Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Introduce debugging OwnershipValidator

Browse Source
This commit is contained in:
Joachim Van Herwegen 2021-05-28 09:54:46 +02:00
parent 998d2f49e1
commit 6214e0c537
20 changed files with 86 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/default.json
View File

@ -5,8 +5,9 @@
"files-scs:config/http/middleware/websockets.json",
"files-scs:config/http/server-factory/websockets.json",
"files-scs:config/http/static/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/email/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/ownership/token.json",
"files-scs:config/init/handler/default.json",
"files-scs:config/ldp/authentication/dpop-bearer.json",
"files-scs:config/ldp/authorization/webacl.json",

3
config/dynamic.json
View File

@ -5,8 +5,9 @@
"files-scs:config/http/middleware/websockets.json",
"files-scs:config/http/server-factory/websockets.json",
"files-scs:config/http/static/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/email/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/ownership/token.json",
"files-scs:config/init/handler/default.json",
"files-scs:config/ldp/authentication/dpop-bearer.json",
"files-scs:config/ldp/authorization/webacl.json",

3
config/example-https-file.json
View File

@ -5,8 +5,9 @@
"files-scs:config/http/middleware/websockets.json",
"files-scs:config/http/static/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/email/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/ownership/token.json",
"files-scs:config/init/handler/default.json",
"files-scs:config/ldp/authentication/dpop-bearer.json",
"files-scs:config/ldp/authorization/webacl.json",

3
config/file.json
View File

@ -5,8 +5,9 @@
"files-scs:config/http/middleware/websockets.json",
"files-scs:config/http/server-factory/websockets.json",
"files-scs:config/http/static/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/email/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/ownership/token.json",
"files-scs:config/init/handler/default.json",
"files-scs:config/ldp/authentication/dpop-bearer.json",
"files-scs:config/ldp/authorization/webacl.json",

2
config/http/README.md
View File

@ -4,7 +4,7 @@ Options related to the base support of HTTP requests by the server.
## Handler
Sets up all the handlers a request will potentially pass through.
* *default*: The full setup, that is middleware + static files + pod creation + IDP + LDP.
* *simple*: A simpler setup that only supports the base solid features. Has no pod creation or IDP.
* *simple*: A simpler setup in which the IDP is disabled.
## Middleware
A set of handlers that will always be run on all requests to add some metadata

5
config/identity/README.md
View File

@ -12,3 +12,8 @@ Necessary for sending e-mail when using IDP.
Contains everything needed for setting up the Identity Provider.
* *default*: As of writing there is not much customization possible.
This contains everything needed.
## Ownership
Which technique to use to determine if a requesting agent owns a WebID.
* *token*: A token needs to added to the WebID to prove ownership.
* *unsafe-no-check*: No verification is done, the agent is always believed.

11
config/identity/ownership/token.json Normal file
View File

@ -0,0 +1,11 @@
{
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^0.0.0/components/context.jsonld",
"@graph": [
{
"comment": "Determines WebID ownership by requesting a specific value to be added to the WebID document",
"@id": "urn:solid-server:auth:password:OwnershipValidator",
"@type": "TokenOwnershipValidator",
"storage": { "@id": "urn:solid-server:default:ExpiringIdpStorage" }
}
]
}

13
config/identity/ownership/unsafe-no-check.json Normal file
View File

@ -0,0 +1,13 @@
{
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^0.0.0/components/context.jsonld",
"@graph": [
{
"comment": [
"DO NOT USE IN PRODUCTION. ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
"Do no verification to determine WebID ownership."
],
"@id": "urn:solid-server:auth:password:OwnershipValidator",
"@type": "NoCheckOwnershipValidator"
}
]
}

2
config/ldp/authentication/debug-auth-header.json
View File

@ -3,7 +3,7 @@
"@graph": [
{
"comment": [
"DO NOT USE IN PRODUCTION, ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
"DO NOT USE IN PRODUCTION. ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
"Supports authentication headers such as `Authentication: WebID http://test.com/card#me`"
],
"@id": "urn:solid-server:default:CredentialsExtractor",

2
config/ldp/authentication/debug-test-agent.json
View File

@ -3,7 +3,7 @@
"@graph": [
{
"comment": [
"DO NOT USE IN PRODUCTION, ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
"DO NOT USE IN PRODUCTION. ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
"This extractor always sets the credentials to the fixed value."
],
"@id": "urn:solid-server:default:CredentialsExtractor",

2
config/ldp/authorization/allow-everything.json
View File

@ -3,7 +3,7 @@
"@graph": [
{
"comment": [
"DO NOT USE IN PRODUCTION, ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
"DO NOT USE IN PRODUCTION. ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
"Always allows all operations."
],
"@id": "urn:solid-server:default:Authorizer",

3
config/memory-subdomains.json
View File

@ -5,8 +5,9 @@
"files-scs:config/http/middleware/websockets.json",
"files-scs:config/http/server-factory/websockets.json",
"files-scs:config/http/static/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/email/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/ownership/token.json",
"files-scs:config/init/handler/default.json",
"files-scs:config/ldp/authentication/dpop-bearer.json",
"files-scs:config/ldp/authorization/webacl.json",

3
config/path-routing.json
View File

@ -5,8 +5,9 @@
"files-scs:config/http/middleware/websockets.json",
"files-scs:config/http/server-factory/websockets.json",
"files-scs:config/http/static/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/email/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/ownership/token.json",
"files-scs:config/init/handler/default.json",
"files-scs:config/ldp/authentication/dpop-bearer.json",
"files-scs:config/ldp/authorization/webacl.json",

3
config/sparql-endpoint.json
View File

@ -5,8 +5,9 @@
"files-scs:config/http/middleware/websockets.json",
"files-scs:config/http/server-factory/websockets.json",
"files-scs:config/http/static/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/email/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/ownership/token.json",
"files-scs:config/init/handler/default.json",
"files-scs:config/ldp/authentication/dpop-bearer.json",
"files-scs:config/ldp/authorization/webacl.json",

14
src/identity/ownership/NoCheckOwnershipValidator.ts Normal file
View File

@ -0,0 +1,14 @@
import { getLoggerFor } from '../../logging/LogUtil';
import { OwnershipValidator } from './OwnershipValidator';
/**
* Does not do any checks to verify if the agent doing the request is actually the owner of the WebID.
* This should only be used for debugging.
*/
export class NoCheckOwnershipValidator extends OwnershipValidator {
protected readonly logger = getLoggerFor(this);
public async handle({ webId }: { webId: string }): Promise<void> {
this.logger.info(`Agent unsecurely claims to own ${webId}`);
}
}

2
src/identity/interaction/util/OwnershipValidator.ts → src/identity/ownership/OwnershipValidator.ts
View File

@ -1,4 +1,4 @@
import { AsyncHandler } from '../../../util/handlers/AsyncHandler';
import { AsyncHandler } from '../../util/handlers/AsyncHandler';
/**
* A class that validates if a someone owns a WebId.

13
src/identity/interaction/util/TokenOwnershipValidator.ts → src/identity/ownership/TokenOwnershipValidator.ts
View File

@ -1,10 +1,10 @@
import { DataFactory } from 'n3';
import { v4 } from 'uuid';
import { getLoggerFor } from '../../../logging/LogUtil';
import type { ExpiringStorage } from '../../../storage/keyvalue/ExpiringStorage';
import { BadRequestHttpError } from '../../../util/errors/BadRequestHttpError';
import { SOLID } from '../../../util/Vocabularies';
import { fetchDataset } from '../../util/FetchUtil';
import { getLoggerFor } from '../../logging/LogUtil';
import type { ExpiringStorage } from '../../storage/keyvalue/ExpiringStorage';
import { BadRequestHttpError } from '../../util/errors/BadRequestHttpError';
import { SOLID } from '../../util/Vocabularies';
import { fetchDataset } from '../util/FetchUtil';
import { OwnershipValidator } from './OwnershipValidator';
const { literal, namedNode, quad } = DataFactory;
@ -42,6 +42,7 @@ export class TokenOwnershipValidator extends OwnershipValidator {
if (!dataset.has(expectedQuad)) {
this.throwError(webId, token);
}
this.logger.debug(`Verified ownership of ${webId}`);
await this.storage.delete(key);
}
@ -66,7 +67,7 @@ export class TokenOwnershipValidator extends OwnershipValidator {
this.logger.debug(`Missing verification token at ${webId}`);
const errorMessage = [
`<${webId}> <${SOLID.terms.oidcIssuerRegistrationToken.value}> "${token}" .`,
'Must be added to the WebId',
'Must be added to the WebId. This can be removed after registration.',
].join('\n');
throw new BadRequestHttpError(errorMessage);
}

1
test/integration/config/server-memory.json
View File

@ -6,6 +6,7 @@
"files-scs:config/http/server-factory/websockets.json",
"files-scs:config/http/static/default.json",
"files-scs:config/identity/handler/default.json",
"files-scs:config/identity/ownership/token.json",
"files-scs:config/init/handler/default.json",
"files-scs:config/ldp/authentication/dpop-bearer.json",
"files-scs:config/ldp/authorization/webacl.json",

13
test/unit/identity/ownership/NoCheckOwnershipValidator.test.ts Normal file
View File

@ -0,0 +1,13 @@
import { NoCheckOwnershipValidator } from '../../../../src/identity/ownership/NoCheckOwnershipValidator';
describe('A NoCheckOwnershipValidator', (): void => {
const validator = new NoCheckOwnershipValidator();
it('can handle everything.', async(): Promise<void> => {
await expect(validator.canHandle({ webId: 'http://test.com/alice/#me' })).resolves.toBeUndefined();
});
it('believes everything.', async(): Promise<void> => {
await expect(validator.handle({ webId: 'http://test.com/alice/#me' })).resolves.toBeUndefined();
});
});

6
test/unit/identity/interaction/util/TokenOwnershipValidator.test.ts → test/unit/identity/ownership/TokenOwnershipValidator.test.ts
View File

@ -4,9 +4,9 @@ import { DataFactory } from 'n3';
import type { Quad } from 'n3';
import type { DatasetCore } from 'rdf-js';
import { v4 } from 'uuid';
import { TokenOwnershipValidator } from '../../../../../src/identity/interaction/util/TokenOwnershipValidator';
import type { ExpiringStorage } from '../../../../../src/storage/keyvalue/ExpiringStorage';
import { SOLID } from '../../../../../src/util/Vocabularies';
import { TokenOwnershipValidator } from '../../../../src/identity/ownership/TokenOwnershipValidator';
import type { ExpiringStorage } from '../../../../src/storage/keyvalue/ExpiringStorage';
import { SOLID } from '../../../../src/util/Vocabularies';
const { literal, namedNode, quad } = DataFactory;
jest.mock('@rdfjs/fetch');