javascript-solid-server 0.0.142 → 0.0.144

package/bin/jss.js

@@ -13,6 +13,7 @@ import { Command } from 'commander';
 import { createServer } from '../src/server.js';
 import { loadConfig, saveConfig, printConfig, defaults } from '../src/config.js';
 import { createInvite, listInvites, revokeInvite } from '../src/idp/invites.js';
+import { findByUsername, updatePassword, deleteAccount } from '../src/idp/accounts.js';
 import { setQuotaLimit, getQuotaInfo, reconcileQuota, formatBytes } from '../src/storage/quota.js';
 import { parseSize } from '../src/config.js';
 import crypto from 'crypto';
@@ -637,32 +638,12 @@ program
         process.env.DATA_ROOT = path.resolve(options.root);
       }
 
-      // Load account by username
-      const dataRoot = process.env.DATA_ROOT || './data';
-      const accountsDir = path.join(dataRoot, '.idp', 'accounts');
-      const indexPath = path.join(accountsDir, '_username_index.json');
-
-      let usernameIndex;
-      try {
-        usernameIndex = await fs.readJson(indexPath);
-      } catch (err) {
-        if (err.code === 'ENOENT') {
-          console.error(`Error: No accounts found (missing ${indexPath})`);
-          process.exit(1);
-        }
-        throw err;
-      }
-
-      const normalizedUsername = username.toLowerCase().trim();
-      const accountId = usernameIndex[normalizedUsername];
-      if (!accountId) {
+      const account = await findByUsername(username);
+      if (!account) {
         console.error(`Error: User not found: ${username}`);
         process.exit(1);
       }
 
-      const accountPath = path.join(accountsDir, `${accountId}.json`);
-      const account = await fs.readJson(accountPath);
-
       // Determine new password
       let newPassword;
 
@@ -673,8 +654,8 @@ program
       } else {
         // Interactive prompt
         newPassword = await promptPassword('New password: ');
-        const confirm = await promptPassword('Confirm password: ');
-        if (newPassword !== confirm) {
+        const confirmation = await promptPassword('Confirm password: ');
+        if (newPassword !== confirmation) {
           console.error('Error: Passwords do not match');
           process.exit(1);
         }
@@ -685,17 +666,63 @@ program
         process.exit(1);
       }
 
-      // Hash and save
-      const bcrypt = await import('bcryptjs').then(m => m.default);
-      account.passwordHash = await bcrypt.hash(newPassword, 10);
-      account.passwordChangedAt = new Date().toISOString();
-      await fs.writeJson(accountPath, account, { spaces: 2 });
+      await updatePassword(account.id, newPassword);
 
       if (options.generate) {
-        console.log(`\nPassword updated for ${normalizedUsername}`);
+        console.log(`\nPassword updated for ${account.username}`);
         console.log(`Generated password: ${newPassword}\n`);
       } else {
-        console.log(`\nPassword updated for ${normalizedUsername}\n`);
+        console.log(`\nPassword updated for ${account.username}\n`);
+      }
+    } catch (err) {
+      console.error(`Error: ${err.message}`);
+      process.exit(1);
+    }
+  });
+
+/**
+ * Account commands - manage user accounts
+ */
+const accountCmd = program
+  .command('account')
+  .description('Manage user accounts');
+
+accountCmd
+  .command('delete <username>')
+  .description('Delete a user account from the IdP')
+  .option('-r, --root <path>',  'Data directory')
+  .option('-y, --yes',          'Skip the confirmation prompt')
+  .option('--purge',            'Also delete pod data at <dataRoot>/<username>/')
+  .action(async (username, options) => {
+    try {
+      if (options.root) {
+        process.env.DATA_ROOT = path.resolve(options.root);
+      }
+
+      const account = await findByUsername(username);
+      if (!account) {
+        console.error(`Error: User not found: ${username}`);
+        process.exit(1);
+      }
+
+      if (!options.yes) {
+        const summary = `Delete account '${account.username}' (${account.webId})${options.purge ? ' AND purge pod data' : ''}?`;
+        const ok = await confirm(summary, false);
+        if (!ok) {
+          console.log('Cancelled.');
+          process.exit(0);
+        }
+      }
+
+      await deleteAccount(account.id);
+
+      if (options.purge) {
+        const dataRoot = process.env.DATA_ROOT || './data';
+        const podPath = path.join(dataRoot, account.username);
+        await fs.remove(podPath);
+        console.log(`\nDeleted account ${account.username}. Pod data removed from ${podPath}.\n`);
+      } else {
+        console.log(`\nDeleted account ${account.username}. Pod data preserved at <dataRoot>/${account.username}/ (use --purge to remove).\n`);
       }
     } catch (err) {
       console.error(`Error: ${err.message}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.142",
+  "version": "0.0.144",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",

package/src/idp/index.js

@@ -183,7 +183,7 @@ export async function idpPlugin(fastify, options) {
   // Pairs with the /idp/auth guard above so a human visitor lands here
   // rather than on a raw OIDC error.
   fastify.get('/idp', async (request, reply) => {
-    return reply.type('text/html').send(landingPage({ baseUri: issuer }));
+    return reply.type('text/html').send(landingPage({ baseUri: issuer, singleUser }));
   });
 
   // Token sub-paths

package/src/idp/views.js

@@ -555,12 +555,15 @@ export function errorPage(title, message) {
  *
  * The OIDC authorization endpoint (/idp/auth) requires a client_id; opening
  * /idp manually used to drop the user into a raw OIDC error. This page is
- * the human-navigable entry point — Create Account is wired up; Sign In is
- * intentionally a description for now (PR-B / #286 will introduce a
- * standalone /idp/login form).
+ * the human-navigable entry point.
+ *
+ * In single-user mode (`ctx.singleUser`) the Create Account button is
+ * suppressed — pod creation is disabled and the button would lead to a
+ * 403. The sign-in note still names pilot as the example client.
  */
 export function landingPage(ctx = {}) {
   const issuer = ctx.baseUri || '';
+  const singleUser = !!ctx.singleUser;
   return `
 <!DOCTYPE html>
 <html lang="en">
@@ -607,13 +610,17 @@ export function landingPage(ctx = {}) {
   <div class="container landing">
     <div class="landing-header">
       <h1>Solid Pod Server</h1>
-      <p class="subtitle">Create an account, then sign in from any Solid app.</p>
+      <p class="subtitle">${singleUser
+        ? 'Single-user pod — sign in from any Solid app.'
+        : 'Create an account, then sign in from any Solid app.'}</p>
     </div>
 
-    <a href="/idp/register" class="btn btn-primary" style="text-decoration: none;">Create Account</a>
+    ${singleUser
+      ? '' /* Registration is disabled in single-user mode; suppress the dead-end button. */
+      : '<a href="/idp/register" class="btn btn-primary" style="text-decoration: none;">Create Account</a>'}
 
     <div class="signin-note">
-      <strong>Already have an account?</strong> Sign in from a Solid app — for example, <a href="https://solid-apps.github.io/pilot/" target="_blank" rel="noopener">pilot</a> is a minimal console you can open right now. Point it at this server and click Sign In.
+      <strong>${singleUser ? 'Sign in' : 'Already have an account?'}</strong> ${singleUser ? 'from' : 'Sign in from'} a Solid app — for example, <a href="https://solid-apps.github.io/pilot/" target="_blank" rel="noopener">pilot</a> is a minimal console you can open right now. Point it at this server and click Sign In.
     </div>
 
     ${issuer ? `<div class="issuer">Issuer: ${escapeHtml(issuer.replace(/\/$/, ''))}</div>` : ''}

package/test/idp.test.js

@@ -356,6 +356,59 @@ describe('Identity Provider - Subdomain mode register validation', () => {
   });
 });
 
+// Single-user mode: registration is disabled, so the /idp landing must
+// suppress the "Create Account" button rather than ship a known 403 trap.
+// Regression coverage for #290.
+describe('Identity Provider - Single-user mode landing', () => {
+  let server;
+  let baseUrl;
+  const SINGLE_USER_DATA_DIR = './test-data-idp-single-user';
+
+  before(async () => {
+    await fs.remove(SINGLE_USER_DATA_DIR);
+    await fs.ensureDir(SINGLE_USER_DATA_DIR);
+
+    const port = await getAvailablePort();
+    baseUrl = `http://${TEST_HOST}:${port}`;
+
+    server = createServer({
+      logger: false,
+      root: SINGLE_USER_DATA_DIR,
+      idp: true,
+      idpIssuer: baseUrl,
+      singleUser: true,
+      singleUserName: 'me',
+      forceCloseConnections: true,
+    });
+
+    await server.listen({ port, host: TEST_HOST });
+  });
+
+  after(async () => {
+    await server.close();
+    await fs.remove(SINGLE_USER_DATA_DIR);
+  });
+
+  it('GET /idp omits the Create Account button', async () => {
+    const res = await fetch(`${baseUrl}/idp`);
+    assert.strictEqual(res.status, 200);
+    const body = await res.text();
+    // Sanity: the landing still rendered.
+    assert.match(body, /Solid Pod Server/);
+    // Button + register link must be absent — those would 403 in single-user mode.
+    assert.doesNotMatch(body, /Create Account/);
+    assert.doesNotMatch(body, /href="\/idp\/register"/);
+    // Sign-in note should still mention pilot as the example client.
+    assert.match(body, /solid-apps\.github\.io\/pilot/);
+  });
+
+  it('subtitle reflects the single-user shape', async () => {
+    const res = await fetch(`${baseUrl}/idp`);
+    const body = await res.text();
+    assert.match(body, /Single-user pod/);
+  });
+});
+
 describe('Identity Provider - Accounts', () => {
   let server;
   let accountsUrl;