt + - ./nginx/ssl/matrix.example.com.key:/etc/ssl/certs/matrix.example.com.key + depends_on: + - auth + environment: + - UID=${MYUID} + - VIRTUAL_PORT=8448 + - VIRTUAL_HOST=matrix.example.com + - VIRTUAL_PROTO=https + healthcheck: + test: ["CMD", "curl", "-fSsk", "https://localhost:8448/health"] + interval: 10s + timeout: 10s + retries: 3 + extra_hosts: + - "host.docker.internal:host-gateway" + networks: + admin-console-test: + aliases: + - matrix.example.com + + auth: + image: yadd/lemonldap-ng-portal:2.16.1-bullseye + volumes: + - ./llng/lmConf-1.json:/var/lib/lemonldap-ng/conf/lmConf-1.json + - ./llng/ssl.conf:/etc/nginx/sites-enabled/0000default.conf + - ./nginx/ssl/auth.example.com.crt:/etc/nginx/ssl/auth.example.com.crt + - ./nginx/ssl/auth.example.com.key:/etc/nginx/ssl/auth.example.com.key + environment: + - PORTAL=https://auth.example.com + - VIRTUAL_HOST=auth.example.com + - PG_SERVER=postgresql + depends_on: + postgresql: + condition: service_healthy + extra_hosts: + - "host.docker.internal:host-gateway" + networks: + admin-console-test: + aliases: + - auth.example.com + + nginx-proxy: + image: nginxproxy/nginx-proxy + ports: + - 444:444 + environment: + - HTTPS_PORT=444 + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - ./nginx/ssl:/etc/nginx/certs + networks: + - admin-console-test \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/generate-self-signed-certificate.sh b/packages/tom-server/src/administration-console-api/__testData__/generate-self-signed-certificate.sh new file mode 100755 index 00000000..0477197f --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/generate-self-signed-certificate.sh @@ -0,0 +1,50 @@ +#!/bin/sh +SCRIPT_PARENT_PATH=$( cd "$(dirname "$0")" ; pwd -P ) +ADDITIONAL_PARAMS="" +COMMON_NAME=$1 +if [ "$1" = "-ip" ]; then + COMMON_NAME=$2 + echo "subjectAltName = IP:$COMMON_NAME" > $SCRIPT_PARENT_PATH/openssl-ext.cnf + ADDITIONAL_PARAMS="-extfile $SCRIPT_PARENT_PATH/openssl-ext.cnf" +fi + +CERTIFICATE_KEY=$COMMON_NAME.key +CERTIFICATE_CRT=$COMMON_NAME.crt +CA_CRT_PATH=$SCRIPT_PARENT_PATH/nginx/ssl/ca.pem +CA_KEY_PATH=$SCRIPT_PARENT_PATH/nginx/ssl/ca.key + +cd $SCRIPT_PARENT_PATH +openssl genrsa -out $CERTIFICATE_KEY 4096 +openssl req \ + -new \ + -key $CERTIFICATE_KEY \ + -nodes \ + -out server.csr \ + -subj "/C=FR/ST=Centre/L=Paris/O=Linagora/OU=IT/CN=$COMMON_NAME" +if [ ! -f "$CA_CRT_PATH" ]; then + openssl genrsa -out ca.key 4096 + openssl req \ + -new \ + -x509 \ + -nodes \ + -days 36500 \ + -key ca.key \ + -out ca.pem \ + -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd" + mv ca.pem ca.key $SCRIPT_PARENT_PATH/nginx/ssl +fi +openssl x509 \ + -req \ + -in server.csr \ + -CAkey $CA_KEY_PATH \ + -CA $CA_CRT_PATH \ + -set_serial -01 \ + -out $CERTIFICATE_CRT \ + -days 36500 \ + -sha256 $ADDITIONAL_PARAMS +openssl verify -CAfile $CA_CRT_PATH $CERTIFICATE_CRT +mv $CERTIFICATE_KEY $CERTIFICATE_CRT $SCRIPT_PARENT_PATH/nginx/ssl +rm server.csr +if [ -f "openssl-ext.cnf" ]; then + rm openssl-ext.cnf +fi \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/integration-tests-config.json b/packages/tom-server/src/administration-console-api/__testData__/integration-tests-config.json new file mode 100644 index 00000000..a1215012 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/integration-tests-config.json @@ -0,0 +1,33 @@ +{ + "additional_features": true, + "base_url": "http://host.docker.internal:3001/", + "cron_service": true, + "database_vacuum_delay": 7200, + "key_delay": 3600, + "keys_depth": 5, + "mail_link_delay": 7200, + "rate_limiting_window": 10000, + "server_name": "example.com", + "smtp_server": "localhost", + "userdb_engine": "ldap", + "template_dir": "./templates", + "ldap_base": "dc=example,dc=com", + "ldap_uri": "ldap://localhost:21389/", + "matrix_server": "matrix.example.com:444", + "registration_file_path": "./src/administration-console-api/__testData__/synapse-data/registration.yaml", + "namespaces": { + "aliases": [{ "exclusive": false, "regex": "#_twake_.*" }], + "users": [{ "exclusive": false, "regex": "@.*" }] + }, + "push_ephemeral": true, + "database_engine": "pg", + "database_host": "localhost:5434", + "database_name": "twakedb", + "database_user": "twake", + "database_password": "twake!1", + "matrix_database_engine": "pg", + "matrix_database_host": "localhost:5434", + "matrix_database_name": "synapse", + "matrix_database_password": "synapse!1", + "matrix_database_user": "synapse" +} \ No newline at end of file diff --git a/packages/tom-server/src/application-server/__testData__/ldap/Dockerfile b/packages/tom-server/src/administration-console-api/__testData__/ldap/Dockerfile similarity index 100% rename from packages/tom-server/src/application-server/__testData__/ldap/Dockerfile rename to packages/tom-server/src/administration-console-api/__testData__/ldap/Dockerfile diff --git a/packages/tom-server/src/application-server/__testData__/ldap/ldif/base_ldap_users.ldif b/packages/tom-server/src/administration-console-api/__testData__/ldap/ldif/base_ldap_users.ldif similarity index 100% rename from packages/tom-server/src/application-server/__testData__/ldap/ldif/base_ldap_users.ldif rename to packages/tom-server/src/administration-console-api/__testData__/ldap/ldif/base_ldap_users.ldif diff --git a/packages/tom-server/src/application-server/__testData__/ldap/ldif/config-20230322180123.ldif b/packages/tom-server/src/administration-console-api/__testData__/ldap/ldif/config-20230322180123.ldif similarity index 100% rename from packages/tom-server/src/application-server/__testData__/ldap/ldif/config-20230322180123.ldif rename to packages/tom-server/src/administration-console-api/__testData__/ldap/ldif/config-20230322180123.ldif diff --git a/packages/tom-server/src/administration-console-api/__testData__/llng/lmConf-1.json b/packages/tom-server/src/administration-console-api/__testData__/llng/lmConf-1.json new file mode 100644 index 00000000..e187c211 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/llng/lmConf-1.json @@ -0,0 +1,456 @@ +{ + "ADPwdExpireWarning": 0, + "ADPwdMaxAge": 0, + "SMTPServer": "", + "SMTPTLS": "", + "SSLAuthnLevel": 5, + "SSLIssuerVar": "SSL_CLIENT_I_DN", + "SSLVar": "SSL_CLIENT_S_DN_Email", + "SSLVarIf": {}, + "activeTimer": 1, + "apacheAuthnLevel": 3, + "applicationList": {}, + "authChoiceParam": "lmAuth", + "authentication": "LDAP", + "available2F": "UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius,Password", + "available2FSelfRegistration": "Password,TOTP,U2F,WebAuthn,Yubikey", + "bruteForceProtectionLockTimes": "15, 30, 60, 300, 600", + "bruteForceProtectionMaxAge": 300, + "bruteForceProtectionMaxFailed": 3, + "bruteForceProtectionMaxLockTime": 900, + "bruteForceProtectionTempo": 30, + "captcha_mail_enabled": 1, + "captcha_register_enabled": 1, + "captcha_size": 6, + "casAccessControlPolicy": "none", + "casAuthnLevel": 1, + "casTicketExpiration": 0, + "certificateResetByMailCeaAttribute": "description", + "certificateResetByMailCertificateAttribute": "userCertificate;binary", + "certificateResetByMailURL": "https://auth.example.com/certificateReset", + "certificateResetByMailValidityDelay": 0, + "cfgAuthor": "The LemonLDAP::NG team", + "cfgDate": "1627287638", + "cfgNum": "1", + "cfgVersion": "2.0.16", + "checkDevOpsCheckSessionAttributes": 1, + "checkDevOpsDisplayNormalizedHeaders": 1, + "checkDevOpsDownload": 1, + "checkHIBPRequired": 1, + "checkHIBPURL": "https://api.pwnedpasswords.com/range/", + "checkTime": 600, + "checkUserDisplayComputedSession": 1, + "checkUserDisplayEmptyHeaders": 0, + "checkUserDisplayEmptyValues": 0, + "checkUserDisplayHiddenAttributes": 0, + "checkUserDisplayHistory": 0, + "checkUserDisplayNormalizedHeaders": 0, + "checkUserDisplayPersistentInfo": 0, + "checkUserHiddenAttributes": "_loginHistory, _session_id, hGroups", + "checkUserIdRule": 1, + "checkXSS": 1, + "confirmFormMethod": "post", + "contextSwitchingIdRule": 1, + "contextSwitchingPrefix": "switching", + "contextSwitchingRule": 0, + "contextSwitchingStopWithLogout": 1, + "cookieName": "lemonldap", + "corsAllow_Credentials": "true", + "corsAllow_Headers": "*", + "corsAllow_Methods": "POST,GET", + "corsAllow_Origin": "*", + "corsEnabled": 1, + "corsExpose_Headers": "*", + "corsMax_Age": "86400", + "crowdsecAction": "reject", + "cspConnect": "'self'", + "cspDefault": "'self'", + "cspFont": "'self'", + "cspFormAction": "*", + "cspFrameAncestors": "", + "cspImg": "'self' data:", + "cspScript": "'self'", + "cspStyle": "'self'", + "dbiAuthnLevel": 2, + "dbiExportedVars": {}, + "decryptValueRule": 0, + "demoExportedVars": { + "cn": "cn", + "mail": "mail", + "uid": "uid" + }, + "displaySessionId": 1, + "domain": "example.com", + "exportedHeaders": {}, + "exportedVars": {}, + "ext2fActivation": 0, + "ext2fCodeActivation": "\\d{6}", + "facebookAuthnLevel": 1, + "facebookExportedVars": {}, + "facebookUserField": "id", + "failedLoginNumber": 5, + "findUserControl": "^[*\\w]+$", + "findUserWildcard": "*", + "formTimeout": 120, + "githubAuthnLevel": 1, + "githubScope": "user:email", + "githubUserField": "login", + "globalLogoutRule": 0, + "globalLogoutTimer": 1, + "globalStorage": "Apache::Session::File", + "globalStorageOptions": { + "Directory": "/var/lib/lemonldap-ng/sessions", + "LockDirectory": "/var/lib/lemonldap-ng/sessions/lock", + "generateModule": "Lemonldap::NG::Common::Apache::Session::Generate::SHA256" + }, + "gpgAuthnLevel": 5, + "gpgDb": "", + "grantSessionRules": {}, + "groups": {}, + "handlerInternalCache": 15, + "handlerServiceTokenTTL": 30, + "hiddenAttributes": "_password, _2fDevices", + "httpOnly": 1, + "https": -1, + "impersonationHiddenAttributes": "_2fDevices, _loginHistory", + "impersonationIdRule": 1, + "impersonationMergeSSOgroups": 0, + "impersonationPrefix": "real_", + "impersonationRule": 0, + "impersonationSkipEmptyValues": 1, + "infoFormMethod": "get", + "issuerDBCASPath": "^/cas/", + "issuerDBCASRule": 1, + "issuerDBGetParameters": {}, + "issuerDBGetPath": "^/get/", + "issuerDBGetRule": 1, + "issuerDBOpenIDConnectActivation": 1, + "issuerDBOpenIDConnectPath": "^/oauth2/", + "issuerDBOpenIDConnectRule": 1, + "issuerDBOpenIDPath": "^/openidserver/", + "issuerDBOpenIDRule": 1, + "issuerDBSAMLPath": "^/saml/", + "issuerDBSAMLRule": 1, + "issuersTimeout": 120, + "jsRedirect": 0, + "key": "^vmTGvh{+]5!ToB?", + "krbAuthnLevel": 3, + "krbRemoveDomain": 1, + "ldapServer": "host.docker.internal:21389", + "ldapAuthnLevel": 2, + "ldapBase": "dc=example,dc=com", + "ldapExportedVars": { + "cn": "cn", + "mail": "mail", + "uid": "uid" + }, + "ldapGroupAttributeName": "member", + "ldapGroupAttributeNameGroup": "dn", + "ldapGroupAttributeNameSearch": "cn", + "ldapGroupAttributeNameUser": "dn", + "ldapGroupObjectClass": "groupOfNames", + "ldapIOTimeout": 10, + "ldapPasswordResetAttribute": "pwdReset", + "ldapPasswordResetAttributeValue": "TRUE", + "ldapPwdEnc": "utf-8", + "ldapSearchDeref": "find", + "ldapTimeout": 10, + "ldapUsePasswordResetAttribute": 1, + "ldapVerify": "require", + "ldapVersion": 3, + "linkedInAuthnLevel": 1, + "linkedInFields": "id,first-name,last-name,email-address", + "linkedInScope": "r_liteprofile r_emailaddress", + "linkedInUserField": "emailAddress", + "localSessionStorage": "Cache::FileCache", + "localSessionStorageOptions": { + "cache_depth": 3, + "cache_root": "/var/lib/lemonldap-ng/cache", + "default_expires_in": 600, + "directory_umask": "007", + "namespace": "lemonldap-ng-sessions" + }, + "locationDetectGeoIpLanguages": "en, fr", + "locationRules": { + "auth.example.com": { + "(?#checkUser)^/checkuser": "inGroup(\"timelords\")", + "(?#errors)^/lmerror/": "accept", + "default": "accept" + } + }, + "loginHistoryEnabled": 1, + "logoutServices": {}, + "macros": { + "UA": "$ENV{HTTP_USER_AGENT}", + "_whatToTrace": "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidc_OP) : lc($_user)" + }, + "mail2fActivation": 0, + "mail2fCodeRegex": "\\d{6}", + "mailCharset": "utf-8", + "mailFrom": "noreply@example.com", + "mailSessionKey": "mail", + "mailTimeout": 0, + "mailUrl": "https://auth.example.com/resetpwd", + "managerDn": "", + "managerPassword": "", + "max2FDevices": 10, + "max2FDevicesNameLength": 20, + "multiValuesSeparator": "; ", + "mySessionAuthorizedRWKeys": [ + "_appsListOrder", + "_oidcConnectedRP", + "_oidcConsents" + ], + "newLocationWarningLocationAttribute": "ipAddr", + "newLocationWarningLocationDisplayAttribute": "", + "newLocationWarningMaxValues": "0", + "notification": 0, + "notificationDefaultCond": "", + "notificationServerPOST": 1, + "notificationServerSentAttributes": "uid reference date title subtitle text check", + "notificationStorage": "File", + "notificationStorageOptions": { + "dirName": "/var/lib/lemonldap-ng/notifications" + }, + "notificationWildcard": "allusers", + "notificationsMaxRetrieve": 3, + "notifyDeleted": 1, + "nullAuthnLevel": 0, + "oidcAuthnLevel": 1, + "oidcOPMetaDataExportedVars": {}, + "oidcOPMetaDataJSON": {}, + "oidcOPMetaDataJWKS": {}, + "oidcOPMetaDataOptions": {}, + "oidcRPCallbackGetParam": "openidconnectcallback", + "oidcRPMetaDataExportedVars": { + "matrix1": { + "email": "mail", + "family_name": "cn", + "given_name": "cn", + "name": "cn", + "nickname": "uid", + "preferred_username": "uid" + } + }, + "oidcRPMetaDataMacros": null, + "oidcRPMetaDataOptions": { + "matrix1": { + "oidcRPMetaDataOptionsAccessTokenClaims": 0, + "oidcRPMetaDataOptionsAccessTokenJWT": 0, + "oidcRPMetaDataOptionsAccessTokenSignAlg": "RS256", + "oidcRPMetaDataOptionsAllowClientCredentialsGrant": 0, + "oidcRPMetaDataOptionsAllowOffline": 0, + "oidcRPMetaDataOptionsAllowPasswordGrant": 0, + "oidcRPMetaDataOptionsBypassConsent": 1, + "oidcRPMetaDataOptionsClientID": "matrix1", + "oidcRPMetaDataOptionsClientSecret": "matrix1*", + "oidcRPMetaDataOptionsIDTokenForceClaims": 0, + "oidcRPMetaDataOptionsIDTokenSignAlg": "RS256", + "oidcRPMetaDataOptionsLogoutBypassConfirm": 0, + "oidcRPMetaDataOptionsLogoutSessionRequired": 1, + "oidcRPMetaDataOptionsLogoutType": "back", + "oidcRPMetaDataOptionsPublic": 0, + "oidcRPMetaDataOptionsRedirectUris": "https://matrix.example.com:444/_synapse/client/oidc/callback", + "oidcRPMetaDataOptionsRefreshToken": 0, + "oidcRPMetaDataOptionsRequirePKCE": 0 + } + }, + "oidcRPMetaDataOptionsExtraClaims": null, + "oidcRPMetaDataScopeRules": null, + "oidcRPStateTimeout": 600, + "oidcServiceAccessTokenExpiration": 3600, + "oidcServiceAllowAuthorizationCodeFlow": 1, + "oidcServiceAllowImplicitFlow": 0, + "oidcServiceAuthorizationCodeExpiration": 60, + "oidcServiceDynamicRegistrationExportedVars": {}, + "oidcServiceDynamicRegistrationExtraClaims": {}, + "oidcServiceIDTokenExpiration": 3600, + "oidcServiceIgnoreScopeForClaims": 1, + "oidcServiceKeyIdSig": "oMGHInscAW3Nsa0FcnCnDA", + "oidcServiceMetaDataAuthnContext": { + "loa-1": 1, + "loa-2": 2, + "loa-3": 3, + "loa-4": 4, + "loa-5": 5 + }, + "oidcServiceMetaDataAuthorizeURI": "authorize", + "oidcServiceMetaDataBackChannelURI": "blogout", + "oidcServiceMetaDataCheckSessionURI": "checksession.html", + "oidcServiceMetaDataEndSessionURI": "logout", + "oidcServiceMetaDataFrontChannelURI": "flogout", + "oidcServiceMetaDataIntrospectionURI": "introspect", + "oidcServiceMetaDataJWKSURI": "jwks", + "oidcServiceMetaDataRegistrationURI": "register", + "oidcServiceMetaDataTokenURI": "token", + "oidcServiceMetaDataUserInfoURI": "userinfo", + "oidcServiceOfflineSessionExpiration": 2592000, + "oidcServicePrivateKeySig": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDywteBzIOlhKc4\nO+vhMStDYOpPYrWDOodkUZ7OsxlWVNZ/b/lqIFS56+MHPkKNQuT4zZCyO8bEKmmR\nZ6kPFJoGbO1zJCPQ/RKjimX4J/5gDb1BAlo+6agJi55e3Bw0zKNJDU0mRyedcIzW\n7ywTgyj6B35pl/Sfloi4Q1XEizHar+26h66SOEtnppMxGvwsxO8gFWz26CPmalvY\n5GNYR0txbXUZn7I4kDa4mMWgNfeocWc78Qbt4RV5EuQdbRh1sou4tL9Nn4EuGhg0\nmfsSI0xVAj7f82Wn3kW6qEbhuejrY7aqmZjN7yrMKtCBuV7o4hVrjYLuM2j0mInY\nMy5nRNOVAgMBAAECggEAJ145nK8R2lG83H27LvXOUkrxNJaJYRKoyjgCTPr2bO2t\nK1V5WSCNHOmIE7ChEk962m5bvMu83CsUm6P34p4wrEIV78o4lLe1whe7mZbCxcj0\nnApJoFI8EfA2aqO/X0CgakRh8ocvgXSzIlf/CdsHViTI907ROOAso9Unn4wDNbdp\nMrhi3H2SnA+ewzj85WygBVTNQmVBjJSSLXTQRkfHye0ztvQm59gqqaJaM2rkBjvA\nlPWAVsgakOk4pgClKElCsIjWPJwdYtcd8VJrwnro5J9KhMwB//AArGgqOaXUHnLH\nv5aZZp6FjV/M3BxbSp4cG6hXmK1hrDFLecRddYP1gQKBgQD+Y4/ee57Z0E2V8833\nYfrK3F23sfxmZ7zUwEbgFXUfRy3RVW7Hbc7PAJzxzrk+LYk/zaZrrfEJguqG2O6m\nVNYkqxKu69Nn964CMdV15JGxVzpzsN5adKlcvKVVv9gx2rF3SMUOHiRutj2BlUtO\niCq0G3jFsXWIRzePig9PbWP6CQKBgQD0TG2DeDDUgKbeJYIzXfmCvGxlm5MZqCc/\nK7d8P9U0svG//jJRTsa9hcLjk7N24CzhLNHyJmT7dh1Xy1oLyHNPZ4nQRmCe+HUf\nu0SK10WZ2K55ekUmqS+xSuDFWJtWa5SE46cKg0fKu7YkiDKI1s6I3qrF4lew2aDE\n2p8GJRrgLQKBgCh2PZPtpb6PW0fWl5QZiYJqup1VOggvx+EvFBbgUti+wZLiO9SM\nqrBSMKRldSFmrMXxN984s3YH1LXOG2dpZwY+D6Ky79VBl/PRaVpvGJ1Uen+cSkGo\n/Kc7ejDBaunDFycZ8/3i3Xiek/ngfTHohqJPHE6Vg1RBv5ydIQJJK/XBAoGAU1XO\n9c4GOjc4tQbuhz9DYgmMoIyVfWcTHEV5bfUIcdWpCelYmMval8QNWzyDN8X5CUcU\nxxm50N3V3KENsn9KdofHRzj6tL/klFJ5azNMFtMHkYDYHfwQvNXiHu++7Zf9LefK\nj5eA4fNuir+7HVrJUX9DmgVADJ/wa7Z4EMyPgnECgYA/NLUs4920h10ie5lFffpM\nqq6CRcBjsQ7eGK9UI1Z2KZUh94eqIENSJ7whBjXKvJJvhAlH4//lVFMMRs7oJePY\nThg+8In7PB64yMOIJZLc5Fekn9aGG6YtErPzePQkXSYCKZxWl5EpjQZGgPRVkNtD\n2nflyJLjiCbTjeNgWIOZlw==\n-----END PRIVATE KEY-----\n", + "oidcServicePublicKeySig": "-----BEGIN CERTIFICATE-----\nMIICuDCCAaCgAwIBAgIEFU77HjANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNt\nYXRyaXgubGluYWdvcmEuY29tMB4XDTIzMDIxNTAzMTk0NloXDTQzMDIxMDAzMTk0\nNlowHjEcMBoGA1UEAwwTbWF0cml4LmxpbmFnb3JhLmNvbTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBAPLC14HMg6WEpzg76+ExK0Ng6k9itYM6h2RRns6z\nGVZU1n9v+WogVLnr4wc+Qo1C5PjNkLI7xsQqaZFnqQ8UmgZs7XMkI9D9EqOKZfgn\n/mANvUECWj7pqAmLnl7cHDTMo0kNTSZHJ51wjNbvLBODKPoHfmmX9J+WiLhDVcSL\nMdqv7bqHrpI4S2emkzEa/CzE7yAVbPboI+ZqW9jkY1hHS3FtdRmfsjiQNriYxaA1\n96hxZzvxBu3hFXkS5B1tGHWyi7i0v02fgS4aGDSZ+xIjTFUCPt/zZafeRbqoRuG5\n6OtjtqqZmM3vKswq0IG5XujiFWuNgu4zaPSYidgzLmdE05UCAwEAATANBgkqhkiG\n9w0BAQsFAAOCAQEArNmGxZVvmvdOLctv+zQ+npzQtOTaJcf+r/1xYuM4FZVe4yLc\ny9ElDskoDWjvQU7jKeJeaDOYgMJQNrek8Doj8uHPWNe6jYFa62Csg9aPz6e8qbtq\nWI+sXds5GJd6xZ8mi2L4MdT/tf8dBgcgybuoRyhBtJwG1rLNAYkeXMxkBzOFcU7K\nR/SZ0q9ToLAWFDhn42MTjPN3t6GwKDzGNsM/SI/3WvUwpQbtK91hjPnNDwKiAtGG\nfUteuigfXY+0hEcQwJdR0St/FQ8UYYcAB5YT9IkT1wCcU5LfPHCBf3OXNpbnQsHh\netQMKLibM6wWdXNwmsd1szO66ft3QZ4h4EG3Vw==\n-----END CERTIFICATE-----\n", + "oidcStorageOptions": {}, + "openIdAuthnLevel": 1, + "openIdExportedVars": {}, + "openIdIDPList": "0;", + "openIdSPList": "0;", + "openIdSreg_email": "mail", + "openIdSreg_fullname": "cn", + "openIdSreg_nickname": "uid", + "openIdSreg_timezone": "_timezone", + "pamAuthnLevel": 2, + "pamService": "login", + "password2fActivation": 0, + "password2fSelfRegistration": 0, + "password2fUserCanRemoveKey": 1, + "passwordDB": "Demo", + "passwordPolicyActivation": 1, + "passwordPolicyMinDigit": 0, + "passwordPolicyMinLower": 0, + "passwordPolicyMinSize": 0, + "passwordPolicyMinSpeChar": 0, + "passwordPolicyMinUpper": 0, + "passwordPolicySpecialChar": "__ALL__", + "passwordResetAllowedRetries": 3, + "persistentSessionAttributes": "_loginHistory _2fDevices notification_", + "persistentStorage": "Apache::Session::File", + "persistentStorageOptions": { + "Directory": "/var/lib/lemonldap-ng/psessions", + "LockDirectory": "/var/lib/lemonldap-ng/psessions/lock" + }, + "port": -1, + "portal": "https://auth.example.com", + "portalAntiFrame": 1, + "portalCheckLogins": 1, + "portalDisplayAppslist": 1, + "portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/", + "portalDisplayGeneratePassword": 1, + "portalDisplayLoginHistory": 1, + "portalDisplayLogout": 1, + "portalDisplayOidcConsents": "$_oidcConsents && $_oidcConsents =~ /\\w+/", + "portalDisplayOrder": "Appslist ChangePassword LoginHistory OidcConsents Logout", + "portalDisplayRefreshMyRights": 1, + "portalDisplayRegister": 1, + "portalErrorOnExpiredSession": 1, + "portalFavicon": "common/favicon.ico", + "portalForceAuthnInterval": 5, + "portalMainLogo": "common/logos/logo_llng_400px.png", + "portalPingInterval": 60000, + "portalRequireOldPassword": 1, + "portalSkin": "bootstrap", + "portalSkinBackground": "1280px-Cedar_Breaks_National_Monument_partially.jpg", + "portalUserAttr": "_user", + "proxyAuthServiceChoiceParam": "lmAuth", + "proxyAuthnLevel": 2, + "radius2fActivation": 0, + "radius2fTimeout": 20, + "radiusAuthnLevel": 3, + "radiusExportedVars": {}, + "randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}", + "redirectFormMethod": "get", + "registerDB": "Null", + "registerTimeout": 0, + "registerUrl": "https://auth.example.com/register", + "reloadTimeout": 5, + "reloadUrls": { + "localhost": "https://reload.example.com/reload" + }, + "rememberAuthChoiceRule": 0, + "rememberCookieName": "llngrememberauthchoice", + "rememberCookieTimeout": 31536000, + "rememberTimer": 5, + "remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP", + "remoteGlobalStorageOptions": { + "ns": "https://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService", + "proxy": "https://auth.example.com/sessions" + }, + "requireToken": 1, + "rest2fActivation": 0, + "restAuthnLevel": 2, + "restClockTolerance": 15, + "sameSite": "", + "samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;", + "samlAuthnContextMapKerberos": 4, + "samlAuthnContextMapPassword": 2, + "samlAuthnContextMapPasswordProtectedTransport": 3, + "samlAuthnContextMapTLSClient": 5, + "samlEntityID": "#PORTAL#/saml/metadata", + "samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", + "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", + "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", + "samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;", + "samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;", + "samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;", + "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;", + "samlIDPSSODescriptorWantAuthnRequestsSigned": 1, + "samlMetadataForceUTF8": 1, + "samlNameIDFormatMapEmail": "mail", + "samlNameIDFormatMapKerberos": "uid", + "samlNameIDFormatMapWindows": "uid", + "samlNameIDFormatMapX509": "mail", + "samlOrganizationDisplayName": "Example", + "samlOrganizationName": "Example", + "samlOrganizationURL": "https://www.example.com", + "samlOverrideIDPEntityID": "", + "samlRelayStateTimeout": 600, + "samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", + "samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact", + "samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost", + "samlSPSSODescriptorAuthnRequestsSigned": 1, + "samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", + "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", + "samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;", + "samlSPSSODescriptorWantAssertionsSigned": 1, + "samlServiceSignatureMethod": "RSA_SHA256", + "scrollTop": 400, + "securedCookie": 0, + "sessionDataToRemember": {}, + "sfEngine": "::2F::Engines::Default", + "sfManagerRule": 1, + "sfRemovedMsgRule": 0, + "sfRemovedNotifMsg": "_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!", + "sfRemovedNotifRef": "RemoveSF", + "sfRemovedNotifTitle": "Second factor notification", + "sfRequired": 0, + "showLanguages": 1, + "singleIP": 0, + "singleSession": 0, + "singleUserByIP": 0, + "slaveAuthnLevel": 2, + "slaveExportedVars": {}, + "soapProxyUrn": "urn:Lemonldap/NG/Common/PSGI/SOAPService", + "stayConnected": 0, + "stayConnectedCookieName": "llngconnection", + "stayConnectedTimeout": 2592000, + "successLoginNumber": 5, + "timeout": 72000, + "timeoutActivity": 0, + "timeoutActivityInterval": 60, + "totp2fActivation": 0, + "totp2fDigits": 6, + "totp2fInterval": 30, + "totp2fRange": 1, + "totp2fSelfRegistration": 0, + "totp2fUserCanRemoveKey": 1, + "twitterAuthnLevel": 1, + "twitterUserField": "screen_name", + "u2fActivation": 0, + "u2fSelfRegistration": 0, + "u2fUserCanRemoveKey": 1, + "upgradeSession": 1, + "useRedirectOnError": 1, + "useSafeJail": 1, + "userControl": "^[\\w\\.\\-@]+$", + "userDB": "Same", + "utotp2fActivation": 0, + "viewerHiddenKeys": "samlIDPMetaDataNodes, samlSPMetaDataNodes", + "webIDAuthnLevel": 1, + "webIDExportedVars": {}, + "webauthn2fActivation": 0, + "webauthn2fSelfRegistration": 0, + "webauthn2fUserCanRemoveKey": 1, + "webauthn2fUserVerification": "preferred", + "whatToTrace": "_whatToTrace", + "yubikey2fActivation": 0, + "yubikey2fPublicIDSize": 12, + "yubikey2fSelfRegistration": 0, + "yubikey2fUserCanRemoveKey": 1 +} diff --git a/packages/tom-server/src/application-server/__testData__/llng/ssl.conf b/packages/tom-server/src/administration-console-api/__testData__/llng/ssl.conf similarity index 100% rename from packages/tom-server/src/application-server/__testData__/llng/ssl.conf rename to packages/tom-server/src/administration-console-api/__testData__/llng/ssl.conf diff --git a/packages/tom-server/src/application-server/__testData__/config.json b/packages/tom-server/src/administration-console-api/__testData__/mock-tests-config.json similarity index 54% rename from packages/tom-server/src/application-server/__testData__/config.json rename to packages/tom-server/src/administration-console-api/__testData__/mock-tests-config.json index ac6e4d47..9a1bb228 100644 --- a/packages/tom-server/src/application-server/__testData__/config.json +++ b/packages/tom-server/src/administration-console-api/__testData__/mock-tests-config.json @@ -1,9 +1,7 @@ { "additional_features": true, - "base_url": "http://host.docker.internal:3001/", + "base_url": "http://localhost:3001/", "cron_service": true, - "database_engine": "sqlite", - "database_host": "./src/application-server/__testData__/test.db", "database_vacuum_delay": 7200, "key_delay": 3600, "keys_depth": 5, @@ -11,17 +9,18 @@ "rate_limiting_window": 10000, "server_name": "example.com", "smtp_server": "localhost", - "userdb_engine": "ldap", + "userdb_engine": "sqlite", + "userdb_host": "./src/administration-console-api/__testData__/user.db", "template_dir": "./templates", - "ldap_base": "dc=example,dc=com", - "ldap_uri": "ldap://localhost:21389/", "matrix_server": "matrix.example.com", - "registration_file_path": "./src/application-server/__testData__/synapse-data/registration.yaml", - "matrix_database_engine": "sqlite", - "matrix_database_host": "./src/application-server/__testData__/synapse-data/homeserver.db", + "registration_file_path": "./src/administration-console-api/__testData__/registration-mock.yaml", "namespaces": { "aliases": [{ "exclusive": false, "regex": "#_twake_.*" }], "users": [{ "exclusive": false, "regex": "@.*" }] }, - "push_ephemeral": true -} + "push_ephemeral": true, + "database_engine": "sqlite", + "database_host": "./src/administration-console-api/__testData__/twake.db", + "matrix_database_engine": "sqlite", + "matrix_database_host": "./src/administration-console-api/__testData__/matrix.db" +} \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/9da13359.0 b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/9da13359.0 new file mode 120000 index 00000000..e375f5ab --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/9da13359.0 @@ -0,0 +1 @@ +ca.pem \ No newline at end of file diff --git a/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/auth.example.com.crt b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/auth.example.com.crt new file mode 100644 index 00000000..4f8fcb7b --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/auth.example.com.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFJDCCAwwCAf8wDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV +BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDAgFw0yNDA0MTExODI5MTBaGA8yMTI0MDMxODE4MjkxMFowaTELMAkGA1UEBhMC +RlIxDzANBgNVBAgMBkNlbnRyZTEOMAwGA1UEBwwFUGFyaXMxETAPBgNVBAoMCExp +bmFnb3JhMQswCQYDVQQLDAJJVDEZMBcGA1UEAwwQYXV0aC5leGFtcGxlLmNvbTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALz58JVeJXCzNLwN/Tj55WR6 +dZBOtuAMMzuMrpFhcqczWaptEAOwnMMMhX9FzEv7Zu/+grAc9XdbWnTrWg6/AR+a +cEvrxNAwT+LMaipY+JxuW6NMUPxN9sNDKCcON1v58ma8cGze8ZX29k+k4t4D5PMp +cPpCS8Fh5ffOk+jwleKxS6csO47W9/jOsfkRxweOivxnU7oOTEvZNRmszJIZkuOV +0W7qKhfRAmpeZLCLY1cvCkFBOT5PcTBjZclq1h3XynbY7gestU3aw5TYITf6kkjj +G0E/Z5BuOL8DVKKoE58nx8OYxqKPsrvI0tjcKqxFlsaMfGelqGtE7/9rN3wMhvjv +Q0AeR3qEiu+phSq1pDa+2hohcV2I8FRKF2JgrtqjXJ1R4pLEta4rwryjtJ8KqCLm +OAOqDZpHV/jkBfmAeZgZx4HppI5SVplzZ2CBm4mAdM4YTWJpTvrgJFiQLmLorxFe +ttUk1g9EyngAICfGXcNfCNBNJ2QRyHfPlr+cRYPeQWkn0cqxsy9IcmQkadtwowUp +UzqRHYCvadvSeRvCJnsJGCYotMH/4UhbQqQxjKgGFTnvQR1CYRLPUUaT0PKJKxM8 +o0QdU0F73Lb7ovRqMjWfJXcUL3nylfTRivGqodaaSRNdhbmZnVLLpsPULwFWFsyg +UPbOl1PX4JOzvpVEA1ujAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAFHQYRxesrRe +8E5JumE2M5IpMu67YspQbqfaj5KZapIi0jAl5+OB9snnxicQUfV8HPFxzQxIkyL2 +MNZWG0O/4ThzDIXyOykMRycubeR+TchUmJGbp9RBl3dBSdkTcC+CwjiJfTuoAj3o +bq+Gkho37osjJGMBz4L4cGxH39R+MZTtqJ+8INf+/h7kpXp8x+USoJPVkMc63r7U +UboVtW4jNJGQzTwWd8s/bdjjWEh0VD+B2JHLjuM84D6Y5FwHWN+HYrzPlkYJ120Z +orThk02t8H//17g9x9+GI0N9CvcbyN5+gHn5VV7aVUqTkMbigoNmgGfsYy7TNoq5 +LanqJAviidzuyD1pod0KEHzEcYYNs9Kdq14rastDNgmHZOAXAE72oTRQQ14mvnhy +UYC1b9GIMa+uRlG5v20E5ykwcmthv6wbt1Jbcan26WJFJFkubtdowc6z2ncqRSV1 +sL8nudEK8SGHrWsmM+USkRu/NEZLje7lo/uE/ZSw99I8SKjYwmjtGW+XleLQ859b +5Kj67+znUGyLqvK1L3OofmhTMcLhrnyr5mLTpdG7cMT1abfekHXyNgLsr/la/V2P +pEz/bbalQQdeYfSTaaeellwJNNxYIuneF0wu4BBhwHV1U6crhImnnDVzeju4PdzQ +8Eq5F9RX4f9Q/cixo1P9vVMVR/eKDlik +-----END CERTIFICATE----- diff --git a/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/auth.example.com.key b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/auth.example.com.key new file mode 100644 index 00000000..21362724 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/auth.example.com.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC8+fCVXiVwszS8 +Df04+eVkenWQTrbgDDM7jK6RYXKnM1mqbRADsJzDDIV/RcxL+2bv/oKwHPV3W1p0 +61oOvwEfmnBL68TQME/izGoqWPicblujTFD8TfbDQygnDjdb+fJmvHBs3vGV9vZP +pOLeA+TzKXD6QkvBYeX3zpPo8JXisUunLDuO1vf4zrH5EccHjor8Z1O6DkxL2TUZ +rMySGZLjldFu6ioX0QJqXmSwi2NXLwpBQTk+T3EwY2XJatYd18p22O4HrLVN2sOU +2CE3+pJI4xtBP2eQbji/A1SiqBOfJ8fDmMaij7K7yNLY3CqsRZbGjHxnpahrRO// +azd8DIb470NAHkd6hIrvqYUqtaQ2vtoaIXFdiPBUShdiYK7ao1ydUeKSxLWuK8K8 +o7SfCqgi5jgDqg2aR1f45AX5gHmYGceB6aSOUlaZc2dggZuJgHTOGE1iaU764CRY +kC5i6K8RXrbVJNYPRMp4ACAnxl3DXwjQTSdkEch3z5a/nEWD3kFpJ9HKsbMvSHJk +JGnbcKMFKVM6kR2Ar2nb0nkbwiZ7CRgmKLTB/+FIW0KkMYyoBhU570EdQmESz1FG +k9DyiSsTPKNEHVNBe9y2+6L0ajI1nyV3FC958pX00YrxqqHWmkkTXYW5mZ1Sy6bD +1C8BVhbMoFD2zpdT1+CTs76VRANbowIDAQABAoICAEa/L3FL8KpTfL+WYSFudJF8 +Qv0GavJPvvJhRY1JtRmhYMUr1V38RYPD8UpngAdGFBBu8NAr1z2a5q902J9CpJIH +SFkz59ek7pNSwcAe1NwDeK0Wyg7axTHut15/tPvrA/OwQkqP4FOrRCUm7oP9Yz4h +WplmLmQ0WVq/bKI9R2+5vj/UkGt2URlFkF1VaXSLyb6alD7IUYnnxDhbd66Ogm5P +TTu/0IhgCA54TivF0yf1hVpOp7aLGS3rWFTieUxs1/BMYDhhUPLXnnbfvvftB8zf +sPlpWkU47mecQJgwYkAoLWItlNeRAnHIyh7DtfoOh1bHi19mJjoacdrmcbwwGGr+ +vgDqrNP8u73banBoDrQDcCvghTxKbmjeA65KKXFu2qwXFwccZItJ6H1uoW/ylMvf +E2QTsmU0WC9qSDve6ZYKepkZExEFonYpQgpHUw6/x7eGg6fwlYq0aOxDdxuyF1XO +yJTi88WGAsNMMRKBo1w+zhcSOeEbwWUM4j4PuL6c/MCmhsndXUinKiNrJscvmbJE +pLsbm3GRGaasgubV3jmHi2VgIZNXcP58x+hUCtTmMYGYHYqwkU0dIufFWD4L7sse +qhXAMzZKxBbcFCQjfMkfBY/ocOGMdPvGQehYY49pLS5c7E6wCoLVLQwwtFzO5Uuc +UH375K/wnx+ZQCqmz30pAoIBAQDeF6Y4tElc8Sydn+/l7KAROVkaneFKfmM6u2ds +ADPFC7wvMlddDSnMqfdHAq58w9UKrZEnqnp6iXS5mxgW1Z36rq3I7jBy8IIzajQB +ksWxxtz3vt7XmsAj/Fd2Q4v0zxZ4++WK8sC5f+0NVjfx7EHW4IsWyRpa1pbKtjcO +Ti+jmkC6R1VKHLl08gQfD0fxEDbGXeJ8Qio5Jl/v09oWvXw00iigS0VXkXm45wQK +Y5syZ8sqAiXvsy6oApUaTRmEDellG42kGFxiuCL3/ElYrgMPP7pHlXgILNSxJhYf ++IyHoDigYMRzhlUyUKnoZ2vii/XL9qdULMcNqWAnljAkLcqFAoIBAQDZ0/gL+Zsg +sjPpAt/yQLZiyveMRCzgGnLlrg0yOaX6efV+rzUZLUCTmnPW4876KzrxIviTaSKh +YEMNXL2h+CYxvxbuHacPc/27K+myiBn+ln5MO1mBxCNs/zCKeeuhgg24Hmr30asT +Y+ef0tnGdo6qqMcXqU4x1QU2Qi0RqBbTz5f/HMrbrPoQHXw7S8GaQS6LHn+nhdbQ +9vklCr7Bcj8NprG2oAVapb4xRPDXFm0HXRexEKa6olAO5Dbp1nNBLz7B6JlpZDrF +yqFDh0fAFvTzbmyyYgoKT/9xyyLzCMi5c9f+XFsuEd5qL53XcsKGGn1/Pa/KhaN4 +aW2+rpleNSoHAoIBAAGI/lAkBuHKlPld8qWPNigIUnJZpwYBy6PLSdK4SaNSCnH1 +Eh+FiMVuY1QtU5FvNRjGzFsO1ZvlOVZTGR6HSXlDHdZmtxUETpIWaNed8RniewKH +YjjxS+SzyNL7cos1pz0c2KBWPzjJBpVyBB76+BWJJcz5hOId25r5GXZS2gdyeIIR +HijN/AYv6hFg5Klo6EgEvB0JxArzFfStbTN9Cc+/qCI7gvYw/jtl9WQw/hCiIQhg +TWzTuz3UDr3IzKVaB0P4pcj9lh3kkfFO4B7pzQGc+iemg9bioHG9Bqgf6rDBTcLm +CFWYFxyq7BG8LUW6m+9V/CAb0yBoDE8ZvalyW5UCggEAO+1S+ohrIy2jlmFSFyWy +h69rN02yQt1D6uhdfQnbHfPblETDiO+oKnN9lwsJcE3gY2LJnFR6UIdZKx3uldbd +OyZlOpEx2tCAZ7QHETTcYewpRvO1BjxduqjiQ9aS+tX6zEKiDxfBxw3fNVseyrjn +OxA/5cSQXKlMS8cc+xSRYyhjmq3jKViHW1OhT/bhhnyUP3XejMoHdWnc1VIFdNbn +fev0TFft4ShkEM30rFfhGvuDfxUjqYjqGY6zhNWY08AZteM2AYavnKbIgvl+xdwK ++8XPZawPMxMbJcVLEi3CezLho3rpIt2LoQ8Ej7dkyNwU1qKz8DWf6YqnxKPoUcCy +lQKCAQAUs9PzYTXHcKqtPN/0uFYiBPsaesIE/joFgd4w6a3N2qhcmXwE9fM0v3Hr +nQCW2pXy5Qz/m4n2yhvlVkaN5oCE6EFgi9KoAzdvu7Znoc3kzfkgwNY0oI8Oh4vJ +bwFkACcyO6SzOxLAQHWZazCitNTja8GYHPjULRXET024LYkQso2A1dU3jjjJswfq +TiztYc8hhM/3NwQvi83vvC7xQ12BiS7n6GErVBjqq2tl7uiLFMEoRpGm3q2mk7MP +6txrQ5WM10A43MBwd5MLewYvsOwLtJYQHsusQ6ALKmqiWiaZSzONflfhnyowgsd2 +cDHJ8L9Rvjaoy/cn2TLLLEUhrMRG +-----END PRIVATE KEY----- diff --git a/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/ca.key b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/ca.key new file mode 100644 index 00000000..01008886 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDchj9sLuNnMBPw +pas3GokvaXhTYWJMf31enW+VunBk2qgyz5/rSQdB65W1Z9q4Vd7RxDxpATVhRVp6 +v9wiTQp/CWlChflF/KyQiILz1XyCDqEgKu5UpmeqZVlYDROC0VI6CYd/fTLXgFu2 +FcVrhrReg8bYDB/X0QEFU3BNo7I7pR3yniQ3t89vkaz/5uT9DwN7Z9kwnROMW2vE +jDMLsUd+gSy3rSSvPMgi8QTlvCE3A1wlsrKY9Liqvwf0lQqe4B29i6/rpUPaC92I +piThBfJneI3ZmrA3FjKfPWA5WHgHCDepkzemGK2iRRS5joF5Nb2yX36xEy4+EWgd +rpQmFrWtx75f7DW+tBMlwyMrLxN/r7m6eBtxBI3dLdzLIwXAHeHfix/tFsmkErwQ +DE8Jyhabchc8BFBwhsIbVEBoacNEj1pD7bBZQapLHfo0kusz4gtmA8EFiw/QRaNQ +PuyzK7ZDMiCCqqdksdp0uAg6XIpcRBmipVoIyVzF56VebjL5K+MUPDHF8OgUId8q +IG+7o0zuUhvd25dqkRWDyFS6nRJXGJEhkkULiTDTPOjp/kOQ7VhE+ou6GQqyAzGQ +EtBvdKXbj/bkVYIB11XglH5DEVgAe9rpXDH8rObRqo97KB6CCImF5zln375lXJy8 +BvQymo+C9nfgFfV5aDN2wpbEyr4p1QIDAQABAoICACBipMDF+AZo5JzEL6tFfd0V +H6MbG50BYg95jnAOM8BT7jycCi+7B1JSfydna5MDpVfn+jkvgL/auAlr0K/G4aI7 +ZxZqZ2u0SkFlktmtQf41mMsJEvwiffnjrWXFcdaV1/4G9TuvTr6gLpfEhbwfSbDR +qGuFCE4g9wXptYXpYtzoiEffmpEGMPQBEEd6iKlzQX8nhplhkAPeTyrLrhlq/QVi +ggctacREaF3dSGtWoAgcubUdk6Xr1ozYxhnQo4Emh6eU8o5oNFk6wdt2DtdvEKTK +awaIdZV5cJC7KjzxtZrOxaHlKVh+qk042OzRNUlwL34ZERl/KBzcYI5vW3lmf2KS +t9LdvIvHiJBj6V/rNyatHf9xBje+qiCZo5gr4527e6nxVS+GEXEvmawJJo1IjQaU +VY3BKVfAI4/QWMYW9kP/0knkmvHfRkL6TApxwaB6k0gTsc2N05vMXZ0B9IRgZQkt +drwAOPfp+HZ0JHrc92VwYoCgfaJnp3IYXZRzIZC91Yrg1n74Vq7iZ49HaXFMDWsi +TFFSf5gfT2WAf3fRoGQXMaM3VjSvArlqcA4MXMvrPWh43SY1UtJuJjff+8WGRTGv +eOd2dU5szxgH9UGStkKsb6sQGGG2mtLoKYcu2/aO++81ZniiuQLdLd7gtNyGqmFw +1VSGKhRyWoEe+mVN4EVhAoIBAQDtCNikB4zdbRYeXpcz7komP2nB66yuA8/GWBjn +exan/sVcE2IQiTs2Sx2eDqeN2mFtnYOwj7U76B75quxzgoJ45xqLo+oZ0NLeY3eO +hJzRV6Qo+H5rHFAr/+kaJnMNWVK5+OrhmcpET5lrgXQls2Gv+VCfhy45uBzyXiXq +2Q43StI6Zz5i3LG98QCsb84Mg+Aflrl14FSagZMCuxvgLZ48JpGE7xfY2ZfBWE0W +n+Ne5oquMnO7IDSqnmQzH6MTUseAPHZkVpqWhPR737Fq/yWIUacJNFHN75ZNhpPY +mUlAS+ohHqg+aFEk6pf+2OSzjjcZh9GHNeC5TPPJNJ5gqLsxAoIBAQDuKznPt4YW +h6JWKVNRJpGMYr9IP+RW6kDMp7EkeQziVUePuAd8lysH9ekjnOwzUQKW3yOKh8yb +0r0k7o1MTcrnIuF9Q3DrLJInb8crhpGiOwINKiOFr+xAYbvfTDg/ahPEFU6jzWdH +shQcc2/Sop8jSE+1djaEy3zSjICQRyEPX0cQXuBEJiMEM+mQSBkr1teLXH78ACLa +VFkKuyp/qE981zwDkBHYmbfNE+DXICqEPCOK2kbtGK9aO72TmdSBRvNTw/rrVlY9 +faHlwUDAHMjztpjDYrHafwS0Coe7G8y53TxohnIyLQ+0OaIpOqUQ3FkJe8VRaKsr +z0PUQETc3mflAoIBAQCsC0+zPwevcA4t3NpChyKqwDwy1KxxYbLdc/Qfj+fR58m4 +GxmChxjDP6IvptNW0rsEpN+At84DvWc+MCGPdZrdxmAuGrtAIaHsaKXOe9KW39X3 +JuYbOGG4jfbTVDUN61dwRIu3U7jL/DqPHVcARkMRRxSNtcCHhGr+P/eljgYTe+s7 +GNTfTPB1vQeQIVadHtr+EphqRnkh7AqYYNbK0FGZtyTIKAJXExhi7YSGd2bA6vSd +m2EE4UtYy75OnRfwXpUPLtN/4JwzxCzv/Fz6HFdRqnJi6+a0YsHlY1jMTfYtBOzb +PTVAltbOxLet8h+NdBvqG/qo+SIzXPdVgyuxXMcBAoIBAHjtwcDSMmcmHysYeJFv +v99EFFOe/VWUQ6qmSq92NzCElH1It6RvLQ4xslq+xr+XlnT8f5NLOHy2GAu0hFIF +/cw2Tb/IioEedGdJvhs/jJqO04/ToY2zsYVPGpFapgSs27RoDTHmjVY9+TAo/NI6 +eAr2IGLGzw/GMm7FoFGhjAu+GNsbEUwJASaVJTZ5JS65O2Arat6RQyEQStXECuQe +lZ2Ru4sjj6wnAMhEG5mfX3cdAf7yraidLAvo4W0cYmXxnIMfszvi7o7yR03dPf9N +nksAn7g1WJDUhZLU9e3vQ5fr2UxJV5pafurHiKreeAmDmEHUcm/PcXohFxOiPlTX +KHECggEAI3/3uUMMDhKpJUlDGlnqoULxDJu1sTzVFypSzB+NBo2Vj9UfjfSoE8hY +Mx3O564qZ5tOgymNquOBOr+p7XcfGUZdDTWSaR0J28nrrR/A8f0ZnzJNyihihKFd +jlwbcEPbInXIMq0xZe9V2DOfDMuhzwXUAAMlfnfu23ZwbdRIm+tsh8OKKE/Velld +0S9rwySOq+Wb3BvdzNQ5bdgsPu/TBIM1uq9YCylf9+vaDrueVc1LIJo9+MM2uRVp +P5LHjQvW/58mzAWFxMBC00SQfVZytvei6MI04lY2celsLEcxVp7fkNutm7e8mmEg +6eU0pFTOVKg9IStsPXBFo2S2Yj7heA== +-----END PRIVATE KEY----- diff --git a/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/ca.pem b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/ca.pem new file mode 100644 index 00000000..0b6bdd00 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/ca.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFbTCCA1WgAwIBAgIUBCvMwoaNwM+d9pxsLYR1CYTkPh8wDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDA0MTExODI5MDRaGA8yMTI0 +MDMxODE4MjkwNFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBANyGP2wu42cwE/ClqzcaiS9peFNhYkx/fV6db5W6 +cGTaqDLPn+tJB0HrlbVn2rhV3tHEPGkBNWFFWnq/3CJNCn8JaUKF+UX8rJCIgvPV +fIIOoSAq7lSmZ6plWVgNE4LRUjoJh399MteAW7YVxWuGtF6DxtgMH9fRAQVTcE2j +sjulHfKeJDe3z2+RrP/m5P0PA3tn2TCdE4xba8SMMwuxR36BLLetJK88yCLxBOW8 +ITcDXCWyspj0uKq/B/SVCp7gHb2Lr+ulQ9oL3YimJOEF8md4jdmasDcWMp89YDlY +eAcIN6mTN6YYraJFFLmOgXk1vbJffrETLj4RaB2ulCYWta3Hvl/sNb60EyXDIysv +E3+vubp4G3EEjd0t3MsjBcAd4d+LH+0WyaQSvBAMTwnKFptyFzwEUHCGwhtUQGhp +w0SPWkPtsFlBqksd+jSS6zPiC2YDwQWLD9BFo1A+7LMrtkMyIIKqp2Sx2nS4CDpc +ilxEGaKlWgjJXMXnpV5uMvkr4xQ8McXw6BQh3yogb7ujTO5SG93bl2qRFYPIVLqd +ElcYkSGSRQuJMNM86On+Q5DtWET6i7oZCrIDMZAS0G90pduP9uRVggHXVeCUfkMR +WAB72ulcMfys5tGqj3soHoIIiYXnOWffvmVcnLwG9DKaj4L2d+AV9XloM3bClsTK +vinVAgMBAAGjUzBRMB0GA1UdDgQWBBQmM+Aa+L3/+jxzHbdoeeU2ZrnCYjAfBgNV +HSMEGDAWgBQmM+Aa+L3/+jxzHbdoeeU2ZrnCYjAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4ICAQDWFgzjNjnwtMBYeJeISEFzZztOGTW5EkH/TCockq48 +R6X4gtDLCH2c+rGyaDpu3k2LP39siVwR26uBAlEhUSQbkYqrHghLvcxHsSL+j+J+ +yChXdzj/tu4bJJDvlRWZ2Xi3V93YTkqi/mMNKNJxB9uRPTSv44TtScS6qxJKwtty +N5iumeOSl2lwS7wqCYk813ScXpV7EAT3vuikR/YRM7MfD6Q7G1xMboF78r563eOI +TXhl8enHPHWCe3RuK7PMDzDHiGGF6v6I4HEClyG8iMKdtL1QPKk/B+48i3glliKQ +Ztedq22k99nH2tYEa+lBuPgCAJQdUpPIJj/oXqD+OiZ9Y/Pu659KNAkXakwYJdLd +LV3CiMJRM4zC1nuokGukLu/TFlE+CLhCZYvITzjgtTOX8vHDdL/G2tfiNTmv+6di +f7nJBtqJsh1de7e8xjdtJMNu4G8+h84mZxs5x7RVXe0aLQoKSFwdSABZiyuVQ37l +QruPNhyp+/kKo2Q7lKfwHk5ZhpDPEze3J52dhGYZJGjrqnpMZYWSEsl6/auCfWdR +30TnfhsNYJtVki9IuBkRlGrjmCIInQOIIrsY3k2GKdE2sAbLZLDSRljJnZGit++d +uCbjE/jeKr/dr4g2Bm4rriBtf14q/5j/S8RmWlIQrDOEj6f2yAo0AS3sqoFvAduz +Kg== +-----END CERTIFICATE----- diff --git a/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/matrix.example.com.crt b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/matrix.example.com.crt new file mode 100644 index 00000000..a5634c55 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/matrix.example.com.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFJjCCAw4CAf8wDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV +BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDAgFw0yNDA0MTExODI5MDRaGA8yMTI0MDMxODE4MjkwNFowazELMAkGA1UEBhMC +RlIxDzANBgNVBAgMBkNlbnRyZTEOMAwGA1UEBwwFUGFyaXMxETAPBgNVBAoMCExp +bmFnb3JhMQswCQYDVQQLDAJJVDEbMBkGA1UEAwwSbWF0cml4LmV4YW1wbGUuY29t +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuU8NP9FfGFLhbvZId0kz +OmeQo4XZ6EBwHXSMcoqEnlr+C1EM+uCrhToqgwBCLKGY7RjOdF3P5djtexvAZKRZ +Vjwnl3eXuwTbxoTqbeIz77XfuQsVI1eFhCVzdUPcmHrEstij+kX8aMWleBZIMXqS +x0dT8fLc2kblgNznAp2YNwkReQ4w4TvtNoyy4PrZDcKjKKSbqHZdN1z/nM18cO9X +cRss+lxOlhoR6V+ygADdRNvlz0gg1oWtQj3AHXazGTpEXWd4fP84Ut/nkBFCY0yl +hEZollE7nAIqCLodPyn/7gZ8vYAAirMkH2lUtJzKkYEI3rpcgc3rhw6clAYsr0Pm +KXAYvP6SsTBkhvr6JbyD9Gmp6tb8HdV7UL4bTBj06eTKvyVEEgDXZR8ZHI4OsbqF +RMwPkD3LyrkOCkimSxYkEn+yuMkFby1lMZuku1DHRquRGGUpebXB5iDLDoXKDkMs +pxrG2nBOrnL4jCe0l49KYXeIMUKhGxUxwdkmeVfw4tEX1/o7hlQNFSvaw01V7lN/ +QGQtLOr1XlDr3CdAJ4t+svC2Beu8lW+LCIP1l05BTByU7L/bEfh+IbmbPlT/z3E0 +VtgScm4xUE9wmopaWFZrquYRgQoiQ/6s5KmwCK/0/6vB6Iu0Y2gQh2YDe6A9gfbz +lcsVaYXiF+Fmv5/JFk3/Sg0CAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAv3lEuZH+ +rXb707vWDY5ua2tTvJ2KO6HH7D0rZFkdlRsm8aOrd4Xj9YzNRAC1JwjHWitDQKN9 +6bRgjO0hPVIibWgEeGyjIfVzIdTOpEtYMRSvDEl2ucgOZ0YEOIkQOUic6swPhKGG +vpgzbn/5Lz2B95gRnwNQJsUSCeYv0xuZxfHvjz6sEjz7xMjlPO4ZCLWr3sry5l8X +T7BC+Jq+5eSSdcTrGx27U3Ban4fQnQiDeQDB0Nh1kfk3G3myYxss98ymVaXdDtyc +Ri8Ft/JReqOTR5aQ5UtSThlszWLm7tuYGWMljpq53IGupMLMAOqipLEW5RNK5NJZ +IKsBvXy0cbSMBDvD5e9Vmv5blLP2YwoB3CHYJpzriJZVF/BfMHyrdB06+orz/SBI +q2Yh/fa1Ng3LC3dnsv9+UJk21XuXoeMql76uH7sIvRg5zJDI4FZMj22tKcnimg9+ +C1LBxP7yzlRR7wo6QaALWwifNo705c9/aGEj6rve4zUY5feDkNxFAiiZ+6JrT41u +Bz8bjnze16sc0HwKDPaftwr5sBq2gYU0HqbBkuevuB3GxPUsRRGLPVOOnkGdHNXu +hyzxSEiDs+nxVktsPMvdMwUY1IWnDxQ08r/jZMpLnBAfUR3t7vsQ0F79zZLGyG3c +WHGpB0gxN3WtGYaKGwSx5iXrszt9AIStIfE= +-----END CERTIFICATE----- diff --git a/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/matrix.example.com.key b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/matrix.example.com.key new file mode 100644 index 00000000..a09ef60a --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/nginx/ssl/matrix.example.com.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC5Tw0/0V8YUuFu +9kh3STM6Z5CjhdnoQHAddIxyioSeWv4LUQz64KuFOiqDAEIsoZjtGM50Xc/l2O17 +G8BkpFlWPCeXd5e7BNvGhOpt4jPvtd+5CxUjV4WEJXN1Q9yYesSy2KP6RfxoxaV4 +FkgxepLHR1Px8tzaRuWA3OcCnZg3CRF5DjDhO+02jLLg+tkNwqMopJuodl03XP+c +zXxw71dxGyz6XE6WGhHpX7KAAN1E2+XPSCDWha1CPcAddrMZOkRdZ3h8/zhS3+eQ +EUJjTKWERmiWUTucAioIuh0/Kf/uBny9gACKsyQfaVS0nMqRgQjeulyBzeuHDpyU +BiyvQ+YpcBi8/pKxMGSG+volvIP0aanq1vwd1XtQvhtMGPTp5Mq/JUQSANdlHxkc +jg6xuoVEzA+QPcvKuQ4KSKZLFiQSf7K4yQVvLWUxm6S7UMdGq5EYZSl5tcHmIMsO +hcoOQyynGsbacE6ucviMJ7SXj0phd4gxQqEbFTHB2SZ5V/Di0RfX+juGVA0VK9rD +TVXuU39AZC0s6vVeUOvcJ0Ani36y8LYF67yVb4sIg/WXTkFMHJTsv9sR+H4huZs+ +VP/PcTRW2BJybjFQT3CailpYVmuq5hGBCiJD/qzkqbAIr/T/q8Hoi7RjaBCHZgN7 +oD2B9vOVyxVpheIX4Wa/n8kWTf9KDQIDAQABAoICABe0OkJl1qd+oJooVGQ3357y +tQCJ5HIuXfkSmc2kFOtJwfHyI/oqh55C7sGzpINfh3eawvwFLQ0ehuBG0EE/ebML +flgEgwr4B+H4yiEUvKaG6g+aUJGlBi39eWuwatUxbRxglHc1ASDo2W4HUaRMpN5r +bBxIwAIG7CAkAcPmo1w044CL9Wo2V3VxIYegZuf49BSEm+m8fFeS5Jqq+WZb42BT +RNlguee+/XgQFv4DPkqq41Z0yEiQsHVG/151etr5Blo5XGMG5a5KOG2IG6kmmoyV +UhcaXIjsCPL1Vbzo8zVALLAz4b3cRPxkpaJ15P6gViFhjuhGzkBIOPTBZnFj+tqt +R8gTOfFYh+PNbqKIbsB/LBu2j6f3S/BvUF9ev2lA821aHdSpLCymSGJ1PKI4bPjf +6cykwe7aZGUA5kgvU4OOQvl36iFD0jWuZAEGUx31oz8u1l7tbTcrR7npVLhUM2rB +IG5BuK+TkbCR6NIksR8gV+DrZsXGjerlcv7oD17UZoHkABYQH/gL3f/ztv0+Pyme +67cJfVDnzDdXdYAhROu9kMarYfGcMJpOn1p5W8js42qCLUoIm1QCwxrTZwtzvjeb +d3Tgf+EZB7IA7p2YndM1zliyPd7+cbz/Am91tVTCQkr2/+e19yHfgWbV2H04HHVz +Ja5y7qjq7D6Gg7cmt/OZAoIBAQD8kQGTcM77lFJ19mFWT1HVKMQUkvROMd1/PTvh +ZT1ai/zxn7RVCIB4BbwWsl2kWMzkD4L4geF+htScxcZ63ZYfJb94ctgnp6Sc2DQi +Hy7CXeZkWyElCOLo7l8xZmmW/gVSKghswW/lq7UMbGDj+GpkX17KSnltZGaqPmah +ck0LHCzaL14wKwZVi8ef4BL5mZpVEcpiiWKf0M8DPszCJneg4yr46o9WqSPXyztM +6lLcXeW97FuDDgvRPMVUPYADNODkulmECJqkxNHLUlWBQimfg1evGvZLyYmXr8Ng +So31l+i0RFP9OyHzekuKpp93a8k7Oo6qnSj3EWSD9/1+pP0VAoIBAQC70/jrgIf2 +X390lH26C0o/CxNc+m0hocGgZLvgqMxfGyKuq54cpdGPhd5Ge7bZb+xa86T4Mgzy +c/1f+9DJHuXrj+vb4TmeXZSM2BqsiKWUd/KJcUyMKxaro5MeiHdR3m180Frx9Nzi +9ryY7DA9o14GKHxgosFIK124zM7R0ROjkqCU/2H6hQONElGvtOblBO4pguRBfRhD +b4clbhojjqnq4/TcrXS0wJ+Jje4kQEDFYmab0pjPdyLUasqslmcCwwJwPSU+0LTY +TrDazRbCN13Ra8TiyWXMVWvT3ilpQyNji14fnbjVWBWsNkjVsDKxcBm17EnkvXXH +pV9MswU82wcZAoIBAAi2o/xHNwzc6B9juaX1pJgbCPDAxSbxd3fNUASNrpkyHS7k +2J7aZTw+zmdmDe7+lUsE8frK2FG6KxmhhSB2Bpjaf4mTRLvRf89dcib/NmjEPo+V +yUXy0YlBuA0HQHtSFjLoelPuNIMS8nMURh93UYxW8fk+qoPIo/YZowbM37WTakS4 +v6Ifyd8nrGJqo5zy3K00qOvPW5Sx6oJtJzlHhHcLf08JIJrXyQHH5CraJrOtlaCA +yAN0d5nnY9NtL75sk5mwiCgS9+rZU3eVRpfoBXGYYW0MHBUvRczy5mWrDMy9Sez2 +MoOZB6nTvUlySCwhjta5RXTDaUdk1TfsVVWKMaUCggEAJmPN5byQjY+5SkerZuI1 +26rU21UoBw67t5+/MsztcKboMNFM8MgHjBEtfDR/C/QvV+uilUQNl2STrhGW+/R/ +w+TXrUpcb3zrBtqIoSkQxsa5YNQydBe+e3hkcoIr+STANhmT7Q5CM3WA2LS1q3N/ +nTybJ1k8rhaHAmWCBCp6nB01Cx8jlIOpVSUgYwxTgQ2/6+Yf5y69TdM2yTS2zPu0 +yRisjIo7Z1JTiVbkDK7BTlataD3kE8ti6A2nvRzEkzDuh6hHu44G2ItE5IO0mh+c +4lfnlv7Y+qme71/iEOyzB/6NT2L6S0jErT0vJ9Xqlo+2AZP5CnKa5yJq1w9kC6ss +yQKCAQEAjTeJS/dIKVLBiVUvPA39+g+zh4kBn0rsscbT13jPGOY+Hu2zhWKw7tPx +ebM3tH1WYI/o4y6MWEOG9FOWJyz/T3O9yZRkMa2ScaU2QBCueKwz4xFPf5nNLOQe +noeN69r9DJEXDN/xU2CZlqXKa+UtyaWEyb7Ja7Yie6krsC0GIFyCVRBHzSGBfFRE +duOGTGJt/mITmT0DNpJe+h3g5KVrY0gicj4l2mep9T27gyrDz2cEa2Z+7ujVCbw8 +5pyT71m9cnkpAEHSg4uBBfOZDOZL1Em4eIdEbuO6Wh57v2Iqe8qvnVzxxkW3dX5H +Bj/jSS+F6WEJLg3riqjNEkHToj5nsQ== +-----END PRIVATE KEY----- diff --git a/packages/tom-server/src/administration-console-api/__testData__/registration-mock.yaml b/packages/tom-server/src/administration-console-api/__testData__/registration-mock.yaml new file mode 100644 index 00000000..8f8f1597 --- /dev/null +++ b/packages/tom-server/src/administration-console-api/__testData__/registration-mock.yaml @@ -0,0 +1,10 @@ +id: lpqhjc6nyj7sfir56es9yjkasbcigz9l7dkcgkt66kaolp8dqcffwkghqpahd9o3 +hs_token: rr7d9j1cezgdmdjgcxew7wdofsplp85poy7azc86bgfkkhsm8kqarhouebh6ofk4 +as_token: 7ok8e79fchomqbgxf7lkk4krjgoilas8j2ggch4hb8pcnigo595jemkomioha7f4 +url: http://localhost:3001/ +sender_localpart: twake +namespaces: + users: + - exclusive: false + regex: '@.*' +de.sorunome.msc2409.push_ephemeral: true diff --git a/packages/tom-server/src/application-server/__testData__/synapse-data/homeserver.yaml b/packages/tom-server/src/administration-console-api/__testData__/synapse-data/homeserver.yaml similarity index 80% rename from packages/tom-server/src/application-server/__testData__/synapse-data/homeserver.yaml rename to packages/tom-server/src/administration-console-api/__testData__/synapse-data/homeserver.yaml index fb19c796..a699c330 100644 --- a/packages/tom-server/src/application-server/__testData__/synapse-data/homeserver.yaml +++ b/packages/tom-server/src/administration-console-api/__testData__/synapse-data/homeserver.yaml @@ -10,20 +10,30 @@ # each option, go to docs/usage/configuration/config_documentation.md or # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html server_name: "example.com" -public_baseurl: "https://matrix.example.com/" +public_baseurl: "https://matrix.example.com:444/" pid_file: /data/homeserver.pid listeners: - - port: 8008 - tls: false + - port: 8448 + tls: true type: http x_forwarded: true resources: - names: [client, federation] compress: false +tls_certificate_path: "etc/ssl/certs/matrix.example.com.crt" +tls_private_key_path: "etc/ssl/certs/matrix.example.com.key" database: - name: sqlite3 + name: psycopg2 args: - database: /data/homeserver.db + user: synapse + password: 'synapse!1' + database: synapse + host: postgresql + cp_min: 2 + cp_max: 4 + keepalives_idle: 10 + keepalives_interval: 10 + keepalives_count: 3 log_config: "/data/matrix.example.com.log.config" media_store_path: /data/media_store registration_shared_secret: "u+Q^i6&*Y9azZ*~pID^.a=qrvd+mUIBX9SAreEPGJ=xzP&c+Sk" @@ -31,9 +41,6 @@ report_stats: false macaroon_secret_key: "=0ws-1~ztzXm&xh+As;7YL5.-U~r-T,F4zR3mW#E;6Y::Rb7&G" form_secret: "&YFO.XSc*2^2ZsW#hmoR+t:wf03~u#fin#O.R&erFcl9_mEayv" signing_key_path: "/data/matrix.example.com.signing.key" -trusted_key_servers: - - server_name: "matrix.org" - accept_keys_insecurely: true accept_keys_insecurely: true app_service_config_files: - /data/registration.yaml diff --git a/packages/tom-server/src/application-server/__testData__/synapse-data/matrix.example.com.log.config b/packages/tom-server/src/administration-console-api/__testData__/synapse-data/matrix.example.com.log.config similarity index 100% rename from packages/tom-server/src/application-server/__testData__/synapse-data/matrix.example.com.log.config rename to packages/tom-server/src/administration-console-api/__testData__/synapse-data/matrix.example.com.log.config diff --git a/packages/tom-server/src/application-server/controllers/room.ts b/packages/tom-server/src/administration-console-api/controllers/room.ts similarity index 80% rename from packages/tom-server/src/application-server/controllers/room.ts rename to packages/tom-server/src/administration-console-api/controllers/room.ts index 337a2de7..2838324b 100644 --- a/packages/tom-server/src/application-server/controllers/room.ts +++ b/packages/tom-server/src/administration-console-api/controllers/room.ts @@ -1,16 +1,20 @@ +import { type TwakeLogger } from '@twake/logger' +import type MatrixApplicationServer from '@twake/matrix-application-server' import { AppServerAPIError, validationErrorHandler, type expressAppHandler } from '@twake/matrix-application-server' -import { type DbGetResult } from '@twake/matrix-identity-server' +import { + type DbGetResult, + type MatrixDB, + type UserDB +} from '@twake/matrix-identity-server' import { type NextFunction, type Request, type Response } from 'express' import lodash from 'lodash' import fetch, { type Response as FetchResponse } from 'node-fetch' -import type TwakeApplicationServer from '..' -import type TwakeServer from '../..' import { type TwakeDB } from '../../db' -import { allMatrixErrorCodes } from '../../types' +import { allMatrixErrorCodes, type Config } from '../../types' import { TwakeRoom } from '../models/room' const { intersection } = lodash @@ -21,8 +25,12 @@ const portRe = const hostnameRe = new RegExp(`^${domainRe}(:${portRe})?$`, 'i') export const createRoom = ( - appServer: TwakeApplicationServer, - twakeServer: TwakeServer + appServer: MatrixApplicationServer, + db: TwakeDB, + userDb: UserDB, + matrixDb: MatrixDB, + conf: Config, + logger: TwakeLogger ): expressAppHandler => { // eslint-disable-next-line @typescript-eslint/no-misused-promises return async ( @@ -33,13 +41,13 @@ export const createRoom = ( try { let newRoomId: string | null = null validationErrorHandler(req) - if (!hostnameRe.test(twakeServer.conf.matrix_server)) { + if (!hostnameRe.test(conf.matrix_server)) { throw Error('Bad matrix_server_name') } - const appServiceMatrixId = `@${appServer.appServiceRegistration.senderLocalpart}:${twakeServer.conf.server_name}` + const appServiceMatrixId = `@${appServer.appServiceRegistration.senderLocalpart}:${conf.server_name}` // eslint-disable-next-line @typescript-eslint/restrict-template-expressions const roomAliasName = `_twake_${req.body.aliasName}` - const rooms = await twakeServer.matrixDb.get('room_aliases', undefined, { + const rooms = await matrixDb.get('room_aliases', undefined, { room_alias: roomAliasName }) if (rooms.length > 1) { @@ -62,7 +70,7 @@ export const createRoom = ( const response = await fetch( encodeURI( // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/createRoom` + `https://${conf.matrix_server}/_matrix/client/v3/createRoom` ), { method: 'POST', @@ -103,40 +111,32 @@ export const createRoom = ( } newRoomId = body.room_id } - const twakeRoom = await TwakeRoom.getRoom( - twakeServer.db as TwakeDB, - newRoomId - ) + const twakeRoom = await TwakeRoom.getRoom(db, newRoomId) if (twakeRoom != null && rooms.length > 0) { throw new AppServerAPIError({ status: 409, message: 'This room already exits in Twake database' }) } else if (twakeRoom != null) { - await twakeRoom.updateRoom( - twakeServer.db as TwakeDB, - req.body.ldapFilter - ) + await twakeRoom.updateRoom(db, req.body.ldapFilter) } else { - await new TwakeRoom(newRoomId, req.body.ldapFilter).saveRoom( - twakeServer.db as TwakeDB - ) + await new TwakeRoom(newRoomId, req.body.ldapFilter).saveRoom(db) } const [ldapUsers, matrixUsers] = await Promise.all< Array> >([ - twakeServer.idServer.userDB.get( + userDb.get( 'users', - [twakeServer.conf.ldap_uid_field as string], + [conf.ldap_uid_field as string], req.body.ldapFilter ), - twakeServer.matrixDb.getAll('users', ['name']) + matrixDb.getAll('users', ['name']) ]) const ldapUsersIds = ldapUsers.map( (user) => - `@${user[twakeServer.conf.ldap_uid_field as string] as string}:${ - twakeServer.conf.server_name + `@${user[conf.ldap_uid_field as string] as string}:${ + conf.server_name }` ) const matrixUsersIds = matrixUsers.map((user) => user.name as string) @@ -152,7 +152,7 @@ export const createRoom = ( return fetch( encodeURI( // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/join/${newRoomId}?user_id=${id}` + `https://${conf.matrix_server}/_matrix/client/v3/join/${newRoomId}?user_id=${id}` ), { method: 'POST', @@ -174,8 +174,7 @@ export const createRoom = ( > if ('errcode' in body) { joinErrors.push({ - [twakeServer.conf.ldap_uid_field as string]: - usersIdsMatchingFilter[index], + [conf.ldap_uid_field as string]: usersIdsMatchingFilter[index], ...body }) } @@ -183,8 +182,7 @@ export const createRoom = ( } case 'rejected': joinErrors.push({ - [twakeServer.conf.ldap_uid_field as string]: - usersIdsMatchingFilter[index], + [conf.ldap_uid_field as string]: usersIdsMatchingFilter[index], errcode: allMatrixErrorCodes.unknown, error: response.reason ?? 'Internal server error' }) @@ -195,7 +193,7 @@ export const createRoom = ( } joinErrors.length > 0 ? res.json(joinErrors) : res.send() } catch (error) { - appServer.logger.error(error) + logger.error(error) next(error) } } diff --git a/packages/tom-server/src/application-server/index.test.ts b/packages/tom-server/src/administration-console-api/index.test.ts similarity index 57% rename from packages/tom-server/src/application-server/index.test.ts rename to packages/tom-server/src/administration-console-api/index.test.ts index 07c204a7..cc7a8fa2 100644 --- a/packages/tom-server/src/application-server/index.test.ts +++ b/packages/tom-server/src/administration-console-api/index.test.ts @@ -1,7 +1,5 @@ -import { type TwakeLogger } from '@twake/logger' import { type AppServiceOutput } from '@twake/matrix-application-server/src/utils' import { type DbGetResult } from '@twake/matrix-identity-server' -import dockerComposeV1, { v2 as dockerComposeV2 } from 'docker-compose' import express from 'express' import fs from 'fs' import type * as http from 'http' @@ -18,12 +16,12 @@ import { type StartedDockerComposeEnvironment, type StartedTestContainer } from 'testcontainers' -import AppServiceAPI from '.' import TwakeServer from '..' import JEST_PROCESS_ROOT_PATH from '../../jest.globals' import { allMatrixErrorCodes, type Collections, type Config } from '../types' -import { addUser, buildUserDB, deleteUserDB } from './__testData__/build-userdb' -import defaultConfig from './__testData__/config.json' +import { buildUserDB } from './__testData__/build-userdb' +import integrationTestsConfig from './__testData__/integration-tests-config.json' +import mockTestsConfig from './__testData__/mock-tests-config.json' import { TwakeRoom } from './models/room' // eslint-disable-next-line @typescript-eslint/no-var-requires @@ -32,7 +30,7 @@ const syswideCas = require('@small-tech/syswide-cas') const pathToTestDataFolder = path.join( JEST_PROCESS_ROOT_PATH, 'src', - 'application-server', + 'administration-console-api', '__testData__' ) const pathToSynapseDataFolder = path.join(pathToTestDataFolder, 'synapse-data') @@ -42,266 +40,96 @@ const authToken = jest.unmock('node-fetch') -const mockLogger: Partial = { - debug: jest.fn(), - error: jest.fn(), - warn: jest.fn(), - info: jest.fn() -} - -describe('ApplicationServer', () => { - const ldapHostPort = 21389 +describe('Administration Console API', () => { const twakeServerPort = 3001 let twakeServer: TwakeServer let app: express.Application let expressTwakeServer: http.Server - let startedLdap: StartedTestContainer - let startedCompose: StartedDockerComposeEnvironment - let testConfig = defaultConfig as Partial - - const simulationConnection = async ( - username: string, - password: string - ): Promise => { - try { - let response = await fetch.default( - encodeURI( - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/login` - ) - ) - let body = (await response.json()) as any - const providerId = body.flows[0].identity_providers[0].id - response = await fetch.default( - encodeURI( - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - `https://${twakeServer.conf.matrix_server}/_matrix/client/r0/login/sso/redirect/${providerId}?redirectUrl=http://localhost:9876` - ), - { - redirect: 'manual' - } - ) - let location = response.headers.get('location') as string - const matrixCookies = response.headers.get('set-cookie') - response = await fetch.default(location) - body = await response.text() - const hiddenInputFieldsWithValue = [ - ...(body as string).matchAll(/ `${matchElt[1]}=${matchElt[2]}&`) - .join('') - const formWithToken = `${hiddenInputFieldsWithValue}user=${username}&password=${password}` - response = await fetch.default(location, { - method: 'POST', - body: new URLSearchParams(formWithToken), - redirect: 'manual' - }) - location = response.headers.get('location') as string - response = await fetch.default(location, { - headers: { - cookie: matrixCookies as string - } - }) - body = await response.text() - const loginTokenValue = [ - ...(body as string).matchAll(/loginToken=(\S+?)"/g) - ][0][1] - response = await fetch.default( - encodeURI( - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/login` - ), - { - method: 'POST', - body: JSON.stringify({ - initial_device_display_name: 'Jest Test Client', - token: loginTokenValue, - type: 'm.login.token' - }) - } - ) - return ((await response.json()) as any).access_token as string - } catch (e) { - console.log(e) - } - } - beforeAll((done) => { - GenericContainer.fromDockerfile(path.join(pathToTestDataFolder, 'ldap')) - .build() - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then((builtContainer) => { - return builtContainer - .withExposedPorts({ - container: 389, - host: ldapHostPort - }) - .start() - }) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then((startedContainer) => { - const interfaces = os.networkInterfaces() - const hostNetworkInterface = Object.keys(interfaces) - .reduce((acc, key) => { - return interfaces[key] != null - ? [...acc, ...(interfaces[key] as os.NetworkInterfaceInfo[])] - : acc - }, []) - .find( - (networkInterface) => - networkInterface.family === 'IPv4' && !networkInterface.internal - ) as os.NetworkInterfaceInfo - startedLdap = startedContainer - testConfig = { - ...testConfig, - userdb_engine: 'ldap', - base_url: `http://${hostNetworkInterface.address}:${twakeServerPort}/`, - ldap_uri: `ldap://${startedLdap.getHost()}:${ldapHostPort}/` - } - return buildUserDB(testConfig) - }) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => { - twakeServer = new TwakeServer(testConfig) - app = express() - return twakeServer.ready - }) - .then(() => { - app.use(twakeServer.endpoints) - expressTwakeServer = app.listen(twakeServerPort, () => { - done() - }) - }) - .catch((e) => { - console.log(e) - done(e) - }) - }) - - afterAll((done) => { + describe('Integration tests', () => { + let appServiceToken: string const filesToDelete = [ - path.join(pathToTestDataFolder, 'test.db'), - path.join(pathToSynapseDataFolder, 'registration.yaml'), - path.join(pathToSynapseDataFolder, 'homeserver.db'), - path.join(pathToSynapseDataFolder, 'matrix.example.com.signing.key') + path.join(pathToSynapseDataFolder, 'homeserver.log'), + path.join(pathToSynapseDataFolder, 'homeserver.db-shm'), + path.join(pathToSynapseDataFolder, 'homeserver.db-wal'), + path.join(pathToSynapseDataFolder, 'matrix.example.com.signing.key'), + path.join(pathToSynapseDataFolder, 'media_store'), + path.join(pathToSynapseDataFolder, 'registration.yaml') ] - filesToDelete.forEach((path: string) => { - if (fs.existsSync(path)) fs.unlinkSync(path) - }) - if (twakeServer != null) twakeServer.cleanJobs() - if (startedLdap != null) { - startedLdap - .stop() - .then(() => { - if (expressTwakeServer != null) { - expressTwakeServer.close((e) => { - if (e != null) { - console.log(e) - done(e) - } - done() - }) - } - }) - .catch((e) => { - console.log(e) - done(e) - }) - } else { - done() - } - }) + const ldapHostPort = 21389 + let startedLdap: StartedTestContainer + let startedCompose: StartedDockerComposeEnvironment + let startedPostgresql: StartedTestContainer - describe('Integration tests', () => { - let appServiceToken: string - let newRoomId: string - let rSkywalkerMatrixToken: string - let containerNameSuffix: string + let testConfig = integrationTestsConfig as Partial - beforeAll((done) => { - syswideCas.addCAs( - path.join( - pathToTestDataFolder, - 'nginx', - 'ssl', - 'matrix.example.com.crt' - ) - ) - syswideCas.addCAs( - path.join(pathToTestDataFolder, 'nginx', 'ssl', 'auth.example.com.crt') - ) - appServiceToken = ( - load( - fs.readFileSync(testConfig.registration_file_path as string, { - encoding: 'utf8' - }) - ) as AppServiceOutput - ).as_token - deleteUserDB(testConfig) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then((_) => - Promise.allSettled([ - dockerComposeV1.version(), - dockerComposeV2.version() - ]) - ) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then((results) => { - const promiseSucceededIndex = results.findIndex( - (res) => res.status === 'fulfilled' + const simulationConnection = async ( + username: string, + password: string, + matrixServer = twakeServer.conf.matrix_server + ): Promise => { + try { + let response = await fetch.default( + encodeURI( + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + `https://${matrixServer}/_matrix/client/v3/login` ) - if (promiseSucceededIndex === -1) { - throw new Error('Docker compose is not installed') + ) + let body = (await response.json()) as any + const providerId = body.flows[0].identity_providers[0].id + response = await fetch.default( + encodeURI( + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + `https://${matrixServer}/_matrix/client/r0/login/sso/redirect/${providerId}?redirectUrl=http://localhost:9876` + ), + { + redirect: 'manual' } - containerNameSuffix = promiseSucceededIndex === 0 ? '_' : '-' - return new DockerComposeEnvironment( - path.join(pathToTestDataFolder), - 'docker-compose.yml' - ) - .withEnvironment({ MYUID: os.userInfo().uid.toString() }) - .withWaitStrategy( - `synapse${containerNameSuffix}1`, - Wait.forHealthCheck() - ) - .up() - }) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then((upResult) => { - startedCompose = upResult - return addUser(testConfig, [ - '@askywalker:example.com', - '@dwho:example.com' - ]) + ) + let location = (response.headers.get('location') as string).replace( + 'auth.example.com', + 'auth.example.com:444' + ) + const matrixCookies = response.headers.get('set-cookie') + response = await fetch.default(location) + body = await response.text() + const hiddenInputFieldsWithValue = [ + ...(body as string).matchAll(/ `${matchElt[1]}=${matchElt[2]}&`) + .join('') + const formWithToken = `${hiddenInputFieldsWithValue}user=${username}&password=${password}` + response = await fetch.default(location, { + method: 'POST', + body: new URLSearchParams(formWithToken), + redirect: 'manual' }) - .then(done) - .catch((e) => { - console.log(e) - done(e) + location = response.headers.get('location') as string + response = await fetch.default(location, { + headers: { + cookie: matrixCookies as string + } }) - }) - - afterAll((done) => { - const filesToDelete = [ - path.join(pathToSynapseDataFolder, 'homeserver.log'), - path.join(pathToSynapseDataFolder, 'homeserver.db-shm'), - path.join(pathToSynapseDataFolder, 'homeserver.db-wal') - ] - filesToDelete.forEach((path: string) => { - if (fs.existsSync(path)) fs.unlinkSync(path) - }) - if (startedCompose != null) { - startedCompose - .down() - .then(() => { - done() - }) - .catch((e) => { - console.log(e) - done(e) - }) - } else { - done() + body = await response.text() + const loginTokenValue = [ + ...(body as string).matchAll(/loginToken=(\S+?)"/g) + ][0][1] + response = await fetch.default( + encodeURI(`https://${matrixServer}/_matrix/client/v3/login`), + { + method: 'POST', + body: JSON.stringify({ + initial_device_display_name: 'Jest Test Client', + token: loginTokenValue, + type: 'm.login.token' + }) + } + ) + return ((await response.json()) as any).access_token as string + } catch (e) { + console.log(e) } - }) + } // eslint-disable-next-line @typescript-eslint/promise-function-async const getUserRoomMembership = ( @@ -326,324 +154,612 @@ describe('ApplicationServer', () => { }) } - it('should create room and force users matching the filter to join the new room', async () => { - const response = await request(app) - .post('/_twake/app/v1/rooms') - .set('Accept', 'application/json') - .set('Authorization', `Bearer ${authToken}`) - .send({ - name: 'room1', - visibility: 'public', - aliasName: 'r1', - topic: 'test room', - ldapFilter: { - mail: ['*skywalker@example.com', 'dwho@example.com'] - } - }) - expect(response.statusCode).toBe(200) - expect(response.body).toEqual({}) - const rooms = await twakeServer.db?.getAll( - 'rooms' as unknown as Collections, - ['*'] - ) - expect(rooms).not.toBeUndefined() - expect((rooms as DbGetResult).length).toEqual(1) - const newRoom = (rooms as DbGetResult)[0] - newRoomId = newRoom.id as string - expect(newRoom.filter).toEqual( - JSON.stringify({ - mail: ['*skywalker@example.com', 'dwho@example.com'] - }) - ) - const membersIds = await twakeServer.matrixDb.get( - 'room_memberships', - ['user_id'], - { room_id: newRoomId } - ) - expect(membersIds).not.toBeUndefined() - expect(membersIds.length).toEqual(3) - const userIds = membersIds.map((ids) => ids.user_id) - expect(userIds).toEqual( - expect.arrayContaining([ - '@twake:example.com', - '@dwho:example.com', - '@askywalker:example.com' - ]) - ) - }) - - it('should force user to join room on login', (done) => { - twakeServer.matrixDb - .get('room_memberships', ['user_id'], { - room_id: newRoomId + beforeAll((done) => { + GenericContainer.fromDockerfile(path.join(pathToTestDataFolder, 'ldap')) + .build() + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then((builtContainer) => { + return builtContainer + .withExposedPorts({ + container: 389, + host: ldapHostPort + }) + .start() }) // eslint-disable-next-line @typescript-eslint/promise-function-async - .then((membersIds) => { - expect(membersIds.length).toEqual(3) - const userIds = membersIds.map((ids) => ids.user_id) - expect(userIds).toEqual( - expect.arrayContaining([ - '@twake:example.com', - '@dwho:example.com', - '@askywalker:example.com' + .then((startedContainer) => { + const interfaces = os.networkInterfaces() + const hostNetworkInterface = Object.keys(interfaces) + .reduce((acc, key) => { + return interfaces[key] != null + ? [...acc, ...(interfaces[key] as os.NetworkInterfaceInfo[])] + : acc + }, []) + .find( + (networkInterface) => + networkInterface.family === 'IPv4' && !networkInterface.internal + ) as os.NetworkInterfaceInfo + startedLdap = startedContainer + testConfig = { + ...testConfig, + userdb_engine: 'ldap', + base_url: `http://${hostNetworkInterface.address}:${twakeServerPort}/`, + ldap_uri: `ldap://${startedLdap.getHost()}:${ldapHostPort}/` + } + return new GenericContainer('postgres:13-bullseye') + .withName('postgresql') + .withExposedPorts({ + container: 5432, + host: 5434 + }) + .withCopyFilesToContainer([ + { + source: path.join( + pathToSynapseDataFolder, + 'matrix.example.com.log.config' + ), + target: '/data/matrix.example.com.log.config' + } ]) - ) - const client = ldapjs.createClient({ - url: `ldap://${startedLdap.getHost()}:${ldapHostPort}/` - }) - client.bind('cn=admin,dc=example,dc=com', 'admin', (err) => { - if (err != null) { - console.error(err) - } - }) - client.add( - 'uid=rskywalker,ou=users,dc=example,dc=com', - { - objectClass: 'inetOrgPerson', - uid: 'rskywalker', - cn: 'Rey Skywalker', - sn: 'Rskywalker', - mail: 'rskywalker@example.com', - userPassword: 'rskywalker' - }, - (err) => { - if (err != null) { - console.error(err) + .withCopyFilesToContainer([ + { + source: path.join( + pathToTestDataFolder, + 'db', + 'init-synapse-and-create-users-table.sh' + ), + target: + '/docker-entrypoint-initdb.d/init-synapse-and-create-users-table.sh' } - client.destroy() - } - ) - return simulationConnection('rskywalker', 'rskywalker') - }) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then((token) => { - rSkywalkerMatrixToken = token as string - return fetch.default( - encodeURI( - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/sync` - ), - { - headers: { - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - Authorization: `Bearer ${token}` + ]) + .withCopyFilesToContainer([ + { + source: path.join( + pathToTestDataFolder, + 'db', + 'init-llng-db.sh' + ), + target: '/docker-entrypoint-initdb.d/init-llng-db.sh' } - } - ) + ]) + .withCopyFilesToContainer([ + { + source: path.join( + pathToTestDataFolder, + 'db', + 'init-twake-db.sh' + ), + target: '/docker-entrypoint-initdb.d/init-twake-db.sh' + } + ]) + .withCopyFilesToContainer([ + { + source: path.join( + pathToTestDataFolder, + 'llng', + 'lmConf-1.json' + ), + target: '/llng-conf/conf.json' + } + ]) + .withEnvironment({ POSTGRES_PASSWORD: 'synapse!!' }) + .withHealthCheck({ + test: ['CMD-SHELL', 'pg_isready'], + interval: 1000, + timeout: 5000, + retries: 5 + }) + .start() }) // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => { - return new Promise((resolve, reject) => { - setTimeout(() => { - twakeServer.matrixDb - .get('room_memberships', ['user_id'], { - room_id: newRoomId - }) - .then((memberships) => { - resolve(memberships) - }) - .catch((e) => { - console.log(e) - reject(e) - }) - }, 3000) - }) + .then((started) => { + startedPostgresql = started + twakeServer = new TwakeServer(testConfig) + return twakeServer.ready }) - .then((membersIds) => { - expect(membersIds.length).toEqual(4) - expect(membersIds[3].user_id).toEqual('@rskywalker:example.com') - done() + .then(() => { + if (twakeServer != null) twakeServer.cleanJobs() + if (startedPostgresql != null) { + startedPostgresql + .stop() + .then(() => { + done() + }) + .catch((e) => { + done(e) + }) + } else { + done() + } }) .catch((e) => { - console.log(e) done(e) }) }) - it('should join again room if user tries to leave', (done) => { - fetch - .default( - encodeURI( - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/rooms/${newRoomId}/leave` - ), - { - method: 'POST', - headers: { - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - Authorization: `Bearer ${rSkywalkerMatrixToken}` + afterAll((done) => { + if (startedLdap != null) { + startedLdap + .stop() + .then(() => { + if (expressTwakeServer != null) { + expressTwakeServer.close((e) => { + if (e != null) { + done(e) + } + done() + }) } - } - ) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => { - return getUserRoomMembership(newRoomId, '@rskywalker:example.com') - }) - .then((memberships) => { - expect(memberships.length).toEqual(3) - expect(memberships[0].membership).toEqual('join') - expect(memberships[1].membership).toEqual('leave') - expect(memberships[2].membership).toEqual('join') - done() - }) - .catch((e) => { - console.log(e) - done(e) - }) + }) + .catch((e) => { + done(e) + }) + } else { + done() + } }) - it("should not be able to kick another member if he is not the room's creator", (done) => { - fetch - .default( - encodeURI( - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/rooms/${newRoomId}/kick` - ), - { - method: 'POST', - headers: { - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - Authorization: `Bearer ${rSkywalkerMatrixToken}` - }, - body: JSON.stringify({ - user_id: '@askywalker:example.com' + describe('Automatic subscription', () => { + let newRoomId: string + let rSkywalkerMatrixToken: string + + beforeAll((done) => { + syswideCas.addCAs( + path.join(pathToTestDataFolder, 'nginx', 'ssl', 'ca.pem') + ) + appServiceToken = ( + load( + fs.readFileSync(testConfig.registration_file_path as string, { + encoding: 'utf8' }) - } + ) as AppServiceOutput + ).as_token + new DockerComposeEnvironment( + path.join(pathToTestDataFolder), + 'docker-compose.yml' ) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => { - return getUserRoomMembership(newRoomId, '@askywalker:example.com') - }) - .then((memberships) => { - expect(memberships.length).toEqual(1) - expect(memberships[0].membership).toEqual('join') - done() - }) - .catch((e) => { - console.log(e) - done(e) + .withEnvironment({ MYUID: os.userInfo().uid.toString() }) + .withWaitStrategy('synapse-tom-1', Wait.forHealthCheck()) + .up() + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then((upResult) => { + startedCompose = upResult + twakeServer = new TwakeServer(testConfig) + app = express() + return twakeServer.ready + }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return Promise.all([ + twakeServer.matrixDb.insert('users', { + name: '@askywalker:example.com', + password_hash: '', + creation_ts: Math.floor(Date.now() / 1000), + admin: 0, + upgrade_ts: 1, + is_guest: 0, + appservice_id: '', + consent_version: '', + consent_server_notice_sent: '', + user_type: '', + deactivated: 0, + shadow_banned: 'false', + consent_ts: 1 + }), + twakeServer.matrixDb.insert('users', { + name: '@dwho:example.com', + password_hash: '', + creation_ts: Math.floor(Date.now() / 1000), + admin: 0, + upgrade_ts: 1, + is_guest: 0, + appservice_id: '', + consent_version: '', + consent_server_notice_sent: '', + user_type: '', + deactivated: 0, + shadow_banned: 'false', + consent_ts: 1 + }) + ]).then(() => { + app.use(twakeServer.endpoints) + expressTwakeServer = app.listen(twakeServerPort, () => { + done() + }) + }) + }) + .catch((e) => { + console.log(e) + done(e) + }) + }) + + afterAll((done) => { + filesToDelete.forEach((path: string) => { + if (fs.existsSync(path)) { + const isDir = fs.statSync(path).isDirectory() + isDir + ? fs.rmSync(path, { recursive: true, force: true }) + : fs.unlinkSync(path) + } }) - }) - it("should not join room on login if user has been kicked by room's creator", (done) => { - fetch - .default( - encodeURI( - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/rooms/${newRoomId}/kick` - ), - { - method: 'POST', - headers: { - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - Authorization: `Bearer ${appServiceToken}` - }, - body: JSON.stringify({ - user_id: '@rskywalker:example.com' + if (twakeServer != null) twakeServer.cleanJobs() + if (startedCompose != null) { + startedCompose + .down() + .then(() => { + done() }) - } + .catch((e) => { + done(e) + }) + } else { + done() + } + }) + + it('should create room and force users matching the filter to join the new room', async () => { + const response = await request(app) + .post('/_twake/app/v1/rooms') + .set('Accept', 'application/json') + .set('Authorization', `Bearer ${authToken}`) + .send({ + name: 'room1', + visibility: 'public', + aliasName: 'r1', + topic: 'test room', + ldapFilter: { + mail: ['*skywalker@example.com', 'dwho@example.com'] + } + }) + expect(response.statusCode).toBe(200) + expect(response.body).toEqual({}) + const rooms = await twakeServer.db?.getAll( + 'rooms' as unknown as Collections, + ['*'] ) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => { - return getUserRoomMembership(newRoomId, '@rskywalker:example.com') - }) - .then((memberships) => { - expect(memberships.length).toEqual(4) - expect(memberships[0].membership).toEqual('join') - expect(memberships[1].membership).toEqual('leave') - expect(memberships[2].membership).toEqual('join') - expect(memberships[3].membership).toEqual('leave') - }) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => { - return fetch.default( + expect(rooms).not.toBeUndefined() + expect((rooms as DbGetResult).length).toEqual(1) + const newRoom = (rooms as DbGetResult)[0] + newRoomId = newRoom.id as string + expect(newRoom.filter).toEqual( + JSON.stringify({ + mail: ['*skywalker@example.com', 'dwho@example.com'] + }) + ) + const membersIds = await twakeServer.matrixDb.get( + 'room_memberships', + ['user_id'], + { room_id: newRoomId } + ) + expect(membersIds).not.toBeUndefined() + expect(membersIds.length).toEqual(3) + const userIds = membersIds.map((ids) => ids.user_id) + expect(userIds).toEqual( + expect.arrayContaining([ + '@twake:example.com', + '@dwho:example.com', + '@askywalker:example.com' + ]) + ) + }) + + it('should force user to join room on login', (done) => { + twakeServer.matrixDb + .get('room_memberships', ['user_id'], { + room_id: newRoomId + }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then((membersIds) => { + expect(membersIds.length).toEqual(3) + const userIds = membersIds.map((ids) => ids.user_id) + expect(userIds).toEqual( + expect.arrayContaining([ + '@twake:example.com', + '@dwho:example.com', + '@askywalker:example.com' + ]) + ) + const client = ldapjs.createClient({ + url: `ldap://${startedLdap.getHost()}:${ldapHostPort}/` + }) + client.bind('cn=admin,dc=example,dc=com', 'admin', (err) => { + if (err != null) { + console.error(err) + } + }) + client.add( + 'uid=rskywalker,ou=users,dc=example,dc=com', + { + objectClass: 'inetOrgPerson', + uid: 'rskywalker', + cn: 'Rey Skywalker', + sn: 'Rskywalker', + mail: 'rskywalker@example.com', + userPassword: 'rskywalker' + }, + (err) => { + if (err != null) { + console.error(err) + } + client.destroy() + } + ) + return simulationConnection('rskywalker', 'rskywalker') + }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then((token) => { + rSkywalkerMatrixToken = token as string + return fetch.default( + encodeURI( + `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/sync` + ), + { + headers: { + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + Authorization: `Bearer ${token}` + } + } + ) + }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return new Promise((resolve, reject) => { + setTimeout(() => { + twakeServer.matrixDb + .get('room_memberships', ['user_id'], { + room_id: newRoomId + }) + .then((memberships) => { + resolve(memberships) + }) + .catch((e) => { + console.log(e) + reject(e) + }) + }, 3000) + }) + }) + .then((membersIds) => { + expect(membersIds.length).toEqual(4) + expect(membersIds[3].user_id).toEqual('@rskywalker:example.com') + done() + }) + .catch((e) => { + console.log(e) + done(e) + }) + }) + + it('should join again room if user tries to leave', (done) => { + fetch + .default( encodeURI( - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/sync` + `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/rooms/${newRoomId}/leave` ), { + method: 'POST', headers: { // eslint-disable-next-line @typescript-eslint/restrict-template-expressions Authorization: `Bearer ${rSkywalkerMatrixToken}` } } ) - }) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => { - return getUserRoomMembership(newRoomId, '@rskywalker:example.com') - }) - .then((memberships) => { - expect(memberships.length).toEqual(4) - expect(memberships[0].membership).toEqual('join') - expect(memberships[1].membership).toEqual('leave') - expect(memberships[2].membership).toEqual('join') - expect(memberships[3].membership).toEqual('leave') - done() - }) - .catch((e) => { - console.log(e) - done(e) - }) - }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return getUserRoomMembership(newRoomId, '@rskywalker:example.com') + }) + .then((memberships) => { + expect(memberships.length).toEqual(3) + expect(memberships[0].membership).toEqual('join') + expect(memberships[1].membership).toEqual('leave') + expect(memberships[2].membership).toEqual('join') + done() + }) + .catch((e) => { + console.log(e) + done(e) + }) + }) - it("should not join room on login if user has been banned by room's creator", (done) => { - fetch - .default( - encodeURI( - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/rooms/${newRoomId}/ban` - ), - { - method: 'POST', - headers: { - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - Authorization: `Bearer ${appServiceToken}` - }, - body: JSON.stringify({ - user_id: '@askywalker:example.com' - }) - } - ) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => { - return getUserRoomMembership(newRoomId, '@askywalker:example.com') - }) - .then((memberships) => { - expect(memberships.length).toEqual(2) - expect(memberships[0].membership).toEqual('join') - expect(memberships[1].membership).toEqual('ban') - }) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then(() => simulationConnection('askywalker', 'askywalker')) - // eslint-disable-next-line @typescript-eslint/promise-function-async - .then((token) => { - return fetch.default( + it("should not be able to kick another member if he is not the room's creator", (done) => { + fetch + .default( + encodeURI( + `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/rooms/${newRoomId}/kick` + ), + { + method: 'POST', + headers: { + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + Authorization: `Bearer ${rSkywalkerMatrixToken}` + }, + body: JSON.stringify({ + user_id: '@askywalker:example.com' + }) + } + ) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return getUserRoomMembership(newRoomId, '@askywalker:example.com') + }) + .then((memberships) => { + expect(memberships.length).toEqual(1) + expect(memberships[0].membership).toEqual('join') + done() + }) + .catch((e) => { + console.log(e) + done(e) + }) + }) + + it("should not join room on login if user has been kicked by room's creator", (done) => { + fetch + .default( encodeURI( - `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/sync` + `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/rooms/${newRoomId}/kick` ), { + method: 'POST', headers: { // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - Authorization: `Bearer ${token}` + Authorization: `Bearer ${appServiceToken}` + }, + body: JSON.stringify({ + user_id: '@rskywalker:example.com' + }) + } + ) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return getUserRoomMembership(newRoomId, '@rskywalker:example.com') + }) + .then((memberships) => { + expect(memberships.length).toEqual(4) + expect(memberships[0].membership).toEqual('join') + expect(memberships[1].membership).toEqual('leave') + expect(memberships[2].membership).toEqual('join') + expect(memberships[3].membership).toEqual('leave') + }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return fetch.default( + encodeURI( + `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/sync` + ), + { + headers: { + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + Authorization: `Bearer ${rSkywalkerMatrixToken}` + } } + ) + }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return getUserRoomMembership(newRoomId, '@rskywalker:example.com') + }) + .then((memberships) => { + expect(memberships.length).toEqual(4) + expect(memberships[0].membership).toEqual('join') + expect(memberships[1].membership).toEqual('leave') + expect(memberships[2].membership).toEqual('join') + expect(memberships[3].membership).toEqual('leave') + done() + }) + .catch((e) => { + console.log(e) + done(e) + }) + }) + + it("should not join room on login if user has been banned by room's creator", (done) => { + fetch + .default( + encodeURI( + `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/rooms/${newRoomId}/ban` + ), + { + method: 'POST', + headers: { + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + Authorization: `Bearer ${appServiceToken}` + }, + body: JSON.stringify({ + user_id: '@askywalker:example.com' + }) } ) - }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return getUserRoomMembership(newRoomId, '@askywalker:example.com') + }) + .then((memberships) => { + expect(memberships.length).toEqual(2) + expect(memberships[0].membership).toEqual('join') + expect(memberships[1].membership).toEqual('ban') + }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => simulationConnection('askywalker', 'askywalker')) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then((token) => { + return fetch.default( + encodeURI( + `https://${twakeServer.conf.matrix_server}/_matrix/client/v3/sync` + ), + { + headers: { + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + Authorization: `Bearer ${token}` + } + } + ) + }) + // eslint-disable-next-line @typescript-eslint/promise-function-async + .then(() => { + return getUserRoomMembership(newRoomId, '@askywalker:example.com') + }) + .then((memberships) => { + expect(memberships.length).toEqual(2) + expect(memberships[0].membership).toEqual('join') + expect(memberships[1].membership).toEqual('ban') + done() + }) + .catch((e) => { + console.log(e) + done(e) + }) + }) + }) + }) + + describe('Tests with mocks', () => { + beforeEach(() => { + jest.restoreAllMocks() + }) + + beforeAll((done) => { + buildUserDB(mockTestsConfig as Config) // eslint-disable-next-line @typescript-eslint/promise-function-async .then(() => { - return getUserRoomMembership(newRoomId, '@askywalker:example.com') + twakeServer = new TwakeServer(mockTestsConfig as Config) + app = express() + return twakeServer.ready }) - .then((memberships) => { - expect(memberships.length).toEqual(2) - expect(memberships[0].membership).toEqual('join') - expect(memberships[1].membership).toEqual('ban') - done() + .then(() => { + app.use(twakeServer.endpoints) + expressTwakeServer = app.listen(twakeServerPort, () => { + done() + }) }) .catch((e) => { - console.log(e) done(e) }) }) - }) - describe('Tests with mocks', () => { - beforeEach(() => { - jest.restoreAllMocks() + afterAll((done) => { + const filesToDelete = [ + path.join(pathToTestDataFolder, 'matrix.db'), + path.join(pathToTestDataFolder, 'twake.db'), + path.join(pathToTestDataFolder, 'user.db') + ] + filesToDelete.forEach((path) => { + if (fs.existsSync(path)) fs.unlinkSync(path) + }) + + if (twakeServer != null) twakeServer.cleanJobs() + if (expressTwakeServer != null) { + expressTwakeServer.close((e) => { + if (e != null) { + done(e) + } + done() + }) + } else { + done() + } }) describe('On create room', () => { @@ -1188,15 +1304,11 @@ describe('ApplicationServer', () => { describe('on login', () => { it('should log an error when m.presence event sender is not found in user database', (done) => { const ldapUid = 'test' - const appService = new AppServiceAPI( - twakeServer, - undefined, - mockLogger as TwakeLogger - ) + const spyOnLoggerError = jest.spyOn(twakeServer.logger, 'error') jest.spyOn(twakeServer.idServer.userDB, 'get').mockResolvedValue([]) jest.spyOn(TwakeRoom, 'getAllRooms').mockResolvedValue([]) jest.spyOn(twakeServer.matrixDb, 'get').mockResolvedValue([]) - appService.emit('ephemeral_type: m.presence', { + twakeServer.applicationServer.emit('ephemeral_type: m.presence', { content: { avatar_url: 'mxc://localhost/wefuiwegh8742w', currently_active: false, @@ -1208,8 +1320,8 @@ describe('ApplicationServer', () => { type: 'm.presence' }) setTimeout(() => { - expect(mockLogger.error).toHaveBeenCalledTimes(1) - expect(mockLogger.error).toHaveBeenCalledWith( + expect(spyOnLoggerError).toHaveBeenCalledTimes(1) + expect(spyOnLoggerError).toHaveBeenCalledWith( new Error( `User with ${ twakeServer.conf.ldap_uid_field as string @@ -1221,11 +1333,7 @@ describe('ApplicationServer', () => { }) it('should complete all join requests even if an error occurs', (done) => { - const appService = new AppServiceAPI( - twakeServer, - undefined, - mockLogger as TwakeLogger - ) + const spyOnLoggerError = jest.spyOn(twakeServer.logger, 'error') jest .spyOn(fetch, 'default') .mockResolvedValueOnce(new fetch.Response()) @@ -1249,7 +1357,7 @@ describe('ApplicationServer', () => { new TwakeRoom('room3', { uid: 'bb8' }) ]) jest.spyOn(twakeServer.matrixDb, 'get').mockResolvedValue([]) - appService.emit('ephemeral_type: m.presence', { + twakeServer.applicationServer.emit('ephemeral_type: m.presence', { content: { avatar_url: 'mxc://localhost/wefuiwegh8742w', currently_active: false, @@ -1261,13 +1369,12 @@ describe('ApplicationServer', () => { type: 'm.presence' }) setTimeout(() => { - expect(mockLogger.error).not.toHaveBeenCalled() + expect(spyOnLoggerError).not.toHaveBeenCalled() done() }, 3000) }) it('should force join only to rooms whose sender is not member yet', (done) => { - const appService = new AppServiceAPI(twakeServer) const spyOnFetch = jest .spyOn(fetch, 'default') .mockResolvedValue(new fetch.Response()) @@ -1299,7 +1406,7 @@ describe('ApplicationServer', () => { membership: 'invite' } ]) - appService.emit('ephemeral_type: m.presence', { + twakeServer.applicationServer.emit('ephemeral_type: m.presence', { content: { avatar_url: 'mxc://localhost/wefuiwegh8742w', currently_active: false, diff --git a/packages/tom-server/src/application-server/index.ts b/packages/tom-server/src/administration-console-api/index.ts similarity index 53% rename from packages/tom-server/src/application-server/index.ts rename to packages/tom-server/src/administration-console-api/index.ts index 14ef984b..faa70a23 100644 --- a/packages/tom-server/src/application-server/index.ts +++ b/packages/tom-server/src/administration-console-api/index.ts @@ -1,32 +1,39 @@ -import { type ConfigDescription } from '@twake/config-parser' import { type TwakeLogger } from '@twake/logger' -import MatrixApplicationServer, { - type AppService, - type ClientEvent -} from '@twake/matrix-application-server' -import { type DbGetResult } from '@twake/matrix-identity-server' +import type MatrixApplicationServer from '@twake/matrix-application-server' +import { type ClientEvent } from '@twake/matrix-application-server' +import { + type DbGetResult, + type MatrixDB, + type UserDB +} from '@twake/matrix-identity-server' +import { type Router } from 'express' import lodash from 'lodash' import fetch from 'node-fetch' -import type TwakeServer from '..' -import defaultConfig from '../config.json' +import { type TwakeDB } from '../db' +import { type Config } from '../types' import { TwakeRoom } from './models/room' -import { extendRoutes } from './routes' +import setRoutes from './routes' const { groupBy } = lodash -export default class TwakeApplicationServer - extends MatrixApplicationServer - implements AppService -{ +export default class AdministrationConsoleAPI { + endpoints: Router constructor( - parent: TwakeServer, - confDesc?: ConfigDescription, - logger?: TwakeLogger + applicationServer: MatrixApplicationServer, + db: TwakeDB, + userDb: UserDB, + matrixDb: MatrixDB, + conf: Config, + logger: TwakeLogger ) { - if (confDesc == null) confDesc = defaultConfig - super(parent.conf, confDesc, logger) - extendRoutes(this, parent) - - this.on('ephemeral_type: m.presence', (event: ClientEvent) => { + this.endpoints = setRoutes( + applicationServer, + db, + userDb, + matrixDb, + conf, + logger + ) + applicationServer.on('ephemeral_type: m.presence', (event: ClientEvent) => { if ( event.type === 'm.presence' && 'presence' in event.content && @@ -40,13 +47,13 @@ export default class TwakeApplicationServer ldapUid = match[1] } } - if (matrixUserId != null && ldapUid != null && parent.db != null) { + if (matrixUserId != null && ldapUid != null && db != null) { Promise.all([ - parent.idServer.userDB.get('users', undefined, { - [parent.conf.ldap_uid_field as string]: ldapUid + userDb.get('users', undefined, { + [conf.ldap_uid_field as string]: ldapUid }), - TwakeRoom.getAllRooms(parent.db), - parent.matrixDb.get('room_memberships', ['room_id'], { + TwakeRoom.getAllRooms(db), + matrixDb.get('room_memberships', ['room_id'], { user_id: matrixUserId }) ]) @@ -54,7 +61,7 @@ export default class TwakeApplicationServer .then(([user, rooms, roomMemberships]) => { if (user.length !== 1) { throw new Error( - `User with ${parent.conf.ldap_uid_field as string} ${ + `User with ${conf.ldap_uid_field as string} ${ ldapUid as string } not found` ) @@ -94,12 +101,12 @@ export default class TwakeApplicationServer return fetch( encodeURI( // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - `https://${parent.conf.matrix_server}/_matrix/client/v3/join/${room.id}?user_id=${matrixUserId}` + `https://${conf.matrix_server}/_matrix/client/v3/join/${room.id}?user_id=${matrixUserId}` ), { method: 'POST', headers: { - Authorization: `Bearer ${this.appServiceRegistration.asToken}` + Authorization: `Bearer ${applicationServer.appServiceRegistration.asToken}` } } ) @@ -107,42 +114,45 @@ export default class TwakeApplicationServer ) }) .catch((e) => { - this.logger.error(e) + logger.error(e) }) } } }) - this.on('state event | type: m.room.member', (event: ClientEvent) => { - if ( - event.type === 'm.room.member' && - 'membership' in event.content && - event.content.membership === 'leave' - ) { - const matrixUserId = event.sender - const targetUserId = event.state_key + applicationServer.on( + 'state event | type: m.room.member', + (event: ClientEvent) => { if ( - matrixUserId != null && - targetUserId != null && - targetUserId === matrixUserId + event.type === 'm.room.member' && + 'membership' in event.content && + event.content.membership === 'leave' ) { - fetch( - encodeURI( - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions - `https://${parent.conf.matrix_server}/_matrix/client/v3/join/${event.room_id}?user_id=${matrixUserId}` - ), - { - method: 'POST', - headers: { - Authorization: `Bearer ${this.appServiceRegistration.asToken}` + const matrixUserId = event.sender + const targetUserId = event.state_key + if ( + matrixUserId != null && + targetUserId != null && + targetUserId === matrixUserId + ) { + fetch( + encodeURI( + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + `https://${conf.matrix_server}/_matrix/client/v3/join/${event.room_id}?user_id=${matrixUserId}` + ), + { + method: 'POST', + headers: { + Authorization: `Bearer ${applicationServer.appServiceRegistration.asToken}` + } } - } - ).catch((e) => { - // istanbul ignore next - this.logger.error(e) - }) + ).catch((e) => { + // istanbul ignore next + logger.error(e) + }) + } } } - }) + ) } } diff --git a/packages/tom-server/src/application-server/middlewares/auth.test.ts b/packages/tom-server/src/administration-console-api/middlewares/auth.test.ts similarity index 100% rename from packages/tom-server/src/application-server/middlewares/auth.test.ts rename to packages/tom-server/src/administration-console-api/middlewares/auth.test.ts diff --git a/packages/tom-server/src/application-server/middlewares/auth.ts b/packages/tom-server/src/administration-console-api/middlewares/auth.ts similarity index 100% rename from packages/tom-server/src/application-server/middlewares/auth.ts rename to packages/tom-server/src/administration-console-api/middlewares/auth.ts diff --git a/packages/tom-server/src/application-server/middlewares/validation.test.ts b/packages/tom-server/src/administration-console-api/middlewares/validation.test.ts similarity index 100% rename from packages/tom-server/src/application-server/middlewares/validation.test.ts rename to packages/tom-server/src/administration-console-api/middlewares/validation.test.ts diff --git a/packages/tom-server/src/application-server/middlewares/validation.ts b/packages/tom-server/src/administration-console-api/middlewares/validation.ts similarity index 100% rename from packages/tom-server/src/application-server/middlewares/validation.ts rename to packages/tom-server/src/administration-console-api/middlewares/validation.ts diff --git a/packages/tom-server/src/application-server/models/room.ts b/packages/tom-server/src/administration-console-api/models/room.ts similarity index 100% rename from packages/tom-server/src/application-server/models/room.ts rename to packages/tom-server/src/administration-console-api/models/room.ts diff --git a/packages/tom-server/src/application-server/routes/index.ts b/packages/tom-server/src/administration-console-api/routes/index.ts similarity index 87% rename from packages/tom-server/src/application-server/routes/index.ts rename to packages/tom-server/src/administration-console-api/routes/index.ts index 1f59192c..962edb70 100644 --- a/packages/tom-server/src/application-server/routes/index.ts +++ b/packages/tom-server/src/administration-console-api/routes/index.ts @@ -1,14 +1,23 @@ +import { type TwakeLogger } from '@twake/logger' +import type MatrixApplicationServer from '@twake/matrix-application-server' import { EHttpMethod } from '@twake/matrix-application-server' -import type TwakeApplicationServer from '..' -import type TwakeServer from '../..' +import { type MatrixDB, type UserDB } from '@twake/matrix-identity-server' +import { Router } from 'express' +import { type TwakeDB } from '../../db' +import { type Config } from '../../types' import { createRoom } from '../controllers/room' import { auth } from '../middlewares/auth' import validation from '../middlewares/validation' -export const extendRoutes = ( - appServer: TwakeApplicationServer, - twakeServer: TwakeServer -): void => { +export default ( + appServer: MatrixApplicationServer, + db: TwakeDB, + userDb: UserDB, + matrixDb: MatrixDB, + conf: Config, + logger: TwakeLogger +): Router => { + const router = Router() /** * @openapi * '/_twake/app/v1/rooms': @@ -115,10 +124,13 @@ export const extendRoutes = ( * $ref: '#/components/responses/InternalServerError' */ appServer.router.addRoute( + router, '/_twake/app/v1/rooms', EHttpMethod.POST, - createRoom(appServer, twakeServer), + createRoom(appServer, db, userDb, matrixDb, conf, logger), validation(), auth ) + + return router } diff --git a/packages/tom-server/src/application-server/types.ts b/packages/tom-server/src/administration-console-api/types.ts similarity index 100% rename from packages/tom-server/src/application-server/types.ts rename to packages/tom-server/src/administration-console-api/types.ts diff --git a/packages/tom-server/src/application-server/__testData__/build-userdb.ts b/packages/tom-server/src/application-server/__testData__/build-userdb.ts deleted file mode 100644 index 9261216f..00000000 --- a/packages/tom-server/src/application-server/__testData__/build-userdb.ts +++ /dev/null @@ -1,66 +0,0 @@ -/* istanbul ignore file */ -import sqlite3 from 'sqlite3' - -interface Config { - database_host: string - [k: string]: any -} - -let created = false - -// eslint-disable-next-line @typescript-eslint/promise-function-async -export const buildUserDB = (conf: Partial): Promise => { - if (created) return Promise.resolve() - return new Promise((resolve, reject) => { - const matrixDb = new sqlite3.Database(conf.matrix_database_host) - - matrixDb.run( - 'CREATE TABLE users (name text, desactivated text, admin integer)', - (err) => { - if (err != null) { - reject(err) - } else { - created = true - resolve() - } - } - ) - }) -} - -// eslint-disable-next-line @typescript-eslint/promise-function-async -export const deleteUserDB = (conf: Partial): Promise => { - return new Promise((resolve, reject) => { - const matrixDb = new sqlite3.Database(conf.matrix_database_host) - matrixDb.run( - 'DROP TABLE users', - (err) => { - if (err != null) { - reject(err) - } else { - resolve() - } - } - ) - }) -} - -// eslint-disable-next-line @typescript-eslint/promise-function-async -export const addUser = (conf: Partial, usersIds: string[]): Promise => { - return new Promise((resolve, reject) => { - const matrixDb = new sqlite3.Database(conf.matrix_database_host) - usersIds.forEach((userId) => { - matrixDb.run( - // columns headers: name|password_hash|creation_ts(seconds)|admin|upgrade_ts|is_guest|appservice_id|consent_version|consent_server_notice_sent|user_type|deactivated|shadow_banned|consent_ts|approved - `INSERT INTO users VALUES('${userId}', '', ${Math.floor(Date.now() / 1000)}, 0, '', 0, '', '', '', '', 0, 0, '', 1)`, - (err) => { - if (err != null) { - reject(err) - } else { - resolve() - } - } - ) - }) - }) -} diff --git a/packages/tom-server/src/application-server/__testData__/docker-compose.yml b/packages/tom-server/src/application-server/__testData__/docker-compose.yml deleted file mode 100644 index ab950f47..00000000 --- a/packages/tom-server/src/application-server/__testData__/docker-compose.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: '3.8' - -services: - synapse: - image: matrixdotorg/synapse:v1.89.0 - volumes: - - ./synapse-data:/data - - ./nginx/ssl/auth.example.com.crt:/etc/ssl/certs/ca-certificates.crt - depends_on: - - auth - environment: - - UID=${MYUID} - - VIRTUAL_PORT=8008 - - VIRTUAL_HOST=matrix.example.com - healthcheck: - test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"] - interval: 10s - timeout: 10s - retries: 3 - extra_hosts: - - "host.docker.internal:host-gateway" - - auth: - image: yadd/lemonldap-ng-portal:2.16.1-bullseye - hostname: auth.example.com - volumes: - - ./llng/lmConf-1.json:/var/lib/lemonldap-ng/conf/lmConf-1.json - - ./llng/ssl.conf:/etc/nginx/sites-enabled/0000default.conf - - ./nginx/ssl/auth.example.com.crt:/etc/nginx/ssl/auth.example.com.crt - - ./nginx/ssl/auth.example.com.key:/etc/nginx/ssl/auth.example.com.key - environment: - - PORTAL=https://auth.example.com - - VIRTUAL_HOST=auth.example.com - extra_hosts: - - "host.docker.internal:host-gateway" - - nginx-proxy: - image: nginxproxy/nginx-proxy - ports: - - 443:443 - volumes: - - /var/run/docker.sock:/tmp/docker.sock:ro - - ./nginx/ssl:/etc/nginx/certs \ No newline at end of file diff --git a/packages/tom-server/src/application-server/__testData__/llng/lmConf-1.json b/packages/tom-server/src/application-server/__testData__/llng/lmConf-1.json deleted file mode 100644 index 1aa95886..00000000 --- a/packages/tom-server/src/application-server/__testData__/llng/lmConf-1.json +++ /dev/null @@ -1,457 +0,0 @@ -{ - "ADPwdExpireWarning": 0, - "ADPwdMaxAge": 0, - "SMTPServer": "", - "SMTPTLS": "", - "SSLAuthnLevel": 5, - "SSLIssuerVar": "SSL_CLIENT_I_DN", - "SSLVar": "SSL_CLIENT_S_DN_Email", - "SSLVarIf": {}, - "activeTimer": 1, - "apacheAuthnLevel": 3, - "applicationList": {}, - "authChoiceParam": "lmAuth", - "authentication": "LDAP", - "available2F": "UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius,Password", - "available2FSelfRegistration": "Password,TOTP,U2F,WebAuthn,Yubikey", - "bruteForceProtectionLockTimes": "15, 30, 60, 300, 600", - "bruteForceProtectionMaxAge": 300, - "bruteForceProtectionMaxFailed": 3, - "bruteForceProtectionMaxLockTime": 900, - "bruteForceProtectionTempo": 30, - "captcha_mail_enabled": 1, - "captcha_register_enabled": 1, - "captcha_size": 6, - "casAccessControlPolicy": "none", - "casAuthnLevel": 1, - "casTicketExpiration": 0, - "certificateResetByMailCeaAttribute": "description", - "certificateResetByMailCertificateAttribute": "userCertificate;binary", - "certificateResetByMailURL": "https://auth.example.com/certificateReset", - "certificateResetByMailValidityDelay": 0, - "cfgAuthor": "The LemonLDAP::NG team", - "cfgDate": "1627287638", - "cfgNum": "1", - "cfgVersion": "2.0.16", - "checkDevOpsCheckSessionAttributes": 1, - "checkDevOpsDisplayNormalizedHeaders": 1, - "checkDevOpsDownload": 1, - "checkHIBPRequired": 1, - "checkHIBPURL": "https://api.pwnedpasswords.com/range/", - "checkTime": 600, - "checkUserDisplayComputedSession": 1, - "checkUserDisplayEmptyHeaders": 0, - "checkUserDisplayEmptyValues": 0, - "checkUserDisplayHiddenAttributes": 0, - "checkUserDisplayHistory": 0, - "checkUserDisplayNormalizedHeaders": 0, - "checkUserDisplayPersistentInfo": 0, - "checkUserHiddenAttributes": "_loginHistory, _session_id, hGroups", - "checkUserIdRule": 1, - "checkXSS": 1, - "confirmFormMethod": "post", - "contextSwitchingIdRule": 1, - "contextSwitchingPrefix": "switching", - "contextSwitchingRule": 0, - "contextSwitchingStopWithLogout": 1, - "cookieName": "lemonldap", - "corsAllow_Credentials": "true", - "corsAllow_Headers": "*", - "corsAllow_Methods": "POST,GET", - "corsAllow_Origin": "*", - "corsEnabled": 1, - "corsExpose_Headers": "*", - "corsMax_Age": "86400", - "crowdsecAction": "reject", - "cspConnect": "'self'", - "cspDefault": "'self'", - "cspFont": "'self'", - "cspFormAction": "*", - "cspFrameAncestors": "", - "cspImg": "'self' data:", - "cspScript": "'self'", - "cspStyle": "'self'", - "dbiAuthnLevel": 2, - "dbiExportedVars": {}, - "decryptValueRule": 0, - "demoExportedVars": { - "cn": "cn", - "mail": "mail", - "uid": "uid" - }, - "displaySessionId": 1, - "domain": "example.com", - "exportedHeaders": {}, - "exportedVars": {}, - "ext2fActivation": 0, - "ext2fCodeActivation": "\\d{6}", - "facebookAuthnLevel": 1, - "facebookExportedVars": {}, - "facebookUserField": "id", - "failedLoginNumber": 5, - "findUserControl": "^[*\\w]+$", - "findUserWildcard": "*", - "formTimeout": 120, - "githubAuthnLevel": 1, - "githubScope": "user:email", - "githubUserField": "login", - "globalLogoutRule": 0, - "globalLogoutTimer": 1, - "globalStorage": "Apache::Session::File", - "globalStorageOptions": { - "Directory": "/var/lib/lemonldap-ng/sessions", - "LockDirectory": "/var/lib/lemonldap-ng/sessions/lock", - "generateModule": "Lemonldap::NG::Common::Apache::Session::Generate::SHA256" - }, - "gpgAuthnLevel": 5, - "gpgDb": "", - "grantSessionRules": {}, - "groups": {}, - "handlerInternalCache": 15, - "handlerServiceTokenTTL": 30, - "hiddenAttributes": "_password, _2fDevices", - "httpOnly": 1, - "https": -1, - "impersonationHiddenAttributes": "_2fDevices, _loginHistory", - "impersonationIdRule": 1, - "impersonationMergeSSOgroups": 0, - "impersonationPrefix": "real_", - "impersonationRule": 0, - "impersonationSkipEmptyValues": 1, - "infoFormMethod": "get", - "issuerDBCASPath": "^/cas/", - "issuerDBCASRule": 1, - "issuerDBGetParameters": {}, - "issuerDBGetPath": "^/get/", - "issuerDBGetRule": 1, - "issuerDBOpenIDConnectActivation": 1, - "issuerDBOpenIDConnectPath": "^/oauth2/", - "issuerDBOpenIDConnectRule": 1, - "issuerDBOpenIDPath": "^/openidserver/", - "issuerDBOpenIDRule": 1, - "issuerDBSAMLPath": "^/saml/", - "issuerDBSAMLRule": 1, - "issuersTimeout": 120, - "jsRedirect": 0, - "key": "^vmTGvh{+]5!ToB?", - "krbAuthnLevel": 3, - "krbRemoveDomain": 1, - "ldapServer": "host.docker.internal:21389", - "ldapAuthnLevel": 2, - "ldapBase": "dc=example,dc=com", - "ldapExportedVars": { - "cn": "cn", - "mail": "mail", - "uid": "uid" - }, - "ldapGroupAttributeName": "member", - "ldapGroupAttributeNameGroup": "dn", - "ldapGroupAttributeNameSearch": "cn", - "ldapGroupAttributeNameUser": "dn", - "ldapGroupObjectClass": "groupOfNames", - "ldapIOTimeout": 10, - "ldapPasswordResetAttribute": "pwdReset", - "ldapPasswordResetAttributeValue": "TRUE", - "ldapPwdEnc": "utf-8", - "ldapSearchDeref": "find", - "ldapTimeout": 10, - "ldapUsePasswordResetAttribute": 1, - "ldapVerify": "require", - "ldapVersion": 3, - "linkedInAuthnLevel": 1, - "linkedInFields": "id,first-name,last-name,email-address", - "linkedInScope": "r_liteprofile r_emailaddress", - "linkedInUserField": "emailAddress", - "localSessionStorage": "Cache::FileCache", - "localSessionStorageOptions": { - "cache_depth": 3, - "cache_root": "/var/lib/lemonldap-ng/cache", - "default_expires_in": 600, - "directory_umask": "007", - "namespace": "lemonldap-ng-sessions" - }, - "locationDetectGeoIpLanguages": "en, fr", - "locationRules": { - "auth.example.com": { - "(?#checkUser)^/checkuser": "inGroup(\"timelords\")", - "(?#errors)^/lmerror/": "accept", - "default": "accept" - } - }, - "loginHistoryEnabled": 1, - "logoutServices": {}, - "macros": { - "UA": "$ENV{HTTP_USER_AGENT}", - "_whatToTrace": "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidc_OP) : lc($_user)" - }, - "mail2fActivation": 0, - "mail2fCodeRegex": "\\d{6}", - "mailCharset": "utf-8", - "mailFrom": "noreply@example.com", - "mailSessionKey": "mail", - "mailTimeout": 0, - "mailUrl": "https://auth.example.com/resetpwd", - "managerDn": "", - "managerPassword": "", - "max2FDevices": 10, - "max2FDevicesNameLength": 20, - "multiValuesSeparator": "; ", - "mySessionAuthorizedRWKeys": [ - "_appsListOrder", - "_oidcConnectedRP", - "_oidcConsents" - ], - "newLocationWarningLocationAttribute": "ipAddr", - "newLocationWarningLocationDisplayAttribute": "", - "newLocationWarningMaxValues": "0", - "notification": 0, - "notificationDefaultCond": "", - "notificationServerPOST": 1, - "notificationServerSentAttributes": "uid reference date title subtitle text check", - "notificationStorage": "File", - "notificationStorageOptions": { - "dirName": "/var/lib/lemonldap-ng/notifications" - }, - "notificationWildcard": "allusers", - "notificationsMaxRetrieve": 3, - "notifyDeleted": 1, - "nullAuthnLevel": 0, - "oidcAuthnLevel": 1, - "oidcOPMetaDataExportedVars": {}, - "oidcOPMetaDataJSON": {}, - "oidcOPMetaDataJWKS": {}, - "oidcOPMetaDataOptions": {}, - "oidcRPCallbackGetParam": "openidconnectcallback", - "oidcRPMetaDataExportedVars": { - "matrix": { - "email": "mail", - "family_name": "cn", - "given_name": "cn", - "name": "cn", - "nickname": "uid", - "preferred_username": "uid" - } - }, - "oidcRPMetaDataMacros": null, - "oidcRPMetaDataOptions": { - "matrix": { - "oidcRPMetaDataOptionsAccessTokenClaims": 0, - "oidcRPMetaDataOptionsAccessTokenJWT": 0, - "oidcRPMetaDataOptionsAccessTokenSignAlg": "RS256", - "oidcRPMetaDataOptionsAllowClientCredentialsGrant": 0, - "oidcRPMetaDataOptionsAllowOffline": 0, - "oidcRPMetaDataOptionsAllowPasswordGrant": 0, - "oidcRPMetaDataOptionsBypassConsent": 1, - "oidcRPMetaDataOptionsClientID": "matrix1", - "oidcRPMetaDataOptionsClientSecret": "matrix1*", - "oidcRPMetaDataOptionsIDTokenForceClaims": 0, - "oidcRPMetaDataOptionsIDTokenSignAlg": "RS256", - "oidcRPMetaDataOptionsLogoutBypassConfirm": 0, - "oidcRPMetaDataOptionsLogoutSessionRequired": 1, - "oidcRPMetaDataOptionsLogoutType": "back", - "oidcRPMetaDataOptionsPublic": 0, - "oidcRPMetaDataOptionsRedirectUris": "https://matrix.example.com/_synapse/client/oidc/callback", - "oidcRPMetaDataOptionsRefreshToken": 0, - "oidcRPMetaDataOptionsRequirePKCE": 0 - } - }, - "oidcRPMetaDataOptionsExtraClaims": null, - "oidcRPMetaDataScopeRules": null, - "oidcRPStateTimeout": 600, - "oidcServiceAccessTokenExpiration": 3600, - "oidcServiceAllowAuthorizationCodeFlow": 1, - "oidcServiceAllowImplicitFlow": 0, - "oidcServiceAuthorizationCodeExpiration": 60, - "oidcServiceDynamicRegistrationExportedVars": {}, - "oidcServiceDynamicRegistrationExtraClaims": {}, - "oidcServiceIDTokenExpiration": 3600, - "oidcServiceIgnoreScopeForClaims": 1, - "oidcServiceKeyIdSig": "oMGHInscAW3Nsa0FcnCnDA", - "oidcServiceMetaDataAuthnContext": { - "loa-1": 1, - "loa-2": 2, - "loa-3": 3, - "loa-4": 4, - "loa-5": 5 - }, - "oidcServiceMetaDataAuthorizeURI": "authorize", - "oidcServiceMetaDataBackChannelURI": "blogout", - "oidcServiceMetaDataCheckSessionURI": "checksession.html", - "oidcServiceMetaDataEndSessionURI": "logout", - "oidcServiceMetaDataFrontChannelURI": "flogout", - "oidcServiceMetaDataIntrospectionURI": "introspect", - "oidcServiceMetaDataJWKSURI": "jwks", - "oidcServiceMetaDataRegistrationURI": "register", - "oidcServiceMetaDataTokenURI": "token", - "oidcServiceMetaDataUserInfoURI": "userinfo", - "oidcServiceOfflineSessionExpiration": 2592000, - "oidcServicePrivateKeySig": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDywteBzIOlhKc4\nO+vhMStDYOpPYrWDOodkUZ7OsxlWVNZ/b/lqIFS56+MHPkKNQuT4zZCyO8bEKmmR\nZ6kPFJoGbO1zJCPQ/RKjimX4J/5gDb1BAlo+6agJi55e3Bw0zKNJDU0mRyedcIzW\n7ywTgyj6B35pl/Sfloi4Q1XEizHar+26h66SOEtnppMxGvwsxO8gFWz26CPmalvY\n5GNYR0txbXUZn7I4kDa4mMWgNfeocWc78Qbt4RV5EuQdbRh1sou4tL9Nn4EuGhg0\nmfsSI0xVAj7f82Wn3kW6qEbhuejrY7aqmZjN7yrMKtCBuV7o4hVrjYLuM2j0mInY\nMy5nRNOVAgMBAAECggEAJ145nK8R2lG83H27LvXOUkrxNJaJYRKoyjgCTPr2bO2t\nK1V5WSCNHOmIE7ChEk962m5bvMu83CsUm6P34p4wrEIV78o4lLe1whe7mZbCxcj0\nnApJoFI8EfA2aqO/X0CgakRh8ocvgXSzIlf/CdsHViTI907ROOAso9Unn4wDNbdp\nMrhi3H2SnA+ewzj85WygBVTNQmVBjJSSLXTQRkfHye0ztvQm59gqqaJaM2rkBjvA\nlPWAVsgakOk4pgClKElCsIjWPJwdYtcd8VJrwnro5J9KhMwB//AArGgqOaXUHnLH\nv5aZZp6FjV/M3BxbSp4cG6hXmK1hrDFLecRddYP1gQKBgQD+Y4/ee57Z0E2V8833\nYfrK3F23sfxmZ7zUwEbgFXUfRy3RVW7Hbc7PAJzxzrk+LYk/zaZrrfEJguqG2O6m\nVNYkqxKu69Nn964CMdV15JGxVzpzsN5adKlcvKVVv9gx2rF3SMUOHiRutj2BlUtO\niCq0G3jFsXWIRzePig9PbWP6CQKBgQD0TG2DeDDUgKbeJYIzXfmCvGxlm5MZqCc/\nK7d8P9U0svG//jJRTsa9hcLjk7N24CzhLNHyJmT7dh1Xy1oLyHNPZ4nQRmCe+HUf\nu0SK10WZ2K55ekUmqS+xSuDFWJtWa5SE46cKg0fKu7YkiDKI1s6I3qrF4lew2aDE\n2p8GJRrgLQKBgCh2PZPtpb6PW0fWl5QZiYJqup1VOggvx+EvFBbgUti+wZLiO9SM\nqrBSMKRldSFmrMXxN984s3YH1LXOG2dpZwY+D6Ky79VBl/PRaVpvGJ1Uen+cSkGo\n/Kc7ejDBaunDFycZ8/3i3Xiek/ngfTHohqJPHE6Vg1RBv5ydIQJJK/XBAoGAU1XO\n9c4GOjc4tQbuhz9DYgmMoIyVfWcTHEV5bfUIcdWpCelYmMval8QNWzyDN8X5CUcU\nxxm50N3V3KENsn9KdofHRzj6tL/klFJ5azNMFtMHkYDYHfwQvNXiHu++7Zf9LefK\nj5eA4fNuir+7HVrJUX9DmgVADJ/wa7Z4EMyPgnECgYA/NLUs4920h10ie5lFffpM\nqq6CRcBjsQ7eGK9UI1Z2KZUh94eqIENSJ7whBjXKvJJvhAlH4//lVFMMRs7oJePY\nThg+8In7PB64yMOIJZLc5Fekn9aGG6YtErPzePQkXSYCKZxWl5EpjQZGgPRVkNtD\n2nflyJLjiCbTjeNgWIOZlw==\n-----END PRIVATE KEY-----\n", - "oidcServicePublicKeySig": "-----BEGIN CERTIFICATE-----\nMIICuDCCAaCgAwIBAgIEFU77HjANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNt\nYXRyaXgubGluYWdvcmEuY29tMB4XDTIzMDIxNTAzMTk0NloXDTQzMDIxMDAzMTk0\nNlowHjEcMBoGA1UEAwwTbWF0cml4LmxpbmFnb3JhLmNvbTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBAPLC14HMg6WEpzg76+ExK0Ng6k9itYM6h2RRns6z\nGVZU1n9v+WogVLnr4wc+Qo1C5PjNkLI7xsQqaZFnqQ8UmgZs7XMkI9D9EqOKZfgn\n/mANvUECWj7pqAmLnl7cHDTMo0kNTSZHJ51wjNbvLBODKPoHfmmX9J+WiLhDVcSL\nMdqv7bqHrpI4S2emkzEa/CzE7yAVbPboI+ZqW9jkY1hHS3FtdRmfsjiQNriYxaA1\n96hxZzvxBu3hFXkS5B1tGHWyi7i0v02fgS4aGDSZ+xIjTFUCPt/zZafeRbqoRuG5\n6OtjtqqZmM3vKswq0IG5XujiFWuNgu4zaPSYidgzLmdE05UCAwEAATANBgkqhkiG\n9w0BAQsFAAOCAQEArNmGxZVvmvdOLctv+zQ+npzQtOTaJcf+r/1xYuM4FZVe4yLc\ny9ElDskoDWjvQU7jKeJeaDOYgMJQNrek8Doj8uHPWNe6jYFa62Csg9aPz6e8qbtq\nWI+sXds5GJd6xZ8mi2L4MdT/tf8dBgcgybuoRyhBtJwG1rLNAYkeXMxkBzOFcU7K\nR/SZ0q9ToLAWFDhn42MTjPN3t6GwKDzGNsM/SI/3WvUwpQbtK91hjPnNDwKiAtGG\nfUteuigfXY+0hEcQwJdR0St/FQ8UYYcAB5YT9IkT1wCcU5LfPHCBf3OXNpbnQsHh\netQMKLibM6wWdXNwmsd1szO66ft3QZ4h4EG3Vw==\n-----END CERTIFICATE-----\n", - "oidcStorageOptions": {}, - "openIdAuthnLevel": 1, - "openIdExportedVars": {}, - "openIdIDPList": "0;", - "openIdSPList": "0;", - "openIdSreg_email": "mail", - "openIdSreg_fullname": "cn", - "openIdSreg_nickname": "uid", - "openIdSreg_timezone": "_timezone", - "pamAuthnLevel": 2, - "pamService": "login", - "password2fActivation": 0, - "password2fSelfRegistration": 0, - "password2fUserCanRemoveKey": 1, - "passwordDB": "Demo", - "passwordPolicyActivation": 1, - "passwordPolicyMinDigit": 0, - "passwordPolicyMinLower": 0, - "passwordPolicyMinSize": 0, - "passwordPolicyMinSpeChar": 0, - "passwordPolicyMinUpper": 0, - "passwordPolicySpecialChar": "__ALL__", - "passwordResetAllowedRetries": 3, - "persistentSessionAttributes": "_loginHistory _2fDevices notification_", - "persistentStorage": "Apache::Session::File", - "persistentStorageOptions": { - "Directory": "/var/lib/lemonldap-ng/psessions", - "LockDirectory": "/var/lib/lemonldap-ng/psessions/lock" - }, - "port": -1, - "portal": "https://auth.example.com", - "portalAntiFrame": 1, - "portalCheckLogins": 1, - "portalDisplayAppslist": 1, - "portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/", - "portalDisplayGeneratePassword": 1, - "portalDisplayLoginHistory": 1, - "portalDisplayLogout": 1, - "portalDisplayOidcConsents": "$_oidcConsents && $_oidcConsents =~ /\\w+/", - "portalDisplayOrder": "Appslist ChangePassword LoginHistory OidcConsents Logout", - "portalDisplayRefreshMyRights": 1, - "portalDisplayRegister": 1, - "portalErrorOnExpiredSession": 1, - "portalFavicon": "common/favicon.ico", - "portalForceAuthnInterval": 5, - "portalMainLogo": "common/logos/logo_llng_400px.png", - "portalPingInterval": 60000, - "portalRequireOldPassword": 1, - "portalSkin": "bootstrap", - "portalSkinBackground": "1280px-Cedar_Breaks_National_Monument_partially.jpg", - "portalUserAttr": "_user", - "proxyAuthServiceChoiceParam": "lmAuth", - "proxyAuthnLevel": 2, - "radius2fActivation": 0, - "radius2fTimeout": 20, - "radiusAuthnLevel": 3, - "radiusExportedVars": {}, - "randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}", - "redirectFormMethod": "get", - "registerDB": "Null", - "registerTimeout": 0, - "registerUrl": "https://auth.example.com/register", - "reloadTimeout": 5, - "reloadUrls": { - "localhost": "https://reload.example.com/reload" - }, - "rememberAuthChoiceRule": 0, - "rememberCookieName": "llngrememberauthchoice", - "rememberCookieTimeout": 31536000, - "rememberTimer": 5, - "remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP", - "remoteGlobalStorageOptions": { - "ns": "https://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService", - "proxy": "https://auth.example.com/sessions" - }, - "requireToken": 1, - "rest2fActivation": 0, - "restAuthnLevel": 2, - "restClockTolerance": 15, - "sameSite": "", - "samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;", - "samlAuthnContextMapKerberos": 4, - "samlAuthnContextMapPassword": 2, - "samlAuthnContextMapPasswordProtectedTransport": 3, - "samlAuthnContextMapTLSClient": 5, - "samlEntityID": "#PORTAL#/saml/metadata", - "samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", - "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", - "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", - "samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;", - "samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;", - "samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;", - "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;", - "samlIDPSSODescriptorWantAuthnRequestsSigned": 1, - "samlMetadataForceUTF8": 1, - "samlNameIDFormatMapEmail": "mail", - "samlNameIDFormatMapKerberos": "uid", - "samlNameIDFormatMapWindows": "uid", - "samlNameIDFormatMapX509": "mail", - "samlOrganizationDisplayName": "Example", - "samlOrganizationName": "Example", - "samlOrganizationURL": "https://www.example.com", - "samlOverrideIDPEntityID": "", - "samlRelayStateTimeout": 600, - "samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", - "samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact", - "samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost", - "samlSPSSODescriptorAuthnRequestsSigned": 1, - "samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", - "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", - "samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;", - "samlSPSSODescriptorWantAssertionsSigned": 1, - "samlServiceSignatureMethod": "RSA_SHA256", - "scrollTop": 400, - "securedCookie": 0, - "sessionDataToRemember": {}, - "sfEngine": "::2F::Engines::Default", - "sfManagerRule": 1, - "sfRemovedMsgRule": 0, - "sfRemovedNotifMsg": "_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!", - "sfRemovedNotifRef": "RemoveSF", - "sfRemovedNotifTitle": "Second factor notification", - "sfRequired": 0, - "showLanguages": 1, - "singleIP": 0, - "singleSession": 0, - "singleUserByIP": 0, - "slaveAuthnLevel": 2, - "slaveExportedVars": {}, - "soapProxyUrn": "urn:Lemonldap/NG/Common/PSGI/SOAPService", - "stayConnected": 0, - "stayConnectedCookieName": "llngconnection", - "stayConnectedTimeout": 2592000, - "successLoginNumber": 5, - "timeout": 72000, - "timeoutActivity": 0, - "timeoutActivityInterval": 60, - "totp2fActivation": 0, - "totp2fDigits": 6, - "totp2fInterval": 30, - "totp2fRange": 1, - "totp2fSelfRegistration": 0, - "totp2fUserCanRemoveKey": 1, - "twitterAuthnLevel": 1, - "twitterUserField": "screen_name", - "u2fActivation": 0, - "u2fSelfRegistration": 0, - "u2fUserCanRemoveKey": 1, - "upgradeSession": 1, - "useRedirectOnError": 1, - "useSafeJail": 1, - "userControl": "^[\\w\\.\\-@]+$", - "userDB": "Same", - "utotp2fActivation": 0, - "viewerHiddenKeys": "samlIDPMetaDataNodes, samlSPMetaDataNodes", - "webIDAuthnLevel": 1, - "webIDExportedVars": {}, - "webauthn2fActivation": 0, - "webauthn2fSelfRegistration": 0, - "webauthn2fUserCanRemoveKey": 1, - "webauthn2fUserVerification": "preferred", - "whatToTrace": "_whatToTrace", - "yubikey2fActivation": 0, - "yubikey2fPublicIDSize": 12, - "yubikey2fSelfRegistration": 0, - "yubikey2fUserCanRemoveKey": 1 - } - \ No newline at end of file diff --git a/packages/tom-server/src/application-server/__testData__/nginx/ssl/auth.example.com.crt b/packages/tom-server/src/application-server/__testData__/nginx/ssl/auth.example.com.crt deleted file mode 100644 index af15717e..00000000 --- a/packages/tom-server/src/application-server/__testData__/nginx/ssl/auth.example.com.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEETCCAvmgAwIBAgIUOVvatcBdUi71/U3VpkjRrG8jz84wDQYJKoZIhvcNAQEL -BQAwgZcxCzAJBgNVBAYTAkZSMRIwEAYDVQQIDAlPY2NpdGFuaWUxETAPBgNVBAcM -CFRvdWxvdXNlMREwDwYDVQQKDAhMaW5hZ29yYTEMMAoGA1UECwwDR1NPMRkwFwYD -VQQDDBBhdXRoLmV4YW1wbGUuY29tMSUwIwYJKoZIhvcNAQkBFhZqY2FiYW5uZXNA -bGluYWdvcmEuY29tMB4XDTIzMDYyMjE2MTIyOFoXDTI3MDYyMTE2MTIyOFowgZcx -CzAJBgNVBAYTAkZSMRIwEAYDVQQIDAlPY2NpdGFuaWUxETAPBgNVBAcMCFRvdWxv -dXNlMREwDwYDVQQKDAhMaW5hZ29yYTEMMAoGA1UECwwDR1NPMRkwFwYDVQQDDBBh -dXRoLmV4YW1wbGUuY29tMSUwIwYJKoZIhvcNAQkBFhZqY2FiYW5uZXNAbGluYWdv -cmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYbEvomrozhN -Sfz0Ue0MF92nzB/YPuDSjLAlnmXUdV8/p55z5KJQD8DygOn/qj0DiZP7lt3jWJaa -X/xLtpwdJayzJs87uTzlwnRNrZDcgAbcguGhrarOVgVYpgtn8f7lQNypGp+Z8uGJ -koaag2jJaUhmlxx04PwYEfELdYkYrss/G0Uw04ffvRVQ4jneBXVF8gMR92+GtyiE -0EKDWGLaVPb15VlFkbNO8TuBZjEf+fNVzlTJ2tlnJ8R6rTxrLPmj2ffvAN6bjmvg -q1KlLKSZrwVud0wx0kSAgXxOMLjaQl8PLRz+SHwHbXjqkMokRadgsLEbKHEorpFc -i+3mTwV0HQIDAQABo1MwUTAdBgNVHQ4EFgQUtsUDkrerAfI36cp9NRpShfK72skw -HwYDVR0jBBgwFoAUtsUDkrerAfI36cp9NRpShfK72skwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAjiVXoW8sIbO1jIklRePYoZmj0gICiLo9eqVS -xHeWIjRaRkVnkLAtDRkWtYisI4nSja6VDtJjE6XUsUG8oLbwBvps4b7a9LY+sVXE -UkSNxC7d5Ln6sutpcj6EnF7L1Lfi8zqoQb3q7dPqiTsbi1Yu/J8K0ybEhtZ6ueLR -0msy4Byhf6dSFi9BmkFjdArtEhP7p1n0VOX2uvjMQXLhmzO0pQMVFXU1pM4WOlHx -GuxQtuoZhdtktYGGlMOZ1qtJt/y9enTSZuHx4w1M/3cBzOQEBAVkA4tTkPR858JZ -8n5d5wjzLhjn0j3ayYw1nCubKtF0Qy3j3tp/84t/NEAJKCsgGw== ------END CERTIFICATE----- diff --git a/packages/tom-server/src/application-server/__testData__/nginx/ssl/auth.example.com.key b/packages/tom-server/src/application-server/__testData__/nginx/ssl/auth.example.com.key deleted file mode 100644 index e2620fd6..00000000 --- a/packages/tom-server/src/application-server/__testData__/nginx/ssl/auth.example.com.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFhsS+iaujOE1J -/PRR7QwX3afMH9g+4NKMsCWeZdR1Xz+nnnPkolAPwPKA6f+qPQOJk/uW3eNYlppf -/Eu2nB0lrLMmzzu5POXCdE2tkNyABtyC4aGtqs5WBVimC2fx/uVA3Kkan5ny4YmS -hpqDaMlpSGaXHHTg/BgR8Qt1iRiuyz8bRTDTh9+9FVDiOd4FdUXyAxH3b4a3KITQ -QoNYYtpU9vXlWUWRs07xO4FmMR/581XOVMna2WcnxHqtPGss+aPZ9+8A3puOa+Cr -UqUspJmvBW53TDHSRICBfE4wuNpCXw8tHP5IfAdteOqQyiRFp2CwsRsocSiukVyL -7eZPBXQdAgMBAAECggEAYmHHqKdlZ7xpMordHdkVhuWN5+uMh3TvKceqVQSfF37D -c7dGPgBiJBaUMoVaI+6Tznh4fSIzVDJe3aQKCgAjvFoSOShKtO6R+ZJ4BhT63oGM -X1wGbTt/3fR3vOw9b5jnkrDVQT9xLDoNjX+hggY1G01GW8l+pXiqfHU0oewQ8S3G -RzPmLLrDgV8eyu0WXTNohGnL/8UDT2tLYQWNdRu6Z/jujSkKeScLi9kAeJOOjKvg -pxaLzlt2nzszNj+omzPEZTOz6lBccRjVYLIAuVoplPmmPueit2cKptGJyQCx0Q1K -iQWhRTk+wNmZUuQ6x4PYgu6cxC9joS3WWA1psqluuQKBgQDb8L5ORJEp1g6K7HVN -5b9riHvX3LgQifUNd3VIytQpKYxBdrQ/kPM7QMmDoVEmwakwkrYwD04QRKDsOi4W -dUxiYJM6WZDOsDHUh/3GCBZ+j9cmcME0ZAPaVKa7eTCxCt6sLmM2tY4h9H1Wfsxj -3u8wDLYc/Bwkd7moFOYs7jtHBwKBgQDl6UZMObjsnJxEyoY8MILYxEPrBbzJQh7Z -dL7fdpGxF/DbcNwE30AQR01lG3Eh29ZIiG/R9QWhTwIYoC0BM76jY9dLN3ssBPmj -yY28R4bCBTI9ew3rEhpscEeVvW0A2ERsy79EZBbBvZ5wCYpTb/gLcc9b0uyx5Kvi -SFpDIDxeuwKBgH5+SzVAgiyJi/uiWyTeCeWSrYdMzh/U+DcyiSXAYZz65EuSNcCJ -YRqm/D7UPJQJtYDWICor4z2/+r1iCLep5rB90q8wa/QzqbUOMYn/hNBtcdQN7VBw -ZTbgkLQp0zM/iSmF1FHWwVQOBTgF3Q9jXDVKWkL5TEY9BW4B9w/IRBdpAoGAFx1t -+OnwwrE4MN5fwptp/Fs3LODlyyI/scNAEX19Rl3O1HEzXbYIXdqdWGX66NmOYLp+ -65AD4eTspAcunylRqGG4WpKYaqORabsw6dYTIVyeYXoGuzSVvYNIXzCtTeFwd7PA -ZiLd+tqSnFcJNjxSpuvpWiUJsRT5hwWZNZh/GVMCgYA31Wm0wYIlVlecJoUza3// -J0jnK6VhJpqrMgttJG5AR6C6btBeXzTJ5kYqAh8tXB6u+Puqx9aYqZGDVeRj0wo1 -I206lsmsd27RZLUgyLpJDexY1oQ8s/DBS5VWh96K4Gmw9P+TV/5E858x7MdttDHs -dvnxHWJMiidxraymkgqJNQ== ------END PRIVATE KEY----- diff --git a/packages/tom-server/src/application-server/__testData__/nginx/ssl/matrix.example.com.crt b/packages/tom-server/src/application-server/__testData__/nginx/ssl/matrix.example.com.crt deleted file mode 100644 index dfb44e9c..00000000 --- a/packages/tom-server/src/application-server/__testData__/nginx/ssl/matrix.example.com.crt +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF+TCCA+GgAwIBAgIUH+DSOlr56iJQYZhck11PfoyJ/fAwDQYJKoZIhvcNAQEL -BQAwgYsxCzAJBgNVBAYTAkZSMRIwEAYDVQQIDAlPY2NpdGFuaWUxETAPBgNVBAcM -CFRvdWxvdXNlMREwDwYDVQQKDAhMaW5hZ29yYTEbMBkGA1UEAwwSbWF0cml4LmV4 -YW1wbGUuY29tMSUwIwYJKoZIhvcNAQkBFhZqY2FiYW5uZXNAbGluYWdvcmEuY29t -MB4XDTIzMDYwNzEzMjMxOVoXDTI3MDYwNjEzMjMxOVowgYsxCzAJBgNVBAYTAkZS -MRIwEAYDVQQIDAlPY2NpdGFuaWUxETAPBgNVBAcMCFRvdWxvdXNlMREwDwYDVQQK -DAhMaW5hZ29yYTEbMBkGA1UEAwwSbWF0cml4LmV4YW1wbGUuY29tMSUwIwYJKoZI -hvcNAQkBFhZqY2FiYW5uZXNAbGluYWdvcmEuY29tMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAtrlLmRxV9MaivjOBFsG30DSOQqBs3uvuve3SvS1jQrj9 -dpiuV9Cj5LdTR2nFOqguwKP66/ehufIOry+gEcr+N6e215O6djWYpCqAwoHBb4u4 -4B0xaoZmIqZ+E46wW1pBNreunZ/jcjU6dCvGJ+zfBkafKrA33ft1pUCwzNjP9Gkt -iYZBB43ba8q9CUV3p9NHLHkiahKXHPra9rptTyZ8BEmbpLV0lwwt+WrRX3T8eOkC -cd0gKvHn3vggNEUWDIdSyMdMrjLSxjzXrRKa6CQ/VOuvyg7AnoCvQebWbVnRXYoE -mcxb5Ejz4pc97DzORnkky71HzyYus9I0NB/H3+qr/YnFLLEhbUBXFsw4uCNy9nU2 -8FVuVqY4kpf2fEVmxh04cen+yOVoXWXmBMTX8EU7eYuo+oNvxwHUk2clKG/cDNTa -kC3iX4nAff0PlzYDXONRNqCMqFaQbTa5VV8n4g9+2+XZRDm3EWZK2TPl6WvPBnOr -Mn7eFBVD8WPuud7ELKMS+S8p4UfSWPaSB8WN1+QK5a9hjOpmDt0f7Jsk9SCTBE75 -qeFFxngd8dx2LyEBbKOU/s/0cbkkY17A3pwKDMWnXrpcJ9wIflpYXgNZ2HD0/Ku9 -zqaEbP6WRnchAjdwQ/XX2eQWGf5zC3zW31/dCBrJJcw+/bJlF23XK2MHL4og3j8C -AwEAAaNTMFEwHQYDVR0OBBYEFEb5JWdsxBgnFa/EK2y+ghIwyOF2MB8GA1UdIwQY -MBaAFEb5JWdsxBgnFa/EK2y+ghIwyOF2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggIBAE/Ww8V/td+ilnZ/6fqooQ2586hiSMQvkiz9JVSL/hiQBwe/ -dI1P3aU8qQ7hD+FcGID4QeE2qV1ngOt1iD7+KlErpynpw0f4FHnhC3gp7ReMAOpF -uGhUYYhjUoPeMunkK6OOlV+Ekrs83ZPDa2UoMEtW/5VtbOPwpusU6luoXleJ+qu1 -CK9gsFYG/525S0TzsrxAc0iXlRF/loBBZTmqAsFojfxpmKQPwNSqIj8ioyVZgoed -BRywdJ5cmjnq6TTTCXd+qrs9EjLP0YTEnX81WztYZTj0kmTW/ITzCv42RhPWXBXA -XGcFv1Lb7ahpT10tVylQquxpo0UJMv6Y2sBZLA7TMc5OW4h108R5GELOQKAFTf9S -ufiKwxBfZi3bofetFU1Wl7ZHhsh4I3kcpj+X+K9O+AFNKJY0rMLf+8IcRTnZ5Kq2 -YJC0BgfoR2Yd898l6wmDCUnvJZofuebBs7JlS2eZ9JmLvWgUI+5M7iSqpegFhmuW -T5N1/9GzgkCbSCcO+ZEP9w4oQeSPXTgbbBlrQqA4YcChsHj/xtUXJhivGoKK8D55 -eDnXUPGe9iAFzVmNraLJHMP1d9chuhSFIrGs5kdRIzDLGg+XzPUXa/eHOvR6UtHW -4+X/+wKhvQTV6ZCpsReLzGXYgmKjFh+mSCjv6B+Xpc1HaOw90D0HDK5QVLtR ------END CERTIFICATE----- diff --git a/packages/tom-server/src/application-server/__testData__/nginx/ssl/matrix.example.com.key b/packages/tom-server/src/application-server/__testData__/nginx/ssl/matrix.example.com.key deleted file mode 100644 index 471539eb..00000000 --- a/packages/tom-server/src/application-server/__testData__/nginx/ssl/matrix.example.com.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC2uUuZHFX0xqK+ -M4EWwbfQNI5CoGze6+697dK9LWNCuP12mK5X0KPkt1NHacU6qC7Ao/rr96G58g6v -L6ARyv43p7bXk7p2NZikKoDCgcFvi7jgHTFqhmYipn4TjrBbWkE2t66dn+NyNTp0 -K8Yn7N8GRp8qsDfd+3WlQLDM2M/0aS2JhkEHjdtryr0JRXen00cseSJqEpcc+tr2 -um1PJnwESZuktXSXDC35atFfdPx46QJx3SAq8efe+CA0RRYMh1LIx0yuMtLGPNet -EproJD9U66/KDsCegK9B5tZtWdFdigSZzFvkSPPilz3sPM5GeSTLvUfPJi6z0jQ0 -H8ff6qv9icUssSFtQFcWzDi4I3L2dTbwVW5WpjiSl/Z8RWbGHThx6f7I5WhdZeYE -xNfwRTt5i6j6g2/HAdSTZyUob9wM1NqQLeJficB9/Q+XNgNc41E2oIyoVpBtNrlV -XyfiD37b5dlEObcRZkrZM+Xpa88Gc6syft4UFUPxY+653sQsoxL5LynhR9JY9pIH -xY3X5Arlr2GM6mYO3R/smyT1IJMETvmp4UXGeB3x3HYvIQFso5T+z/RxuSRjXsDe -nAoMxadeulwn3Ah+WlheA1nYcPT8q73OpoRs/pZGdyECN3BD9dfZ5BYZ/nMLfNbf -X90IGsklzD79smUXbdcrYwcviiDePwIDAQABAoICABFZNxqavHUuEDDmK6EhKWDv -lyYvnHFEjflNxY7H6r8LWKf+8maiB5LlQ6yUbUZsG2xCOsZWpO3w/oCW5qgUfDMv -4vCa377uHcelxW3c608PlrD99JLRnzbg/zgUzx0NTQMd83VBw1LfnOTUwc6encTh -xaZERDmjm1WM9nxXMCoGJm2tPSqzcZwitp9VD3mer15DQ1zg1k9zvdW5I5G6l1cX -igXcY0JyxJauvqGai4dgpXvGwTwdQE+aLVc+dqEf5AtDaOi300KWb5UeHsO1qqcB -wuyjSUSDS/XXgzpZ/G0uInuxEcnIkhH3HB5RiPWF9lQQbOtNC8LE+ByO0T0AR0NK -dGVtcnh58CCSVLqTF9SsozqDhCcnEzZLXsxzB9R/XbgoNsye+YMv59l/FbcQ4kPD -UP7LSBP3tyTRg/o4TlLguasQ2FJyRv06UJxSeeyNjADvbhtXfwjg1sIj+rOBq/s6 -hDHq5Qv7+4KrL41uolrWNWW+c2vhA/zhvT70YPfk4jRJL7AiUwXLLZBuYaWQTTk2 -wOb3FxIzIRITGPVs3SCWwKW79e4/uAAvFv2b03RNxD9ATNfZLtUps3ZowDYY8dwN -/QyAMVg3Z8+cTMhK9MAsczWq4+2F72TaaCfCqqxIv4oBZPhv/dCjnsiYYMx8XoaB -q0h3psDeQ7mG07yDwUwBAoIBAQDOszaLviDsCnDmKXcDWInThdAO1yHcKCUHoi+P -xqnrpoDS56dO9gM5SUtpF0gO46LRSpoE6CnLy6szl+7r/MKX0NIxSa4p+ySBlZ6X -vTnvz5pKzbu4XUdbFaOgv5UAYfDjKMJsj7VfJ+15ZMxZUg8n5daUvuV4adQ1BgNt -BgTdEjot5bxPurF7Vhqzbzx/Xfm1AK6aXcj5u2ZttPAEQP2xXKnCVC0BYEf0Qhu4 -Efj6i+cfP1oTdzWLeUpUWBtjhNctOZfPAv+Ch5Oof1WmHtU9THrdPD+NTR9UYy5Z -yTe6E2eWZAf61K+elI4r0Y6yHdkdBZH3t0RCmreLlYQDB2oBAoIBAQDiTiE99DQw -giOmusCa0EExlWddueqWQ9OkD1pVpKC0T5JbOTemL1a6gocEUR1VPa/aKvHaCPtr -25nvhlLcWLhjORBtmRCbb71LWMjOurDix5ncvr3eklzexHjCTwiRyaaEDOF0AA9d -fLGNZ0rCfTwP+1bmxM6Dn6e/Vw4Cm30fPHM4A4K7Q6FbTonTEqoRxOZwQm9PvioD -WVa71D+DJyogU2eU/olyUI8NHUulH6o/Ln1wjJo3rPICmEEfgEplDsgDeB5Balvv -9wLFGAH5MC5uWDnLRf5hrr3R8CM1eR8ZsfvbqhF7GUB6IRDEoSQkSlwv4mZNGEB7 -lvlIrwo+fcg/AoIBABau5BWBz+sXWjxn4H+lf7qOvL5kLXsTjLzBt6Z3jr4lj42V -jm7D4KawvG3T+DxqDrwZC73uHGgY+bi3u6h6HIC8kdSG2W4R+XefC8BrK6h9h9kd -qrQYyHPedA5398oK9Xx4RJ3VR3ohz5W60hIbRz6BooLAUD5ensMS3d1hA7efAHN4 -+qllO4Tldhiq5GC112ldocue7yc4wYzYhl5xI2YLXTXONwInpr3PY2tXzZLxN3Pe -Z+wq8N1Veiq3YIoTUenMoDQ/h/qzFikvkB6i05PeiL0ul2rSQ9Xm7Hc99bed2YhP -gfCs1nj4pIF6hcZWMDVXHyWoHv2QLQRMbChI8AECggEAaxj8hFxYgohkJNiGo/1g -jP2eoG2GxjwtIZwebR9u6kYqBj/qxRvsGHIDQZi9oASEf2QJdtz/V0ji7ccM2bim -8lYkHynsARN9avYGekdBxOEfQKeIJZfwmYAzgglzDcN3qVCLNaF9pAmJ4Vh7udUY -opuYwbdr4ECjW1rwh21cZnbuNBj9OnBEIXjmotxXXfdn8sKN+RgOu+0Arf1BXWkg -d5HhGFLpaw8S0+sETI3SvPncZXI03ZpcIbw6PZUyH+dB4tpqvxx9i+/DANFexbX2 -k0PvffKO812F+Z+CmiDLBhcEES3H/hCyQdn6HIQCHaaPQB4Nufh7M8H8EVi9KVvP -cwKCAQEAnnJ+9jAmTpeYYZTGGp0t4QuM+AK/8R+PljwoBYR1jCCNCxaYX8Qp8uP2 -vCEzhXS1I0qRBrZXBEb4EBrUJguXqgDQtaUBRH3IgQcBdVffE13WGAKpo2z7TuVi -PZLNIdAC+0swBE2xa9efZdaUodQmPAsPiWYm4ENZ5Gwk8YQuF9QNioJaQdEGrQYs -5XQqgNBLlNU1yOP2EKiFOPlM8ee6ztuG1YhYkFmu5hxemWwoGL18yGklyNqJv4+j -+R9XxX+tpEU0XvRlraSvDf1l20WJpNTAD6M7RAsoQHc2Th20ezoEo1a9mDf6pYw6 -5V2jaw5UTqb2o/PIIAsHnQzluiitxQ== ------END PRIVATE KEY----- diff --git a/packages/tom-server/src/index.test.ts b/packages/tom-server/src/index.test.ts index e43c82bf..b8699aaf 100644 --- a/packages/tom-server/src/index.test.ts +++ b/packages/tom-server/src/index.test.ts @@ -136,12 +136,9 @@ describe('Tom-server', () => { }) }) - describe('Application server', () => { - test('application server endpoint should not be available', async () => { - let response = await request(app).post('/_twake/app/v1/rooms') - expect(response.statusCode).toBe(404) - - response = await request(app).put('/_matrix/app/v1/transactions/1') + describe('Administration Console API', () => { + test('administration console endpoint should not be available', async () => { + const response = await request(app).post('/_twake/app/v1/rooms') expect(response.statusCode).toBe(404) }) }) diff --git a/packages/tom-server/src/index.ts b/packages/tom-server/src/index.ts index 5a4d53f4..6c93132c 100644 --- a/packages/tom-server/src/index.ts +++ b/packages/tom-server/src/index.ts @@ -8,7 +8,7 @@ import MatrixApplicationServer from '@twake/matrix-application-server' import { MatrixDB } from '@twake/matrix-identity-server' import { Router } from 'express' import fs from 'fs' -import AppServiceAPI from './application-server' +import AdministrationConsoleAPI from './administration-console-api' import defaultConfig from './config.json' import initializeDb, { type TwakeDB } from './db' import IdServer from './identity-server' @@ -62,8 +62,15 @@ export default class TwakeServer { process.env.ADDITIONAL_FEATURES === 'true' || (this.conf.additional_features as boolean) ) { - const appServiceApi = new AppServiceAPI(this, confDesc, this.logger) - this.endpoints.use(appServiceApi.router.routes) + const adminConsoleApi = new AdministrationConsoleAPI( + this.applicationServer, + this.idServer.db, + this.idServer.userDB, + this.matrixDb, + this.conf, + this.logger + ) + this.endpoints.use(adminConsoleApi.endpoints) } resolve(true) })