solid-server 5.8.6 → 5.8.8-22f4cfec

package/test/unit/acl-checker-test.mjs

@@ -0,0 +1,51 @@
+import { describe, it } from 'mocha'
+import chai from 'chai'
+import chaiAsPromised from 'chai-as-promised'
+
+import ACLChecker from '../../lib/acl-checker.mjs'
+
+const { expect } = chai
+chai.use(chaiAsPromised)
+
+const options = { fetch: (url, callback) => {} }
+
+describe('ACLChecker unit test', () => {
+  describe('getPossibleACLs', () => {
+    it('returns all possible ACLs of the root', () => {
+      const aclChecker = new ACLChecker('http://ex.org/', options)
+      expect(aclChecker.getPossibleACLs()).to.deep.equal([
+        'http://ex.org/.acl'
+      ])
+    })
+
+    it('returns all possible ACLs of a regular file', () => {
+      const aclChecker = new ACLChecker('http://ex.org/abc/def/ghi', options)
+      expect(aclChecker.getPossibleACLs()).to.deep.equal([
+        'http://ex.org/abc/def/ghi.acl',
+        'http://ex.org/abc/def/.acl',
+        'http://ex.org/abc/.acl',
+        'http://ex.org/.acl'
+      ])
+    })
+
+    it('returns all possible ACLs of an ACL file', () => {
+      const aclChecker = new ACLChecker('http://ex.org/abc/def/ghi.acl', options)
+      expect(aclChecker.getPossibleACLs()).to.deep.equal([
+        'http://ex.org/abc/def/ghi.acl',
+        'http://ex.org/abc/def/.acl',
+        'http://ex.org/abc/.acl',
+        'http://ex.org/.acl'
+      ])
+    })
+
+    it('returns all possible ACLs of a directory', () => {
+      const aclChecker = new ACLChecker('http://ex.org/abc/def/ghi/', options)
+      expect(aclChecker.getPossibleACLs()).to.deep.equal([
+        'http://ex.org/abc/def/ghi/.acl',
+        'http://ex.org/abc/def/.acl',
+        'http://ex.org/abc/.acl',
+        'http://ex.org/.acl'
+      ])
+    })
+  })
+})

package/test/unit/add-cert-request-test.mjs

@@ -0,0 +1,120 @@
+/* eslint-disable no-unused-expressions */
+import { fileURLToPath } from 'url'
+import fs from 'fs-extra'
+import path from 'path'
+import rdf from 'rdflib'
+import solidNamespace from 'solid-namespace'
+import chai from 'chai'
+import sinon from 'sinon'
+import sinonChai from 'sinon-chai'
+import HttpMocks from 'node-mocks-http'
+
+import SolidHost from '../../lib/models/solid-host.mjs'
+import AccountManager from '../../lib/models/account-manager.mjs'
+import AddCertificateRequest from '../../lib/requests/add-cert-request.mjs'
+import WebIdTlsCertificate from '../../lib/models/webid-tls-certificate.mjs'
+
+const { expect } = chai
+const ns = solidNamespace(rdf)
+chai.use(sinonChai)
+chai.should()
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+const exampleSpkac = fs.readFileSync(
+  path.join(__dirname, '../resources/example_spkac.cnf'), 'utf8'
+)
+
+let host
+
+beforeEach(() => {
+  host = SolidHost.from({ serverUri: 'https://example.com' })
+})
+
+describe('AddCertificateRequest', () => {
+  describe('fromParams()', () => {
+    it('should throw a 401 error if session.userId is missing', () => {
+      const multiuser = true
+      const options = { host, multiuser, authMethod: 'oidc' }
+      const accountManager = AccountManager.from(options)
+
+      const req = {
+        body: { spkac: '123', webid: 'https://alice.example.com/#me' },
+        session: {}
+      }
+      const res = HttpMocks.createResponse()
+
+      try {
+        AddCertificateRequest.fromParams(req, res, accountManager)
+      } catch (error) {
+        expect(error.status).to.equal(401)
+      }
+    })
+  })
+
+  describe('createRequest()', () => {
+    const multiuser = true
+
+    it('should call certificate.generateCertificate()', () => {
+      const options = { host, multiuser, authMethod: 'oidc' }
+      const accountManager = AccountManager.from(options)
+
+      const req = {
+        body: { spkac: '123', webid: 'https://alice.example.com/#me' },
+        session: {
+          userId: 'https://alice.example.com/#me'
+        }
+      }
+      const res = HttpMocks.createResponse()
+
+      const request = AddCertificateRequest.fromParams(req, res, accountManager)
+      const certificate = request.certificate
+
+      accountManager.addCertKeyToProfile = sinon.stub()
+      request.sendResponse = sinon.stub()
+      const certSpy = sinon.stub(certificate, 'generateCertificate').returns(Promise.resolve())
+
+      return AddCertificateRequest.addCertificate(request)
+        .then(() => {
+          expect(certSpy).to.have.been.called
+        })
+    })
+  })
+
+  describe('accountManager.addCertKeyToGraph()', () => {
+    const multiuser = true
+
+    it('should add certificate data to a graph', () => {
+      const options = { host, multiuser, authMethod: 'oidc' }
+      const accountManager = AccountManager.from(options)
+
+      const userData = { username: 'alice' }
+      const userAccount = accountManager.userAccountFrom(userData)
+
+      const certificate = WebIdTlsCertificate.fromSpkacPost(
+        decodeURIComponent(exampleSpkac),
+        userAccount,
+        host)
+
+      const graph = rdf.graph()
+
+      return certificate.generateCertificate()
+        .then(() => {
+          return accountManager.addCertKeyToGraph(certificate, graph)
+        })
+        .then(graph => {
+          const webId = rdf.namedNode(certificate.webId)
+          const key = rdf.namedNode(certificate.keyUri)
+
+          expect(graph.anyStatementMatching(webId, ns.cert('key'), key))
+            .to.exist
+          expect(graph.anyStatementMatching(key, ns.rdf('type'), ns.cert('RSAPublicKey')))
+            .to.exist
+          expect(graph.anyStatementMatching(key, ns.cert('modulus')))
+            .to.exist
+          expect(graph.anyStatementMatching(key, ns.cert('exponent')))
+            .to.exist
+        })
+    })
+  })
+})

package/test/unit/auth-handlers-test.mjs

@@ -0,0 +1,108 @@
+import { describe, it, beforeEach } from 'mocha'
+import chai from 'chai'
+import sinon from 'sinon'
+import sinonChai from 'sinon-chai'
+import dirtyChai from 'dirty-chai'
+
+// Import CommonJS modules
+// const Auth = require('../../lib/api/authn')
+import * as Auth from '../../lib/api/authn/index.mjs'
+
+const { expect } = chai
+chai.use(sinonChai)
+chai.use(dirtyChai)
+chai.should()
+
+describe('OIDC Handler', () => {
+  describe('setAuthenticateHeader()', () => {
+    let res, req
+
+    beforeEach(() => {
+      req = {
+        app: {
+          locals: { host: { serverUri: 'https://example.com' } }
+        },
+        get: sinon.stub()
+      }
+      res = { set: sinon.stub() }
+    })
+
+    it('should set the WWW-Authenticate header with error params', () => {
+      const error = {
+        error: 'invalid_token',
+        error_description: 'Invalid token',
+        error_uri: 'https://example.com/errors/token'
+      }
+
+      Auth.oidc.setAuthenticateHeader(req, res, error)
+
+      expect(res.set).to.be.calledWith(
+        'WWW-Authenticate',
+        'Bearer realm="https://example.com", scope="openid webid", error="invalid_token", error_description="Invalid token", error_uri="https://example.com/errors/token"'
+      )
+    })
+
+    it('should set WWW-Authenticate with no error_description if none given', () => {
+      const error = {}
+
+      Auth.oidc.setAuthenticateHeader(req, res, error)
+
+      expect(res.set).to.be.calledWith(
+        'WWW-Authenticate',
+        'Bearer realm="https://example.com", scope="openid webid"'
+      )
+    })
+  })
+
+  describe('isEmptyToken()', () => {
+    let req
+
+    beforeEach(() => {
+      req = { get: sinon.stub() }
+    })
+
+    it('should be true for empty access token', () => {
+      req.get.withArgs('Authorization').returns('Bearer ')
+
+      expect(Auth.oidc.isEmptyToken(req)).to.be.true()
+
+      req.get.withArgs('Authorization').returns('Bearer')
+
+      expect(Auth.oidc.isEmptyToken(req)).to.be.true()
+    })
+
+    it('should be false when access token is present', () => {
+      req.get.withArgs('Authorization').returns('Bearer token123')
+
+      expect(Auth.oidc.isEmptyToken(req)).to.be.false()
+    })
+
+    it('should be false when no authorization header is present', () => {
+      expect(Auth.oidc.isEmptyToken(req)).to.be.false()
+    })
+  })
+})
+
+describe('WebID-TLS Handler', () => {
+  describe('setAuthenticateHeader()', () => {
+    let res, req
+
+    beforeEach(() => {
+      req = {
+        app: {
+          locals: { host: { serverUri: 'https://example.com' } }
+        }
+      }
+      res = { set: sinon.stub() }
+    })
+
+    it('should set the WWW-Authenticate header', () => {
+      Auth.tls.setAuthenticateHeader(req, res)
+
+      expect(res.set).to.be.calledWith(
+        'WWW-Authenticate',
+        'WebID-TLS realm="https://example.com"'
+      )
+    })
+  })
+})

package/test/unit/auth-proxy-test.mjs

@@ -0,0 +1,224 @@
+import express from 'express'
+import request from 'supertest'
+import nock from 'nock'
+import chai from 'chai'
+
+import authProxy from '../../lib/handlers/auth-proxy.mjs'
+
+const { expect } = chai
+
+const HOST = 'solid.org'
+const USER = 'https://ruben.verborgh.org/profile/#me'
+
+describe('Auth Proxy', () => {
+  describe('An auth proxy with 2 destinations', () => {
+    let loggedIn = true
+
+    let app
+    before(() => {
+      // Set up test back-end servers
+      nock('http://server-a.org').persist()
+        .get(/./).reply(200, addRequestDetails('a'))
+      nock('https://server-b.org').persist()
+        .get(/./).reply(200, addRequestDetails('b'))
+
+      // Set up proxy server
+      app = express()
+      app.use((req, res, next) => {
+        if (loggedIn) {
+          req.session = { userId: USER }
+        }
+        next()
+      })
+      authProxy(app, {
+        '/server/a': 'http://server-a.org',
+        '/server/b': 'https://server-b.org/foo/bar'
+      })
+    })
+
+    after(() => {
+      // Release back-end servers
+      nock.cleanAll()
+    })
+
+    describe('responding to /server/a', () => {
+      let response
+      before(() => {
+        return request(app).get('/server/a')
+          .set('Host', HOST)
+          .then(res => { response = res })
+      })
+
+      it('proxies to http://server-a.org/', () => {
+        const { server, path } = response.body
+        expect(server).to.equal('a')
+        expect(path).to.equal('/')
+      })
+
+      it('sets the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('user', USER)
+      })
+
+      it('sets the Host header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('host', 'server-a.org')
+      })
+
+      it('sets the Forwarded header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('forwarded', `host=${HOST}`)
+      })
+
+      it('returns status code 200', () => {
+        expect(response.statusCode).to.equal(200)
+      })
+    })
+
+    describe('responding to /server/a/my/path?query=string', () => {
+      let response
+      before(() => {
+        return request(app).get('/server/a/my/path?query=string')
+          .set('Host', HOST)
+          .then(res => { response = res })
+      })
+
+      it('proxies to http://server-a.org/my/path?query=string', () => {
+        const { server, path } = response.body
+        expect(server).to.equal('a')
+        expect(path).to.equal('/my/path?query=string')
+      })
+
+      it('sets the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('user', USER)
+      })
+
+      it('sets the Host header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('host', 'server-a.org')
+      })
+
+      it('sets the Forwarded header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('forwarded', `host=${HOST}`)
+      })
+
+      it('returns status code 200', () => {
+        expect(response.statusCode).to.equal(200)
+      })
+    })
+
+    describe('responding to /server/b', () => {
+      let response
+      before(() => {
+        return request(app).get('/server/b')
+          .set('Host', HOST)
+          .then(res => { response = res })
+      })
+
+      it('proxies to http://server-b.org/foo/bar', () => {
+        const { server, path } = response.body
+        expect(server).to.equal('b')
+        expect(path).to.equal('/foo/bar')
+      })
+
+      it('sets the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('user', USER)
+      })
+
+      it('sets the Host header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('host', 'server-b.org')
+      })
+
+      it('sets the Forwarded header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('forwarded', `host=${HOST}`)
+      })
+
+      it('returns status code 200', () => {
+        expect(response.statusCode).to.equal(200)
+      })
+    })
+
+    describe('responding to /server/b/my/path?query=string', () => {
+      let response
+      before(() => {
+        return request(app).get('/server/b/my/path?query=string')
+          .set('Host', HOST)
+          .then(res => { response = res })
+      })
+
+      it('proxies to http://server-b.org/foo/bar/my/path?query=string', () => {
+        const { server, path } = response.body
+        expect(server).to.equal('b')
+        expect(path).to.equal('/foo/bar/my/path?query=string')
+      })
+
+      it('sets the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('user', USER)
+      })
+
+      it('sets the Host header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('host', 'server-b.org')
+      })
+
+      it('sets the Forwarded header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('forwarded', `host=${HOST}`)
+      })
+
+      it('returns status code 200', () => {
+        expect(response.statusCode).to.equal(200)
+      })
+    })
+
+    describe('responding to /server/a without a logged-in user', () => {
+      let response
+      before(() => {
+        loggedIn = false
+        return request(app).get('/server/a')
+          .set('Host', HOST)
+          .then(res => { response = res })
+      })
+      after(() => {
+        loggedIn = true
+      })
+
+      it('proxies to http://server-a.org/', () => {
+        const { server, path } = response.body
+        expect(server).to.equal('a')
+        expect(path).to.equal('/')
+      })
+
+      it('does not set the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.not.have.property('user')
+      })
+
+      it('sets the Host header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('host', 'server-a.org')
+      })
+
+      it('sets the Forwarded header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('forwarded', `host=${HOST}`)
+      })
+
+      it('returns status code 200', () => {
+        expect(response.statusCode).to.equal(200)
+      })
+    })
+  })
+})
+
+function addRequestDetails (server) {
+  return function (path) {
+    return { server, path, headers: this.req.headers }
+  }
+}

package/test/unit/auth-request-test.mjs

@@ -0,0 +1,96 @@
+import chai from 'chai'
+import sinonChai from 'sinon-chai'
+import dirtyChai from 'dirty-chai'
+
+import AuthRequest from '../../lib/requests/auth-request.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+import AccountManager from '../../lib/models/account-manager.mjs'
+import UserAccount from '../../lib/models/user-account.mjs'
+
+const { expect } = chai
+chai.use(sinonChai)
+chai.use(dirtyChai)
+chai.should()
+
+describe('AuthRequest', () => {
+  function testAuthQueryParams () {
+    const body = {}
+    body.response_type = 'code'
+    body.scope = 'openid'
+    body.client_id = 'client1'
+    body.redirect_uri = 'https://redirect.example.com/'
+    body.state = '1234'
+    body.nonce = '5678'
+    body.display = 'page'
+
+    return body
+  }
+
+  const host = SolidHost.from({ serverUri: 'https://localhost:8443' })
+  const accountManager = AccountManager.from({ host })
+
+  describe('extractAuthParams()', () => {
+    it('should initialize the auth url query object from params', () => {
+      const body = testAuthQueryParams()
+      body.other_key = 'whatever'
+      const req = { body, method: 'POST' }
+
+      const extracted = AuthRequest.extractAuthParams(req)
+
+      for (const param of AuthRequest.AUTH_QUERY_PARAMS) {
+        expect(extracted[param]).to.equal(body[param])
+      }
+
+      // make sure *only* the listed params were copied
+      expect(extracted.other_key).to.not.exist()
+    })
+
+    it('should return empty params with no request body present', () => {
+      const req = { method: 'POST' }
+
+      expect(AuthRequest.extractAuthParams(req)).to.eql({})
+    })
+  })
+
+  describe('authorizeUrl()', () => {
+    it('should return an /authorize url', () => {
+      const request = new AuthRequest({ accountManager })
+
+      const authUrl = request.authorizeUrl()
+
+      expect(authUrl.startsWith('https://localhost:8443/authorize')).to.be.true()
+    })
+
+    it('should pass through relevant auth query params from request body', () => {
+      const body = testAuthQueryParams()
+      const req = { body, method: 'POST' }
+
+      const request = new AuthRequest({ accountManager })
+      request.authQueryParams = AuthRequest.extractAuthParams(req)
+
+      const authUrl = request.authorizeUrl()
+
+      const parsedUrl = new URL(authUrl)
+
+      for (const param in body) {
+        expect(body[param]).to.equal(parsedUrl.searchParams.get(param))
+      }
+    })
+  })
+
+  describe('initUserSession()', () => {
+    it('should initialize the request session', () => {
+      const webId = 'https://alice.example.com/#me'
+      const alice = UserAccount.from({ username: 'alice', webId })
+      const session = {}
+
+      const request = new AuthRequest({ session })
+
+      request.initUserSession(alice)
+
+      expect(request.session.userId).to.equal(webId)
+      const subject = request.session.subject
+      expect(subject._id).to.equal(webId)
+    })
+  })
+})

package/test/unit/authenticator-test.mjs

@@ -0,0 +1,34 @@
+import chai from 'chai'
+import chaiAsPromised from 'chai-as-promised'
+import { Authenticator } from '../../lib/models/authenticator.mjs'
+
+const { expect } = chai
+chai.use(chaiAsPromised)
+chai.should()
+
+describe('Authenticator', () => {
+  describe('constructor()', () => {
+    it('should initialize the accountManager property', () => {
+      const accountManager = {}
+      const auth = new Authenticator({ accountManager })
+
+      expect(auth.accountManager).to.equal(accountManager)
+    })
+  })
+
+  describe('fromParams()', () => {
+    it('should throw an abstract method error', () => {
+      expect(() => Authenticator.fromParams())
+        .to.throw(/Must override method/)
+    })
+  })
+
+  describe('findValidUser()', () => {
+    it('should throw an abstract method error', () => {
+      const auth = new Authenticator({})
+
+      expect(() => auth.findValidUser())
+        .to.throw(/Must override method/)
+    })
+  })
+})

package/test/unit/blacklist-service-test.mjs

@@ -0,0 +1,49 @@
+import chai from 'chai'
+
+import theBigUsernameBlacklistPkg from 'the-big-username-blacklist'
+import blacklistService from '../../lib/services/blacklist-service.mjs'
+
+const { expect } = chai
+const blacklist = theBigUsernameBlacklistPkg.list
+
+describe('BlacklistService', () => {
+  afterEach(() => blacklistService.reset())
+
+  describe('addWord', () => {
+    it('allows adding words', () => {
+      const numberOfBlacklistedWords = blacklistService.list.length
+      blacklistService.addWord('foo')
+      expect(blacklistService.list.length).to.equal(numberOfBlacklistedWords + 1)
+    })
+  })
+
+  describe('reset', () => {
+    it('will reset list of blacklisted words', () => {
+      blacklistService.addWord('foo')
+      blacklistService.reset()
+      expect(blacklistService.list.length).to.equal(blacklist.length)
+    })
+
+    it('can configure service via reset', () => {
+      blacklistService.reset({
+        useTheBigUsernameBlacklist: false,
+        customBlacklistedUsernames: ['foo']
+      })
+      expect(blacklistService.list.length).to.equal(1)
+      expect(blacklistService.validate('admin')).to.equal(true)
+    })
+
+    it('is a singleton', () => {
+      const instanceA = blacklistService
+      blacklistService.reset({ customBlacklistedUsernames: ['foo'] })
+      expect(instanceA.validate('foo')).to.equal(blacklistService.validate('foo'))
+    })
+  })
+
+  describe('validate', () => {
+    it('validates given a default list of blacklisted usernames', () => {
+      const validWords = blacklist.reduce((memo, word) => memo + (blacklistService.validate(word) ? 1 : 0), 0)
+      expect(validWords).to.equal(0)
+    })
+  })
+})