Reverting changes to solid-host

megoth · megoth · commit e4cf1e2569e6 · 2019-03-07T20:08:33.000+01:00
Trying to limit the number of changes
diff --git a/lib/models/solid-host.js b/lib/models/solid-host.js
@@ -77,7 +77,11 @@ class SolidHost {
     const serverHost = getHostName(this.serverUri)
     if (originHost === serverHost) return true
     if (originHost.endsWith('.' + serverHost)) return true
-    return !!trustedOrigins.includes(origin)
+    // Allow the user's own domain
+    const userHost = getHostName(userId)
+    if (originHost === userHost) return true
+    if (trustedOrigins.includes(origin)) return true
+    return false
   }
 
   /**
diff --git a/test/integration/acl-tls-test.js b/test/integration/acl-tls-test.js
@@ -379,9 +379,9 @@ describe('ACL with WebID+TLS', function () {
         ' <http://www.w3.org/ns/auth/acl#agent> <' + user1 + '>;\n' +
         ' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control> .\n' +
         '<#Owner2> a <http://www.w3.org/ns/auth/acl#Authorization>;\n' +
-        ' <http://www.w3.org/ns/auth/acl#accessTo> <https://localhost:3456/test/acl-tls/origin/test-folder/>;\n' +
-        ' <http://www.w3.org/ns/auth/acl#origin> <' + origin1 + '>;\n' +
-        ' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control> .\n' +
+          ' <http://www.w3.org/ns/auth/acl#accessTo> <https://localhost:3456/test/acl-tls/origin/test-folder/>;\n' +
+          ' <http://www.w3.org/ns/auth/acl#origin> <' + origin1 + '>;\n' +
+          ' <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control> .\n' +
         '<#Public> a <http://www.w3.org/ns/auth/acl#Authorization>;\n' +
         ' <http://www.w3.org/ns/auth/acl#accessTo> <./>;\n' +
         ' <http://www.w3.org/ns/auth/acl#agentClass> <http://www.w3.org/ns/auth/acl#AuthenticatedAgent>;\n' +
diff --git a/test/integration/authentication-oidc-test.js b/test/integration/authentication-oidc-test.js
@@ -387,7 +387,7 @@ describe('Authentication API (OIDC)', () => {
         describe('with that cookie and a non-matching origin', () => {
           let response
           before(done => {
-            alice.get('/private-for-alice.txt')
+            alice.get('/private-for-owner.txt')
               .set('Cookie', cookie)
               .set('Origin', bobServerUri)
               .end((err, res) => {
diff --git a/test/unit/solid-host-test.js b/test/unit/solid-host-test.js
@@ -58,6 +58,10 @@ describe('SolidHost', () => {
       expect(host.allowsSessionFor('https://user.own/profile/card#me', '', [])).to.be.true
     })
 
+    it('should allow a userId with the user subdomain as origin', () => {
+      expect(host.allowsSessionFor('https://user.own/profile/card#me', 'https://user.own', [])).to.be.true
+    })
+
     it('should allow a userId with the server domain as origin', () => {
       expect(host.allowsSessionFor('https://user.own/profile/card#me', 'https://test.local', [])).to.be.true
     })
