solid-server 5.8.6 → 5.8.8-8d509db1

package/test/unit/solid-host-test.mjs

@@ -0,0 +1,119 @@
+/* eslint-disable no-unused-expressions */
+import { describe, it, before } from 'mocha'
+import { expect } from 'chai'
+import SolidHost from '../../lib/models/solid-host.mjs'
+import defaults from '../../config/defaults.mjs'
+
+describe('SolidHost', () => {
+  describe('from()', () => {
+    it('should init with provided params', () => {
+      const config = {
+        port: 3000,
+        serverUri: 'https://localhost:3000',
+        live: true,
+        root: '/data/solid/',
+        multiuser: true,
+        webid: true
+      }
+      const host = SolidHost.from(config)
+
+      expect(host.port).to.equal(3000)
+      expect(host.serverUri).to.equal('https://localhost:3000')
+      expect(host.hostname).to.equal('localhost')
+      expect(host.live).to.be.true
+      expect(host.root).to.equal('/data/solid/')
+      expect(host.multiuser).to.be.true
+      expect(host.webid).to.be.true
+    })
+
+    it('should init to default port and serverUri values', () => {
+      const host = SolidHost.from({})
+      expect(host.port).to.equal(defaults.port)
+      expect(host.serverUri).to.equal(defaults.serverUri)
+    })
+  })
+
+  describe('accountUriFor()', () => {
+    it('should compose an account uri for an account name', () => {
+      const config = {
+        serverUri: 'https://test.local'
+      }
+      const host = SolidHost.from(config)
+
+      expect(host.accountUriFor('alice')).to.equal('https://alice.test.local')
+    })
+
+    it('should throw an error if no account name is passed in', () => {
+      const host = SolidHost.from()
+      expect(() => { host.accountUriFor() }).to.throw(TypeError)
+    })
+  })
+
+  describe('allowsSessionFor()', () => {
+    let host
+    before(() => {
+      host = SolidHost.from({
+        serverUri: 'https://test.local'
+      })
+    })
+
+    it('should allow an empty userId and origin', () => {
+      expect(host.allowsSessionFor('', '', [])).to.be.true
+    })
+
+    it('should allow a userId with empty origin', () => {
+      expect(host.allowsSessionFor('https://user.own/profile/card#me', '', [])).to.be.true
+    })
+
+    it('should allow a userId with the user subdomain as origin', () => {
+      expect(host.allowsSessionFor('https://user.own/profile/card#me', 'https://user.own', [])).to.be.true
+    })
+
+    it('should allow a userId with the server domain as origin', () => {
+      expect(host.allowsSessionFor('https://user.own/profile/card#me', 'https://test.local', [])).to.be.true
+    })
+
+    it('should allow a userId with a server subdomain as origin', () => {
+      expect(host.allowsSessionFor('https://user.own/profile/card#me', 'https://other.test.local', [])).to.be.true
+    })
+
+    it('should disallow a userId from a different domain', () => {
+      expect(host.allowsSessionFor('https://user.own/profile/card#me', 'https://other.remote', [])).to.be.false
+    })
+
+    it('should allow user from a trusted domain', () => {
+      expect(host.allowsSessionFor('https://user.own/profile/card#me', 'https://other.remote', ['https://other.remote'])).to.be.true
+    })
+  })
+
+  describe('cookieDomain getter', () => {
+    it('should return null for single-part domains (localhost)', () => {
+      const host = SolidHost.from({
+        serverUri: 'https://localhost:8443'
+      })
+
+      expect(host.cookieDomain).to.be.null
+    })
+
+    it('should return a cookie domain for multi-part domains', () => {
+      const host = SolidHost.from({
+        serverUri: 'https://example.com:8443'
+      })
+
+      expect(host.cookieDomain).to.equal('.example.com')
+    })
+  })
+
+  describe('authEndpoint getter', () => {
+    it('should return an /authorize url object', () => {
+      const host = SolidHost.from({
+        serverUri: 'https://localhost:8443'
+      })
+
+      const authUrl = host.authEndpoint
+
+      expect(authUrl.host).to.equal('localhost:8443')
+      expect(authUrl.pathname).to.equal('/authorize')
+    })
+  })
+})

package/test/unit/tls-authenticator-test.mjs

@@ -0,0 +1,174 @@
+import chai from 'chai'
+import sinon from 'sinon'
+import sinonChai from 'sinon-chai'
+import dirtyChai from 'dirty-chai'
+import chaiAsPromised from 'chai-as-promised'
+
+import { TlsAuthenticator } from '../../lib/models/authenticator.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+import AccountManager from '../../lib/models/account-manager.mjs'
+
+const { expect } = chai
+chai.use(sinonChai)
+chai.use(dirtyChai)
+chai.use(chaiAsPromised)
+chai.should()
+
+const host = SolidHost.from({ serverUri: 'https://example.com' })
+const accountManager = AccountManager.from({ host, multiuser: true })
+
+describe('TlsAuthenticator', () => {
+  describe('fromParams()', () => {
+    const req = {
+      connection: {}
+    }
+    const options = { accountManager }
+
+    it('should return a TlsAuthenticator instance', () => {
+      const tlsAuth = TlsAuthenticator.fromParams(req, options)
+
+      expect(tlsAuth.accountManager).to.equal(accountManager)
+      expect(tlsAuth.connection).to.equal(req.connection)
+    })
+  })
+
+  describe('findValidUser()', () => {
+    const webId = 'https://alice.example.com/#me'
+    const certificate = { uri: webId }
+    const connection = {
+      renegotiate: sinon.stub().yields(),
+      getPeerCertificate: sinon.stub().returns(certificate)
+    }
+    const options = { accountManager, connection }
+
+    const tlsAuth = new TlsAuthenticator(options)
+
+    tlsAuth.extractWebId = sinon.stub().resolves(webId)
+    sinon.spy(tlsAuth, 'renegotiateTls')
+    sinon.spy(tlsAuth, 'loadUser')
+
+    return tlsAuth.findValidUser()
+      .then(validUser => {
+        expect(tlsAuth.renegotiateTls).to.have.been.called()
+        expect(connection.getPeerCertificate).to.have.been.called()
+        expect(tlsAuth.extractWebId).to.have.been.calledWith(certificate)
+        expect(tlsAuth.loadUser).to.have.been.calledWith(webId)
+
+        expect(validUser.webId).to.equal(webId)
+      })
+  })
+
+  describe('renegotiateTls()', () => {
+    it('should reject if an error occurs while renegotiating', () => {
+      const connection = {
+        renegotiate: sinon.stub().yields(new Error('Error renegotiating'))
+      }
+
+      const tlsAuth = new TlsAuthenticator({ connection })
+
+      expect(tlsAuth.renegotiateTls()).to.be.rejectedWith(/Error renegotiating/)
+    })
+
+    it('should resolve if no error occurs', () => {
+      const connection = {
+        renegotiate: sinon.stub().yields(null)
+      }
+
+      const tlsAuth = new TlsAuthenticator({ connection })
+
+      expect(tlsAuth.renegotiateTls()).to.be.fulfilled()
+    })
+  })
+
+  describe('getCertificate()', () => {
+    it('should throw on a non-existent certificate', () => {
+      const connection = {
+        getPeerCertificate: sinon.stub().returns(null)
+      }
+
+      const tlsAuth = new TlsAuthenticator({ connection })
+
+      expect(() => tlsAuth.getCertificate()).to.throw(/No client certificate detected/)
+    })
+
+    it('should throw on an empty certificate', () => {
+      const connection = {
+        getPeerCertificate: sinon.stub().returns({})
+      }
+
+      const tlsAuth = new TlsAuthenticator({ connection })
+
+      expect(() => tlsAuth.getCertificate()).to.throw(/No client certificate detected/)
+    })
+
+    it('should return a certificate if no error occurs', () => {
+      const certificate = { uri: 'https://alice.example.com/#me' }
+      const connection = {
+        getPeerCertificate: sinon.stub().returns(certificate)
+      }
+
+      const tlsAuth = new TlsAuthenticator({ connection })
+
+      expect(tlsAuth.getCertificate()).to.equal(certificate)
+    })
+  })
+
+  describe('extractWebId()', () => {
+    it('should reject if an error occurs verifying certificate', () => {
+      const tlsAuth = new TlsAuthenticator({})
+
+      tlsAuth.verifyWebId = sinon.stub().yields(new Error('Error processing certificate'))
+
+      expect(tlsAuth.extractWebId()).to.be.rejectedWith(/Error processing certificate/)
+    })
+
+    it('should resolve with a verified web id', () => {
+      const tlsAuth = new TlsAuthenticator({})
+
+      const webId = 'https://alice.example.com/#me'
+      tlsAuth.verifyWebId = sinon.stub().yields(null, webId)
+
+      const certificate = { uri: webId }
+
+      expect(tlsAuth.extractWebId(certificate)).to.become(webId)
+    })
+  })
+
+  describe('loadUser()', () => {
+    it('should return a user instance if the webid is local', () => {
+      const tlsAuth = new TlsAuthenticator({ accountManager })
+
+      const webId = 'https://alice.example.com/#me'
+
+      const user = tlsAuth.loadUser(webId)
+
+      expect(user.username).to.equal('alice')
+      expect(user.webId).to.equal(webId)
+    })
+
+    it('should return a user instance if external user and this server is authorized provider', () => {
+      const tlsAuth = new TlsAuthenticator({ accountManager })
+
+      const externalWebId = 'https://alice.someothersite.com#me'
+
+      tlsAuth.discoverProviderFor = sinon.stub().resolves('https://example.com')
+
+      const user = tlsAuth.loadUser(externalWebId)
+
+      expect(user.username).to.equal(externalWebId)
+      expect(user.webId).to.equal(externalWebId)
+    })
+  })
+
+  describe('verifyWebId()', () => {
+    it('should yield an error if no cert is given', done => {
+      const tlsAuth = new TlsAuthenticator({})
+
+      tlsAuth.verifyWebId(null, (error) => {
+        expect(error.message).to.equal('No certificate given')
+
+        done()
+      })
+    })
+  })
+})

package/test/unit/token-service-test.mjs

@@ -0,0 +1,82 @@
+import { describe, it } from 'mocha'
+import chai from 'chai'
+import dirtyChai from 'dirty-chai'
+import TokenService from '../../lib/services/token-service.mjs'
+
+const { expect } = chai
+chai.use(dirtyChai)
+chai.should()
+
+describe('TokenService', () => {
+  describe('constructor()', () => {
+    it('should init with an empty tokens store', () => {
+      const service = new TokenService()
+
+      expect(service.tokens).to.exist()
+    })
+  })
+
+  describe('generate()', () => {
+    it('should generate a new token and return a token key', () => {
+      const service = new TokenService()
+
+      const token = service.generate('test')
+      const value = service.tokens.test[token]
+
+      expect(token).to.exist()
+      expect(value).to.have.property('exp')
+    })
+  })
+
+  describe('verify()', () => {
+    it('should return false for expired tokens', () => {
+      const service = new TokenService()
+
+      const token = service.generate('foo')
+
+      service.tokens.foo[token].exp = new Date(Date.now() - 1000)
+
+      expect(service.verify('foo', token)).to.be.false()
+    })
+
+    it('should return the token value for valid tokens', () => {
+      const service = new TokenService()
+
+      const token = service.generate('bar')
+      const value = service.verify('bar', token)
+
+      expect(value).to.exist()
+      expect(value).to.have.property('exp')
+      expect(value.exp).to.be.greaterThan(new Date())
+    })
+
+    it('should throw error for invalid token domain', () => {
+      const service = new TokenService()
+
+      const token = service.generate('valid')
+
+      expect(() => service.verify('invalid', token)).to.throw('Invalid domain for tokens: invalid')
+    })
+
+    it('should return false for non-existent tokens', () => {
+      const service = new TokenService()
+
+      // First create the domain
+      service.generate('foo')
+
+      expect(service.verify('foo', 'nonexistent')).to.be.false()
+    })
+  })
+
+  describe('remove()', () => {
+    it('should remove specific tokens', () => {
+      const service = new TokenService()
+
+      const token = service.generate('test')
+
+      service.remove('test', token)
+
+      expect(service.tokens.test).to.not.have.property(token)
+    })
+  })
+})

package/test/unit/user-account-test.mjs

@@ -0,0 +1,38 @@
+/* eslint-disable no-unused-expressions */
+import { describe, it } from 'mocha'
+import { expect } from 'chai'
+import UserAccount from '../../lib/models/user-account.mjs'
+
+describe('UserAccount', () => {
+  describe('from()', () => {
+    it('initializes the object with passed in options', () => {
+      const options = {
+        username: 'alice',
+        webId: 'https://alice.com/#me',
+        name: 'Alice',
+        email: 'alice@alice.com'
+      }
+
+      const account = UserAccount.from(options)
+      expect(account.username).to.equal(options.username)
+      expect(account.webId).to.equal(options.webId)
+      expect(account.name).to.equal(options.name)
+      expect(account.email).to.equal(options.email)
+    })
+  })
+
+  describe('id getter', () => {
+    it('should return null if webId is null', () => {
+      const account = new UserAccount()
+
+      expect(account.id).to.be.null
+    })
+
+    it('should return the WebID uri minus the protocol and slashes', () => {
+      const webId = 'https://alice.example.com/profile/card#me'
+      const account = new UserAccount({ webId })
+
+      expect(account.id).to.equal('alice.example.com/profile/card#me')
+    })
+  })
+})

package/test/unit/user-accounts-api-test.mjs

@@ -0,0 +1,59 @@
+import chai from 'chai'
+import { fileURLToPath } from 'url'
+import { dirname, join } from 'path'
+import HttpMocks from 'node-mocks-http'
+import LDP from '../../lib/ldp.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+import AccountManager from '../../lib/models/account-manager.mjs'
+import ResourceMapper from '../../lib/resource-mapper.mjs'
+
+import * as api from '../../lib/api/accounts/user-accounts.mjs'
+
+const { expect } = chai
+chai.should()
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+
+const testAccountsDir = join(__dirname, '..', '..', 'test', 'resources', 'accounts')
+
+let host
+
+beforeEach(() => {
+  host = SolidHost.from({ serverUri: 'https://example.com' })
+})
+
+describe('api/accounts/user-accounts', () => {
+  describe('newCertificate()', () => {
+    describe('in multi user mode', () => {
+      const multiuser = true
+      const resourceMapper = new ResourceMapper({
+        rootUrl: 'https://localhost:8443/',
+        includeHost: multiuser,
+        rootPath: testAccountsDir
+      })
+      const store = new LDP({ multiuser, resourceMapper })
+
+      it('should throw a 400 error if spkac param is missing', done => {
+        const options = { host, store, multiuser, authMethod: 'oidc' }
+        const accountManager = AccountManager.from(options)
+
+        const req = {
+          body: {
+            webid: 'https://alice.example.com/#me'
+          },
+          session: { userId: 'https://alice.example.com/#me' },
+          get: () => { return 'https://example.com' }
+        }
+        const res = HttpMocks.createResponse()
+
+        const newCertificate = api.newCertificate(accountManager)
+
+        newCertificate(req, res, (err) => {
+          expect(err.status).to.equal(400)
+          expect(err.message).to.equal('Missing spkac parameter')
+          done()
+        })
+      })
+    })
+  })
+})

package/test/unit/user-utils-test.mjs

@@ -0,0 +1,64 @@
+import * as userUtils from '../../lib/common/user-utils.mjs'
+import $rdf from 'rdflib'
+import chai from 'chai'
+
+const { expect } = chai
+
+describe('user-utils', () => {
+  describe('getName', () => {
+    let ldp
+    const webId = 'http://test#me'
+    const name = 'NAME'
+
+    beforeEach(() => {
+      const store = $rdf.graph()
+      store.add($rdf.sym(webId), $rdf.sym('http://www.w3.org/2006/vcard/ns#fn'), $rdf.lit(name))
+      ldp = { fetchGraph: () => Promise.resolve(store) }
+    })
+
+    it('should return name from graph', async () => {
+      const returnedName = await userUtils.getName(webId, ldp.fetchGraph)
+      expect(returnedName).to.equal(name)
+    })
+  })
+
+  describe('getWebId', () => {
+    let fetchGraph
+    const webId = 'https://test.localhost:8443/profile/card#me'
+    const suffixMeta = '.meta'
+
+    beforeEach(() => {
+      fetchGraph = () => Promise.resolve(`<${webId}> <http://www.w3.org/ns/solid/terms#account> </>.`)
+    })
+
+    it('should return webId from meta file', async () => {
+      const returnedWebId = await userUtils.getWebId('foo', 'https://bar/', suffixMeta, fetchGraph)
+      expect(returnedWebId).to.equal(webId)
+    })
+  })
+
+  describe('isValidUsername', () => {
+    it('should accect valid usernames', () => {
+      const usernames = [
+        'foo',
+        'bar'
+      ]
+      const validUsernames = usernames.filter(username => userUtils.isValidUsername(username))
+      expect(validUsernames.length).to.equal(usernames.length)
+    })
+
+    it('should not accect invalid usernames', () => {
+      const usernames = [
+        '-',
+        '-a',
+        'a-',
+        '9-',
+        'alice--bob',
+        'alice bob',
+        'alice.bob'
+      ]
+      const validUsernames = usernames.filter(username => userUtils.isValidUsername(username))
+      expect(validUsernames.length).to.equal(0)
+    })
+  })
+})

package/test/unit/utils-test.mjs

@@ -0,0 +1,114 @@
+import { describe, it } from 'mocha'
+import { assert } from 'chai'
+import fetch from 'node-fetch'
+
+import * as utils from '../../lib/utils.mjs'
+const { Headers } = fetch
+
+const {
+  pathBasename,
+  stripLineEndings,
+  debrack,
+  fullUrlForReq,
+  getContentType
+} = utils
+
+describe('Utility functions', function () {
+  describe('pathBasename', function () {
+    it('should return bar as relative path for /foo/bar', function () {
+      assert.equal(pathBasename('/foo/bar'), 'bar')
+    })
+    it('should return empty as relative path for /foo/', function () {
+      assert.equal(pathBasename('/foo/'), '')
+    })
+    it('should return empty as relative path for /', function () {
+      assert.equal(pathBasename('/'), '')
+    })
+    it('should return empty as relative path for empty path', function () {
+      assert.equal(pathBasename(''), '')
+    })
+    it('should return empty as relative path for undefined path', function () {
+      assert.equal(pathBasename(undefined), '')
+    })
+  })
+
+  describe('stripLineEndings()', () => {
+    it('should pass through falsy string arguments', () => {
+      assert.equal(stripLineEndings(''), '')
+      assert.equal(stripLineEndings(null), null)
+      assert.equal(stripLineEndings(undefined), undefined)
+    })
+
+    it('should remove line-endings characters', () => {
+      let str = '123\n456'
+      assert.equal(stripLineEndings(str), '123456')
+
+      str = `123
+456`
+      assert.equal(stripLineEndings(str), '123456')
+    })
+  })
+
+  describe('debrack()', () => {
+    it('should return null if no string is passed', () => {
+      assert.equal(debrack(), null)
+    })
+
+    it('should return the string if no brackets are present', () => {
+      assert.equal(debrack('test string'), 'test string')
+    })
+
+    it('should return the string if less than 2 chars long', () => {
+      assert.equal(debrack(''), '')
+      assert.equal(debrack('<'), '<')
+    })
+
+    it('should remove brackets if wrapping the string', () => {
+      assert.equal(debrack('<test string>'), 'test string')
+    })
+  })
+
+  describe('fullUrlForReq()', () => {
+    it('should extract a fully-qualified url from an Express request', () => {
+      const req = {
+        protocol: 'https:',
+        get: (host) => 'example.com',
+        baseUrl: '/',
+        path: '/resource1',
+        query: { sort: 'desc' }
+      }
+
+      assert.equal(fullUrlForReq(req), 'https://example.com/resource1?sort=desc')
+    })
+  })
+
+  describe('getContentType()', () => {
+    describe('for Express headers', () => {
+      it('should not default', () => {
+        assert.equal(getContentType({}), '')
+      })
+
+      it('should get a basic content type', () => {
+        assert.equal(getContentType({ 'content-type': 'text/html' }), 'text/html')
+      })
+
+      it('should get a content type without its charset', () => {
+        assert.equal(getContentType({ 'content-type': 'text/html; charset=us-ascii' }), 'text/html')
+      })
+    })
+
+    describe('for Fetch API headers', () => {
+      it('should not default', () => {
+        assert.equal(getContentType(new Headers({})), '')
+      })
+
+      it('should get a basic content type', () => {
+        assert.equal(getContentType(new Headers({ 'content-type': 'text/html' })), 'text/html')
+      })
+
+      it('should get a content type without its charset', () => {
+        assert.equal(getContentType(new Headers({ 'content-type': 'text/html; charset=us-ascii' })), 'text/html')
+      })
+    })
+  })
+})