solid-server 5.6.16 → 5.6.17

package/lib/acl-checker.js

@@ -87,15 +87,27 @@ class ACLChecker {
     }
     let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes)
 
+    function accessDeniedForAccessTo (mode) {
+      const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL(mode)], agentOrigin, trustedOrigins, originTrustedModes)
+      const accessResult = !accessDenied && !accessDeniedAccessTo
+      accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo
+      // debugCache('accessDenied result ' + accessDenied)
+    }
     // For create and update HTTP methods
     if ((method === 'PUT' || method === 'PATCH' || method === 'COPY') && directory) {
       // if resource and acl have same parent container,
       // and resource does not exist, then accessTo Append from parent is required
       if (directory.value === dirname(aclFile.value) + '/' && !resourceExists) {
-        const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL('Append')], agentOrigin, trustedOrigins, originTrustedModes)
-        const accessResult = !accessDenied && !accessDeniedAccessTo
-        accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo
-        // debugCache('accessDenied result ' + accessDenied)
+        accessDeniedForAccessTo('Append')
+      }
+    }
+
+    // For delete HTTP method
+    if ((method === 'DELETE') && directory) {
+      // if resource and acl have same parent container,
+      // then accessTo Write from parent is required
+      if (directory.value === dirname(aclFile.value) + '/') {
+        accessDeniedForAccessTo('Write')
       }
     }
     if (accessDenied && user) {

package/lib/handlers/patch/n3-patch-parser.js

@@ -20,16 +20,26 @@ async function parsePatchDocument (targetURI, patchURI, patchText) {
 
   // Query the N3 document for insertions and deletions
   let firstResult
-  try {
+  try { // solid/protocol v0.9.0
     firstResult = await queryForFirstResult(patchGraph, `${PREFIXES}
     SELECT ?insert ?delete ?where WHERE {
-      ?patch solid:patches <${targetURI}>.
+      ?patch a solid:InsertDeletePatch.
       OPTIONAL { ?patch solid:inserts ?insert. }
       OPTIONAL { ?patch solid:deletes ?delete. }
       OPTIONAL { ?patch solid:where   ?where.  }
     }`)
   } catch (err) {
-    throw error(400, `No patch for ${targetURI} found.`, err)
+    try { // deprecated, kept for compatibility
+      firstResult = await queryForFirstResult(patchGraph, `${PREFIXES}
+      SELECT ?insert ?delete ?where WHERE {
+        ?patch solid:patches <${targetURI}>.
+        OPTIONAL { ?patch solid:inserts ?insert. }
+        OPTIONAL { ?patch solid:deletes ?delete. }
+        OPTIONAL { ?patch solid:where   ?where.  }
+      }`)
+    } catch (err) {
+      throw error(400, 'No n3-patch found.', err)
+    }
   }
 
   // Return the insertions and deletions as an rdflib patch document

package/lib/handlers/post.js

@@ -1,6 +1,6 @@
 module.exports = handler
 
-const Busboy = require('busboy')
+const Busboy = require('@fastify/busboy')
 const debug = require('debug')('solid:post')
 const path = require('path')
 const header = require('../header')

package/lib/header.js

@@ -66,7 +66,8 @@ async function linksHandler (req, res, next) {
     return next(error(404, 'Trying to access metadata file as regular file'))
   }
   const fileMetadata = new metadata.Metadata()
-  if (filename.endsWith('/')) {
+  if (req.path.endsWith('/')) {
+    // do not add storage header in serverUri
     if (req.path === '/') fileMetadata.isStorage = true
     fileMetadata.isContainer = true
     fileMetadata.isBasicContainer = true

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "solid-server",
   "description": "Solid server on top of the file-system",
-  "version": "5.6.16",
+  "version": "5.6.17",
   "author": {
     "name": "Tim Berners-Lee",
     "email": "timbl@w3.org"
@@ -45,6 +45,10 @@
       "name": "Arne Hassel",
       "email": "arne.hassel@inrupt.com",
       "url": "https://icanhasweb.net/"
+    },
+    {
+      "name": "Alain Bourgeois",
+      "url": "https://github.com/bourgeoa/"
     }
   ],
   "license": "MIT",
@@ -55,21 +59,21 @@
   "homepage": "https://github.com/solid/node-solid-server",
   "bugs": "https://github.com/solid/node-solid-server/issues",
   "dependencies": {
+    "@fastify/busboy": "^1.0.0",
     "@solid/acl-check": "^0.4.5",
     "@solid/oidc-auth-manager": "^0.24.1",
     "@solid/oidc-op": "0.11.5",
     "async-lock": "^1.3.0",
-    "body-parser": "^1.19.0",
+    "body-parser": "^1.19.1",
     "bootstrap": "^3.4.1",
-    "busboy": "^0.3.1",
     "cached-path-relative": "^1.0.2",
     "camelize": "^1.0.0",
     "cheerio": "^1.0.0-rc.10",
     "colorette": "^2.0.16",
     "commander": "^8.3.0",
     "cors": "^2.8.5",
-    "debug": "^4.3.2",
-    "express": "^4.17.1",
+    "debug": "^4.3.3",
+    "express": "^4.17.2",
     "express-handlebars": "^5.3.4",
     "express-session": "^1.17.2",
     "extend": "^3.0.2",
@@ -85,15 +89,16 @@
     "ip-range-check": "0.2.0",
     "is-ip": "^3.1.0",
     "li": "^1.3.0",
-    "mashlib": "^1.7.12",
+    "mashlib": "^1.7.14",
     "mime-types": "^2.1.34",
     "negotiator": "^0.6.2",
     "node-fetch": "^2.6.6",
     "node-forge": "^0.10.0",
-    "nodemailer": "^6.7.0",
+    "node-mailer": "^0.1.1",
+    "nodemailer": "^6.7.2",
     "oidc-op-express": "^0.0.3",
     "owasp-password-strength-test": "^1.3.0",
-    "rdflib": "^2.2.10",
+    "rdflib": "^2.2.15",
     "recursive-readdir": "^2.2.2",
     "request": "^2.88.2",
     "rimraf": "^3.0.2",
@@ -118,14 +123,14 @@
     "eslint": "^7.32.0",
     "localstorage-memory": "1.0.3",
     "mocha": "9.1.3",
-    "nock": "13.1.4",
+    "nock": "^13.2.1",
     "node-mocks-http": "1.11.0",
     "nyc": "15.1.0",
     "pre-commit": "1.2.2",
     "randombytes": "2.1.0",
     "sinon": "12.0.1",
     "sinon-chai": "3.7.0",
-    "snyk": "1.752.0",
+    "snyk": "^1.809.0",
     "standard": "16.0.4",
     "supertest": "6.1.6",
     "turtle-validator": "1.1.1",

package/default-views/account/register-form-ori.hbs

@@ -1,134 +0,0 @@
-<div class="row">
-  <div class="col-md-6">
-    <div class="panel panel-default">
-      <div class="panel-body">
-        <form method="post" action="/api/accounts/new" id="RegisterForm">
-          {{> shared/error}}
-
-          <div class="form-group">
-            <label class="control-label" for="username">Username*</label>
-            <input type="text" class="form-control" name="username" id="username" placeholder="alice"
-                   required value="{{username}}"/>
-
-	    {{#if multiuser}}
-	    <p>Your username should be a lower-case word with only
-	    letters a-z and numbers 0-9 and without periods.</p>
-	    <p>Your public Solid POD URL will be:
-	    <tt>https://<span class="editable-username">alice</span>.<script type="text/javascript">
-              document.write(window.location.host)
-	    </script></tt></p>
-	    <p>Your public Solid WebID will be:
-	    <tt>https://<span class="editable-username">alice</span>.<script type="text/javascript">
-              document.write(window.location.host)
-	    </script>/profile/card#me</tt></p>
-
-	    <p>Your <em>POD URL</em> is like the homepage for your Solid
-	    pod. By default, it is readable by the public, but you can
-	    always change that if you like by changing the access
-	    control.</p>
-
-	    <p>Your <em>Solid WebID</em> is your globally unique name
-	    that you can use to identify and authenticate yourself with
-	    other PODs across the world.</p>
-	    {{/if}}
-
-	  </div>
-
-          <div class="form-group has-feedback">
-            <label class="control-label" for="password">Password*</label>
-            <input type="password" class="form-control control-progress{{#if disablePasswordStrengthCheck}} disable-password-strength-check{{/if}}" name="password" id="password" required/>
-            <span class="glyphicon glyphicon-remove form-control-feedback hidden" aria-hidden="true"></span>
-            <div class="progress">
-              <div class="progress-bar" role="progressbar" aria-valuenow="0" aria-valuemin="0" aria-valuemax="4"></div>
-            </div>
-            <div class="help-block"></div>
-          </div>
-
-
-          <div class="form-group has-feedback">
-            <label class="control-label" for="repeat_password">Repeat password*</label>
-            <input type="password" class="form-control" name="repeat_password" id="repeat_password" required/>
-            <span class="glyphicon glyphicon-remove form-control-feedback hidden"></span>
-          </div>
-
-
-          <div class="form-group">
-            <label class="control-label" for="name">Name*</label>
-            <input type="text" class="form-control" name="name" id="name" required value="{{name}}"/>
-          </div>
-
-          <div class="form-group">
-            <label class="control-label" for="email">Email*</label>
-            <input type="email" class="form-control" name="email" id="email" value="{{email}}"/>
-            <span class="help-block">Your email will only be used for account recovery</span>
-          </div>
-
-          {{#if enforceToc}}
-            {{#if tocUri}}
-              <div class="checkbox">
-                <label>
-                  <input type="checkbox" name="acceptToc" value="true" {{#if acceptToc}}checked{{/if}}>
-                  I agree to the <a href="{{tocUri}}" target="_blank">Terms &amp; Conditions</a> of this service
-                </label>
-              </div>
-            {{/if}}
-          {{/if}}
-
-
-          <button type="submit" class="btn btn-primary" id="register">Register</button>
-
-          <input type="hidden" name="returnToUrl" value="{{returnToUrl}}"/>
-          {{> auth/auth-hidden-fields}}
-
-        </form>
-      </div>
-    </div>
-  </div>
-
-  <!-- deprecated with inrupt/solid-client-auth
-  <div class="col-md-6">
-    <div class="panel panel-default panel-already-registered">
-      <div class="panel-body">
-        <h2>Already have an account?</h2>
-        <p>
-          <a class="btn btn-lg btn-success" href="{{{loginUrl}}}">
-            Please Log In
-          </a>
-        </p>
-      </div>
-    </div>
-  </div>
-  --->
-</div>
-
-<script src="/common/js/owasp-password-strength-test.js" defer></script>
-<script src="/common/js/text-encoder-lite.min.js" defer></script>
-<script src="/common/js/solid.js" defer></script>
-
-<script>
-  var username = document.getElementById('username');
-  username.onkeyup = function() {
-    var list = document.getElementsByClassName('editable-username');
-      for (let item of list) {
-      item.innerHTML = username.value.toLowerCase()
-    }
-  }
-
-  window.addEventListener('DOMContentLoaded', function () {
-    var connect = document.getElementById('ConnectExternalWebId')
-    var container = document.getElementById('ExternalWebId')
-    container.classList.toggle('hidden', !connect.checked)
-    connect.addEventListener('change', function () {
-      container.classList.toggle('hidden', !connect.checked)
-    })
-
-    var form = document.getElementById('RegisterForm')
-    var externalWebIdField = document.getElementById('externalWebId')
-    form.addEventListener('submit', function () {
-      if (!connect.checked) {
-        externalWebIdField.value = ''
-      }
-    })
-  })
-</script>
-