solid-server 5.8.6 → 5.8.8-8d509db1

package/test/unit/force-user-test.mjs

@@ -0,0 +1,73 @@
+import { describe, it, before } from 'mocha'
+import chai from 'chai'
+import sinon from 'sinon'
+import sinonChai from 'sinon-chai'
+
+import forceUser from '../../lib/api/authn/force-user.mjs'
+
+const { expect } = chai
+chai.use(sinonChai)
+
+const USER = 'https://ruben.verborgh.org/profile/#me'
+
+describe('Force User', () => {
+  describe('a forceUser handler', () => {
+    let app, handler
+    before(() => {
+      app = { use: sinon.stub() }
+      const argv = { forceUser: USER }
+      forceUser.initialize(app, argv)
+      handler = app.use.getCall(0).args[1]
+    })
+
+    it('adds a route on /', () => {
+      expect(app.use).to.have.callCount(1)
+      expect(app.use).to.have.been.calledWith('/')
+    })
+
+    describe('when called', () => {
+      let request, response
+      before(done => {
+        request = { session: {} }
+        response = { set: sinon.stub() }
+        handler(request, response, done)
+      })
+
+      it('sets session.userId to the user', () => {
+        expect(request.session).to.have.property('userId', USER)
+      })
+
+      it('does not set the User header', () => {
+        expect(response.set).to.have.callCount(0)
+      })
+    })
+  })
+
+  describe('a forceUser handler for TLS', () => {
+    let handler
+    before(() => {
+      const app = { use: sinon.stub() }
+      const argv = { forceUser: USER, auth: 'tls' }
+      forceUser.initialize(app, argv)
+      handler = app.use.getCall(0).args[1]
+    })
+
+    describe('when called', () => {
+      let request, response
+      before(done => {
+        request = { session: {} }
+        response = { set: sinon.stub() }
+        handler(request, response, done)
+      })
+
+      it('sets session.userId to the user', () => {
+        expect(request.session).to.have.property('userId', USER)
+      })
+
+      it('sets the User header', () => {
+        expect(response.set).to.have.callCount(1)
+        expect(response.set).to.have.been.calledWith('User', USER)
+      })
+    })
+  })
+})

package/test/unit/getAvailableUrl-test.mjs

@@ -0,0 +1,30 @@
+import { strict as assert } from 'assert'
+import LDP from '../../lib/ldp.mjs'
+
+export async function testNoExistingResource () {
+  const rm = {
+    resolveUrl: (hostname, containerURI) => `https://${hostname}/root${containerURI}/`,
+    mapUrlToFile: async () => { throw new Error('Not found') }
+  }
+  const ldp = new LDP({ resourceMapper: rm })
+  const url = await ldp.getAvailableUrl('host.test', '/container', { slug: 'name.txt', extension: '', container: false })
+  assert.equal(url, 'https://host.test/root/container/name.txt')
+}
+
+export async function testExistingResourcePrefixes () {
+  let called = 0
+  const rm = {
+    resolveUrl: (hostname, containerURI) => `https://${hostname}/root${containerURI}/`,
+    mapUrlToFile: async () => {
+      called += 1
+      // First call indicates file exists (resolve), so return some object
+      if (called === 1) return { path: '/some/path' }
+      // Subsequent calls simulate not found
+      throw new Error('Not found')
+    }
+  }
+  const ldp = new LDP({ resourceMapper: rm })
+  const url = await ldp.getAvailableUrl('host.test', '/container', { slug: 'name.txt', extension: '', container: false })
+  // Should contain a uuid-prefix before name.txt, i.e. -name.txt
+  assert.ok(url.endsWith('-name.txt') || url.includes('-name.txt'))
+}

package/test/unit/getTrustedOrigins-test.mjs

@@ -0,0 +1,20 @@
+import { describe, it } from 'mocha'
+import { assert } from 'chai'
+import LDP from '../../lib/ldp.mjs'
+
+describe('LDP.getTrustedOrigins', () => {
+  it('includes resourceMapper.resolveUrl(hostname), trustedOrigins and serverUri when multiuser', () => {
+    const rm = { resolveUrl: (hostname) => `https://${hostname}/` }
+    const ldp = new LDP({ resourceMapper: rm, trustedOrigins: ['https://trusted.example/'], multiuser: true, serverUri: 'https://server.example/' })
+    const res = ldp.getTrustedOrigins({ hostname: 'host.test' })
+    assert.includeMembers(res, ['https://host.test/', 'https://trusted.example/', 'https://server.example/'])
+  })
+
+  it('omits serverUri when not multiuser', () => {
+    const rm = { resolveUrl: (hostname) => `https://${hostname}/` }
+    const ldp = new LDP({ resourceMapper: rm, trustedOrigins: ['https://trusted.example/'], multiuser: false, serverUri: 'https://server.example/' })
+    const res = ldp.getTrustedOrigins({ hostname: 'host.test' })
+    assert.includeMembers(res, ['https://host.test/', 'https://trusted.example/'])
+    assert.notInclude(res, 'https://server.example/')
+  })
+})

package/test/unit/login-request-test.mjs

@@ -0,0 +1,246 @@
+import { describe, it, beforeEach } from 'mocha'
+import chai from 'chai'
+import sinon from 'sinon'
+import sinonChai from 'sinon-chai'
+import dirtyChai from 'dirty-chai'
+
+import HttpMocks from 'node-mocks-http'
+import AuthRequest from '../../lib/requests/auth-request.mjs'
+import { LoginRequest } from '../../lib/requests/login-request.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+import AccountManager from '../../lib/models/account-manager.mjs'
+
+const { expect } = chai
+chai.use(sinonChai)
+chai.use(dirtyChai)
+chai.should()
+
+const mockUserStore = {
+  findUser: () => { return Promise.resolve(true) },
+  matchPassword: (user, password) => { return Promise.resolve(user) }
+}
+
+const authMethod = 'oidc'
+const host = SolidHost.from({ serverUri: 'https://localhost:8443' })
+const accountManager = AccountManager.from({ host, authMethod })
+const localAuth = { password: true, tls: true }
+
+describe('LoginRequest', () => {
+  describe('loginPassword()', () => {
+    let res, req
+
+    beforeEach(() => {
+      req = {
+        app: { locals: { oidc: { users: mockUserStore }, localAuth, accountManager } },
+        body: { username: 'alice', password: '12345' }
+      }
+      res = HttpMocks.createResponse()
+    })
+
+    it('should create a LoginRequest instance', () => {
+      const fromParams = sinon.spy(LoginRequest, 'fromParams')
+      const loginStub = sinon.stub(LoginRequest, 'login')
+        .returns(Promise.resolve())
+
+      return LoginRequest.loginPassword(req, res)
+        .then(() => {
+          expect(fromParams).to.have.been.calledWith(req, res)
+          fromParams.restore()
+          loginStub.restore()
+        })
+    })
+
+    it('should invoke login()', () => {
+      const login = sinon.spy(LoginRequest, 'login')
+
+      return LoginRequest.loginPassword(req, res)
+        .then(() => {
+          expect(login).to.have.been.called()
+          login.restore()
+        })
+    })
+  })
+
+  describe('loginTls()', () => {
+    let res, req
+
+    beforeEach(() => {
+      req = {
+        connection: {},
+        app: { locals: { localAuth, accountManager } }
+      }
+      res = HttpMocks.createResponse()
+    })
+
+    it('should create a LoginRequest instance', () => {
+      const fromParams = sinon.spy(LoginRequest, 'fromParams')
+      const loginStub = sinon.stub(LoginRequest, 'login')
+        .returns(Promise.resolve())
+
+      return LoginRequest.loginTls(req, res)
+        .then(() => {
+          expect(fromParams).to.have.been.calledWith(req, res)
+          fromParams.restore()
+          loginStub.restore()
+        })
+    })
+
+    it('should invoke login()', () => {
+      const login = sinon.spy(LoginRequest, 'login')
+
+      return LoginRequest.loginTls(req, res)
+        .then(() => {
+          expect(login).to.have.been.called()
+          login.restore()
+        })
+    })
+  })
+
+  describe('fromParams()', () => {
+    const session = {}
+    const req = {
+      session,
+      app: { locals: { accountManager } },
+      body: { username: 'alice', password: '12345' }
+    }
+    const res = HttpMocks.createResponse()
+
+    it('should return a LoginRequest instance', () => {
+      const request = LoginRequest.fromParams(req, res)
+
+      expect(request.response).to.equal(res)
+      expect(request.session).to.equal(session)
+      expect(request.accountManager).to.equal(accountManager)
+    })
+
+    it('should initialize the query params', () => {
+      const requestOptions = sinon.spy(AuthRequest, 'requestOptions')
+      LoginRequest.fromParams(req, res)
+
+      expect(requestOptions).to.have.been.calledWith(req)
+      requestOptions.restore()
+    })
+  })
+
+  describe('login()', () => {
+    const userStore = mockUserStore
+    let response
+
+    const options = {
+      userStore,
+      accountManager,
+      localAuth: {}
+    }
+
+    beforeEach(() => {
+      response = HttpMocks.createResponse()
+    })
+
+    it('should call initUserSession() for a valid user', () => {
+      const validUser = {}
+      options.response = response
+      options.authenticator = {
+        findValidUser: sinon.stub().resolves(validUser)
+      }
+
+      const request = new LoginRequest(options)
+
+      const initUserSession = sinon.spy(request, 'initUserSession')
+
+      return LoginRequest.login(request)
+        .then(() => {
+          expect(initUserSession).to.have.been.calledWith(validUser)
+        })
+    })
+
+    it('should call redirectPostLogin()', () => {
+      const validUser = {}
+      options.response = response
+      options.authenticator = {
+        findValidUser: sinon.stub().resolves(validUser)
+      }
+
+      const request = new LoginRequest(options)
+
+      const redirectPostLogin = sinon.spy(request, 'redirectPostLogin')
+
+      return LoginRequest.login(request)
+        .then(() => {
+          expect(redirectPostLogin).to.have.been.calledWith(validUser)
+        })
+    })
+  })
+
+  describe('postLoginUrl()', () => {
+    it('should return the user account uri if no redirect_uri param', () => {
+      const request = new LoginRequest({ authQueryParams: {} })
+
+      const aliceAccount = 'https://alice.example.com'
+      const user = { accountUri: aliceAccount }
+
+      expect(request.postLoginUrl(user)).to.equal(aliceAccount)
+    })
+  })
+
+  describe('redirectPostLogin()', () => {
+    it('should redirect to the /sharing url if response_type includes token', () => {
+      const res = HttpMocks.createResponse()
+      const authUrl = 'https://localhost:8443/sharing?response_type=token'
+      const validUser = accountManager.userAccountFrom({ username: 'alice' })
+
+      const authQueryParams = {
+        response_type: 'token'
+      }
+
+      const options = { accountManager, authQueryParams, response: res }
+      const request = new LoginRequest(options)
+
+      request.authorizeUrl = sinon.stub().returns(authUrl)
+
+      request.redirectPostLogin(validUser)
+
+      expect(res.statusCode).to.equal(302)
+      expect(res._getRedirectUrl()).to.equal(authUrl)
+    })
+
+    it('should redirect to account uri if no client_id present', () => {
+      const res = HttpMocks.createResponse()
+      const authUrl = 'https://localhost/authorize?redirect_uri=https%3A%2F%2Fapp.example.com%2Fcallback'
+      const validUser = accountManager.userAccountFrom({ username: 'alice' })
+
+      const authQueryParams = {}
+
+      const options = { accountManager, authQueryParams, response: res }
+      const request = new LoginRequest(options)
+
+      request.authorizeUrl = sinon.stub().returns(authUrl)
+
+      request.redirectPostLogin(validUser)
+
+      const expectedUri = accountManager.accountUriFor('alice')
+      expect(res.statusCode).to.equal(302)
+      expect(res._getRedirectUrl()).to.equal(expectedUri)
+    })
+
+    it('should redirect to account uri if redirect_uri is string "undefined"', () => {
+      const res = HttpMocks.createResponse()
+      const authUrl = 'https://localhost/authorize?client_id=123'
+      const validUser = accountManager.userAccountFrom({ username: 'alice' })
+
+      const body = { redirect_uri: 'undefined' }
+
+      const options = { accountManager, response: res }
+      const request = new LoginRequest(options)
+      request.authQueryParams = AuthRequest.extractAuthParams({ body })
+
+      request.authorizeUrl = sinon.stub().returns(authUrl)
+
+      request.redirectPostLogin(validUser)
+
+      const expectedUri = accountManager.accountUriFor('alice')
+
+      expect(res.statusCode).to.equal(302)
+      expect(res._getRedirectUrl()).to.equal(expectedUri)
+    })
+  })
+})

package/test/unit/oidc-manager-test.mjs

@@ -0,0 +1,50 @@
+/* eslint-disable no-unused-expressions */
+// import { createRequire } from 'module'
+import { fileURLToPath } from 'url'
+import path from 'path'
+import chai from 'chai'
+
+// const require = createRequire(import.meta.url)
+// const OidcManager = require('../../lib/models/oidc-manager')
+// const SolidHost = require('../../lib/models/solid-host')
+import * as OidcManager from '../../lib/models/oidc-manager.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+
+const { expect } = chai
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+
+describe('OidcManager', () => {
+  describe('fromServerConfig()', () => {
+    it('should error if no serverUri is provided in argv', () => {
+
+    })
+
+    it('should result in an initialized oidc object', () => {
+      const serverUri = 'https://localhost:8443'
+      const host = SolidHost.from({ serverUri })
+
+      const dbPath = path.join(__dirname, '../resources/db')
+      const saltRounds = 5
+      const argv = {
+        host,
+        dbPath,
+        saltRounds
+      }
+
+      const oidc = OidcManager.fromServerConfig(argv)
+
+      expect(oidc.rs.defaults.query).to.be.true
+      const clientsPath = oidc.clients.store.backend.path
+      const usersPath = oidc.users.backend.path
+      // Check that the clients path contains an 'rp' segment (or 'clients') to handle layout differences
+      const clientsSegments = clientsPath.split(path.sep)
+      expect(clientsSegments.includes('rp') || clientsSegments.includes('clients')).to.be.true
+      expect(oidc.provider.issuer).to.equal(serverUri)
+      const usersSegments = usersPath.split(path.sep)
+      expect(usersSegments.includes('users')).to.be.true
+      expect(oidc.users.saltRounds).to.equal(saltRounds)
+    })
+  })
+})

package/test/unit/password-authenticator-test.mjs

@@ -0,0 +1,125 @@
+import { describe, it, beforeEach, afterEach } from 'mocha'
+import chai from 'chai'
+import sinon from 'sinon'
+import sinonChai from 'sinon-chai'
+import dirtyChai from 'dirty-chai'
+
+import { PasswordAuthenticator } from '../../lib/models/authenticator.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+import AccountManager from '../../lib/models/account-manager.mjs'
+
+const { expect } = chai
+chai.use(sinonChai)
+chai.use(dirtyChai)
+chai.should()
+
+const mockUserStore = {
+  findUser: () => { return Promise.resolve(true) },
+  matchPassword: (user, password) => { return Promise.resolve(user) }
+}
+
+const host = SolidHost.from({ serverUri: 'https://localhost:8443' })
+const accountManager = AccountManager.from({ host })
+
+describe('PasswordAuthenticator', () => {
+  describe('fromParams()', () => {
+    const req = {
+      body: { username: 'alice', password: '12345' }
+    }
+    const options = { userStore: mockUserStore, accountManager }
+
+    it('should return a PasswordAuthenticator instance', () => {
+      const pwAuth = PasswordAuthenticator.fromParams(req, options)
+
+      expect(pwAuth.userStore).to.equal(mockUserStore)
+      expect(pwAuth.accountManager).to.equal(accountManager)
+      expect(pwAuth.username).to.equal('alice')
+      expect(pwAuth.password).to.equal('12345')
+    })
+
+    it('should init with undefined username and password if no body is provided', () => {
+      const req = {}
+      const pwAuth = PasswordAuthenticator.fromParams(req, options)
+
+      expect(pwAuth.username).to.be.undefined()
+      expect(pwAuth.password).to.be.undefined()
+    })
+  })
+
+  describe('findValidUser()', () => {
+    let pwAuth, sandbox
+
+    beforeEach(() => {
+      sandbox = sinon.createSandbox()
+      const req = {
+        body: { username: 'alice', password: '12345' }
+      }
+      const options = { userStore: mockUserStore, accountManager }
+      pwAuth = PasswordAuthenticator.fromParams(req, options)
+    })
+
+    afterEach(() => {
+      sandbox.restore()
+    })
+
+    it('should resolve with user if credentials are valid', () => {
+      sandbox.stub(mockUserStore, 'findUser')
+        .resolves({ username: 'alice' })
+      sandbox.stub(mockUserStore, 'matchPassword')
+        .resolves({ username: 'alice' })
+
+      return pwAuth.findValidUser()
+        .then(user => {
+          expect(user.username).to.equal('alice')
+        })
+    })
+
+    it('should reject if user is not found', () => {
+      sandbox.stub(mockUserStore, 'findUser')
+        .resolves(null)
+
+      return pwAuth.findValidUser()
+        .catch(error => {
+          expect(error.message).to.include('Invalid username/password combination.')
+        })
+    })
+
+    it('should reject if password does not match', () => {
+      sandbox.stub(mockUserStore, 'findUser')
+        .resolves({ username: 'alice' })
+      sandbox.stub(mockUserStore, 'matchPassword')
+        .resolves(null)
+
+      return pwAuth.findValidUser()
+        .catch(error => {
+          expect(error.message).to.include('Invalid username/password combination.')
+        })
+    })
+
+    it('should reject with error if userStore throws', () => {
+      sandbox.stub(mockUserStore, 'findUser')
+        .rejects(new Error('Database error'))
+
+      return pwAuth.findValidUser()
+        .catch(error => {
+          expect(error.message).to.equal('Database error')
+        })
+    })
+  })
+
+  describe('validate()', () => {
+    it('should throw a 400 error if no username was provided', () => {
+      const options = { username: null, password: '12345' }
+      const pwAuth = new PasswordAuthenticator(options)
+
+      expect(() => pwAuth.validate()).to.throw('Username required')
+    })
+
+    it('should throw a 400 error if no password was provided', () => {
+      const options = { username: 'alice', password: null }
+      const pwAuth = new PasswordAuthenticator(options)
+
+      expect(() => pwAuth.validate()).to.throw('Password required')
+    })
+  })
+})