diff --git a/src/authentication/Credentials.ts b/src/authentication/Credentials.ts index 284067871..826af0cda 100644 --- a/src/authentication/Credentials.ts +++ b/src/authentication/Credentials.ts @@ -5,4 +5,5 @@ export type Credentials = { agent?: { webId: string }; client?: { clientId: string }; issuer?: { url: string }; + [key: string]: unknown; }; diff --git a/src/authorization/Authorizer.ts b/src/authorization/Authorizer.ts index 161f249f4..4c32df1c4 100644 --- a/src/authorization/Authorizer.ts +++ b/src/authorization/Authorizer.ts @@ -18,7 +18,7 @@ export interface AuthorizerInput { } /** - * Verifies if the credentials provide access with the given permissions on the resource. - * An {@link Error} with the necessary explanation will be thrown when permissions are not granted. + * Verifies whether the credentials provide access with the given permissions on the resource. + * An {@link Error} with the necessary explanation will be thrown if permissions are not granted. */ export abstract class Authorizer extends AsyncHandler {} diff --git a/src/authorization/PermissionBasedAuthorizer.ts b/src/authorization/PermissionBasedAuthorizer.ts index 1294df5d4..a48c9d305 100644 --- a/src/authorization/PermissionBasedAuthorizer.ts +++ b/src/authorization/PermissionBasedAuthorizer.ts @@ -13,7 +13,7 @@ import { AccessMode } from './permissions/Permissions'; /** * Authorizer that bases its decision on the output it gets from its PermissionReader. * For each permission it checks if the reader allows that for at least one credential type, - * if yes authorization is granted. + * if yes, authorization is granted. * `undefined` values for reader results are interpreted as `false`. */ export class PermissionBasedAuthorizer extends Authorizer { @@ -37,7 +37,9 @@ export class PermissionBasedAuthorizer extends Authorizer { // Ensure all required modes are within the agent's permissions. for (const [ identifier, modes ] of requestedModes.entrySets()) { const modeString = [ ...modes ].join(','); - this.logger.debug(`Checking if ${credentials.agent?.webId} has ${modeString} permissions for ${identifier.path}`); + this.logger.debug( + `Checking if ${JSON.stringify(credentials)} has ${modeString} permissions for ${identifier.path}`, + ); const permissionSet = availablePermissions.get(identifier) ?? {}; for (const mode of modes) { try { @@ -82,7 +84,7 @@ export class PermissionBasedAuthorizer extends Authorizer { private requireModePermission(credentials: Credentials, permissionSet: PermissionSet, mode: AccessMode): void { if (!permissionSet[mode]) { if (this.isAuthenticated(credentials)) { - this.logger.warn(`Agent ${credentials.agent!.webId} has no ${mode} permissions`); + this.logger.warn(`Agent ${JSON.stringify(credentials)} has no ${mode} permissions`); throw new ForbiddenHttpError(); } else { // Solid, ยง2.1: "When a client does not provide valid credentials when requesting a resource that requires it, @@ -99,6 +101,6 @@ export class PermissionBasedAuthorizer extends Authorizer { * @param credentials - Credentials to check. */ private isAuthenticated(credentials: Credentials): boolean { - return typeof credentials.agent?.webId === 'string'; + return Object.values(credentials).some((cred): boolean => cred !== undefined); } } diff --git a/src/authorization/PermissionReader.ts b/src/authorization/PermissionReader.ts index cccb3ace3..552a211de 100644 --- a/src/authorization/PermissionReader.ts +++ b/src/authorization/PermissionReader.ts @@ -16,7 +16,7 @@ export interface PermissionReaderInput { /** * Discovers the permissions of the given credentials on the given identifier. - * In case the reader finds no permission for the requested identifiers and credentials + * If the reader finds no permission for the requested identifiers and credentials, * it can return an empty or incomplete map. */ export abstract class PermissionReader extends AsyncHandler {}