Skip to content

Commit 75c0e11

Browse files
kjetilkkjetilk
authored
Merge pull request #1043 from solid/fix/test-public-origin
Improve tests given that origin doesn't matter for public resources
2 parents 8af45d3 + 750c21c commit 75c0e11

File tree

4 files changed

+58
-21
lines changed

4 files changed

+58
-21
lines changed

package-lock.json

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
"bugs": "https://github.com/solid/node-solid-server/issues",
4040
"dependencies": {
4141
"@solid/oidc-auth-manager": "^0.17.1",
42-
"@solid/acl-check": "^0.1.2",
42+
"@solid/acl-check": "^0.1.3",
4343
"body-parser": "^1.18.3",
4444
"bootstrap": "^3.3.7",
4545
"busboy": "^0.2.12",

test/integration/acl-oidc-test.js

Lines changed: 44 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -271,7 +271,13 @@ describe('ACL with WebID+OIDC over HTTP', function () {
271271
' <http://www.w3.org/ns/auth/acl#accessTo> <./>;\n' +
272272
' <http://www.w3.org/ns/auth/acl#agentClass> <http://xmlns.com/foaf/0.1/Agent>;\n' +
273273
' <http://www.w3.org/ns/auth/acl#origin> <' + origin1 + '>;\n' +
274-
' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .\n'
274+
' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .\n' +
275+
'<#Somebody> a <http://www.w3.org/ns/auth/acl#Authorization>;\n' +
276+
' <http://www.w3.org/ns/auth/acl#accessTo> <./>;\n' +
277+
' <http://www.w3.org/ns/auth/acl#agent> <' + user2 + '>;\n' +
278+
' <http://www.w3.org/ns/auth/acl#default> <./>;\n' +
279+
' <http://www.w3.org/ns/auth/acl#origin> <' + origin1 + '>;\n' +
280+
' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Write> .\n'
275281
request.put(options, function (error, response, body) {
276282
assert.equal(error, null)
277283
assert.equal(response.statusCode, 201)
@@ -290,6 +296,16 @@ describe('ACL with WebID+OIDC over HTTP', function () {
290296
done()
291297
})
292298
})
299+
it('user2 should be able to access public test directory with wrong origin', function (done) {
300+
var options = createOptions('/origin/test-folder/', 'user2')
301+
options.headers.origin = origin2
302+
303+
request.head(options, function (error, response, body) {
304+
assert.equal(error, null)
305+
assert.equal(response.statusCode, 200)
306+
done()
307+
})
308+
})
293309
it('user1 should be able to access to test directory when origin is valid',
294310
function (done) {
295311
var options = createOptions('/origin/test-folder/', 'user1')
@@ -301,15 +317,14 @@ describe('ACL with WebID+OIDC over HTTP', function () {
301317
done()
302318
})
303319
})
304-
it('user1 should not be able to access test directory when origin is invalid',
320+
it('user1 should be able to access public test directory even when origin is invalid',
305321
function (done) {
306322
var options = createOptions('/origin/test-folder/', 'user1')
307323
options.headers.origin = origin2
308324

309325
request.head(options, function (error, response, body) {
310326
assert.equal(error, null)
311-
assert.equal(response.statusCode, 403)
312-
assert.equal(response.statusMessage, 'Forbidden') // TODO: Should be Origin Unauthorized
327+
assert.equal(response.statusCode, 200)
313328
done()
314329
})
315330
})
@@ -334,21 +349,43 @@ describe('ACL with WebID+OIDC over HTTP', function () {
334349
done()
335350
})
336351
})
337-
it('agent should not be able to access test directory when origin is invalid',
352+
it('agent should be able to access public test directory even when origin is invalid',
338353
function (done) {
339354
var options = createOptions('/origin/test-folder/')
340355
options.headers.origin = origin2
341356

342357
request.head(options, function (error, response, body) {
343358
assert.equal(error, null)
344-
assert.equal(response.statusCode, 403)
345-
assert.equal(response.statusMessage, 'Forbidden') // TODO: Should be Origin Unauthorized
359+
assert.equal(response.statusCode, 200)
346360
done()
347361
})
348362
})
363+
it('user2 should be able to write to test directory with correct origin', function (done) {
364+
var options = createOptions('/origin/test-folder/test1.txt', 'user2', 'text/plain')
365+
options.headers.origin = origin1
366+
options.body = 'DAAAAAHUUUT'
367+
request.put(options, function (error, response, body) {
368+
assert.equal(error, null)
369+
assert.equal(response.statusCode, 201)
370+
done()
371+
})
372+
})
373+
it('user2 should not be able to write to test directory with wrong origin', function (done) {
374+
var options = createOptions('/origin/test-folder/test2.txt', 'user2', 'text/plain')
375+
options.headers.origin = origin2
376+
options.body = 'ARRRRGH'
377+
request.put(options, function (error, response, body) {
378+
assert.equal(error, null)
379+
assert.equal(response.statusCode, 403)
380+
assert.equal(response.statusMessage, 'Forbidden') // TODO: Should be Origin Unauthorized
381+
done()
382+
})
383+
})
349384

350385
after(function () {
351386
rm('/accounts-acl/tim.localhost/origin/test-folder/.acl')
387+
rm('/accounts-acl/tim.localhost/origin/test-folder/test1.txt')
388+
rm('/accounts-acl/tim.localhost/origin/test-folder/test2.txt')
352389
})
353390
})
354391

test/integration/acl-tls-test.js

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -277,13 +277,13 @@ describe('ACL with WebID+TLS', function () {
277277
'content-type': 'text/turtle'
278278
}
279279
options.body = '<#Owner> a <http://www.w3.org/ns/auth/acl#Authorization>;\n' +
280-
' <http://www.w3.org/ns/auth/acl#accessTo> <https://localhost:3456/test/acl-tls/origin/test-folder/.acl>;\n' +
280+
' <http://www.w3.org/ns/auth/acl#accessTo> <https://localhost:3456/test/acl-tls/origin/test-folder/>;\n' +
281281
' <http://www.w3.org/ns/auth/acl#agent> <' + user1 + '>;\n' +
282282
' <http://www.w3.org/ns/auth/acl#origin> <' + origin1 + '>;\n' +
283283
' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control> .\n' +
284284
'<#Public> a <http://www.w3.org/ns/auth/acl#Authorization>;\n' +
285285
' <http://www.w3.org/ns/auth/acl#accessTo> <./>;\n' +
286-
' <http://www.w3.org/ns/auth/acl#agentClass> <http://xmlns.com/foaf/0.1/Agent>;\n' +
286+
' <http://www.w3.org/ns/auth/acl#agentClass> <http://www.w3.org/ns/auth/acl#AuthenticatedAgent>;\n' +
287287
' <http://www.w3.org/ns/auth/acl#origin> <' + origin1 + '>;\n' +
288288
' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .\n'
289289
request.put(options, function (error, response, body) {
@@ -326,13 +326,13 @@ describe('ACL with WebID+TLS', function () {
326326
done()
327327
})
328328
})
329-
it('agent should be able to access test directory', function (done) {
329+
it('agent not should be able to access test directory', function (done) {
330330
var options = createOptions('/acl-tls/origin/test-folder/')
331331
options.headers.origin = origin1
332332

333333
request.head(options, function (error, response, body) {
334334
assert.equal(error, null)
335-
assert.equal(response.statusCode, 200)
335+
assert.equal(response.statusCode, 403)
336336
done()
337337
})
338338
})
@@ -375,16 +375,16 @@ describe('ACL with WebID+TLS', function () {
375375
'content-type': 'text/turtle'
376376
}
377377
options.body = '<#Owner1> a <http://www.w3.org/ns/auth/acl#Authorization>;\n' +
378-
' <http://www.w3.org/ns/auth/acl#accessTo> <https://localhost:3456/test/acl-tls/origin/test-folder/.acl>;\n' +
378+
' <http://www.w3.org/ns/auth/acl#accessTo> <https://localhost:3456/test/acl-tls/origin/test-folder/>;\n' +
379379
' <http://www.w3.org/ns/auth/acl#agent> <' + user1 + '>;\n' +
380380
' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control> .\n' +
381381
'<#Owner2> a <http://www.w3.org/ns/auth/acl#Authorization>;\n' +
382-
' <http://www.w3.org/ns/auth/acl#accessTo> <https://localhost:3456/test/acl-tls/origin/test-folder/.acl>;\n' +
382+
' <http://www.w3.org/ns/auth/acl#accessTo> <https://localhost:3456/test/acl-tls/origin/test-folder/>;\n' +
383383
' <http://www.w3.org/ns/auth/acl#origin> <' + origin1 + '>;\n' +
384384
' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control> .\n' +
385385
'<#Public> a <http://www.w3.org/ns/auth/acl#Authorization>;\n' +
386386
' <http://www.w3.org/ns/auth/acl#accessTo> <./>;\n' +
387-
' <http://www.w3.org/ns/auth/acl#agentClass> <http://xmlns.com/foaf/0.1/Agent>;\n' +
387+
' <http://www.w3.org/ns/auth/acl#agentClass> <http://www.w3.org/ns/auth/acl#AuthenticatedAgent>;\n' +
388388
' <http://www.w3.org/ns/auth/acl#origin> <' + origin1 + '>;\n' +
389389
' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .\n'
390390
request.put(options, function (error, response, body) {
@@ -427,13 +427,13 @@ describe('ACL with WebID+TLS', function () {
427427
done()
428428
})
429429
})
430-
it('agent should be able to access test directory', function (done) {
430+
it('agent should not be able to access test directory for logged in users', function (done) {
431431
var options = createOptions('/acl-tls/origin/test-folder/')
432432
options.headers.origin = origin1
433433

434434
request.head(options, function (error, response, body) {
435435
assert.equal(error, null)
436-
assert.equal(response.statusCode, 200)
436+
assert.equal(response.statusCode, 403)
437437
done()
438438
})
439439
})

0 commit comments

Comments
 (0)