solid-server 5.6.9-beta

package/default-views/account/register-form.hbs

@@ -0,0 +1,132 @@
+<div class="row">
+  <div class="col-md-6">
+    <div class="panel panel-default">
+      <div class="panel-body">
+        <form method="post" action="/api/accounts/new" id="RegisterForm">
+          {{> shared/error}}
+
+          <div class="form-group">
+            <label class="control-label" for="username">Username*</label>
+            <input type="text" class="form-control" name="username" id="username" placeholder="alice"
+                   required value="{{username}}"/>
+
+	    {{#if multiuser}}
+	    <p>Your username should be a lower-case word with only
+	    letters a-z and numbers 0-9 and without periods.</p>
+	    <p>Your public Solid POD URL will be:
+	    <tt>https://<span class="editable-username">alice</span>.<script type="text/javascript">
+              document.write(window.location.host)
+	    </script></tt></p>
+	    <p>Your public Solid WebID will be:
+	    <tt>https://<span class="editable-username">alice</span>.<script type="text/javascript">
+              document.write(window.location.host)
+	    </script>/profile/card#me</tt></p>
+
+	    <p>Your <em>POD URL</em> is like the homepage for your Solid
+	    pod. By default, it is readable by the public, but you can
+	    always change that if you like by changing the access
+	    control.</p>
+
+	    <p>Your <em>Solid WebID</em> is your globally unique name
+	    that you can use to identify and authenticate yourself with
+	    other PODs across the world.</p>
+	    {{/if}}
+
+	  </div>
+
+          <div class="form-group has-feedback">
+            <label class="control-label" for="password">Password*</label>
+            <input type="password" class="form-control control-progress{{#if disablePasswordStrengthCheck}} disable-password-strength-check{{/if}}" name="password" id="password" required/>
+            <span class="glyphicon glyphicon-remove form-control-feedback hidden" aria-hidden="true"></span>
+            <div class="progress">
+              <div class="progress-bar" role="progressbar" aria-valuenow="0" aria-valuemin="0" aria-valuemax="4"></div>
+            </div>
+            <div class="help-block"></div>
+          </div>
+
+
+          <div class="form-group has-feedback">
+            <label class="control-label" for="repeat_password">Repeat password*</label>
+            <input type="password" class="form-control" name="repeat_password" id="repeat_password" required/>
+            <span class="glyphicon glyphicon-remove form-control-feedback hidden"></span>
+          </div>
+
+
+          <div class="form-group">
+            <label class="control-label" for="name">Name*</label>
+            <input type="text" class="form-control" name="name" id="name" required value="{{name}}"/>
+          </div>
+
+          <div class="form-group">
+            <label class="control-label" for="email">Email*</label>
+            <input type="email" class="form-control" name="email" id="email" value="{{email}}"/>
+            <span class="help-block">Your email will only be used for account recovery</span>
+          </div>
+
+          {{#if enforceToc}}
+            {{#if tocUri}}
+              <div class="checkbox">
+                <label>
+                  <input type="checkbox" name="acceptToc" value="true" {{#if acceptToc}}checked{{/if}}>
+                  I agree to the <a href="{{tocUri}}" target="_blank">Terms &amp; Conditions</a> of this service
+                </label>
+              </div>
+            {{/if}}
+          {{/if}}
+
+
+          <button type="submit" class="btn btn-primary" id="register">Register</button>
+
+          <input type="hidden" name="returnToUrl" value="{{returnToUrl}}"/>
+          {{> auth/auth-hidden-fields}}
+
+        </form>
+      </div>
+    </div>
+  </div>
+
+  <div class="col-md-6">
+    <div class="panel panel-default panel-already-registered">
+      <div class="panel-body">
+        <h2>Already have an account?</h2>
+        <p>
+          <a class="btn btn-lg btn-success" href="{{{loginUrl}}}">
+            Please Log In
+          </a>
+        </p>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script src="/common/js/owasp-password-strength-test.js" defer></script>
+<script src="/common/js/text-encoder-lite.min.js" defer></script>
+<script src="/common/js/solid.js" defer></script>
+
+<script>
+  var username = document.getElementById('username');
+  username.onkeyup = function() {
+    var list = document.getElementsByClassName('editable-username');
+      for (let item of list) {
+      item.innerHTML = username.value.toLowerCase()
+    }
+  }
+
+  window.addEventListener('DOMContentLoaded', function () {
+    var connect = document.getElementById('ConnectExternalWebId')
+    var container = document.getElementById('ExternalWebId')
+    container.classList.toggle('hidden', !connect.checked)
+    connect.addEventListener('change', function () {
+      container.classList.toggle('hidden', !connect.checked)
+    })
+
+    var form = document.getElementById('RegisterForm')
+    var externalWebIdField = document.getElementById('externalWebId')
+    form.addEventListener('submit', function () {
+      if (!connect.checked) {
+        externalWebIdField.value = ''
+      }
+    })
+  })
+</script>
+

package/default-views/account/register.hbs

@@ -0,0 +1,24 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Register</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container">
+
+  <div class="page-header">
+    <h1>Register</h1>
+  </div>
+
+  {{#if registerDisabled}}
+    {{> account/register-disabled}}
+  {{else}}
+    {{> account/register-form}}
+  {{/if}}
+</div>
+</body>
+</html>

package/default-views/auth/auth-hidden-fields.hbs

@@ -0,0 +1,8 @@
+<input type="hidden" name="response_type" id="response_type" value="{{response_type}}" />
+<input type="hidden" name="display" id="display" value="{{display}}" />
+<input type="hidden" name="scope" id="scope" value="{{scope}}" />
+<input type="hidden" name="client_id" id="client_id" value="{{client_id}}" />
+<input type="hidden" name="redirect_uri" id="redirect_uri" value="{{redirect_uri}}" />
+<input type="hidden" name="state" id="state" value="{{state}}" />
+<input type="hidden" name="nonce" id="nonce" value="{{nonce}}" />
+<input type="hidden" name="request" id="request" value="{{request}}" />

package/default-views/auth/change-password.hbs

@@ -0,0 +1,58 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Change Password</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container">
+
+  <div class="page-header">
+    <h1>Change Password</h1>
+  </div>
+
+  {{#if validToken}}
+    <form method="post" action="/account/password/change">
+      {{> shared/error}}
+
+
+      <div class="form-group has-feedback">
+        <label class="control-label" for="password">New Password*</label>
+        <input type="password" class="form-control control-progress" name="newPassword" id="password" required/>
+        <span class="glyphicon glyphicon-remove form-control-feedback hidden" aria-hidden="true"></span>
+        <div class="progress">
+          <div class="progress-bar" role="progressbar" aria-valuenow="0" aria-valuemin="0" aria-valuemax="4"></div>
+        </div>
+        <div class="help-block"></div>
+      </div>
+
+
+      <div class="form-group has-feedback">
+        <label class="control-label" for="repeat_password">Repeat password*</label>
+        <input type="password" class="form-control" name="repeat_password" id="repeat_password" required/>
+        <span class="glyphicon glyphicon-remove form-control-feedback hidden"></span>
+      </div>
+
+      <button type="submit" class="btn btn-primary">Change Password</button>
+      <input type="hidden" name="returnToUrl" value="{{{returnToUrl}}}"/>
+      <input type="hidden" name="token" value="{{token}}"/>
+
+    </form>
+
+    <script src="/common/js/owasp-password-strength-test.js" defer></script>
+    <script src="/common/js/text-encoder-lite.min.js" defer></script>
+    <script src="/common/js/solid.js" defer></script>
+
+  {{else}}
+
+  <a class="btn btn-primary" href="/account/password/reset{{#if returnToUrl}}?returnToUrl={{{returnToUrl}}}{{/if}}">
+    Email password reset link
+    </a>
+
+  {{/if}}
+</div>
+</body>
+</html>

package/default-views/auth/goodbye.hbs

@@ -0,0 +1,23 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Logged Out</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container">
+  <div class="page-title">
+    <h1>Logout</h1>
+  </div>
+
+  <div class="alert alert-success">
+    <p>You have successfully logged out.</p>
+  </div>
+
+  <a href="/login" class="btn btn-primary">Login Again</a>
+</div>
+</body>
+</html>

package/default-views/auth/login-required.hbs

@@ -0,0 +1,34 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Log in</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container">
+  <div class="page-header">
+    <div class="pull-right">
+      <button id="register" type="button" class="btn btn-primary">Register</button>
+      <button id="login"    type="button" class="btn btn-success">Log in</button>
+      <button id="logout"   type="button" class="hidden btn btn-danger">Log out</button>
+    </div>
+    <h1>Log in to access this resource</h1>
+  </div>
+
+  <div class="alert alert-danger">
+    <p>
+      The resource you are trying to access
+      (<code>{{currentUrl}}</code>)
+      requires you to log in.
+    </p>
+  </div>
+
+</div>
+</div>
+<script src="/common/js/solid-auth-client.bundle.js"></script>
+<script src="/common/js/auth-buttons.js"></script>
+</body>
+</html>

package/default-views/auth/login-tls.hbs

@@ -0,0 +1,11 @@
+<div class="panel panel-default panel-login-tls">
+  <div class="panel-body">
+    <form method="post" action="{{tlsUrl}}">
+      <button type="submit" class="btn btn-lg btn-primary" id="login-tls">
+        Log in with Certificate (WebId-TLS)
+      </button>
+
+      {{> auth/auth-hidden-fields}}
+    </form>
+  </div>
+</div>

package/default-views/auth/login-username-password.hbs

@@ -0,0 +1,28 @@
+<div class="panel panel-default">
+  <div class="panel-body">
+    <form method="post" action="/login/password" class="form-horizontal login-up-form">
+      <div class="form-group">
+        <label class="col-xs-3 control-label" for="username">Username</label>
+        <div class="col-xs-9">
+          <input type="text" class="form-control" name="username" id="username" placeholder="Username"/>
+        </div>
+      </div>
+
+      <div class="form-group">
+        <label class="col-xs-3 control-label" for="password">Password</label>
+        <div class="col-xs-9">
+          <input type="password" class="form-control" name="password" id="password" placeholder="Password"/>
+          <div class="pull-right">
+            <a href="/account/password/reset{{#if returnToUrl}}?returnToUrl={{{returnToUrl}}}{{/if}}">
+              Forgot password?
+            </a>
+          </div>
+        </div>
+      </div>
+
+      <button type="submit" class="btn btn-primary" id="login">Log In</button>
+
+      {{> auth/auth-hidden-fields}}
+    </form>
+  </div>
+</div>

package/default-views/auth/login.hbs

@@ -0,0 +1,55 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Login</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+  <meta name="apple-mobile-web-app-capable" content="yes">
+  <meta name="apple-mobile-web-app-status-bar-style" content="default">
+</head>
+<body>
+<div class="container-fluid">
+  <div class="page-header hidden-xs hidden-sm">
+    <h1>Login</h1>
+  </div>
+  
+
+  {{> shared/error}}
+
+  <div class="row visible-xs-inline visible-lg-block visible-md-block visible-sm-block">
+    <div class="col-md-6">
+      {{#if enablePassword}}
+        <h4 class="visible-xs visible-sm xs-header">Login</h4>
+        {{> auth/login-username-password}}
+      {{/if}}
+      <div class="visible-md visible-lg">
+        {{> shared/create-account }}
+      </div>
+    </div>
+
+    <div class="col-md-6">
+      {{#if enableTls}}
+        {{> auth/login-tls}}
+      {{/if}}
+      <div class="visible-xs visible-sm">
+        {{> shared/create-account }}
+      </div>
+    </div>
+  </div>
+</div>
+
+
+<script>
+  // Send return URL from localStorage to server through hidden redirect_uri field
+  var returnToUrl = localStorage.getItem('returnToUrl')
+  if (returnToUrl) {
+    for (let redirect of document.getElementsByName('redirect_uri')) {
+      redirect.value = returnToUrl
+    }
+  }
+  localStorage.removeItem('returnToUrl')
+</script>
+</body>
+</html>

package/default-views/auth/no-permission.hbs

@@ -0,0 +1,29 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>No permission</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container">
+  <div class="page-header">
+    <h1>No permission to access this resource</h1>
+  </div>
+  <div class="alert alert-danger">
+    <p>
+      You are currently logged in as <code>{{webId}}</code>,
+      but do not have permission to access <code>{{currentUrl}}</code>.
+    </p>
+    <p>
+      <button id="logout" type="button" class="btn btn-danger">Log out</button>
+    </p>
+  </div>
+</div>
+</div>
+<script src="/common/js/solid-auth-client.bundle.js"></script>
+<script src="/common/js/auth-buttons.js"></script>
+</body>
+</html>

package/default-views/auth/password-changed.hbs

@@ -0,0 +1,27 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Password Changed</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container">
+  <div class="page-header">
+    <h1>Password Changed</h1>
+  </div>
+
+  <div class="alert alert-success">
+    <p>Your password has been changed.</p>
+  </div>
+
+  <p>
+  <a class="btn btn-default" href="/login{{#if returnToUrl}}?returnToUrl={{{returnToUrl}}}{{/if}}">
+    Log in
+    </a>
+  </p>
+</div>
+</body>
+</html>

package/default-views/auth/reset-link-sent.hbs

@@ -0,0 +1,21 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Reset Link Sent</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container">
+  <div class="page-header">
+    <h1>Reset Link Sent</h1>
+  </div>
+
+  <div class="alert alert-success">
+    <p>A Reset Password link has been sent to your email.</p>
+  </div>
+</div>
+</body>
+</html>

package/default-views/auth/reset-password.hbs

@@ -0,0 +1,52 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Reset Password</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container">
+
+  <div class="page-header">
+    <h1>Reset Password</h1>
+  </div>
+
+  <div class="panel panel-default">
+    <div class="panel-body">
+      <form method="post" action="/account/password/reset">
+        {{> shared/error}}
+
+        <div class="form-group">
+          {{#if multiuser}}
+            <p>Please enter your account name. A password reset link will be
+              emailed to the address you provided during account registration.</p>
+
+            <label class="control-label" for="username">Account Name:</label>
+            <input type="text" class="form-control" name="username" id="username"
+                   placeholder="alice"/>
+          {{else}}
+            <p>A password reset link will be
+              emailed to the address you provided during account registration.</p>
+          {{/if}}
+
+        </div>
+
+        <button type="submit" class="btn btn-primary">Send Reset Link</button>
+        <input type="hidden" name="returnToUrl" value="{{{returnToUrl}}}"/>
+      </form>
+    </div>
+  </div>
+
+  <div class="panel panel-default">
+    <div class="panel-body">
+      New to Solid? <a href="/register{{#if returnToUrl}}?returnToUrl={{{returnToUrl}}}{{/if}}">Create an
+      account</a>
+    </div>
+  </div>
+
+</div>
+</body>
+</html>

package/default-views/auth/sharing.hbs

@@ -0,0 +1,49 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>{{title}}</title>
+  <!-- Bootstrap CSS and Theme for demo purposes -->
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container title">
+  <h1>Authorize {{app_origin}} to access your Pod?</h1>
+  <p>Solid allows you to precisely choose what other people and apps can read and write in a Pod. This version of the authorization user interface (node-solid-server V5.1) only supports the toggle of global access permissions to all of the data in your Pod.</p>
+  <p><strong>If you don’t want to set these permissions at a global level, uncheck all of the boxes below, then click authorize.</strong> This will add the application origin to your authorization list, without granting it permission to any of your data yet. You will then need to manage those permissions yourself by setting them explicitly in the places you want this application to access.</p>
+  <div class="panel panel-default">
+    <div class="panel-body">
+      <div class="page-title">
+        <p>By clicking Authorize, any app from {{app_origin}} will be able to:</p>
+      </div>
+      <form method="post" action="/sharing">
+
+        <input id="read" type="checkbox" name="access_mode" value="Read" checked>
+        <label for="read">Read all documents in the Pod</label>
+        <br>
+
+        <input id="append" type="checkbox" name="access_mode" value="Append" checked>
+        <label for="append">Add data to existing documents, and create new documents</label>
+        <br>
+
+        <input id="write" type="checkbox" name="access_mode" value="Write" checked>
+        <label for="write">Modify and delete data in existing documents, and delete documents</label>
+        <br>
+
+        <input id="control" type="checkbox" name="access_mode" value="Control">
+        <label for="control">Give other people and apps access to the Pod, or revoke their (and your) access</label>
+        <br>
+        <br>
+
+        <button type="submit" class="btn btn-primary" name="consent" value="true">Authorize</button>
+        <button type="submit" class="btn btn-default" name="cancel" value="true">Cancel</button>
+        {{> auth/auth-hidden-fields}}
+      </form>
+    </div>
+  </div>
+  <p><i>This server (node-solid-server V5.1) only implements a limited subset of OpenID Connect, and doesn’t yet support token issuance for applications. OIDC Token Issuance and fine-grained management through this authorization user interface is currently in the development backlog for node-solid-server</i></p>
+</div>
+</body>
+</html>

package/default-views/shared/create-account.hbs

@@ -0,0 +1,8 @@
+<div class="panel panel-default">
+  <div class="panel-body">
+    New to Solid?
+    <a href="{{{registerUrl}}}">
+      Create an account
+    </a>
+  </div>
+</div>

package/default-views/shared/error.hbs

@@ -0,0 +1,5 @@
+{{#if error}}
+  <div class="alert alert-danger">
+    <p><strong>{{error}}</strong></p>
+  </div>
+{{/if}}

package/docs/how-to-delete-your-account.md

@@ -0,0 +1,56 @@
+# How to delete your account
+
+If you wish you delete your account at a multi-user pod provider that runs the node-solid-server software
+(like currently https://solid.community and https://inrupt.net), you can do that as follows:
+
+### Browse to your pod
+Step 1 is to go to your pod with your web browser. In this example, the pod provider is https://solid.community
+and the username is 'demo-account-deletion'. So in that case you would go to https://demo-account-deletion.solid.community/.
+
+Make sure you include your username as a subdomain there, so not just https://solid.community/ which would be the
+pod provider's main page, not your account / pod.
+Fill in your own identity provider URL and insert your own username in there, just after the 'https://' part of the URL.
+
+![Screenshot login page](https://user-images.githubusercontent.com/408412/66460161-a2ce9980-ea76-11e9-9412-150cde4c53cf.png)
+
+### Log in
+
+When you click 'Log in', it will ask you (in a pop-up window) which identity provider to log in with; choose your own pod, in this example
+'demo-account-deletion.solid.community'.
+
+![Screenshot choose provider](https://user-images.githubusercontent.com/408412/66460171-a3ffc680-ea76-11e9-86b8-2fe43da4fa0e.png)
+
+And fill in your username and password to log in:
+
+![Screenshot username / password](https://user-images.githubusercontent.com/408412/66460166-a3673000-ea76-11e9-95cb-e43de1b4be82.png)
+
+The pop-up will close, and you will be logged in:
+
+![Screenshot logged in](https://user-images.githubusercontent.com/408412/66460749-d6f68a00-ea77-11e9-85ed-d05c914f998e.png)
+
+### Go to Preferences
+
+Click 'Preferences', which should take you to:
+
+![Screenshot preferences](https://user-images.githubusercontent.com/408412/66460172-a3ffc680-ea76-11e9-8931-abe545485fa7.png)
+
+### Click 'Delete your account at ...'
+
+That should take you to:
+![Screenshot delete](https://user-images.githubusercontent.com/408412/66460173-a4985d00-ea76-11e9-931d-5e02b57edf2c.png)
+
+Fill in your account name and click 'Send Delete Account link'. Note that as a security measure, this requires you (still) have access to the email
+address with which the account was created.
+![Screenshot send link](https://user-images.githubusercontent.com/408412/66460174-a4985d00-ea76-11e9-930c-8fee9425a3f7.png)
+
+### Open your email
+
+When you click the link from the email, you should see this screen:
+![Screenshot confirm](https://user-images.githubusercontent.com/408412/66460175-a4985d00-ea76-11e9-863c-3c71fcdd24c9.png)
+
+### Confirm deletion
+
+After which the account deletion will be complete:
+![Screenshot confirmed](https://user-images.githubusercontent.com/408412/66460180-a530f380-ea76-11e9-9957-ee04ebd2c268.png)
+
+