solid-server 5.7.3 → 5.7.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/lib/create-app.js +1 -1
  2. package/lib/handlers/put.js +5 -3
  3. package/lib/ldp.js +2 -2
  4. package/package.json +17 -18
package/lib/create-app.js CHANGED
@@ -302,7 +302,7 @@ function initAuthentication (app, argv) {
302
302
  function sessionSettings (secureCookies, host) {
303
303
  const sessionSettings = {
304
304
  name: 'nssidp.sid',
305
- secret: uuid.v1(),
305
+ secret: uuid.v4(),
306
306
  saveUninitialized: false,
307
307
  resave: false,
308
308
  rolling: true,
package/lib/handlers/put.js CHANGED
@@ -11,9 +11,11 @@ async function handler (req, res, next) {
11
11
  res.header('MS-Author-Via', 'SPARQL')
12
12
 
13
13
  const contentType = req.get('content-type')
14
- if (isAuxiliary(req)) {
14
+ // check for valid rdf content for auxiliary resource and /profile/card
15
+ // in future we may check that /profile/card is a minimal valid WebID card
16
+ if (isAuxiliary(req) || req.originalUrl === '/profile/card') {
15
17
  if (contentType === 'text/turtle') {
16
- return bodyParser.text({ type: () => true })(req, res, () => putAuxiliary(req, res, next))
18
+ return bodyParser.text({ type: () => true })(req, res, () => putValidRdf(req, res, next))
17
19
  } else return next(new HTTPError(415, 'RDF file contains invalid syntax'))
18
20
  }
19
21
  return putStream(req, res, next)
@@ -37,7 +39,7 @@ async function putStream (req, res, next, stream = req) {
37
39
 
38
40
  // needed to avoid breaking access with bad acl
39
41
  // or breaking containement triples for meta
40
- function putAuxiliary (req, res, next) {
42
+ function putValidRdf (req, res, next) {
41
43
  const ldp = req.app.locals.ldp
42
44
  const contentType = req.get('content-type')
43
45
  const requestUri = ldp.resourceMapper.getRequestUrl(req)
package/lib/ldp.js CHANGED
@@ -535,8 +535,8 @@ class LDP {
535
535
  return this.deleteContainer(path)
536
536
  } else {
537
537
  // DELETE method not allowed on podRoot/.acl
538
- if ((url.url || url) === '/' + this.suffixAcl) {
539
- throw error(405, 'DELETE of PodRoot/.acl is not allowed')
538
+ if (['/' + this.suffixAcl, '/profile/card'].some(item => (url.url || url) === item)) {
539
+ throw error(405, `DELETE of ${url.url || url} is not allowed`)
540
540
  }
541
541
  return this.deleteDocument(path)
542
542
  }
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "solid-server",
3
3
  "description": "Solid server on top of the file-system",
4
- "version": "5.7.3",
4
+ "version": "5.7.6",
5
5
  "author": {
6
6
  "name": "Tim Berners-Lee",
7
7
  "email": "timbl@w3.org"
@@ -59,21 +59,21 @@
59
59
  "homepage": "https://github.com/solid/node-solid-server",
60
60
  "bugs": "https://github.com/solid/node-solid-server/issues",
61
61
  "dependencies": {
62
- "@fastify/busboy": "^1.1.0",
62
+ "@fastify/busboy": "^1.2.1",
63
63
  "@solid/acl-check": "^0.4.5",
64
64
  "@solid/oidc-auth-manager": "^0.24.3",
65
65
  "@solid/oidc-op": "^0.11.6",
66
- "async-lock": "^1.3.2",
67
- "body-parser": "^1.20.0",
66
+ "async-lock": "^1.4.0",
67
+ "body-parser": "^1.20.2",
68
68
  "bootstrap": "^3.4.1",
69
69
  "cached-path-relative": "^1.1.0",
70
- "camelize": "^1.0.0",
70
+ "camelize": "^1.0.1",
71
71
  "cheerio": "^1.0.0-rc.12",
72
72
  "colorette": "^2.0.19",
73
73
  "commander": "^8.3.0",
74
74
  "cors": "^2.8.5",
75
75
  "debug": "^4.3.4",
76
- "express": "^4.18.1",
76
+ "express": "^4.18.2",
77
77
  "express-handlebars": "^5.3.5",
78
78
  "express-session": "^1.17.3",
79
79
  "extend": "^3.0.2",
@@ -84,22 +84,21 @@
84
84
  "global-tunnel-ng": "^2.7.1",
85
85
  "handlebars": "^4.7.7",
86
86
  "http-proxy-middleware": "^2.0.6",
87
- "inquirer": "^8.2.4",
87
+ "inquirer": "^8.2.5",
88
88
  "into-stream": "^6.0.0",
89
89
  "ip-range-check": "0.2.0",
90
90
  "is-ip": "^3.1.0",
91
91
  "li": "^1.3.0",
92
- "mashlib": "^1.8.4",
92
+ "mashlib": "^1.8.7",
93
93
  "mime-types": "^2.1.35",
94
94
  "negotiator": "^0.6.3",
95
- "node-fetch": "^2.6.7",
95
+ "node-fetch": "^2.6.9",
96
96
  "node-forge": "^1.3.1",
97
97
  "node-mailer": "^0.1.1",
98
- "nodemailer": "^6.7.8",
98
+ "nodemailer": "^6.9.1",
99
99
  "oidc-op-express": "^0.0.3",
100
100
  "owasp-password-strength-test": "^1.3.0",
101
- "rdflib": "^2.2.20",
102
- "recursive-readdir": "^2.2.2",
101
+ "recursive-readdir": "^2.2.3",
103
102
  "request": "^2.88.2",
104
103
  "rimraf": "^3.0.2",
105
104
  "solid-auth-client": "^2.5.6",
@@ -111,28 +110,28 @@
111
110
  "urijs": "^1.19.11",
112
111
  "uuid": "^8.3.2",
113
112
  "valid-url": "^1.0.9",
114
- "validator": "^13.7.0",
113
+ "validator": "^13.9.0",
115
114
  "vhost": "^3.0.2"
116
115
  },
117
116
  "devDependencies": {
118
117
  "@solid/solid-auth-oidc": "^0.3.0",
119
- "chai": "^4.3.6",
118
+ "chai": "^4.3.7",
120
119
  "chai-as-promised": "7.1.1",
121
120
  "cross-env": "7.0.3",
122
121
  "dirty-chai": "2.0.1",
123
122
  "eslint": "^7.32.0",
124
123
  "localstorage-memory": "1.0.3",
125
124
  "mocha": "^9.2.2",
126
- "nock": "^13.2.9",
127
- "node-mocks-http": "1.11.0",
125
+ "nock": "^13.3.0",
126
+ "node-mocks-http": "1.12.1",
128
127
  "nyc": "15.1.0",
129
128
  "pre-commit": "1.2.2",
130
129
  "randombytes": "2.1.0",
131
130
  "sinon": "12.0.1",
132
131
  "sinon-chai": "3.7.0",
133
- "snyk": "^1.997.0",
132
+ "snyk": "^1.1110.0",
134
133
  "standard": "16.0.4",
135
- "supertest": "^6.2.4",
134
+ "supertest": "^6.3.3",
136
135
  "turtle-validator": "1.1.1",
137
136
  "whatwg-url": "11.0.0"
138
137
  },