First tests, passing against NSS

Author: michielbdejong

.nvmrc

@@ -0,0 +1 @@
+v14

Dockerfile

@@ -0,0 +1,9 @@
+FROM node
+RUN apt-get update && apt-get install -yq \
+  vim \
+  && apt-get clean
+ADD . /app
+WORKDIR /app
+RUN npm install
+ENV NODE_TLS_REJECT_UNAUTHORIZED 0
+CMD npm run jest

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Solid
+Copyright (c) 2020 Solid
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,2 +1,35 @@
-# monetization-tests
-Tests around https://github.com/solid/webmonetization
+# WAC Tests
+Surface tests for CRUD and Websockets-pubsub functionality of a pod server
+
+## Usage
+### In development
+Start your server with a self-signed cert on port 443 of localhost (for node-solid-server, make sure to set `ACL_CACHE_TIME=5`) and run `sh ./example.sh`.
+
+### Against CSS
+In one terminal window:
+* check out the https://github.com/solid/community-server repo locally, and run `npm ci; npm run build`
+* find the function `isRSAPublicJWK(x)` in node_modules/@solid/dist/identity-token-verifier/dist/guards/DPoPJWKGuard.js and add `x.alg = 'RS256'` at the top of that function, to work around a bug in NSS v5.6.4, caused by https://github.com/solid/oidc-op/issues/29.
+* ./bin/server.js -l debug
+
+In another terminal window:
+* check out this repo from https://github.com/solid/web-access-control-tests and run `npm ci`
+* check out the `run-against-css` branch
+* simple test (sets a root ACL doc from node and reads it back):
+- run `node ./setup.js http://localhost:3000/.acl` to create a root ACL at http://localhost:3000/.acl which gives https://solidtestsuite.solidcommunity.net/profile/card#me full read/write/control access.
+- run `node ./fetch.js http://localhost:3000/.acl` to check that Alice ('solidtestsuite') can access it.
+- run `node ./fetch-bob.js http://localhost:3000/.acl` to check that Bob ('solid-crud-tests-example-2') can *not* access it.
+* advanced test (uses the same root ACL doc, but from bash): `bash ./run-against-css.sh`
+
+You can also cut-and-paste the lines from run-against-css.sh into your bash shell, then you can more easily run tests interactively.
+
+### Against CSS with local NSS instance as the IDP
+If you want to use your NSS on localhost instead of on solidcommunity.net, then:
+* Run NSS on localhost, in multi-user mode so you can support both Alice and Bob
+* You may need to set up alice.localhost in your /etc/hosts, but on Mac that is automatic.
+* Browse to https://localhost:8443/ with Firefox and say you accept the self-signed cert (with Chrome the use of self-signed certs has become harder and harder recently)
+* Set up a user, alice / 123, and edit ./fetch.js so that `oidcIssuer = 'https://localhost:8443';`, `nssUsername = 'alice'`, and `nssPassword = '123';`.
+* Run CSS with `NODE_TLS_REJECT_UNAUTHORIZED=0 ./bin/server.js -l debug`.
+* Run the fetch script with `NODE_TLS_REJECT_UNAUTHORIZED=0` as well, for instance:
+```sh
+NODE_TLS_REJECT_UNAUTHORIZED=0 node fetch.js http://localhost:3000/404.txt
+```

debug.ts

@@ -0,0 +1,19 @@
+export function log (...args: any[]) {
+  // eslint-disable-next-line no-console
+  console.log(...args)
+}
+
+export function warn (...args: any[]) {
+  // eslint-disable-next-line no-console
+  console.warn(...args)
+}
+
+export function error (...args: any[]) {
+  // eslint-disable-next-line no-console
+  console.error(...args)
+}
+
+export function trace (...args: any[]) {
+  // eslint-disable-next-line no-console
+  console.trace(...args)
+}

example.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+
+# either test against a local server or in a container testnet
+#export SERVER_ROOT=https://localhost
+export SERVER_ROOT=https://server
+export USERNAME_ALICE=alice
+export PASSWORD_ALICE=123
+
+export SERVER2_ROOT=https://solidcommunity.net
+export USERNAME_BOB=solid-crud-tests-example-1
+export BOB_ROOT=https://$USERNAME_BOB.solidcommunity.net
+export PASSWORD_BOB=123
+
+export RESULTS_PATH=../NSS-wac-results.json
+
+echo Automated way to get an OIDC issuer cookie for Alice:
+export CURL_RESULT_ALICE=`curl -ki $SERVER_ROOT/login/password -d"username=$USERNAME_ALICE&password=$PASSWORD_ALICE" | grep Set-Cookie`
+export COOKIE_ALICE=`expr "$CURL_RESULT_ALICE" : '^Set-Cookie:\ \(.*\).'`
+
+echo Other env vars for Alice:
+export OIDC_ISSUER_ALICE=$SERVER_ROOT
+export WEBID_ALICE=$SERVER_ROOT/profile/card#me
+export STORAGE_ROOT_ALICE=$SERVER_ROOT/
+
+echo Automated way to get an OIDC issuer cookie for Bob:
+export CURL_RESULT_BOB=`curl -ki $SERVER2_ROOT/login/password -d"username=$USERNAME_BOB&password=$PASSWORD_BOB" | grep Set-Cookie`
+export COOKIE_BOB=`expr "$CURL_RESULT_BOB" : '^Set-Cookie:\ \(.*\).'`
+
+echo Other env vars for Bob:
+export OIDC_ISSUER_BOB=$SERVER2_ROOT
+export WEBID_BOB=$BOB_ROOT/profile/card#me
+export STORAGE_ROOT_BOB=$BOB_ROOT/
+
+echo Running with these values for Alice:
+echo Cookie: $COOKIE_ALICE
+echo OIDC issuer: $OIDC_ISSUER_ALICE
+echo WebID: $WEBID_ALICE
+echo Storage Root: $STORAGE_ROOT_ALICE
+
+echo Running with these values for Bob:
+echo Cookie: $COOKIE_BOB
+echo OIDC issuer: $OIDC_ISSUER_BOB
+echo WebID: $WEBID_BOB
+echo Storage Root: $STORAGE_ROOT_BOB
+
+export NODE_TLS_REJECT_UNAUTHORIZED=0
+
+# npm run jest "$@"
+npm run jest -- --json --outputFile="$RESULTS_PATH" "$@"

fetch-bob.js

@@ -0,0 +1,23 @@
+const fetch = require('node-fetch');
+const { getAuthFetcher, getNodeSolidServerCookie } = require('solid-auth-fetcher');
+
+const oidcIssuer = 'https://solidcommunity.net';
+const nssUsername = 'solid-crud-tests-example-2';
+const nssPassword = '123';
+const origin = 'https://tester';
+
+async function run(url) {
+  console.log('Getting cookie', { oidcIssuer, nssUsername, nssPassword });
+  const cookie = await getNodeSolidServerCookie(oidcIssuer, nssUsername, nssPassword);
+  console.log('Getting fetcher', { oidcIssuer, cookie, origin });
+  const fetcher = await getAuthFetcher(oidcIssuer, cookie, origin);
+  console.log('Fetching', { url });
+  const result = await fetcher.fetch(url);
+  console.log(result.status, await result.text());
+  for (let pair of result.headers.entries()) {
+     console.log(`Response header: ${pair[0]}: ${pair[1]}`);
+  }
+}
+
+// ...
+run(process.argv[2]);

fetch.js

@@ -0,0 +1,23 @@
+const fetch = require('node-fetch');
+const { getAuthFetcher, getNodeSolidServerCookie } = require('solid-auth-fetcher');
+
+const oidcIssuer = 'https://solidcommunity.net';
+const nssUsername = 'solidtestsuite';
+const nssPassword = 'Testing123';
+const origin = 'https://tester';
+
+async function run(url) {
+  console.log('Getting cookie', { oidcIssuer, nssUsername, nssPassword });
+  const cookie = await getNodeSolidServerCookie(oidcIssuer, nssUsername, nssPassword);
+  console.log('Getting fetcher', { oidcIssuer, cookie, origin });
+  const fetcher = await getAuthFetcher(oidcIssuer, cookie, origin);
+  console.log('Fetching', { url });
+  const result = await fetcher.fetch(url);
+  console.log(result.status, await result.text());
+  for (let pair of result.headers.entries()) {
+     console.log(`Response header: ${pair[0]}: ${pair[1]}`);
+  }
+}
+
+// ...
+run(process.argv[2]);

jest.config.js

@@ -0,0 +1,15 @@
+module.exports = {
+    roots: [
+        "<rootDir>/test",
+    ],
+    preset: 'ts-jest',
+    testEnvironment: 'node',
+    verbose: false,
+    collectCoverage: false,
+    testTimeout: 10000,
+    globals: {
+        'ts-jest': {
+            // reference: https://kulshekhar.github.io/ts-jest/user/config/
+        }
+    }
+};