mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
feat: Integrate acl with rest of server
This commit is contained in:
Joachim Van Herwegen
@@ -1,5 +0,0 @@
|
||||
describe('A basic test', (): void => {
|
||||
it('to have something pass.', async(): Promise<void> => {
|
||||
expect(true).toBeTruthy();
|
||||
});
|
||||
});
|
||||
@@ -1,11 +1,10 @@
|
||||
import { AcceptPreferenceParser } from '../../src/ldp/http/AcceptPreferenceParser';
|
||||
import { AuthenticatedLdpHandler } from '../../src/ldp/AuthenticatedLdpHandler';
|
||||
import { BodyParser } from '../../src/ldp/http/BodyParser';
|
||||
import { call } from '../util/Util';
|
||||
import { CompositeAsyncHandler } from '../../src/util/CompositeAsyncHandler';
|
||||
import { EventEmitter } from 'events';
|
||||
import { HttpHandler } from '../../src/server/HttpHandler';
|
||||
import { HttpRequest } from '../../src/server/HttpRequest';
|
||||
import { IncomingHttpHeaders } from 'http';
|
||||
import { MockResponse } from 'node-mocks-http';
|
||||
import { Operation } from '../../src/ldp/operations/Operation';
|
||||
import { Parser } from 'n3';
|
||||
import { PatchingStore } from '../../src/storage/PatchingStore';
|
||||
@@ -28,35 +27,11 @@ import { SimpleSparqlUpdateBodyParser } from '../../src/ldp/http/SimpleSparqlUpd
|
||||
import { SimpleSparqlUpdatePatchHandler } from '../../src/storage/patch/SimpleSparqlUpdatePatchHandler';
|
||||
import { SimpleTargetExtractor } from '../../src/ldp/http/SimpleTargetExtractor';
|
||||
import { SingleThreadedResourceLocker } from '../../src/storage/SingleThreadedResourceLocker';
|
||||
import streamifyArray from 'streamify-array';
|
||||
import { TurtleToQuadConverter } from '../../src/storage/conversion/TurtleToQuadConverter';
|
||||
import { createResponse, MockResponse } from 'node-mocks-http';
|
||||
import { namedNode, quad } from '@rdfjs/data-model';
|
||||
import * as url from 'url';
|
||||
|
||||
const call = async(handler: HttpHandler, requestUrl: url.URL, method: string,
|
||||
headers: IncomingHttpHeaders, data: string[]): Promise<MockResponse<any>> => {
|
||||
const request = streamifyArray(data) as HttpRequest;
|
||||
request.url = requestUrl.pathname;
|
||||
request.method = method;
|
||||
request.headers = headers;
|
||||
request.headers.host = requestUrl.host;
|
||||
const response: MockResponse<any> = createResponse({ eventEmitter: EventEmitter });
|
||||
|
||||
const endPromise = new Promise((resolve): void => {
|
||||
response.on('end', (): void => {
|
||||
expect(response._isEndCalled()).toBeTruthy();
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
|
||||
await handler.handleSafe({ request, response });
|
||||
await endPromise;
|
||||
|
||||
return response;
|
||||
};
|
||||
|
||||
describe('An AuthenticatedLdpHandler', (): void => {
|
||||
describe('An integrated AuthenticatedLdpHandler', (): void => {
|
||||
describe('with simple handlers', (): void => {
|
||||
const requestParser = new SimpleRequestParser({
|
||||
targetExtractor: new SimpleTargetExtractor(),
|
||||
@@ -88,7 +63,7 @@ describe('An AuthenticatedLdpHandler', (): void => {
|
||||
|
||||
it('can add, read and delete data based on incoming requests.', async(): Promise<void> => {
|
||||
// POST
|
||||
let requestUrl = new url.URL('http://test.com/');
|
||||
let requestUrl = new URL('http://test.com/');
|
||||
let response: MockResponse<any> = await call(
|
||||
handler,
|
||||
requestUrl,
|
||||
@@ -102,7 +77,7 @@ describe('An AuthenticatedLdpHandler', (): void => {
|
||||
expect(id).toContain(url.format(requestUrl));
|
||||
|
||||
// GET
|
||||
requestUrl = new url.URL(id);
|
||||
requestUrl = new URL(id);
|
||||
response = await call(handler, requestUrl, 'GET', { accept: 'text/turtle' }, []);
|
||||
expect(response.statusCode).toBe(200);
|
||||
expect(response._getData()).toContain('<http://test.com/s> <http://test.com/p> <http://test.com/o>.');
|
||||
@@ -166,7 +141,7 @@ describe('An AuthenticatedLdpHandler', (): void => {
|
||||
|
||||
it('can handle simple SPARQL updates.', async(): Promise<void> => {
|
||||
// POST
|
||||
let requestUrl = new url.URL('http://test.com/');
|
||||
let requestUrl = new URL('http://test.com/');
|
||||
let response: MockResponse<any> = await call(
|
||||
handler,
|
||||
requestUrl,
|
||||
@@ -181,7 +156,7 @@ describe('An AuthenticatedLdpHandler', (): void => {
|
||||
expect(id).toContain(url.format(requestUrl));
|
||||
|
||||
// PATCH
|
||||
requestUrl = new url.URL(id);
|
||||
requestUrl = new URL(id);
|
||||
response = await call(
|
||||
handler,
|
||||
requestUrl,
|
||||
@@ -196,7 +171,7 @@ describe('An AuthenticatedLdpHandler', (): void => {
|
||||
expect(response._getHeaders().location).toBe(id);
|
||||
|
||||
// GET
|
||||
requestUrl = new url.URL(id);
|
||||
requestUrl = new URL(id);
|
||||
response = await call(handler, requestUrl, 'GET', { accept: 'text/turtle' }, []);
|
||||
expect(response.statusCode).toBe(200);
|
||||
expect(response._getData()).toContain('<http://test.com/s2> <http://test.com/p2> <http://test.com/o2>.');
|
||||
|
||||
181
test/integration/Authorization.test.ts
Normal file
181
test/integration/Authorization.test.ts
Normal file
@@ -0,0 +1,181 @@
|
||||
import { AcceptPreferenceParser } from '../../src/ldp/http/AcceptPreferenceParser';
|
||||
import { AuthenticatedLdpHandler } from '../../src/ldp/AuthenticatedLdpHandler';
|
||||
import { BodyParser } from '../../src/ldp/http/BodyParser';
|
||||
import { call } from '../util/Util';
|
||||
import { CompositeAsyncHandler } from '../../src/util/CompositeAsyncHandler';
|
||||
import { DATA_TYPE_BINARY } from '../../src/util/ContentTypes';
|
||||
import { MockResponse } from 'node-mocks-http';
|
||||
import { Operation } from '../../src/ldp/operations/Operation';
|
||||
import { PermissionSet } from '../../src/ldp/permissions/PermissionSet';
|
||||
import { QuadToTurtleConverter } from '../../src/storage/conversion/QuadToTurtleConverter';
|
||||
import { RepresentationConvertingStore } from '../../src/storage/RepresentationConvertingStore';
|
||||
import { ResourceStore } from '../../src/storage/ResourceStore';
|
||||
import { ResponseDescription } from '../../src/ldp/operations/ResponseDescription';
|
||||
import { SimpleAclAuthorizer } from '../../src/authorization/SimpleAclAuthorizer';
|
||||
import { SimpleBodyParser } from '../../src/ldp/http/SimpleBodyParser';
|
||||
import { SimpleCredentialsExtractor } from '../../src/authentication/SimpleCredentialsExtractor';
|
||||
import { SimpleDeleteOperationHandler } from '../../src/ldp/operations/SimpleDeleteOperationHandler';
|
||||
import { SimpleExtensionAclManager } from '../../src/authorization/SimpleExtensionAclManager';
|
||||
import { SimpleGetOperationHandler } from '../../src/ldp/operations/SimpleGetOperationHandler';
|
||||
import { SimplePermissionsExtractor } from '../../src/ldp/permissions/SimplePermissionsExtractor';
|
||||
import { SimplePostOperationHandler } from '../../src/ldp/operations/SimplePostOperationHandler';
|
||||
import { SimplePutOperationHandler } from '../../src/ldp/operations/SimplePutOperationHandler';
|
||||
import { SimpleRequestParser } from '../../src/ldp/http/SimpleRequestParser';
|
||||
import { SimpleResourceStore } from '../../src/storage/SimpleResourceStore';
|
||||
import { SimpleResponseWriter } from '../../src/ldp/http/SimpleResponseWriter';
|
||||
import { SimpleTargetExtractor } from '../../src/ldp/http/SimpleTargetExtractor';
|
||||
import streamifyArray from 'streamify-array';
|
||||
import { TurtleToQuadConverter } from '../../src/storage/conversion/TurtleToQuadConverter';
|
||||
import { UrlContainerManager } from '../../src/storage/UrlContainerManager';
|
||||
|
||||
const setAcl = async(store: ResourceStore, id: string, permissions: PermissionSet, control: boolean,
|
||||
access: boolean, def: boolean, agent?: string, agentClass?: 'agent' | 'authenticated'): Promise<void> => {
|
||||
const acl: string[] = [
|
||||
'@prefix acl: <http://www.w3.org/ns/auth/acl#>.\n',
|
||||
'@prefix foaf: <http://xmlns.com/foaf/0.1/>.\n',
|
||||
'<http://test.com/#auth> a acl:Authorization',
|
||||
];
|
||||
|
||||
for (const perm of [ 'Read', 'Append', 'Write', 'Delete' ]) {
|
||||
if (permissions[perm.toLowerCase() as keyof PermissionSet]) {
|
||||
acl.push(`;\n acl:mode acl:${perm}`);
|
||||
}
|
||||
}
|
||||
if (control) {
|
||||
acl.push(';\n acl:mode acl:Control');
|
||||
}
|
||||
if (access) {
|
||||
acl.push(`;\n acl:accessTo <${id}>`);
|
||||
}
|
||||
if (def) {
|
||||
acl.push(`;\n acl:default <${id}>`);
|
||||
}
|
||||
if (agent) {
|
||||
acl.push(`;\n acl:agent <${agent}>`);
|
||||
}
|
||||
if (agentClass) {
|
||||
acl.push(`;\n acl:agentClass ${agentClass === 'agent' ? 'foaf:Agent' : 'foaf:AuthenticatedAgent'}`);
|
||||
}
|
||||
|
||||
acl.push('.');
|
||||
|
||||
const representation = {
|
||||
data: streamifyArray(acl),
|
||||
dataType: DATA_TYPE_BINARY,
|
||||
metadata: {
|
||||
raw: [],
|
||||
profiles: [],
|
||||
contentType: 'text/turtle',
|
||||
},
|
||||
};
|
||||
|
||||
return store.setRepresentation({ path: `${id}.acl` }, representation);
|
||||
};
|
||||
|
||||
describe('A server with authorization', (): void => {
|
||||
const bodyParser: BodyParser = new SimpleBodyParser();
|
||||
const requestParser = new SimpleRequestParser({
|
||||
targetExtractor: new SimpleTargetExtractor(),
|
||||
preferenceParser: new AcceptPreferenceParser(),
|
||||
bodyParser,
|
||||
});
|
||||
|
||||
const store = new SimpleResourceStore('http://test.com/');
|
||||
const converter = new CompositeAsyncHandler([
|
||||
new QuadToTurtleConverter(),
|
||||
new TurtleToQuadConverter(),
|
||||
]);
|
||||
const convertingStore = new RepresentationConvertingStore(store, converter);
|
||||
|
||||
const credentialsExtractor = new SimpleCredentialsExtractor();
|
||||
const permissionsExtractor = new SimplePermissionsExtractor();
|
||||
const authorizer = new SimpleAclAuthorizer(
|
||||
new SimpleExtensionAclManager(),
|
||||
new UrlContainerManager('http://test.com/'),
|
||||
convertingStore,
|
||||
);
|
||||
|
||||
const operationHandler = new CompositeAsyncHandler<Operation, ResponseDescription>([
|
||||
new SimpleGetOperationHandler(convertingStore),
|
||||
new SimplePostOperationHandler(convertingStore),
|
||||
new SimpleDeleteOperationHandler(convertingStore),
|
||||
new SimplePutOperationHandler(convertingStore),
|
||||
]);
|
||||
|
||||
const responseWriter = new SimpleResponseWriter();
|
||||
|
||||
const handler = new AuthenticatedLdpHandler({
|
||||
requestParser,
|
||||
credentialsExtractor,
|
||||
permissionsExtractor,
|
||||
authorizer,
|
||||
operationHandler,
|
||||
responseWriter,
|
||||
});
|
||||
|
||||
it('can create new entries.', async(): Promise<void> => {
|
||||
await setAcl(convertingStore,
|
||||
'http://test.com/',
|
||||
{ read: true, write: true, append: true },
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
undefined,
|
||||
'agent');
|
||||
|
||||
// POST
|
||||
let requestUrl = new URL('http://test.com/');
|
||||
let response: MockResponse<any> = await call(
|
||||
handler,
|
||||
requestUrl,
|
||||
'POST',
|
||||
{ 'content-type': 'text/turtle' },
|
||||
[ '<http://test.com/s> <http://test.com/p> <http://test.com/o>.' ],
|
||||
);
|
||||
expect(response.statusCode).toBe(200);
|
||||
|
||||
// PUT
|
||||
requestUrl = new URL('http://test.com/foo/bar');
|
||||
response = await call(
|
||||
handler,
|
||||
requestUrl,
|
||||
'PUT',
|
||||
{ 'content-type': 'text/turtle' },
|
||||
[ '<http://test.com/s> <http://test.com/p> <http://test.com/o>.' ],
|
||||
);
|
||||
expect(response.statusCode).toBe(200);
|
||||
});
|
||||
|
||||
it('can not create new entries if not allowed.', async(): Promise<void> => {
|
||||
await setAcl(convertingStore,
|
||||
'http://test.com/',
|
||||
{ read: true, write: true, append: true },
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
undefined,
|
||||
'authenticated');
|
||||
|
||||
// POST
|
||||
let requestUrl = new URL('http://test.com/');
|
||||
let response: MockResponse<any> = await call(
|
||||
handler,
|
||||
requestUrl,
|
||||
'POST',
|
||||
{ 'content-type': 'text/turtle' },
|
||||
[ '<http://test.com/s> <http://test.com/p> <http://test.com/o>.' ],
|
||||
);
|
||||
expect(response.statusCode).toBe(401);
|
||||
|
||||
// PUT
|
||||
requestUrl = new URL('http://test.com/foo/bar');
|
||||
response = await call(
|
||||
handler,
|
||||
requestUrl,
|
||||
'PUT',
|
||||
{ 'content-type': 'text/turtle' },
|
||||
[ '<http://test.com/s> <http://test.com/p> <http://test.com/o>.' ],
|
||||
);
|
||||
expect(response.statusCode).toBe(401);
|
||||
});
|
||||
});
|
||||
@@ -81,6 +81,10 @@ describe('ExpressHttpServer', (): void => {
|
||||
handler.handle = async(): Promise<void> => {
|
||||
throw new Error('dummyError');
|
||||
};
|
||||
|
||||
// Prevent test from writing to stderr
|
||||
jest.spyOn(process.stderr, 'write').mockImplementation((): boolean => true);
|
||||
|
||||
const res = await request(server).get('/').expect(500);
|
||||
expect(res.text).toContain('dummyError');
|
||||
});
|
||||
|
||||
28
test/util/Util.ts
Normal file
28
test/util/Util.ts
Normal file
@@ -0,0 +1,28 @@
|
||||
import { EventEmitter } from 'events';
|
||||
import { HttpHandler } from '../../src/server/HttpHandler';
|
||||
import { HttpRequest } from '../../src/server/HttpRequest';
|
||||
import { IncomingHttpHeaders } from 'http';
|
||||
import streamifyArray from 'streamify-array';
|
||||
import { createResponse, MockResponse } from 'node-mocks-http';
|
||||
|
||||
export const call = async(handler: HttpHandler, requestUrl: URL, method: string,
|
||||
headers: IncomingHttpHeaders, data: string[]): Promise<MockResponse<any>> => {
|
||||
const request = streamifyArray(data) as HttpRequest;
|
||||
request.url = requestUrl.pathname;
|
||||
request.method = method;
|
||||
request.headers = headers;
|
||||
request.headers.host = requestUrl.host;
|
||||
const response: MockResponse<any> = createResponse({ eventEmitter: EventEmitter });
|
||||
|
||||
const endPromise = new Promise((resolve): void => {
|
||||
response.on('end', (): void => {
|
||||
expect(response._isEndCalled()).toBeTruthy();
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
|
||||
await handler.handleSafe({ request, response });
|
||||
await endPromise;
|
||||
|
||||
return response;
|
||||
};
|
||||
Reference in New Issue
Block a user