solid-server 5.8.6 → 5.8.8-8d509db1

package/test/integration/capability-discovery-test.mjs

@@ -0,0 +1,116 @@
+/* eslint-disable no-unused-expressions */
+import { fileURLToPath } from 'url'
+import path from 'path'
+import supertest from 'supertest'
+import chai from 'chai'
+import { cleanDir } from '../utils.mjs'
+import * as Solid from '../../index.mjs'
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+const { expect } = chai
+
+// In this test we always assume that we are Alice
+
+describe('API', () => {
+  let alice
+
+  const aliceServerUri = 'https://localhost:5000'
+  const configPath = path.join(__dirname, '../resources/config')
+  const aliceDbPath = path.join(__dirname,
+    '../resources/accounts-scenario/alice/db')
+  const aliceRootPath = path.join(__dirname, '../resources/accounts-scenario/alice')
+
+  const serverConfig = {
+    sslKey: path.join(__dirname, '../keys/key.pem'),
+    sslCert: path.join(__dirname, '../keys/cert.pem'),
+    auth: 'oidc',
+    dataBrowser: false,
+    webid: true,
+    multiuser: false,
+    configPath
+  }
+
+  const alicePod = Solid.createServer(
+    Object.assign({
+      root: aliceRootPath,
+      serverUri: aliceServerUri,
+      dbPath: aliceDbPath
+    }, serverConfig)
+  )
+
+  function startServer (pod, port) {
+    return new Promise((resolve) => {
+      pod.listen(port, () => { resolve() })
+    })
+  }
+
+  before(() => {
+    return Promise.all([
+      startServer(alicePod, 5000)
+    ]).then(() => {
+      alice = supertest(aliceServerUri)
+    })
+  })
+
+  after(() => {
+    alicePod.close()
+    cleanDir(aliceRootPath)
+  })
+
+  describe('Capability Discovery', () => {
+    describe('GET Service Capability document', () => {
+      it('should exist', (done) => {
+        alice.get('/.well-known/solid')
+          .expect(200, done)
+      })
+      it('should be a json file by default', (done) => {
+        alice.get('/.well-known/solid')
+          .expect('content-type', /application\/json/)
+          .expect(200, done)
+      })
+      it('includes a root element', (done) => {
+        alice.get('/.well-known/solid')
+          .end(function (err, req) {
+            expect(req.body.root).to.exist
+            return done(err)
+          })
+      })
+      it('includes an apps config section', (done) => {
+        const config = {
+          apps: {
+            signin: '/signin/',
+            signup: '/signup/'
+          },
+          webid: false
+        }
+        const solid = Solid.createServer(config)
+        const server = supertest(solid)
+        server.get('/.well-known/solid')
+          .end(function (err, req) {
+            expect(req.body.apps).to.exist
+            return done(err)
+          })
+      })
+    })
+
+    describe('OPTIONS API', () => {
+      it('should return the service Link header', (done) => {
+        alice.options('/')
+          .expect('Link', /<.*\.well-known\/solid>; rel="service"/)
+          .expect(204, done)
+      })
+
+      it('should return the http://openid.net/specs/connect/1.0/issuer Link rel header', (done) => {
+        alice.options('/')
+          .expect('Link', /<https:\/\/localhost:5000>; rel="http:\/\/openid\.net\/specs\/connect\/1\.0\/issuer"/)
+          .expect(204, done)
+      })
+
+      it('should return a service Link header without multiple slashes', (done) => {
+        alice.options('/')
+          .expect('Link', /<.*[^/]\/\.well-known\/solid>; rel="service"/)
+          .expect(204, done)
+      })
+    })
+  })
+})

package/test/integration/cors-proxy-test.mjs

@@ -0,0 +1,145 @@
+import { fileURLToPath } from 'url'
+import path from 'path'
+import chai from 'chai'
+import nock from 'nock'
+
+// Import utility functions from the ESM utils
+import { checkDnsSettings, setupSupertestServer } from '../utils.mjs'
+
+const { assert } = chai
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+
+describe('CORS Proxy', () => {
+  const server = setupSupertestServer({
+    root: path.join(__dirname, '../resources'),
+    corsProxy: '/proxy',
+    webid: false
+  })
+
+  before(checkDnsSettings)
+
+  it('should return the website in /proxy?uri', (done) => {
+    nock('https://example.org').get('/').reply(200)
+    server.get('/proxy?uri=https://example.org/')
+      .expect(200, done)
+  })
+
+  it('should pass the Host header to the proxied server', (done) => {
+    let headers
+    nock('https://example.org').get('/').reply(function (uri, body) {
+      headers = this.req.headers
+      return [200]
+    })
+    server.get('/proxy?uri=https://example.org/')
+      .expect(200)
+      .end(error => {
+        assert.propertyVal(headers, 'host', 'example.org')
+        done(error)
+      })
+  })
+
+  it('should return 400 when the uri parameter is missing', (done) => {
+    nock('https://192.168.0.0').get('/').reply(200)
+    server.get('/proxy')
+      .expect('Invalid URL passed: (none)')
+      .expect(400)
+      .end(done)
+  })
+
+  const LOCAL_IPS = [
+    '127.0.0.0',
+    '10.0.0.0',
+    '172.16.0.0',
+    '192.168.0.0',
+    '[::1]'
+  ]
+  LOCAL_IPS.forEach(ip => {
+    it(`should return 400 for a ${ip} address`, (done) => {
+      nock(`https://${ip}`).get('/').reply(200)
+      server.get(`/proxy?uri=https://${ip}/`)
+        .expect(`Cannot proxy https://${ip}/`)
+        .expect(400)
+        .end(done)
+    })
+  })
+
+  it('should return 400 with a local hostname', (done) => {
+    nock('https://nic.localhost').get('/').reply(200)
+    server.get('/proxy?uri=https://nic.localhost/')
+      .expect('Cannot proxy https://nic.localhost/')
+      .expect(400)
+      .end(done)
+  })
+
+  it('should return 400 on invalid uri', (done) => {
+    server.get('/proxy?uri=HELLOWORLD')
+      .expect('Invalid URL passed: HELLOWORLD')
+      .expect(400)
+      .end(done)
+  })
+
+  it('should return 400 on relative paths', (done) => {
+    server.get('/proxy?uri=../')
+      .expect('Invalid URL passed: ../')
+      .expect(400)
+      .end(done)
+  })
+
+  it('should return the same headers of proxied request', (done) => {
+    nock('https://example.org')
+      .get('/')
+      .reply(function (uri, req) {
+        if (this.req.headers.accept !== 'text/turtle') {
+          throw Error('Accept is received on the header')
+        }
+        if (this.req.headers.test && this.req.headers.test === 'test1') {
+          return [200, 'YES']
+        } else {
+          return [500, 'empty']
+        }
+      })
+
+    server.get('/proxy?uri=https://example.org/')
+      .set('test', 'test1')
+      .set('accept', 'text/turtle')
+      .expect(200)
+      .end((err, data) => {
+        if (err) return done(err)
+        done(err)
+      })
+  })
+
+  it('should also work on /proxy/ ?uri', (done) => {
+    nock('https://example.org').get('/').reply(200)
+    server.get('/proxy/?uri=https://example.org/')
+      .expect((a) => {
+        assert.equal(a.header.link, null)
+      })
+      .expect(200, done)
+  })
+
+  it('should return the same HTTP status code as the uri', () => {
+    nock('https://example.org')
+      .get('/404').reply(404)
+      .get('/401').reply(401)
+      .get('/500').reply(500)
+      .get('/200').reply(200)
+
+    return Promise.all([
+      server.get('/proxy/?uri=https://example.org/404').expect(404),
+      server.get('/proxy/?uri=https://example.org/401').expect(401),
+      server.get('/proxy/?uri=https://example.org/500').expect(500),
+      server.get('/proxy/?uri=https://example.org/200').expect(200)
+    ])
+  })
+
+  it('should work with cors', (done) => {
+    nock('https://example.org').get('/').reply(200)
+    server.get('/proxy/?uri=https://example.org/')
+      .set('Origin', 'http://example.com')
+      .expect('Access-Control-Allow-Origin', 'http://example.com')
+      .expect(200, done)
+  })
+})

package/test/integration/errors-oidc-test.mjs

@@ -0,0 +1,109 @@
+import { expect } from 'chai'
+import supertest from 'supertest'
+import ldnode from '../../index.mjs'
+import path from 'path'
+import { fileURLToPath } from 'url'
+import { cleanDir, cp } from '../utils.mjs'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+
+describe('OIDC error handling', function () {
+  const serverUri = 'https://localhost:3457'
+  let ldpHttpsServer
+  const rootPath = path.normalize(path.join(__dirname, '../resources/accounts/errortests'))
+  const configPath = path.normalize(path.join(__dirname, '../resources/config'))
+  const dbPath = path.normalize(path.join(__dirname, '../resources/accounts/db'))
+
+  const ldp = ldnode.createServer({
+    root: rootPath,
+    configPath,
+    sslKey: path.normalize(path.join(__dirname, '../keys/key.pem')),
+    sslCert: path.normalize(path.join(__dirname, '../keys/cert.pem')),
+    auth: 'oidc',
+    webid: true,
+    multiuser: false,
+    strictOrigin: true,
+    dbPath,
+    serverUri
+  })
+
+  before(function (done) {
+    ldpHttpsServer = ldp.listen(3457, () => {
+      cp(path.normalize(path.join('accounts/errortests', '.acl-override')), path.normalize(path.join('accounts/errortests', '.acl')))
+      done()
+    })
+  })
+
+  after(function () {
+    if (ldpHttpsServer) ldpHttpsServer.close()
+    cleanDir(rootPath)
+  })
+
+  const server = supertest(serverUri)
+
+  describe('Unauthenticated requests to protected resources', () => {
+    describe('accepting text/html', () => {
+      it('should return 401 Unauthorized with www-auth header', () => {
+        return server.get('/profile/')
+          .set('Accept', 'text/html')
+          .expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid"')
+          .expect(401)
+      })
+
+      it('should return an html login page', () => {
+        return server.get('/profile/')
+          .set('Accept', 'text/html')
+          .expect('Content-Type', 'text/html; charset=utf-8')
+          .then(res => {
+            expect(res.text).to.match(/GlobalDashboard/)
+          })
+      })
+    })
+
+    describe('not accepting html', () => {
+      it('should return 401 Unauthorized with www-auth header', () => {
+        return server.get('/profile/')
+          .set('Accept', 'text/plain')
+          .expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid"')
+          .expect(401)
+      })
+    })
+  })
+
+  describe('Authenticated responses to protected resources', () => {
+    describe('with an empty bearer token', () => {
+      it('should return a 400 error', () => {
+        return server.get('/profile/')
+          .set('Authorization', 'Bearer ')
+          .expect(400)
+      })
+    })
+
+    describe('with an invalid bearer token', () => {
+      it('should return a 401 error', () => {
+        return server.get('/profile/')
+          .set('Authorization', 'Bearer abcd123')
+          .expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid", error="invalid_token", error_description="Access token is not a JWT"')
+          .expect(401)
+      })
+    })
+
+    describe('with an expired bearer token', () => {
+      const expiredToken = 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImxOWk9CLURQRTFrIn0.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozNDU3Iiwic3ViIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6MzQ1Ny9wcm9maWxlL2NhcmQjbWUiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDozNDU3IiwiZXhwIjoxNDk2MjM5ODY1LCJpYXQiOjE0OTYyMzk4NjUsImp0aSI6IjliN2MwNGQyNDY3MjQ1ZWEiLCJub25jZSI6IklXaUpMVFNZUmktVklSSlhjejVGdU9CQTFZR1lZNjFnRGRlX2JnTEVPMDAiLCJhdF9oYXNoIjoiRFpES3I0RU1xTGE1Q0x1elV1WW9pdyJ9.uBTLy_wG5rr4kxM0hjXwIC-NwGYrGiiiY9IdOk5hEjLj2ECc767RU7iZ5vZa0pSrGy0V2Y3BiZ7lnYIA7N4YUAuS077g_4zavoFWyu9xeq6h70R8yfgFUNPo91PGpODC9hgiNbEv2dPBzTYYHqf7D6_-3HGnnDwiX7TjWLTkPLRvPLTcsCUl7G7y-EedjcVRk3Jyv8TNSoBMeTwOR3ewuzNostmCjUuLsr73YpVid6HE55BBqgSCDCNtS-I7nYmO_lRqIWJCydjdStSMJgxzSpASvoeCJ_lwZF6FXmZOQNNhmstw69fU85J1_QsS78cRa76-SnJJp6JCWHFBUAolPQ'
+
+      it('should return a 401 error', () => {
+        return server.get('/profile/')
+          .set('Authorization', 'Bearer ' + expiredToken)
+          .expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid", error="invalid_token", error_description="Access token is expired"')
+          .expect(401)
+      })
+
+      it('should return a 200 if the resource is public', () => {
+        return server.get('/public/')
+          .set('Authorization', 'Bearer ' + expiredToken)
+          .expect(200)
+      })
+    })
+  })
+})

package/test/integration/errors-test.mjs

@@ -0,0 +1,49 @@
+import { fileURLToPath } from 'url'
+import { dirname, join } from 'path'
+import { read, setupSupertestServer } from '../utils.mjs'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+
+describe('Error pages', function () {
+  // LDP with error pages
+  const errorServer = setupSupertestServer({
+    root: join(__dirname, '../resources'),
+    errorPages: join(__dirname, '../resources/errorPages'),
+    webid: false
+  })
+
+  // LDP with no error pages
+  const noErrorServer = setupSupertestServer({
+    root: join(__dirname, '../resources'),
+    noErrorPages: true,
+    webid: false
+  })
+
+  function defaultErrorPage (filepath, expected) {
+    const handler = function (res) {
+      const errorFile = read(filepath)
+      if (res.text === errorFile && !expected) {
+        console.log('Not default text')
+      }
+    }
+    return handler
+  }
+
+  describe('noErrorPages', function () {
+    const file404 = 'errorPages/404.html'
+    it('Should return 404 express default page', function (done) {
+      noErrorServer.get('/non-existent-file.html')
+        .expect(defaultErrorPage(file404, false))
+        .expect(404, done)
+    })
+  })
+
+  describe('errorPages set', function () {
+    const file404 = 'errorPages/404.html'
+    it('Should return 404 custom page if exists', function (done) {
+      errorServer.get('/non-existent-file.html')
+        .expect(defaultErrorPage(file404, true))
+        .expect(404, done)
+    })
+  })
+})

package/test/integration/formats-test.mjs

@@ -0,0 +1,136 @@
+import { assert } from 'chai'
+import { fileURLToPath } from 'url'
+import { dirname, join } from 'path'
+import { setupSupertestServer } from '../utils.mjs'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+
+describe('formats', function () {
+  const server = setupSupertestServer({
+    root: join(__dirname, '../resources'),
+    webid: false
+  })
+
+  describe('HTML', function () {
+    it('should return HTML containing "Hello, World!" if Accept is set to text/html', function (done) {
+      server.get('/hello.html')
+        .set('accept', 'application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5')
+        .expect('Content-type', /text\/html/)
+        .expect(/Hello, world!/)
+        .expect(200, done)
+    })
+  })
+
+  describe('JSON-LD', function () {
+    function isCorrectSubject (idFragment) {
+      return (res) => {
+        const payload = JSON.parse(res.text)
+        const id = payload['@id']
+        assert(id.endsWith(idFragment), 'The subject of the JSON-LD graph is correct')
+      }
+    }
+    function isValidJSON (res) {
+      // This would throw an error
+      JSON.parse(res.text)
+    }
+    it('should return JSON-LD document if Accept is set to only application/ld+json', function (done) {
+      server.get('/patch-5-initial.ttl')
+        .set('accept', 'application/ld+json')
+        .expect(200)
+        .expect('content-type', /application\/ld\+json/)
+        .expect(isValidJSON)
+        .expect(isCorrectSubject(':Iss1408851516666'))
+        .end(done)
+    })
+    it('should return the container listing in JSON-LD if Accept is set to only application/ld+json', function (done) {
+      server.get('/')
+        .set('accept', 'application/ld+json')
+        .expect(200)
+        .expect('content-type', /application\/ld\+json/)
+        .end(done)
+    })
+    it('should prefer to avoid translation even if type is listed with less priority', function (done) {
+      server.get('/patch-5-initial.ttl')
+        .set('accept', 'application/ld+json;q=0.9,text/turtle;q=0.8,text/plain;q=0.7,*/*;q=0.5')
+        .expect('content-type', /text\/turtle/)
+        .expect(200, done)
+    })
+    it('should return JSON-LD document if Accept is set to application/ld+json and other types', function (done) {
+      server.get('/patch-5-initial.ttl')
+        .set('accept', 'application/ld+json;q=0.9,application/rdf+xml;q=0.7')
+        .expect('content-type', /application\/ld\+json/)
+        .expect(200, done)
+    })
+  })
+
+  describe('N-Quads', function () {
+    it('should return N-Quads document is Accept is set to application/n-quads', function (done) {
+      server.get('/patch-5-initial.ttl')
+        .set('accept', 'application/n-quads;q=0.9,application/ld+json;q=0.8,application/rdf+xml;q=0.7')
+        .expect('content-type', /application\/n-quads/)
+        .expect(200, done)
+    })
+  })
+
+  describe('n3', function () {
+    it('should return turtle document if Accept is set to text/n3', function (done) {
+      server.get('/patch-5-initial.ttl')
+        .set('accept', 'text/n3;q=0.9,application/n-quads;q=0.7,text/plain;q=0.7')
+        .expect('content-type', /text\/n3/)
+        .expect(200, done)
+    })
+  })
+
+  describe('turtle', function () {
+    it('should return turtle document if Accept is set to turtle', function (done) {
+      server.get('/patch-5-initial.ttl')
+        .set('accept', 'text/turtle;q=0.9,application/rdf+xml;q=0.8,text/plain;q=0.7,*/*;q=0.5')
+        .expect('content-type', /text\/turtle/)
+        .expect(200, done)
+    })
+
+    it('should return turtle document if Accept is set to turtle', function (done) {
+      server.get('/lennon.jsonld')
+        .set('accept', 'text/turtle')
+        .expect('content-type', /text\/turtle/)
+        .expect(200, done)
+    })
+
+    it('should return turtle when listing container with an index page', function (done) {
+      server.get('/sampleContainer/')
+        .set('accept', 'application/rdf+xml;q=0.4, application/xhtml+xml;q=0.3, text/xml;q=0.2, application/xml;q=0.2, text/html;q=0.3, text/plain;q=0.1, text/turtle;q=1.0, application/n3;q=1')
+        .expect('content-type', /text\/html/)
+        .expect(200, done)
+    })
+
+    it('should return turtle when listing container without an index page', function (done) {
+      server.get('/sampleContainer2/')
+        .set('accept', 'application/rdf+xml;q=0.4, application/xhtml+xml;q=0.3, text/xml;q=0.2, application/xml;q=0.2, text/html;q=0.3, text/plain;q=0.1, text/turtle;q=1.0, application/n3;q=1')
+        .expect('content-type', /text\/turtle/)
+        .expect(200, done)
+    })
+  })
+
+  describe('text/plain (non RDFs)', function () {
+    it('Accept text/plain', function (done) {
+      server.get('/put-input.txt')
+        .set('accept', 'text/plain')
+        .expect('Content-type', /text\/plain/)
+        .expect(200, done)
+    })
+    it('Accept text/turtle', function (done) {
+      server.get('/put-input.txt')
+        .set('accept', 'text/turtle')
+        .expect('Content-type', /text\/plain/)
+        .expect(406, done)
+    })
+  })
+
+  describe('none', function () {
+    it('should return turtle document if no Accept header is set', function (done) {
+      server.get('/patch-5-initial.ttl')
+        .expect('content-type', /text\/turtle/)
+        .expect(200, done)
+    })
+  })
+})

package/test/integration/header-test.mjs

@@ -0,0 +1,101 @@
+import { expect } from 'chai'
+import { join } from 'path'
+import { setupSupertestServer } from '../utils.mjs'
+
+const __dirname = import.meta.dirname // dirname(fileURLToPath(import.meta.url))
+
+describe('Header handler', () => {
+  let request
+
+  before(function () {
+    this.timeout(20000)
+    request = setupSupertestServer({
+      root: join(__dirname, '../resources/headers'),
+      multiuser: false,
+      webid: true,
+      sslKey: join(__dirname, '../keys/key.pem'),
+      sslCert: join(__dirname, '../keys/cert.pem'),
+      forceUser: 'https://ruben.verborgh.org/profile/#me'
+    })
+  })
+
+  describe('MS-Author-Via', () => { // deprecated
+    describeHeaderTest('read/append for the public', {
+      resource: '/public-ra',
+      headers: {
+        'MS-Author-Via': 'SPARQL',
+        'Access-Control-Expose-Headers': /(^|,\s*)MS-Author-Via(,|$)/
+      }
+    })
+  })
+
+  describe('Accept-* for a resource document', () => {
+    describeHeaderTest('read/append for the public', {
+      resource: '/public-ra',
+      headers: {
+        'Accept-Patch': 'text/n3, application/sparql-update, application/sparql-update-single-match',
+        'Accept-Post': '*/*',
+        'Accept-Put': '*/*',
+        'Access-Control-Expose-Headers': /(^|,\s*)Accept-Patch, Accept-Post, Accept-Put(,|$)/
+      }
+    })
+  })
+
+  describe('WAC-Allow', () => {
+    describeHeaderTest('read/append for the public', {
+      resource: '/public-ra',
+      headers: {
+        'WAC-Allow': 'user="read append",public="read append"',
+        'Access-Control-Expose-Headers': /(^|,\s*)WAC-Allow(,|$)/
+      }
+    })
+
+    describeHeaderTest('read/write for the user, read for the public', {
+      resource: '/user-rw-public-r',
+      headers: {
+        'WAC-Allow': 'user="read write append",public="read"',
+        'Access-Control-Expose-Headers': /(^|,\s*)WAC-Allow(,|$)/
+      }
+    })
+
+    // FIXME: https://github.com/solid/node-solid-server/issues/1502
+    describeHeaderTest('read/write/append/control for the user, nothing for the public', {
+      resource: '/user-rwac-public-0',
+      headers: {
+        'WAC-Allow': 'user="read write append control",public=""',
+        'Access-Control-Expose-Headers': /(^|,\s*)WAC-Allow(,|$)/
+      }
+    })
+  })
+
+  function describeHeaderTest (label, { resource, headers }) {
+    describe(`a resource that is ${label}`, () => {
+      // Retrieve the response headers
+      const response = {}
+      before(async function () {
+        this.timeout(10000) // FIXME: https://github.com/solid/node-solid-server/issues/1443
+        const { headers } = await request.get(resource)
+        response.headers = headers
+      })
+
+      // Assert the existence of each of the expected headers
+      for (const header in headers) {
+        assertResponseHasHeader(response, header, headers[header])
+      }
+    })
+  }
+
+  function assertResponseHasHeader (response, name, value) {
+    const key = name.toLowerCase()
+    if (value instanceof RegExp) {
+      it(`has a ${name} header matching ${value}`, () => {
+        expect(response.headers).to.have.property(key)
+        expect(response.headers[key]).to.match(value)
+      })
+    } else {
+      it(`has a ${name} header of ${value}`, () => {
+        expect(response.headers).to.have.property(key, value)
+      })
+    }
+  }
+})