From ffe6882c3e97921cf34862ac6bb57517acb88710 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Thu, 19 Nov 2020 10:48:27 +0100 Subject: [PATCH 1/3] WAC-Allow test --- test/surface/create.test.ts | 4 +- test/surface/wac-allow.test.ts | 110 +++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 test/surface/wac-allow.test.ts diff --git a/test/surface/create.test.ts b/test/surface/create.test.ts index e325eb7..7324618 100644 --- a/test/surface/create.test.ts +++ b/test/surface/create.test.ts @@ -77,7 +77,7 @@ describe('Create', () => { 'If-None-Match': '*' } }); - const result = await solidLogicAlice.fetch(`${testFolderUrl}accessToAppend/`, { + const result = await solidLogicBob.fetch(`${testFolderUrl}accessToAppend/`, { method: 'POST', body: 'hello', headers: { @@ -132,7 +132,7 @@ describe('Create', () => { 'If-None-Match': '*' } }); - const result = await solidLogicAlice.fetch(containerUrl, { + const result = await solidLogicBob.fetch(containerUrl, { method: 'POST', body: 'hello', headers: { diff --git a/test/surface/wac-allow.test.ts b/test/surface/wac-allow.test.ts new file mode 100644 index 0000000..42ce965 --- /dev/null +++ b/test/surface/wac-allow.test.ts @@ -0,0 +1,110 @@ +import { generateTestFolder, getSolidLogicInstance } from '../helpers/env'; +import { SolidLogic } from '../../solid-logic-move-me'; + +const WEBID_ALICE = process.env.WEBID_ALICE; +const WEBID_BOB = process.env.WEBID_BOB; + +// jest.setTimeout(30000); + +function makeBody(accessToModes: string, defaultModes: string, publicAccessToModes: string, publicDefaultModes: string, target: string) { + let str = [ + '@prefix acl: .', + '@prefix foaf: .', + '', + `<#alice> a acl:Authorization;\n acl:agent <${WEBID_ALICE}>;`, + ` acl:accessTo <${target}>;`, + ` acl:default <${target}>;`, + ' acl:mode acl:Read, acl:Write, acl:Control.', + '' + ].join('\n') + if (accessToModes) { + str += [ + '<#bobAccessTo> a acl:Authorization;', + ` acl:agent <${WEBID_BOB}>;`, + ` acl:accessTo <${target}>;`, + ` acl:mode ${accessToModes}.`, + '' + ].join('\n') + } + if (defaultModes) { + str += [ + '<#bobDefault> a acl:Authorization;', + ` acl:agent <${WEBID_BOB}>;`, + ` acl:default <${target}>;`, + ` acl:mode ${defaultModes}.`, + '' + ].join('\n') + } + if (publicAccessToModes) { + str += [ + '<#bobAccessTo> a acl:Authorization;', + ` acl:agentClass foaf:Agent;`, + ` acl:accessTo <${target}>;`, + ` acl:mode ${accessToModes}.`, + '' + ].join('\n') + } + + if (publicDefaultModes) { + str += [ + '<#bobDefault> a acl:Authorization;', + ` acl:agentClass foaf:Agent;`, + ` acl:default <${target}>;`, + ` acl:mode ${defaultModes}.`, + '' + ].join('\n') + } + return str +} + +describe('From accessTo', () => { + let solidLogicAlice: SolidLogic; + let solidLogicBob: SolidLogic; + beforeAll(async () => { + solidLogicAlice = await getSolidLogicInstance('ALICE') + solidLogicBob = await getSolidLogicInstance('BOB') + }); + + const { testFolderUrl } = generateTestFolder('ALICE'); + beforeEach(async () => { + // FIXME: NSS ACL cache, + // wait for ACL cache to clear: + await new Promise(resolve => setTimeout(resolve, 20)); + }); + + afterEach(() => { + return solidLogicAlice.recursiveDelete(testFolderUrl); + }); + + describe('Public accessTo Read, Bob accessTo Write', () => { + beforeAll(async () => { + const containerUrl = `${testFolderUrl}publicReadBobWrite/`; + // This will do mkdir-p: + await solidLogicAlice.fetch(`${containerUrl}test.txt`, { + method: 'PUT', + body: 'hello', + headers: { + 'Content-Type': 'text/plain', + 'If-None-Match': '*' + } + }); + const aclDocUrl = await solidLogicAlice.findAclDocUrl(containerUrl); + await solidLogicAlice.fetch(aclDocUrl, { + method: 'PUT', + body: makeBody('acl:Write', null, 'acl:Read', null, containerUrl), + headers: { + 'Content-Type': 'text/turtle', + 'If-None-Match': '*' + } + }); + }); + it(`Shows the correct WAC-Allow header to Bob`, async () => { + const result = await solidLogicBob.fetch(`${testFolderUrl}accessToAppend/`); + expect(result.headers.get('WAC-Allow')).toEqual(''); + }); + it(`Shows the correct WAC-Allow header to the public`, async () => { + const result = await fetch(`${testFolderUrl}accessToAppend/`); + expect(result.headers.get('WAC-Allow')).toEqual(''); + }); + }); +}); From 41bff88d6c5fa8485d32b4883d701d78aa7bc98d Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Thu, 19 Nov 2020 10:55:55 +0100 Subject: [PATCH 2/3] Add from-default tests --- test/surface/wac-allow.test.ts | 60 +++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 4 deletions(-) diff --git a/test/surface/wac-allow.test.ts b/test/surface/wac-allow.test.ts index 42ce965..33ff525 100644 --- a/test/surface/wac-allow.test.ts +++ b/test/surface/wac-allow.test.ts @@ -76,7 +76,7 @@ describe('From accessTo', () => { return solidLogicAlice.recursiveDelete(testFolderUrl); }); - describe('Public accessTo Read, Bob accessTo Write', () => { + describe('Public accessTo Read+Append, Bob accessTo Write', () => { beforeAll(async () => { const containerUrl = `${testFolderUrl}publicReadBobWrite/`; // This will do mkdir-p: @@ -91,7 +91,7 @@ describe('From accessTo', () => { const aclDocUrl = await solidLogicAlice.findAclDocUrl(containerUrl); await solidLogicAlice.fetch(aclDocUrl, { method: 'PUT', - body: makeBody('acl:Write', null, 'acl:Read', null, containerUrl), + body: makeBody('acl:Write', null, 'acl:Read, acl:Append', null, containerUrl), headers: { 'Content-Type': 'text/turtle', 'If-None-Match': '*' @@ -100,11 +100,63 @@ describe('From accessTo', () => { }); it(`Shows the correct WAC-Allow header to Bob`, async () => { const result = await solidLogicBob.fetch(`${testFolderUrl}accessToAppend/`); - expect(result.headers.get('WAC-Allow')).toEqual(''); + expect(result.headers.get('WAC-Allow')).toEqual('user="write",public="read append"'); }); it(`Shows the correct WAC-Allow header to the public`, async () => { const result = await fetch(`${testFolderUrl}accessToAppend/`); - expect(result.headers.get('WAC-Allow')).toEqual(''); + expect(result.headers.get('WAC-Allow')).toEqual('user="write",public="read append"'); + }); + }); +}); + +describe('From default', () => { + let solidLogicAlice: SolidLogic; + let solidLogicBob: SolidLogic; + beforeAll(async () => { + solidLogicAlice = await getSolidLogicInstance('ALICE') + solidLogicBob = await getSolidLogicInstance('BOB') + }); + + const { testFolderUrl } = generateTestFolder('ALICE'); + beforeEach(async () => { + // FIXME: NSS ACL cache, + // wait for ACL cache to clear: + await new Promise(resolve => setTimeout(resolve, 20)); + }); + + afterEach(() => { + return solidLogicAlice.recursiveDelete(testFolderUrl); + }); + + describe('Public accessTo Read+Append, Bob accessTo Write', () => { + beforeAll(async () => { + const containerUrl = `${testFolderUrl}publicReadBobWrite/`; + // This will do mkdir-p: + await solidLogicAlice.fetch(`${containerUrl}test.txt`, { + method: 'PUT', + body: 'hello', + headers: { + 'Content-Type': 'text/plain', + 'If-None-Match': '*' + } + }); + const aclDocUrl = await solidLogicAlice.findAclDocUrl(containerUrl); + await solidLogicAlice.fetch(aclDocUrl, { + method: 'PUT', + body: makeBody(null, 'acl:Write', null, 'acl:Read, acl:Append', containerUrl), + headers: { + 'Content-Type': 'text/turtle', + 'If-None-Match': '*' + } + }); + }); + it(`Shows the correct WAC-Allow header to Bob`, async () => { + const result = await solidLogicBob.fetch(`${testFolderUrl}accessToAppend/test.txt`); + expect(result.headers.get('WAC-Allow')).toEqual('user="write",public="read append"'); + }); + it(`Shows the correct WAC-Allow header to the public`, async () => { + const result = await fetch(`${testFolderUrl}accessToAppend/test.txt`); + expect(result.headers.get('WAC-Allow')).toEqual('user="write",public="read append"'); }); }); }); From a6d9d3469d70641061242290f13dc66d01026ee2 Mon Sep 17 00:00:00 2001 From: Pete Edwards Date: Mon, 23 Nov 2020 21:03:54 +0000 Subject: [PATCH 3/3] Fix WAC-allow tests accounting for a user inheriting permissions from public --- test/surface/wac-allow.test.ts | 44 ++++++++++++++++++++++------------ 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/test/surface/wac-allow.test.ts b/test/surface/wac-allow.test.ts index 33ff525..2532b5f 100644 --- a/test/surface/wac-allow.test.ts +++ b/test/surface/wac-allow.test.ts @@ -1,11 +1,10 @@ +import fetch from 'node-fetch'; import { generateTestFolder, getSolidLogicInstance } from '../helpers/env'; import { SolidLogic } from '../../solid-logic-move-me'; const WEBID_ALICE = process.env.WEBID_ALICE; const WEBID_BOB = process.env.WEBID_BOB; -// jest.setTimeout(30000); - function makeBody(accessToModes: string, defaultModes: string, publicAccessToModes: string, publicDefaultModes: string, target: string) { let str = [ '@prefix acl: .', @@ -37,26 +36,41 @@ function makeBody(accessToModes: string, defaultModes: string, publicAccessToMod } if (publicAccessToModes) { str += [ - '<#bobAccessTo> a acl:Authorization;', + '<#publicAccessTo> a acl:Authorization;', ` acl:agentClass foaf:Agent;`, ` acl:accessTo <${target}>;`, - ` acl:mode ${accessToModes}.`, + ` acl:mode ${publicAccessToModes}.`, '' ].join('\n') } if (publicDefaultModes) { str += [ - '<#bobDefault> a acl:Authorization;', + '<#publicDefault> a acl:Authorization;', ` acl:agentClass foaf:Agent;`, ` acl:default <${target}>;`, - ` acl:mode ${defaultModes}.`, + ` acl:mode ${publicDefaultModes}.`, '' ].join('\n') } return str } +describe('For Alice\'s public folder', () => { + let solidLogicBob: SolidLogic; + beforeAll(async () => { + solidLogicBob = await getSolidLogicInstance('BOB') + }); + it(`Shows the correct WAC-Allow header for Bob's request`, async () => { + const result = await solidLogicBob.fetch(`https://server/public/`); + expect(result.headers.get('WAC-Allow')).toEqual('user="read",public="read"'); + }); + it(`Shows the correct WAC-Allow header for an unauthenticated request`, async () => { + const result = await fetch(`https://server/public/`); + expect(result.headers.get('WAC-Allow')).toEqual('user="read",public="read"'); + }); +}); + describe('From accessTo', () => { let solidLogicAlice: SolidLogic; let solidLogicBob: SolidLogic; @@ -99,12 +113,12 @@ describe('From accessTo', () => { }); }); it(`Shows the correct WAC-Allow header to Bob`, async () => { - const result = await solidLogicBob.fetch(`${testFolderUrl}accessToAppend/`); - expect(result.headers.get('WAC-Allow')).toEqual('user="write",public="read append"'); + const result = await solidLogicBob.fetch(`${testFolderUrl}publicReadBobWrite/`); + expect(result.headers.get('WAC-Allow')).toEqual('user="read write append",public="read append"'); }); it(`Shows the correct WAC-Allow header to the public`, async () => { - const result = await fetch(`${testFolderUrl}accessToAppend/`); - expect(result.headers.get('WAC-Allow')).toEqual('user="write",public="read append"'); + const result = await fetch(`${testFolderUrl}publicReadBobWrite/`); + expect(result.headers.get('WAC-Allow')).toEqual('user="read append",public="read append"'); }); }); }); @@ -116,7 +130,7 @@ describe('From default', () => { solidLogicAlice = await getSolidLogicInstance('ALICE') solidLogicBob = await getSolidLogicInstance('BOB') }); - + const { testFolderUrl } = generateTestFolder('ALICE'); beforeEach(async () => { // FIXME: NSS ACL cache, @@ -151,12 +165,12 @@ describe('From default', () => { }); }); it(`Shows the correct WAC-Allow header to Bob`, async () => { - const result = await solidLogicBob.fetch(`${testFolderUrl}accessToAppend/test.txt`); - expect(result.headers.get('WAC-Allow')).toEqual('user="write",public="read append"'); + const result = await solidLogicBob.fetch(`${testFolderUrl}publicReadBobWrite/test.txt`); + expect(result.headers.get('WAC-Allow')).toEqual('user="read write append",public="read append"'); }); it(`Shows the correct WAC-Allow header to the public`, async () => { - const result = await fetch(`${testFolderUrl}accessToAppend/test.txt`); - expect(result.headers.get('WAC-Allow')).toEqual('user="write",public="read append"'); + const result = await fetch(`${testFolderUrl}publicReadBobWrite/test.txt`); + expect(result.headers.get('WAC-Allow')).toEqual('user="read append",public="read append"'); }); }); });