solid-server 5.8.7 → 5.8.8-8d509db1

package/test/unit/blacklist-service-test.mjs

@@ -0,0 +1,49 @@
+import chai from 'chai'
+
+import theBigUsernameBlacklistPkg from 'the-big-username-blacklist'
+import blacklistService from '../../lib/services/blacklist-service.mjs'
+
+const { expect } = chai
+const blacklist = theBigUsernameBlacklistPkg.list
+
+describe('BlacklistService', () => {
+  afterEach(() => blacklistService.reset())
+
+  describe('addWord', () => {
+    it('allows adding words', () => {
+      const numberOfBlacklistedWords = blacklistService.list.length
+      blacklistService.addWord('foo')
+      expect(blacklistService.list.length).to.equal(numberOfBlacklistedWords + 1)
+    })
+  })
+
+  describe('reset', () => {
+    it('will reset list of blacklisted words', () => {
+      blacklistService.addWord('foo')
+      blacklistService.reset()
+      expect(blacklistService.list.length).to.equal(blacklist.length)
+    })
+
+    it('can configure service via reset', () => {
+      blacklistService.reset({
+        useTheBigUsernameBlacklist: false,
+        customBlacklistedUsernames: ['foo']
+      })
+      expect(blacklistService.list.length).to.equal(1)
+      expect(blacklistService.validate('admin')).to.equal(true)
+    })
+
+    it('is a singleton', () => {
+      const instanceA = blacklistService
+      blacklistService.reset({ customBlacklistedUsernames: ['foo'] })
+      expect(instanceA.validate('foo')).to.equal(blacklistService.validate('foo'))
+    })
+  })
+
+  describe('validate', () => {
+    it('validates given a default list of blacklisted usernames', () => {
+      const validWords = blacklist.reduce((memo, word) => memo + (blacklistService.validate(word) ? 1 : 0), 0)
+      expect(validWords).to.equal(0)
+    })
+  })
+})

package/test/unit/create-account-request-test.mjs

@@ -0,0 +1,306 @@
+import chai from 'chai'
+import sinon from 'sinon'
+import sinonChai from 'sinon-chai'
+
+import HttpMocks from 'node-mocks-http'
+import theBigUsernameBlacklistPkg from 'the-big-username-blacklist'
+
+import LDP from '../../lib/ldp.mjs'
+import AccountManager from '../../lib/models/account-manager.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+import defaults from '../../config/defaults.mjs'
+import { CreateAccountRequest } from '../../lib/requests/create-account-request.mjs'
+import blacklistService from '../../lib/services/blacklist-service.mjs'
+
+const { expect } = chai
+chai.use(sinonChai)
+chai.should()
+const blacklist = theBigUsernameBlacklistPkg
+
+describe('CreateAccountRequest', () => {
+  let host, store, accountManager
+  let session, res
+
+  beforeEach(() => {
+    host = SolidHost.from({ serverUri: 'https://example.com' })
+    store = new LDP()
+    accountManager = AccountManager.from({ host, store })
+
+    session = {}
+    res = HttpMocks.createResponse()
+  })
+
+  describe('constructor()', () => {
+    it('should create an instance with the given config', () => {
+      const aliceData = { username: 'alice' }
+      const userAccount = accountManager.userAccountFrom(aliceData)
+
+      const options = { accountManager, userAccount, session, response: res }
+      const request = new CreateAccountRequest(options)
+
+      expect(request.accountManager).to.equal(accountManager)
+      expect(request.userAccount).to.equal(userAccount)
+      expect(request.session).to.equal(session)
+      expect(request.response).to.equal(res)
+    })
+  })
+
+  describe('fromParams()', () => {
+    it('should create subclass depending on authMethod', () => {
+      let request, aliceData, req
+
+      aliceData = { username: 'alice' }
+      req = HttpMocks.createRequest({
+        app: { locals: { accountManager } }, body: aliceData, session
+      })
+      req.app.locals.authMethod = 'tls'
+
+      request = CreateAccountRequest.fromParams(req, res, accountManager)
+      expect(request).to.respondTo('generateTlsCertificate')
+
+      aliceData = { username: 'alice', password: '12345' }
+      req = HttpMocks.createRequest({
+        app: { locals: { accountManager, oidc: {} } }, body: aliceData, session
+      })
+      req.app.locals.authMethod = 'oidc'
+      request = CreateAccountRequest.fromParams(req, res, accountManager)
+      expect(request).to.not.respondTo('generateTlsCertificate')
+    })
+  })
+
+  describe('createAccount()', () => {
+    it('should return a 400 error if account already exists', done => {
+      const accountManager = AccountManager.from({ host })
+      const locals = { authMethod: defaults.auth, accountManager, oidc: { users: {} } }
+      const aliceData = {
+        username: 'alice', password: '1234'
+      }
+      const req = HttpMocks.createRequest({ app: { locals }, body: aliceData })
+
+      const request = CreateAccountRequest.fromParams(req, res)
+
+      accountManager.accountExists = sinon.stub().returns(Promise.resolve(true))
+
+      request.createAccount()
+        .catch(err => {
+          expect(err.status).to.equal(400)
+          done()
+        })
+    })
+
+    it('should return a 400 error if a username is invalid', () => {
+      const accountManager = AccountManager.from({ host })
+      const locals = { authMethod: defaults.auth, accountManager, oidc: { users: {} } }
+
+      accountManager.accountExists = sinon.stub().returns(Promise.resolve(false))
+
+      const invalidUsernames = [
+        '-',
+        '-a',
+        'a-',
+        '9-',
+        'alice--bob',
+        'alice bob',
+        'alice.bob'
+      ]
+
+      let invalidUsernamesCount = 0
+
+      const requests = invalidUsernames.map((username) => {
+        const aliceData = {
+          username: username, password: '1234'
+        }
+
+        const req = HttpMocks.createRequest({ app: { locals }, body: aliceData })
+        const request = CreateAccountRequest.fromParams(req, res)
+
+        return request.createAccount()
+          .then(() => {
+            throw new Error('should not happen')
+          })
+          .catch(err => {
+            invalidUsernamesCount++
+            expect(err.message).to.match(/Invalid username/)
+            expect(err.status).to.equal(400)
+          })
+      })
+
+      return Promise.all(requests)
+        .then(() => {
+          expect(invalidUsernamesCount).to.eq(invalidUsernames.length)
+        })
+    })
+
+    describe('Blacklisted usernames', () => {
+      const invalidUsernames = [...blacklist.list, 'foo']
+
+      before(() => {
+        const accountManager = AccountManager.from({ host })
+        accountManager.accountExists = sinon.stub().returns(Promise.resolve(false))
+        blacklistService.addWord('foo')
+      })
+
+      after(() => blacklistService.reset())
+
+      it('should return a 400 error if a username is blacklisted', async () => {
+        const locals = { authMethod: defaults.auth, accountManager, oidc: { users: {} } }
+
+        let invalidUsernamesCount = 0
+
+        const requests = invalidUsernames.map((username) => {
+          const req = HttpMocks.createRequest({
+            app: { locals },
+            body: { username, password: '1234' }
+          })
+          const request = CreateAccountRequest.fromParams(req, res)
+
+          return request.createAccount()
+            .then(() => {
+              throw new Error('should not happen')
+            })
+            .catch(err => {
+              invalidUsernamesCount++
+              expect(err.message).to.match(/Invalid username/)
+              expect(err.status).to.equal(400)
+            })
+        })
+
+        await Promise.all(requests)
+        expect(invalidUsernamesCount).to.eq(invalidUsernames.length)
+      })
+    })
+  })
+})
+
+describe('CreateOidcAccountRequest', () => {
+  const authMethod = 'oidc'
+  let host, store
+  let session, res
+
+  beforeEach(() => {
+    host = SolidHost.from({ serverUri: 'https://example.com' })
+    store = new LDP()
+    session = {}
+    res = HttpMocks.createResponse()
+  })
+
+  describe('fromParams()', () => {
+    it('should create an instance with the given config', () => {
+      const accountManager = AccountManager.from({ host, store })
+      const aliceData = { username: 'alice', password: '123' }
+
+      const userStore = {}
+      const req = HttpMocks.createRequest({
+        app: {
+          locals: { authMethod, oidc: { users: userStore }, accountManager }
+        },
+        body: aliceData,
+        session
+      })
+
+      const request = CreateAccountRequest.fromParams(req, res)
+
+      expect(request.accountManager).to.equal(accountManager)
+      expect(request.userAccount.username).to.equal('alice')
+      expect(request.session).to.equal(session)
+      expect(request.response).to.equal(res)
+      expect(request.password).to.equal(aliceData.password)
+      expect(request.userStore).to.equal(userStore)
+    })
+  })
+
+  describe('saveCredentialsFor()', () => {
+    it('should create a new user in the user store', () => {
+      const accountManager = AccountManager.from({ host, store })
+      const password = '12345'
+      const aliceData = { username: 'alice', password }
+      const userStore = {
+        createUser: (userAccount, password) => { return Promise.resolve() }
+      }
+      const createUserSpy = sinon.spy(userStore, 'createUser')
+      const req = HttpMocks.createRequest({
+        app: { locals: { authMethod, oidc: { users: userStore }, accountManager } },
+        body: aliceData,
+        session
+      })
+
+      const request = CreateAccountRequest.fromParams(req, res)
+      const userAccount = request.userAccount
+
+      return request.saveCredentialsFor(userAccount)
+        .then(() => {
+          expect(createUserSpy).to.have.been.calledWith(userAccount, password)
+        })
+    })
+  })
+
+  describe('sendResponse()', () => {
+    it('should respond with a 302 Redirect', () => {
+      const accountManager = AccountManager.from({ host, store })
+      const aliceData = { username: 'alice', password: '12345' }
+      const req = HttpMocks.createRequest({
+        app: { locals: { authMethod, oidc: {}, accountManager } },
+        body: aliceData,
+        session
+      })
+      const alice = accountManager.userAccountFrom(aliceData)
+
+      const request = CreateAccountRequest.fromParams(req, res)
+
+      const result = request.sendResponse(alice)
+      expect(request.response.statusCode).to.equal(302)
+      expect(result.username).to.equal('alice')
+    })
+  })
+})
+
+describe('CreateTlsAccountRequest', () => {
+  const authMethod = 'tls'
+  let host, store
+  let session, res
+
+  beforeEach(() => {
+    host = SolidHost.from({ serverUri: 'https://example.com' })
+    store = new LDP()
+    session = {}
+    res = HttpMocks.createResponse()
+  })
+
+  describe('fromParams()', () => {
+    it('should create an instance with the given config', () => {
+      const accountManager = AccountManager.from({ host, store })
+      const aliceData = { username: 'alice' }
+      const req = HttpMocks.createRequest({
+        app: { locals: { authMethod, accountManager } }, body: aliceData, session
+      })
+
+      const request = CreateAccountRequest.fromParams(req, res)
+
+      expect(request.accountManager).to.equal(accountManager)
+      expect(request.userAccount.username).to.equal('alice')
+      expect(request.session).to.equal(session)
+      expect(request.response).to.equal(res)
+      expect(request.spkac).to.equal(aliceData.spkac)
+    })
+  })
+
+  describe('saveCredentialsFor()', () => {
+    it('should call generateTlsCertificate()', () => {
+      const accountManager = AccountManager.from({ host, store })
+      const aliceData = { username: 'alice' }
+      const req = HttpMocks.createRequest({
+        app: { locals: { authMethod, accountManager } }, body: aliceData, session
+      })
+
+      const request = CreateAccountRequest.fromParams(req, res)
+      const userAccount = accountManager.userAccountFrom(aliceData)
+
+      const generateTlsCertificate = sinon.spy(request, 'generateTlsCertificate')
+
+      return request.saveCredentialsFor(userAccount)
+        .then(() => {
+          expect(generateTlsCertificate).to.have.been.calledWith(userAccount)
+        })
+    })
+  })
+})

package/test/unit/delete-account-confirm-request-test.mjs

@@ -0,0 +1,234 @@
+// import { createRequire } from 'module'
+import chai from 'chai'
+import sinon from 'sinon'
+import dirtyChai from 'dirty-chai'
+import sinonChai from 'sinon-chai'
+import HttpMocks from 'node-mocks-http'
+
+// const require = createRequire(import.meta.url)
+// const DeleteAccountConfirmRequest = require('../../lib/requests/delete-account-confirm-request')
+// const SolidHost = require('../../lib/models/solid-host')
+import DeleteAccountConfirmRequest from '../../lib/requests/delete-account-confirm-request.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+
+const { expect } = chai
+chai.use(dirtyChai)
+chai.use(sinonChai)
+chai.should()
+
+describe('DeleteAccountConfirmRequest', () => {
+  sinon.spy(DeleteAccountConfirmRequest.prototype, 'error')
+
+  describe('constructor()', () => {
+    it('should initialize a request instance from options', () => {
+      const res = HttpMocks.createResponse()
+
+      const accountManager = {}
+      const userStore = {}
+
+      const options = {
+        accountManager,
+        userStore,
+        response: res,
+        token: '12345'
+      }
+
+      const request = new DeleteAccountConfirmRequest(options)
+
+      expect(request.response).to.equal(res)
+      expect(request.token).to.equal(options.token)
+      expect(request.accountManager).to.equal(accountManager)
+      expect(request.userStore).to.equal(userStore)
+    })
+  })
+
+  describe('fromParams()', () => {
+    it('should return a request instance from options', () => {
+      const token = '12345'
+      const accountManager = {}
+      const userStore = {}
+
+      const req = {
+        app: { locals: { accountManager, oidc: { users: userStore } } },
+        query: { token }
+      }
+      const res = HttpMocks.createResponse()
+
+      const request = DeleteAccountConfirmRequest.fromParams(req, res)
+
+      expect(request.response).to.equal(res)
+      expect(request.token).to.equal(token)
+      expect(request.accountManager).to.equal(accountManager)
+      expect(request.userStore).to.equal(userStore)
+    })
+  })
+
+  describe('get()', () => {
+    const token = '12345'
+    const userStore = {}
+    const res = HttpMocks.createResponse()
+    sinon.spy(res, 'render')
+
+    it('should create an instance and render a delete account form', () => {
+      const accountManager = {
+        validateDeleteToken: sinon.stub().resolves(true)
+      }
+      const req = {
+        app: { locals: { accountManager, oidc: { users: userStore } } },
+        query: { token }
+      }
+
+      return DeleteAccountConfirmRequest.get(req, res)
+        .then(() => {
+          expect(accountManager.validateDeleteToken)
+            .to.have.been.called()
+          expect(res.render).to.have.been.calledWith('account/delete-confirm',
+            { token, validToken: true })
+        })
+    })
+
+    it('should display an error message on an invalid token', () => {
+      const accountManager = {
+        validateDeleteToken: sinon.stub().throws()
+      }
+      const req = {
+        app: { locals: { accountManager, oidc: { users: userStore } } },
+        query: { token }
+      }
+
+      return DeleteAccountConfirmRequest.get(req, res)
+        .then(() => {
+          expect(DeleteAccountConfirmRequest.prototype.error)
+            .to.have.been.called()
+        })
+    })
+  })
+
+  describe('post()', () => {
+    it('creates a request instance and invokes handlePost()', () => {
+      sinon.spy(DeleteAccountConfirmRequest, 'handlePost')
+
+      const token = '12345'
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const alice = {
+        webId: 'https://alice.example.com/#me'
+      }
+      const storedToken = { webId: alice.webId }
+      const accountManager = {
+        host,
+        userAccountFrom: sinon.stub().resolves(alice),
+        validateDeleteToken: sinon.stub().resolves(storedToken)
+      }
+
+      accountManager.accountExists = sinon.stub().resolves(true)
+      accountManager.loadAccountRecoveryEmail = sinon.stub().resolves('alice@example.com')
+
+      const req = {
+        app: { locals: { accountManager, oidc: { users: {} } } },
+        body: { token }
+      }
+      const res = HttpMocks.createResponse()
+
+      return DeleteAccountConfirmRequest.post(req, res)
+        .then(() => {
+          expect(DeleteAccountConfirmRequest.handlePost).to.have.been.called()
+        })
+    })
+  })
+
+  describe('handlePost()', () => {
+    it('should display error message if validation error encountered', () => {
+      const token = '12345'
+      const userStore = {}
+      const res = HttpMocks.createResponse()
+      const accountManager = {
+        validateResetToken: sinon.stub().throws()
+      }
+      const req = {
+        app: { locals: { accountManager, oidc: { users: userStore } } },
+        query: { token }
+      }
+
+      const request = DeleteAccountConfirmRequest.fromParams(req, res)
+
+      return DeleteAccountConfirmRequest.handlePost(request)
+        .then(() => {
+          expect(DeleteAccountConfirmRequest.prototype.error)
+            .to.have.been.called()
+        })
+    })
+  })
+
+  describe('validateToken()', () => {
+    it('should return false if no token is present', () => {
+      const accountManager = {
+        validateDeleteToken: sinon.stub()
+      }
+      const request = new DeleteAccountConfirmRequest({ accountManager, token: null })
+
+      return request.validateToken()
+        .then(result => {
+          expect(result).to.be.false()
+          expect(accountManager.validateDeleteToken).to.not.have.been.called()
+        })
+    })
+  })
+
+  describe('error()', () => {
+    it('should invoke renderForm() with the error', () => {
+      const request = new DeleteAccountConfirmRequest({})
+      request.renderForm = sinon.stub()
+      const error = new Error('error message')
+
+      request.error(error)
+
+      expect(request.renderForm).to.have.been.calledWith(error)
+    })
+  })
+
+  describe('deleteAccount()', () => {
+    it('should remove user from userStore and remove directories', () => {
+      const webId = 'https://alice.example.com/#me'
+      const user = { webId, id: webId }
+      const accountManager = {
+        userAccountFrom: sinon.stub().returns(user),
+        accountDirFor: sinon.stub().returns('/some/path/to/data/for/alice.example.com/')
+      }
+      const userStore = {
+        deleteUser: sinon.stub().resolves()
+      }
+
+      const options = {
+        accountManager, userStore, newPassword: 'swordfish'
+      }
+      const request = new DeleteAccountConfirmRequest(options)
+      const tokenContents = { webId }
+
+      return request.deleteAccount(tokenContents)
+        .then(() => {
+          expect(accountManager.userAccountFrom).to.have.been.calledWith(tokenContents)
+          expect(accountManager.accountDirFor).to.have.been.calledWith(user.username)
+          expect(userStore.deleteUser).to.have.been.calledWith(user)
+        })
+    })
+  })
+
+  describe('renderForm()', () => {
+    it('should set response status to error status, if error exists', () => {
+      const token = '12345'
+      const response = HttpMocks.createResponse()
+      sinon.spy(response, 'render')
+
+      const options = { token, response }
+
+      const request = new DeleteAccountConfirmRequest(options)
+
+      const error = new Error('error message')
+
+      request.renderForm(error)
+
+      expect(response.render).to.have.been.calledWith('account/delete-confirm',
+        { validToken: false, token, error: 'error message' })
+    })
+  })
+})