solid-server 5.8.7 → 5.8.8-22f4cfec

package/test/integration/www-account-creation-oidc-test.mjs

@@ -0,0 +1,311 @@
+/* eslint-disable no-unused-expressions */
+import supertest from 'supertest'
+import rdf from 'rdflib'
+import ldnode from '../../index.mjs'
+import path from 'path'
+import { fileURLToPath } from 'url'
+import fs from 'fs-extra'
+import { rm, read, checkDnsSettings, cleanDir } from '../utils/index.mjs'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+const $rdf = rdf
+
+// FIXME: #1502
+describe('AccountManager (OIDC account creation tests)', function () {
+  const port = 7457
+  const serverUri = `https://localhost:${port}`
+  const host = `localhost:${port}`
+  const root = path.normalize(path.join(__dirname, '../resources/accounts/'))
+  const configPath = path.normalize(path.join(__dirname, '../resources/config'))
+  const dbPath = path.normalize(path.join(__dirname, '../resources/accounts/db'))
+
+  let ldpHttpsServer
+
+  const ldp = ldnode.createServer({
+    root,
+    configPath,
+    sslKey: path.normalize(path.join(__dirname, '../keys/key.pem')),
+    sslCert: path.normalize(path.join(__dirname, '../keys/cert.pem')),
+    auth: 'oidc',
+    webid: true,
+    multiuser: true,
+    strictOrigin: true,
+    dbPath,
+    serverUri,
+    enforceToc: true
+  })
+
+  before(checkDnsSettings)
+
+  before(function (done) {
+    ldpHttpsServer = ldp.listen(port, done)
+  })
+
+  after(function () {
+    if (ldpHttpsServer) ldpHttpsServer.close()
+    fs.removeSync(path.join(dbPath, 'oidc/users/users'))
+    cleanDir(path.join(root, 'localhost'))
+  })
+
+  const server = supertest(serverUri)
+
+  it('should expect a 404 on GET /accounts', function (done) {
+    server.get('/api/accounts')
+      .expect(404, done)
+  })
+
+  describe('accessing accounts', function () {
+    it('should be able to access public file of an account', function (done) {
+      const subdomain = supertest('https://tim.' + host)
+      subdomain.get('/hello.html')
+        .expect(200, done)
+    })
+    it('should get 404 if root does not exist', function (done) {
+      const subdomain = supertest('https://nicola.' + host)
+      subdomain.get('/')
+        .set('Accept', 'text/turtle')
+        .set('Origin', 'http://example.com')
+        .expect(404)
+        .expect('Access-Control-Allow-Origin', 'http://example.com')
+        .expect('Access-Control-Allow-Credentials', 'true')
+        .end(function (err, res) {
+          done(err)
+        })
+    })
+  })
+
+  describe('creating an account with POST', function () {
+    beforeEach(function () {
+      rm('accounts/nicola.localhost')
+    })
+
+    after(function () {
+      rm('accounts/nicola.localhost')
+    })
+
+    it('should not create WebID if no username is given', (done) => {
+      const subdomain = supertest('https://' + host)
+      subdomain.post('/api/accounts/new')
+        .send('username=&password=12345')
+        .expect(400, done)
+    })
+
+    it('should not create WebID if no password is given', (done) => {
+      const subdomain = supertest('https://' + host)
+      subdomain.post('/api/accounts/new')
+        .send('username=nicola&password=')
+        .expect(400, done)
+    })
+
+    it('should not create a WebID if it already exists', function (done) {
+      const subdomain = supertest('https://' + host)
+      subdomain.post('/api/accounts/new')
+        .send('username=nicola&password=12345&acceptToc=true')
+        .expect(302)
+        .end((err, res) => {
+          if (err) {
+            return done(err)
+          }
+          subdomain.post('/api/accounts/new')
+            .send('username=nicola&password=12345&acceptToc=true')
+            .expect(400)
+            .end((err) => {
+              done(err)
+            })
+        })
+    })
+
+    it('should not create WebID if T&C is not accepted', (done) => {
+      const subdomain = supertest('https://' + host)
+      subdomain.post('/api/accounts/new')
+        .send('username=nicola&password=12345&acceptToc=')
+        .expect(400, done)
+    })
+
+    it('should create the default folders', function (done) {
+      const subdomain = supertest('https://' + host)
+      subdomain.post('/api/accounts/new')
+        .send('username=nicola&password=12345&acceptToc=true')
+        .expect(302)
+        .end(function (err) {
+          if (err) {
+            return done(err)
+          }
+          const domain = host.split(':')[0]
+          const card = read(path.normalize(path.join('accounts/nicola.' + domain,
+            'profile/card$.ttl')))
+          const cardAcl = read(path.normalize(path.join('accounts/nicola.' + domain,
+            'profile/.acl')))
+          const prefs = read(path.normalize(path.join('accounts/nicola.' + domain,
+            'settings/prefs.ttl')))
+          const inboxAcl = read(path.normalize(path.join('accounts/nicola.' + domain,
+            'inbox/.acl')))
+          const rootMeta = read(path.normalize(path.join('accounts/nicola.' + domain, '.meta')))
+          const rootMetaAcl = read(path.normalize(path.join('accounts/nicola.' + domain,
+            '.meta.acl')))
+
+          if (domain && card && cardAcl && prefs && inboxAcl && rootMeta &&
+            rootMetaAcl) {
+            done()
+          } else {
+            done(new Error('failed to create default files'))
+          }
+        })
+    }).timeout(20000)
+
+    it('should link WebID to the root account', function (done) {
+      const domain = supertest('https://' + host)
+      domain.post('/api/accounts/new')
+        .send('username=nicola&password=12345&acceptToc=true')
+        .expect(302)
+        .end(function (err) {
+          if (err) {
+            return done(err)
+          }
+          const subdomain = supertest('https://nicola.' + host)
+          subdomain.get('/.meta')
+            .expect(200)
+            .end(function (err, data) {
+              if (err) {
+                return done(err)
+              }
+              const graph = $rdf.graph()
+              $rdf.parse(
+                data.text,
+                graph,
+                'https://nicola.' + host + '/.meta',
+                'text/turtle')
+              const statements = graph.statementsMatching(
+                undefined,
+                $rdf.sym('http://www.w3.org/ns/solid/terms#account'),
+                undefined)
+              if (statements.length === 1) {
+                done()
+              } else {
+                done(new Error('missing link to WebID of account'))
+              }
+            })
+        })
+    }).timeout(20000)
+
+    describe('after setting up account', () => {
+      beforeEach(done => {
+        const subdomain = supertest('https://' + host)
+        subdomain.post('/api/accounts/new')
+          .send('username=nicola&password=12345&acceptToc=true')
+          .end(done)
+      })
+
+      it('should create a private settings container', function (done) {
+        const subdomain = supertest('https://nicola.' + host)
+        subdomain.head('/settings/')
+          .expect(401)
+          .end(function (err) {
+            done(err)
+          })
+      })
+
+      it('should create a private prefs file in the settings container', function (done) {
+        const subdomain = supertest('https://nicola.' + host)
+        subdomain.head('/inbox/prefs.ttl')
+          .expect(401)
+          .end(function (err) {
+            done(err)
+          })
+      })
+
+      it('should create a private inbox container', function (done) {
+        const subdomain = supertest('https://nicola.' + host)
+        subdomain.head('/inbox/')
+          .expect(401)
+          .end(function (err) {
+            done(err)
+          })
+      })
+    })
+  })
+})
+
+// FIXME: #1502
+describe('Single User signup page', () => {
+  const serverUri = 'https://localhost:7457'
+  const port = 7457
+  let ldpHttpsServer
+  rm('resources/accounts/single-user/')
+  const rootDir = path.normalize(path.join(__dirname, '../resources/accounts/single-user/'))
+  const configPath = path.normalize(path.join(__dirname, '../resources/config'))
+  const ldp = ldnode.createServer({
+    port,
+    root: rootDir,
+    configPath,
+    sslKey: path.normalize(path.join(__dirname, '../keys/key.pem')),
+    sslCert: path.normalize(path.join(__dirname, '../keys/cert.pem')),
+    webid: true,
+    multiuser: false,
+    strictOrigin: true
+  })
+  const server = supertest(serverUri)
+
+  before(function (done) {
+    ldpHttpsServer = ldp.listen(port, () => server.post('/api/accounts/new')
+      .send('username=foo&password=12345&acceptToc=true')
+      .end(done))
+  })
+
+  after(function () {
+    if (ldpHttpsServer) ldpHttpsServer.close()
+    fs.removeSync(rootDir)
+  })
+
+  it('should return a 406 not acceptable without accept text/html', done => {
+    server.get('/')
+      .set('accept', 'text/plain')
+      .expect(406)
+      .end(done)
+  })
+})
+
+// FIXME: #1502
+describe('Signup page where Terms & Conditions are not being enforced', () => {
+  const port = 3457
+  const host = `localhost:${port}`
+  const root = path.normalize(path.join(__dirname, '../resources/accounts/'))
+  const configPath = path.normalize(path.join(__dirname, '../resources/config'))
+  const dbPath = path.normalize(path.join(__dirname, '../resources/accounts/db'))
+  const ldp = ldnode.createServer({
+    port,
+    root,
+    configPath,
+    sslKey: path.normalize(path.join(__dirname, '../keys/key.pem')),
+    sslCert: path.normalize(path.join(__dirname, '../keys/cert.pem')),
+    auth: 'oidc',
+    webid: true,
+    multiuser: true,
+    strictOrigin: true,
+    enforceToc: false
+  })
+  let ldpHttpsServer
+
+  before(function (done) {
+    ldpHttpsServer = ldp.listen(port, done)
+  })
+
+  after(function () {
+    if (ldpHttpsServer) ldpHttpsServer.close()
+    fs.removeSync(path.join(dbPath, 'oidc/users/users'))
+    cleanDir(path.join(root, 'localhost'))
+    rm('accounts/nicola.localhost')
+  })
+
+  beforeEach(function () {
+    rm('accounts/nicola.localhost')
+  })
+
+  it('should not enforce T&C upon creating account', function (done) {
+    const subdomain = supertest('https://' + host)
+    subdomain.post('/api/accounts/new')
+      .send('username=nicola&password=12345')
+      .expect(302, done)
+  })
+})

package/test/keys/cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIJALcFbDEc4HZSMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMCyoubG9jYWxob3N0MB4XDTE2MDExMDAy
+MjU0OVoXDTI2MDEwNzAyMjU0OVowWzELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNv
+bWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIG
+A1UEAwwLKi5sb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDXAYXG39aEz6p7CLP7qgqWEy4uGlgecA3Z6RbpQW1OJELPFf4h+R/CezF7kKTi
+SEXPRq30y6NgJzW0VI9Vz78d1YDoFD4JaRtgTAAVtk35VKq7WsTC4PFJ6sY8JUOX
+rrSxIy74mMGkBsZpdM6HDcGfP+uvptPTWzB4pAnojsJVEgCjHGhyDsm/KzaudOoG
+f5ItLmiXxwhAklHpJRjvTpkDp48hhv88gkzoOB+Xs3R65bU3rbupKAufkTLtYVWD
+k2a70F0RK8BgkJmu5iM7hmBmZ6NAyqUUd52PLKtpPPZfU9bTu9KXSiJogPfzSz3K
+0sMxQXnVVi/IcOBiD2QrmIxhAgMBAAGjUDBOMB0GA1UdDgQWBBQurZ2WGwLpPmLj
+NGvA6pnUv8wQRzAfBgNVHSMEGDAWgBQurZ2WGwLpPmLjNGvA6pnUv8wQRzAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB3C3pYHpiIM1k/Cc0MKdnkLiCS
+ZvaLj1pqJ5p5CnuQ7XqlM5tusBLUf8NMtIJZGYqJvIjGFM1Nkc8k2SCd0V4AkT/N
+jD8peuXZGxaKE8sj0U3yv+dAlMqfMS5RfnzY6+ns+n911tl6KDBptHC+ZwjMaOLm
+IYbkuyZkwgTY7OdXJnAePxCrdHKcpIPvd/2N95IXGxE81u8OEXUm7vKYfQ6fBitY
+mem3BzWBSGrX2R7DflCF5VNCurit4OpCa7+n6OaN6OxEjkxS2Q+dsPhpK2/z9bK8
+RifxUk7xu8wNgt3pSHkmj4c9OexEtaXgpF1N+gzRUyjUOi0xP/Y8Qh/2dA+1
+-----END CERTIFICATE-----

package/test/keys/client-cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIEC3cqETANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJV
+UzETMBEGA1UECAwKU29tZS1TdGF0ZTEOMAwGA1UECgwFV2ViSUQxDjAMBgNVBAMM
+BVdlYklEMB4XDTE0MDkwNjE1NDk0OFoXDTE1MDkwMTE1NDk0OFowQzELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAMBgNVBAoMBVdlYklEMQ8wDQYD
+VQQDEwZNYXJ0aW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6+jdf
+x9ciAyh6Fwk8x2863DBMwM2rgo1aTd9p/EtKwS0QEjGmsfxNcuhuEs4viegYkA+E
+NYMnzpbVSmpkrW/4B+AdpjqSCg52lE+97VsgEsjydpcr0F56DFXZREoUSxv6aGjK
+JvuV3Xwutt86ZPmY2hI8ibhrkYYVLjW4NUUa/Kz4y7Sat+JjpKLeygRl9pmFDZqn
+dnkaigfO+l4ADOKBvnqvZmuySyiCfA8UQLTTi2Xu9R5FYp4muYGf/WUL4/X38Cy9
+pn4aZsg5wlJIxdMv8mrNOkw0+UMuB3w1qlBdpNxP+ssvzm51rbaSKAUiC7kjDqV5
+IVekpPPsaYcNgmOtAgMBAAGjgYEwfzAJBgNVHRMEAjAAMDIGA1UdEQQrMCmGJ2h0
+dHBzOi8vbWFydGlubXIucnd3LmlvL3Byb2ZpbGUvY2FyZCNtZTAdBgNVHQ4EFgQU
+FKH1bXMdGeDQ+eg2r8XRb0OHR6AwHwYDVR0jBBgwFoAUPeiGwB03YrZL1o9JV66Y
+7fia1IIwDQYJKoZIhvcNAQEFBQADgYEAUpj/YkL8CRotpodm5CPQpT2wUwnNiDWr
+lUwystTT4mo+42d8mt3hxArNtSRkxvEFHK73m9vfbfNkazejawGnf9EO8MdH+XYF
+q0jQqtjkDodsFX5R79G/p7qs/FAPv5t4W9NSKB50A9qqcAfsHigT3E7smfO3CdVC
+fQ6/1y6YiXQ=
+-----END CERTIFICATE-----

package/test/keys/client-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAuvo3X8fXIgMoehcJPMdvOtwwTMDNq4KNWk3fafxLSsEtEBIx
+prH8TXLobhLOL4noGJAPhDWDJ86W1UpqZK1v+AfgHaY6kgoOdpRPve1bIBLI8naX
+K9BeegxV2URKFEsb+mhoyib7ld18LrbfOmT5mNoSPIm4a5GGFS41uDVFGvys+Mu0
+mrfiY6Si3soEZfaZhQ2ap3Z5GooHzvpeAAzigb56r2ZrsksognwPFEC004tl7vUe
+RWKeJrmBn/1lC+P19/AsvaZ+GmbIOcJSSMXTL/JqzTpMNPlDLgd8NapQXaTcT/rL
+L85uda22kigFIgu5Iw6leSFXpKTz7GmHDYJjrQIDAQABAoIBAQCpCDFtPm2HixFZ
+pl+seaNds9daW+bTCVgebk3uM64ha5gAcmI+j6NGpP3pHMkXgvW21u2gGPxzzTjg
+o8ChOYYC1aPPSgqjIcJHgva//ccmrLTLNVievGXcsjAeFbVeuTQW4bLyJeHFbxCn
+7pzJ3qUigOqBngOCA3ISzc60tDvAE2fsVQCBf6Smb+KzoYhXsL/BPUHATGL23r+Y
+HPHYHEjKUXdpWUGTfIOo35+n4fH2PBvPFN+vtexyNJqviDx3E55Bj/ocLSpBY9xc
+KLipB8i0melG5GxUFkQM3llYqiCiYA1c1Vu++YH+sgoLlzB7VydXJr+SNoyxB7uk
+jgHl+76FAoGBAN63BXsMa1jIegz8ebfMamD/8IhkQb4IxrMMd9TUxCL9LWGPrirb
+ZHfZCZ96TtLuljutiX/8uvWMCnJPvrI22LZ5rm41PyFRXMP5+DOd43DOo1gKwPG9
+wfCQHWtmUcUKWelJV5wzb4UzPgYu7oBaHXDzFSgK1nb/rhD56Ik5VHMbAoGBANbr
+5H5OyRdJsqmtApaK03hr9iqCTJBLtjX6dXYCjyc3eOgYdBQbOh8g0bJHeULQyHpq
+e7OgYjrU1HLwkVTTUuiagpf6EWjLhNFGh588nhSr5vHQTnexv6nip1iHMHDT1QL7
+xYcfOe7fGUofTbSg1kAj/O9WoXkUJda44/1o5KjXAoGBAJVO3b3Adbbvr+NE39T4
+ldixvO+zRt+/wnYGxc9JVLSgRuxBBuJ0csZmGq1vsah3iwA3Nxc2t6AmYlqAW7fe
+TSsIKIh56fjMMwSvcFYqY3AdGCTOEMwACyTbeN2nmuoeJmjfYny1fu4tjEdY70vd
+Hh+611Qg7+aXQnrfD6XvaU5BAoGASLNpCpTqDxed+SmOG5CAclbK4ZxL+++whlff
+zfiVpiVsn85NzdNb+NWoOY9V5JUti8NjbuLM96uw5eSctL37aLWDgZdUtkdJ+WTL
+UcE2lDWGHLxjHrgg5n3GL/sjFreBcc3rBoc4mKYdLuah6X0SnIXP9MIwQv3ewuCu
+NrV5y+cCgYEAwIBUkAC7uQO+BK+jlC0hIGYLlMqTu4JwRNCJ5ICyWBNarYsMJZDT
+Tf94gclKf+TtheS0QUK3KyY7Tpp05dbeHi7aQNZTag7lUsEdDOKiSgZilzs2MOek
+4hWWYVAOXeGI0sa30/9RETCQz04knWVzi4v6OSlR8HY7UThxO56mw78=
+-----END RSA PRIVATE KEY-----

package/test/keys/key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA1wGFxt/WhM+qewiz+6oKlhMuLhpYHnAN2ekW6UFtTiRCzxX+
+Ifkfwnsxe5Ck4khFz0at9MujYCc1tFSPVc+/HdWA6BQ+CWkbYEwAFbZN+VSqu1rE
+wuDxSerGPCVDl660sSMu+JjBpAbGaXTOhw3Bnz/rr6bT01sweKQJ6I7CVRIAoxxo
+cg7Jvys2rnTqBn+SLS5ol8cIQJJR6SUY706ZA6ePIYb/PIJM6Dgfl7N0euW1N627
+qSgLn5Ey7WFVg5Nmu9BdESvAYJCZruYjO4ZgZmejQMqlFHedjyyraTz2X1PW07vS
+l0oiaID380s9ytLDMUF51VYvyHDgYg9kK5iMYQIDAQABAoIBAQCjdpLgyplry/7P
+H6TG91apFtgLURghvAur2t0CZi3WNRdeHlhiN+d/ku3iBex15YC9v/zNmm0R032v
+JoL7OMESy5n/2DP6L6ESq3V9DGdn4okTfEUP7LlF+2rPm30yOy9BZYB2nJzMOiJr
+VtUWNM06Z/ymRO3TSQcnEYA/ARqaVXpN1TMLI/kYkPZ9/QxaxoC/t9Pty93eVepW
+H3WqIecYvOw8iCOUKQQVAOWqYUrBA+3RR6fe3n3RmmX7vgyVJIrfMszyKH5D8jmz
+ssSPtH3evVhHQwT1C/xshZxXWGPcw0T8Jec3ydESKMdu4SOk1O8WAG7GQwXnUdJD
+OzoqQNKJAoGBAPdU0yIR/Foi7/DvaIIaRyFpyAdL27ZgZxfEDe0XqTR1qNEnWHQ1
+Rp1kxfzxDo+1Op3VVjPTkRHSuSU/aUWFLfXNDY6BsopQC1t57g3tEr0yithZxJX3
+3MdIz3wp4GKZmlYHNnXVONh1eonEBt4HWDkkMpTCzlGdgX/nubAYb1x3AoGBAN6K
+qKupZQVjETKzTj2wtYo++8f5UD1if1dOqtMiQrVW4tahsgAT8PLhmPwMc5BtWDvO
+NZLWRB5phxKCKcukvqe8D+J1rIayN6HKKRECPcON/COB14Tcf/K0jQDmH4hz7HuC
+h+n6u6gTTVMxJQUhrHBTcxmb2MSe05VE8c46tQvnAoGBAIjYmR0/wFWLASFZBYT+
+zx5wrelDkqR9AG2I33+wWMGa3DYlQ+7AT3rkeBt0sO7Ygj8z+8cfJyQqaKBwTmnV
+v1FCDF8t6cBXe4E4nHt+EaE3JtWADaJAixqEcbCsZueHP3qb8QkPWa2CirNRD8+n
+Vqv/GDFw+8DymeVQLFB/pJYPAoGBAKC3fuzKX1yumSMGf4Dp95GpvuhC04Ihelmx
+RIlKeua/ov7is8x+mkquRm/xBhzN+yTl3ab3+yYDjDr/qfOaPN6iYM5psXlth+Pe
+Ph48giKSjf+Oq/kVzYmYfyShDTDcl3LzZ/jAzXmqxvNH0LaOBRzyB3P9K2WEVsW8
+ju0jVNENAoGAS1ycNPlS3McBwGx40hvQpsiEc1mQQUKzwU18x1WF/iHtWS0Owx17
+8T0uvqPO6tjLU1fgZrVUoF5NJkrpaBYzxWbXEoI45w1637HLLAu5zOeO1dHCLb2j
+cu7AKs0kWiK5+5m9PEQOuHxyDcEBLyF64iAZxcogpZBz0Mm9eWtSF3U=
+-----END RSA PRIVATE KEY-----

package/test/keys/user1-cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0zCCArugAwIBAgIJAJIyT436cY6uMA0GCSqGSIb3DQEBBQUAMGAxIjAgBgNV
+BAMTGVdlYklEIGZvciBUaW0gQmVybmVycy1MZWUxOjA4BgoJkiaJk/IsZAEBFCpo
+dHRwczovL3RpbS5sb2NhbGhvc3Q6Nzc3Ny9wcm9maWxlL2NhcmQjbWUwHhcNMTkx
+MDI0MTgyMzUyWhcNMjkxMDIxMTgyMzUyWjBgMSIwIAYDVQQDExlXZWJJRCBmb3Ig
+VGltIEJlcm5lcnMtTGVlMTowOAYKCZImiZPyLGQBARQqaHR0cHM6Ly90aW0ubG9j
+YWxob3N0Ojc3NzcvcHJvZmlsZS9jYXJkI21lMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAtVinQ0UG3k3P0G/rQiH8hzTdpyeHePZXZHEx4fTXiIrPgDyY
+oLxzzzl3A6VQ+zCV0SQ17npauEGQzVXg+QhOwRUbH4rfOoT6CrYmcnhrmkiGAqfY
+HO2I5DsJAyiLtuTmMPBVkLgDuhs0eOR0jsjbBE1AJ809i4Nngu5vYSNhf3rZz/qU
+ZEvvWDnb50EQJrAGeWndNl/+EohENPKlpFmBedgttwJGc/skuNpAwBta+F03EdO8
+6V2Z+qDQKdyG1VvXVF5SVB9jPOXkWLQrTTyjcyyE8Sx62ZXxDlsYvQAGd27Iuw4E
+emmST8jxvjob8mC5Pb1KAhAK7EIbMIUAP456TwIDAQABo4GPMIGMMB0GA1UdDgQW
+BBSKeuVdr8beU5Y6NkeggCSCtlZZrDA4BgNVHREBAf8ELjAshipodHRwczovL3Rp
+bS5sb2NhbGhvc3Q6Nzc3Ny9wcm9maWxlL2NhcmQjbWUwCQYDVR0TBAIwADATBgNV
+HSUEDDAKBggrBgEFBQcDAjARBglghkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQEF
+BQADggEBACH7beIj0OFsq6FwkthagI53cxPhjIxFOYdy8G5mN/JcCyL0xemJm5Fz
+HEXKv/QhFdbX6NCCal/d+2r566fRf1C/8sY/Cx4yKqYaZ/ZZeH/q3IlfQSyEZEJy
+XLARCG9WzeXHJsL6u/lN/rcrI3ylUb9qAAzlNWyg3xtb58ieUSUjuO0fOfKMu+LJ
+VGPpMyhtjwBhelJ32l6ffHpnyzj6v14QxTEGWQpLvtX1iUDExNbHcm8khlbEgGzG
+Zyrojk0cHg3tH4nmBei7QvuLOiDaBs2N5ITTETwExiWD2CUPCiYO0DMr0oljN/nS
+KRRJsj1QOjM4/A46RjXWhmvx7RTXQdM=
+-----END CERTIFICATE-----

package/test/keys/user1-key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1WKdDRQbeTc/Q
+b+tCIfyHNN2nJ4d49ldkcTHh9NeIis+APJigvHPPOXcDpVD7MJXRJDXuelq4QZDN
+VeD5CE7BFRsfit86hPoKtiZyeGuaSIYCp9gc7YjkOwkDKIu25OYw8FWQuAO6GzR4
+5HSOyNsETUAnzT2Lg2eC7m9hI2F/etnP+pRkS+9YOdvnQRAmsAZ5ad02X/4SiEQ0
+8qWkWYF52C23AkZz+yS42kDAG1r4XTcR07zpXZn6oNAp3IbVW9dUXlJUH2M85eRY
+tCtNPKNzLITxLHrZlfEOWxi9AAZ3bsi7DgR6aZJPyPG+OhvyYLk9vUoCEArsQhsw
+hQA/jnpPAgMBAAECggEBAKEUhzYciTZLfa1SzHCoyau7jKseVJpgjk38sedYWV7C
+lf/9U0FrQ58tFwcY/+6vQFROSs1yx0RlkN6jSrtJ4tJlEfuZmiFb3tJG663AQyv/
+AXI4bqF7aJ35xk6U5E1n0wRjZk2u9jiIU7qSiuoNhWWzzKnOB7310aseabap+7+D
++/gTd4rrJUCM3K4BMCLmtGUKSh/F2EpIyGM2qQC7zhsvj/F1W3V6n2UhxyNs/2dn
+MS34ddmuYRTUt4qbOXeRt2duKFGHmlBhey0Q+/hdE74zV7n2Rq92UvSitP3me5al
+RPpgTZ4NFa4w0rshvzbWXKBJWRj2bBk5aumx9ZWlimECgYEA4NQ7MIVpsBGwFiss
+JqD4eBr+7lRRxe0+oUtYdHkoC5iGnRQACQyKjk7/5kZRWEvix9SsnhJ5YZ/GWpEl
+T8FR/tCjVyOMyuNfQJ2RQ/sPcVVUys4/CCTg4UROJygpP4fz46mHysL9mREA9rFK
+QWprKAZEBYi+Rv0Q9hJNRMaxDd8CgYEAzn0bVVSQ6pmqk+s1GRG62UHlXyDRn7kH
+0XvK/wQqO0A1QJzdKefXgZL6m+PI7wuYvrL9PzSYb8THwAnWWIKTqeK+T7Nb4Dzx
+MSgj2DNLzGpbXdC8TlNJRytAzoVN7dhiXuyfWWZjQRe8l1NMD9h1wIqROWG152GC
+xgA8MddAQZECgYBsPqIUtVbyF0IBGl4SZxPZt52fn2cTdSrfO0hmI2LdWl0NSXDO
+6oPXCj/4XUiSy05vSXymSly4XNWCCzm8kWXp2geaT5pcoGXe1T34TercdOnzDqOY
+RzEiI+HAxnw9gzYwGRIw0/qG9IHTQ/5tSlA3H/Ul+PUrdnHxF1SuVT8vXwKBgAQO
+4WKj7tUtf/S4QqrjdlCewutDsdr5v/WWAT9RzaKseF90tcQFEm8xfEtkBqbsC2x0
+CBYd6oEH1QUpLFVA+7XzBtp6I+wcRoE40LuHBo5V6MXHPGwtptsHNpbYd9ec0RIc
+hGU1Ze35kXNH587H6kiGcKQ4D2Mkv3U0u/oeyNyBAoGAfUJI8H63XOar6TXs0Ug4
+IW34WrdC8BM4cz342rXKusS6+o15wnI8kAyVkSEx54W/cK5QaIUIQNGia74UlGhq
+wqGyBxn3ahZPZhu0eOE2PHIDcxS+09d87bNjpUjMcysORJV2u9klyVMc5ornV6aO
+cpKHUgbAsaKX3NgPiLrgxFQ=
+-----END PRIVATE KEY-----

package/test/keys/user2-cert.pem

@@ -0,0 +1,23 @@
+Bag Attributes
+    friendlyName: user2 [on user2.databox.me]'s WebID ID
+    localKeyID: A4 46 1F 69 0A FB 44 4A 65 49 A9 4E 01 AC ED 57 98 90 97 37 
+subject=/O=WebID/CN=user2 [on user2.databox.me]
+issuer=/O=WebID/CN=user2 [on user2.databox.me]
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAlSgAwIBAgIBKjALBgkqhkiG9w0BAQswNjEOMAwGA1UEChMFV2ViSUQx
+JDAiBgNVBAMMG3VzZXIyIFtvbiB1c2VyMi5kYXRhYm94Lm1lXTAeFw0wMDAxMDEw
+MDAwMDBaFw00OTEyMzEyMzU5NTlaMDYxDjAMBgNVBAoTBVdlYklEMSQwIgYDVQQD
+DBt1c2VyMiBbb24gdXNlcjIuZGF0YWJveC5tZV0wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDLOMg2TuQ7Hb9JxQaaDwJmEKE8YNiLN1F0vA59Xq5dwLzR
+l10fJunavKMWq/E10G4QpmUcXhQgRV2T1yUA/X8fvffQrIGSqXEImPxf70zOuPB8
+SkOC2DuY2agVMM+Zr9sYlzPEcqYKF1VDCUKPXtmqS7MemeyMMJjdAaEKV3p9auxM
+A54JB2DgiBcXK+Hh0pw1TifD29yBPkRTPUDe28zTXfCQCfCKGkYWRd0ExKERp4TO
+00/FSx6IiS9yqkKOjqlo+1tXCqPfToACAvKSN5wQU0T5yNRpV8rSEoUeeRYH473e
+W3Jp8c9A9nO//BYBJXdvuNy+fjuAWjzbIH/apAZJAgMBAAGjgYYwgYMwDAYDVR0T
+AQH/BAIwADAdBgNVHQ4EFgQUMIIBIjANBgkqhkiG9w0BAQEFAAMwHwYDVR0jBBgw
+FoAUMIIBIjANBgkqhkiG9w0BAQEFAAMwMwYDVR0RBCwwKoYoaHR0cHM6Ly91c2Vy
+Mi5kYXRhYm94Lm1lL3Byb2ZpbGUvY2FyZCNtZTALBgkqhkiG9w0BAQsDgYEAB7ZM
+UsOgkIQZFi2AsvzDWlIApAve12jyEWVL5d9RKQp1au8cNSM6M3KY1BqowiaRCW+L
+4ac1C8Ra20qcBXNHShNWU9KDhB/3dwHCfFP7CQttMI/nAK0gyvs4zfUVVA5RqAMt
+sKD2YvmKfxSqgic/txA5Hor+FL2PNrcIcErJCmk=
+-----END CERTIFICATE-----

package/test/keys/user2-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyzjINk7kOx2/ScUGmg8CZhChPGDYizdRdLwOfV6uXcC80Zdd
+Hybp2ryjFqvxNdBuEKZlHF4UIEVdk9clAP1/H7330KyBkqlxCJj8X+9MzrjwfEpD
+gtg7mNmoFTDPma/bGJczxHKmChdVQwlCj17ZqkuzHpnsjDCY3QGhCld6fWrsTAOe
+CQdg4IgXFyvh4dKcNU4nw9vcgT5EUz1A3tvM013wkAnwihpGFkXdBMShEaeEztNP
+xUseiIkvcqpCjo6paPtbVwqj306AAgLykjecEFNE+cjUaVfK0hKFHnkWB+O93lty
+afHPQPZzv/wWASV3b7jcvn47gFo82yB/2qQGSQIDAQABAoIBAF8Zwm/PuXSEtjjC
+cBV2QqwayilkNNHpYEAdpTY8MaMECBiZGeXzIurO7g81BZsmX+uAwr5ktExpyaHe
+w51UA8KJ9sd7guNsUc4xMaF/bdUrrLatViyMHk+oQ8Uu42fLaN94Gqyq7lK4mpjV
+Y4WOYJQV+suuQolUUKTUF1WsnFDF/DSpXTtiBRhGIxkWVfIG+CDesyo5gEPV4mXi
+aPLYnLHUzfFCM7U5Q05g7ibLncYOuPu72gIl8jyzGUbu4OC6gGJS62ySJxKzaUYI
+tP3CMCqhOERAYJqO3flbTmZOHcU6Rd1MGOxqzu8srOhXC4VgYelR24V4Xj3EK6GH
+3rd53ZECgYEA5a+YJPykS9Q5nRkEYrx6ohaS6fpJjG7rck/NgXVchiM03YUkbzPL
+lshkyJx1ZfAAC+IpbJgAFg7o/iyG5Tky6MoLb/xfhS9MO/kviLWUqBHxqKKbUKzx
+yt4Xz5RHXyDB+DNtCQVt3oiGtu1BSeZc5CUwXNfA5XqRdKEuiaAYI1UCgYEA4oEH
+Jhq9+qj/gk4CG/yPW/4A5fviAfbPV4DuBoDDs66ajEj05/Q2H3fp6Bgx8bzB7r/m
+Jd74xtPQeQr40g40K0qC22gtf2QWTJpzeqLFtiA1kD3UkXFLefID8XNrM3Co7dio
+U6tAcSaFwb1RzJOvXUuv4gt8HzBTlZHahVahPyUCgYEAnufOLgCwNlochgiR1TGq
+8ksF12S2z7bJo+t8NU2Z9p+S6pM7sse12ZrIx1YfjqftkEsm959tp9Um8vqhVSMu
+iomGQjLrbvxbFL8AWOevclv/wfjF1ZnhKsZe2NkwS6shJ3OEwxIDgksYUKRyYAtF
+Rv5HqGQIa3tR+Muuo76kFIUCgYBG1G513fr2vY5ZIyfJtKrn64BAawn770BbbrgA
+VJfeQoWVxOLA/j9Gi+sbZyWHIK3MiTnhMd693lLc5y90EHkD6KMPFX7UzWmjvtDJ
+0sjc8SmO16b3bGRb1/CfuqYVSe+poQzSTUUznQZK1XcU8EHwfNCdcVX5MtWQejHJ
+bJOz+QKBgDeqWqeOyNjvKKdBNvMUfmD0synqloshBsEOV8NM7YEdiiKsz4azIFQ/
+C9OehEM/dLCUYYtIploGfnQC59gFmWNf+Hlptlymsdo00kEYBo8uYV1hgTSrid11
+bcmmq8lp9j6JntmR0AND1VEXXxvLSnJv3jXK2LcW45lRDMs7zWVi
+-----END RSA PRIVATE KEY-----

package/test/mocha.opts

@@ -0,0 +1,2 @@
+--recursive
+--timeout 10000

package/test/resources/Makefile

@@ -0,0 +1,146 @@
+# Run tests on node server
+#
+# First do    make run-for-test
+# in parent directory.
+
+T=http://localhost:3456/test
+W=/devel/WWW
+S=$W/2000/10/swap
+C=python $S/cwm.py --quiet
+D=python $S/cant.py
+
+all:  get-1 put-1 put-2  post-1 post-2 post-2n post-3 post-4 post-5 delete-1
+
+clean :
+	rm *result*  *headers.txt *.nt || echo Never mind
+
+ws-1 :
+	curl -v -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" \
+	-H "Host: localhost:3333" -H "Origin: http://localhost:3333" $T/patch-1-initial.ttl,changes
+get-1 :
+	curl --dump-header get-1-headers.txt $T/patch-1-initial.ttl > get-1-result.ttl
+	diff patch-1-initial.ttl get-1-result.ttl
+	# grep -i updates-via get-1-headers.txt
+
+put-1 :
+	curl --upload-file put-input.txt $T/put-result.txt
+	diff put-input.txt put-result.txt
+
+put-2 :
+	curl --upload-file put-input-2.html $T/put-result-2.html
+	diff put-input-2.html put-result-2.html
+
+#   try an empty patch file -- nothing should change
+post-1:
+	cp patch-1-initial.ttl post-1-result.ttl
+	curl -HContent-type:application/sparql-update --data-binary @empty.spatch  $T/post-1-result.ttl
+	# diff post-1-result.ttl patch-1-initial.ttl
+	$C --n3 --ntriples < post-1-result.ttl > post-1-result.nt
+	$C --n3 --ntriples < patch-1-initial.ttl > patch-1-final.nt
+	$D --from=patch-1-final.nt --diff=post-1-result.nt
+
+
+#patch-2:
+#	cp patch-2-initial.ttl patch-2-result.ttl
+#	curl --request PATCH -HContent-type:application/sparql-update --data-binary @patch-2.spatch  $T/patch-2-result.ttl
+#	diff patch-2-final.ttl patch-2-result.ttl
+
+post-2n:   # Negative test
+	cp patch-2-initial.ttl post-2n-result.ttl
+	curl --request POST -HContent-type:application/sparql-update --data-binary @patch-2n.spatch \
+	  --dump-header post-2n-headers.txt  $T/post-2n-result.ttl
+	# diff patch-2-final.ttl post-2-result.ttl
+	$C --n3 --ntriples < post-2n-result.ttl > post-2n-result.nt
+	$C --n3 --ntriples < patch-2-initial.ttl > patch-2n-final.nt # unchanged!
+	$D --from=patch-2n-final.nt --diff=post-2n-result.nt
+	grep 409 post-2n-headers.txt 
+
+post-2:
+	cp patch-2-initial.ttl post-2-result.ttl
+	curl --request POST -HContent-type:application/sparql-update --data-binary @patch-2.spatch \
+	  --dump-header post-2-headers.txt  $T/post-2-result.ttl
+	# diff patch-2-final.ttl post-2-result.ttl
+	$C --n3 --ntriples < post-2-result.ttl > post-2-result.nt
+	$C --n3 --ntriples < patch-2-final.ttl > patch-2-final.nt
+	$D --from=patch-2-final.nt --diff=post-2-result.nt
+
+
+################### LDPATCH example
+
+post-3:
+	cp ldpatch-example-initial.ttl post-3-result.ttl
+	curl -HContent-type:application/sparql-update --data-binary @ldpatch-example-patch-1.spatch \
+		--dump-header post-3-headers.txt  $T/post-3-result.ttl
+	# patch-3-final.ttl post-3-result.ttl
+	$C --n3 --ntriples < post-3-result.ttl > post-3-result.nt
+	$C --n3 --ntriples < patch-3-final.ttl > patch-3-final.nt
+	$D --from=patch-3-final.nt --diff=post-3-result.nt
+
+post-4:
+	cp ldpatch-example-initial.ttl post-4-result.ttl
+	curl -HContent-type:application/sparql-update --data-binary @ldpatch-example-patch-2.spatch  \
+		--dump-header post-4-headers.txt $T/post-4-result.ttl
+	# diff patch-4-final.ttl post-4-result.ttl
+	$C --n3 --ntriples < post-4-result.ttl > post-4-result.nt
+	$C --n3 --ntriples < patch-4-final.ttl > patch-4-final.nt
+	$D --from=patch-4-final.nt --diff=post-4-result.nt
+
+
+#######   "DELETE DATA" in patch
+
+post-5:
+	cp patch-5-initial.ttl post-5-result.ttl
+	curl -HContent-type:application/sparql-update --data-binary @patch-5.spatch  \
+		--dump-header post-5-headers.txt $T/post-5-result.ttl
+	# diff patch-4-final.ttl post-4-result.ttl
+	$C --n3 --ntriples < post-5-result.ttl > post-5-result.nt
+	$C --n3 --ntriples < patch-5-final.ttl > patch-5-final.nt
+	$D --from=patch-5-final.nt --diff=post-5-result.nt
+
+###### DELETE method
+
+delete-1:
+	cp patch-5-initial.ttl del-1-result.ttl
+	curl --request DELETE \
+		--dump-header del-1-headers.txt $T/del-1-result.ttl
+	echo Ignore_this_file > del-1-result.txt
+
+#### Link-following Sparql
+
+
+lfs-0:
+	curl http://www.w3.org/2015/02/lf-sparql/example1/q0.sparql > lfs-0.sparql 
+	curl http://www.w3.org/2015/02/lf-sparql/example1/alice > lfs-1-target.ttl
+	curl -HContent-type:application/sparql --data-binary @lfs-0.sparql  \
+		--dump-header lfs-1-headers.txt $T/lfs-1-target.ttl > lfs-0-result.json
+	diff lfs-0-result.json lfs-0-final.json 
+
+lfs-1:
+	curl http://www.w3.org/2015/02/lf-sparql/example1/q1.sparql > lfs-1.sparql 
+	curl http://www.w3.org/2015/02/lf-sparql/example1/alice > lfs-1-target.ttl
+	curl -HContent-type:application/sparql --data-binary @lfs-1.sparql  \
+		--dump-header lfs-1-headers.txt $T/lfs-1-target.ttl > lfs-1-result.json
+	diff lfs-1-result.json lfs-1-final.json 
+
+######### Live update
+
+live-2:
+	./live-2.bash
+	mv live-2-result.n3 live-2-saved-result.n3
+	$C live-2-saved-result.n3 --no
+	grep insert live-2-saved-result.n3
+	grep logged live-2-saved-result.n3
+	
+#	curl http://localhost:3456/test/post-1-result.ttl,changes > live-2-result.n3 &
+#	cp patch-2-initial.ttl post-2-result.ttl
+#	curl --request POST -HContent-type:application/sparql-update --data-binary @patch-2.spatch \
+#	  --dump-header post-2-headers.txt  $T/post-2-result.ttl
+#	$C --n3 --ntriples < post-2-result.ttl > post-2-result.nt
+#	$C --n3 --ntriples < patch-2-final.ttl > patch-2-final.nt
+#	$D --from=patch-2-final.nt --diff=post-2-result.nt
+#	sleep 1
+#	mv live-2-result.n3 live-2-saved-result.n3
+#	$C live-2-saved-result.n3 --no
+
+
+	

package/test/resources/accounts/db/oidc/op/clients/_key_5319f8e8e4ea3214c2e92b252520d355.json

@@ -0,0 +1 @@
+{"redirect_uris":["https://localhost:3457/api/oidc/rp/https%3A%2F%2Flocalhost%3A3457"],"client_id":"5319f8e8e4ea3214c2e92b252520d355","client_secret":"b6af582c2fc6ef6aeda6d1a208a0e4aa","response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:3457","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:3457/goodbye"]}