Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Let CredentialsExtractors specify what type of Credentials they generate

Browse Source
This commit is contained in:
Joachim Van Herwegen
2021-09-17 11:17:43 +02:00
parent 34a44d1636
commit c3fa74de78
21 changed files with 115 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/unit/authentication/BearerWebIdExtractor.test.ts
View File

@@ -1,5 +1,6 @@
import { createSolidTokenVerifier } from '@solid/access-token-verifier';
import { BearerWebIdExtractor } from '../../../src/authentication/BearerWebIdExtractor';
import { CredentialGroup } from '../../../src/authentication/Credentials';
import type { HttpRequest } from '../../../src/server/HttpRequest';
import { BadRequestHttpError } from '../../../src/util/errors/BadRequestHttpError';
import { NotImplementedHttpError } from '../../../src/util/errors/NotImplementedHttpError';
@@ -57,7 +58,7 @@ describe('A BearerWebIdExtractor', (): void => {
it('returns the extracted WebID.', async(): Promise<void> => {
const result = webIdExtractor.handleSafe(request);
await expect(result).resolves.toEqual({ webId: 'http://alice.example/card#me' });
await expect(result).resolves.toEqual({ [CredentialGroup.agent]: { webId: 'http://alice.example/card#me' }});
});
});

3
test/unit/authentication/DPoPWebIdExtractor.test.ts
View File

@@ -1,4 +1,5 @@
import { createSolidTokenVerifier } from '@solid/access-token-verifier';
import { CredentialGroup } from '../../../src/authentication/Credentials';
import { DPoPWebIdExtractor } from '../../../src/authentication/DPoPWebIdExtractor';
import type { HttpRequest } from '../../../src/server/HttpRequest';
import { BadRequestHttpError } from '../../../src/util/errors/BadRequestHttpError';
@@ -85,7 +86,7 @@ describe('A DPoPWebIdExtractor', (): void => {
it('returns the extracted WebID.', async(): Promise<void> => {
const result = webIdExtractor.handleSafe(request);
await expect(result).resolves.toEqual({ webId: 'http://alice.example/card#me' });
await expect(result).resolves.toEqual({ [CredentialGroup.agent]: { webId: 'http://alice.example/card#me' }});
});
});

3
test/unit/authentication/EmptyCredentialsExtractor.test.ts
View File

@@ -1,3 +1,4 @@
import { CredentialGroup } from '../../../src/authentication/Credentials';
import { EmptyCredentialsExtractor } from '../../../src/authentication/EmptyCredentialsExtractor';
import type { HttpRequest } from '../../../src/server/HttpRequest';
import { NotImplementedHttpError } from '../../../src/util/errors/NotImplementedHttpError';
@@ -15,6 +16,6 @@ describe('An EmptyCredentialsExtractor', (): void => {
it('returns the empty credentials.', async(): Promise<void> => {
const headers = {};
const result = extractor.handleSafe({ headers } as HttpRequest);
await expect(result).resolves.toEqual({});
await expect(result).resolves.toEqual({ [CredentialGroup.public]: {}});
});
});

5
test/unit/authentication/UnsecureConstantCredentialsExtractor.test.ts
View File

@@ -1,15 +1,16 @@
import { CredentialGroup } from '../../../src/authentication/Credentials';
import { UnsecureConstantCredentialsExtractor } from '../../../src/authentication/UnsecureConstantCredentialsExtractor';
describe('An UnsecureConstantCredentialsExtractor', (): void => {
it('extracts a constant WebID.', async(): Promise<void> => {
const agent = 'http://alice.example/card#me';
const extractor = new UnsecureConstantCredentialsExtractor(agent);
await expect(extractor.handle()).resolves.toEqual({ webId: agent });
await expect(extractor.handle()).resolves.toEqual({ [CredentialGroup.agent]: { webId: agent }});
});
it('extracts constant credentials.', async(): Promise<void> => {
const agent = {};
const extractor = new UnsecureConstantCredentialsExtractor(agent);
await expect(extractor.handle()).resolves.toBe(agent);
await expect(extractor.handle()).resolves.toEqual({ [CredentialGroup.agent]: agent });
});
});

3
test/unit/authentication/UnsecureWebIdExtractor.test.ts
View File

@@ -1,3 +1,4 @@
import { CredentialGroup } from '../../../src/authentication/Credentials';
import { UnsecureWebIdExtractor } from '../../../src/authentication/UnsecureWebIdExtractor';
import type { HttpRequest } from '../../../src/server/HttpRequest';
import { NotImplementedHttpError } from '../../../src/util/errors/NotImplementedHttpError';
@@ -22,6 +23,6 @@ describe('An UnsecureWebIdExtractor', (): void => {
it('returns the authorization header as WebID if there is one.', async(): Promise<void> => {
const headers = { authorization: 'WebID http://alice.example/card#me' };
const result = extractor.handleSafe({ headers } as HttpRequest);
await expect(result).resolves.toEqual({ webId: 'http://alice.example/card#me' });
await expect(result).resolves.toEqual({ [CredentialGroup.agent]: { webId: 'http://alice.example/card#me' }});
});
});

6
test/unit/authorization/PathBasedAuthorizer.test.ts
View File

@@ -1,10 +1,10 @@
import type { Authorizer, AuthorizerArgs } from '../../../src/authorization/Authorizer';
import type { Authorizer, AuthorizerInput } from '../../../src/authorization/Authorizer';
import { PathBasedAuthorizer } from '../../../src/authorization/PathBasedAuthorizer';
import { NotImplementedHttpError } from '../../../src/util/errors/NotImplementedHttpError';
describe('A PathBasedAuthorizer', (): void => {
const baseUrl = 'http://test.com/foo/';
let input: AuthorizerArgs;
let input: AuthorizerInput;
let authorizers: jest.Mocked<Authorizer>[];
let authorizer: PathBasedAuthorizer;
@@ -12,7 +12,7 @@ describe('A PathBasedAuthorizer', (): void => {
input = {
identifier: { path: `${baseUrl}first` },
permissions: { read: true, append: false, write: false, control: false },
credentials: { webId: 'http://alice.test.com/card#me' },
credentials: {},
};
authorizers = [

15
test/unit/authorization/WebAclAuthorizer.test.ts
View File

@@ -1,5 +1,6 @@
import { namedNode, quad } from '@rdfjs/data-model';
import type { Credentials } from '../../../src/authentication/Credentials';
import { CredentialGroup } from '../../../src/authentication/Credentials';
import type { CredentialSet } from '../../../src/authentication/Credentials';
import type { AccessChecker } from '../../../src/authorization/access-checkers/AccessChecker';
import { WebAclAuthorization } from '../../../src/authorization/WebAclAuthorization';
import { WebAclAuthorizer } from '../../../src/authorization/WebAclAuthorizer';
@@ -31,7 +32,7 @@ describe('A WebAclAuthorizer', (): void => {
let store: jest.Mocked<ResourceStore>;
const identifierStrategy = new SingleRootIdentifierStrategy('http://test.com/');
let permissions: PermissionSet;
let credentials: Credentials;
let credentials: CredentialSet;
let identifier: ResourceIdentifier;
let authorization: WebAclAuthorization;
let accessChecker: jest.Mocked<AccessChecker>;
@@ -43,7 +44,7 @@ describe('A WebAclAuthorizer', (): void => {
write: true,
control: false,
};
credentials = {};
credentials = { [CredentialGroup.public]: {}, [CredentialGroup.agent]: {}};
identifier = { path: 'http://test.com/foo' };
authorization = new WebAclAuthorization(
{
@@ -72,14 +73,13 @@ describe('A WebAclAuthorizer', (): void => {
});
it('handles all non-acl inputs.', async(): Promise<void> => {
authorizer = new WebAclAuthorizer(aclStrategy, null as any, identifierStrategy, accessChecker);
await expect(authorizer.canHandle({ identifier } as any)).resolves.toBeUndefined();
await expect(authorizer.canHandle({ identifier, credentials, permissions })).resolves.toBeUndefined();
await expect(authorizer.canHandle({ identifier: aclStrategy.getAuxiliaryIdentifier(identifier) } as any))
.rejects.toThrow(NotImplementedHttpError);
});
it('handles all valid modes and ignores other ones.', async(): Promise<void> => {
credentials.webId = 'http://test.com/user';
credentials.agent = { webId: 'http://test.com/user' };
store.getRepresentation.mockResolvedValue({ data: guardedStreamFrom([
quad(nn('auth'), nn(`${rdf}type`), nn(`${acl}Authorization`)),
quad(nn('auth'), nn(`${acl}accessTo`), nn(identifier.path)),
@@ -131,11 +131,12 @@ describe('A WebAclAuthorizer', (): void => {
quad(nn('auth'), nn(`${rdf}type`), nn(`${acl}Authorization`)),
quad(nn('auth'), nn(`${acl}accessTo`), nn(identifier.path)),
]) } as Representation);
credentials.webId = 'http://test.com/alice/profile/card#me';
credentials.agent = { webId: 'http://test.com/alice/profile/card#me' };
await expect(authorizer.handle({ identifier, permissions, credentials })).rejects.toThrow(ForbiddenHttpError);
});
it('throws an UnauthorizedHttpError if access is not granted there are no credentials.', async(): Promise<void> => {
credentials = {};
accessChecker.handleSafe.mockResolvedValue(false);
store.getRepresentation.mockResolvedValue({ data: guardedStreamFrom([
quad(nn('auth'), nn(`${rdf}type`), nn(`${acl}Authorization`)),

4
test/unit/ldp/AuthenticatedLdpHandler.test.ts
View File

@@ -1,4 +1,4 @@
import type { Credentials } from '../../../src/authentication/Credentials';
import type { CredentialSet } from '../../../src/authentication/Credentials';
import type { Authorization } from '../../../src/authorization/Authorization';
import type { AuthenticatedLdpHandlerArgs } from '../../../src/ldp/AuthenticatedLdpHandler';
import { AuthenticatedLdpHandler } from '../../../src/ldp/AuthenticatedLdpHandler';
@@ -16,7 +16,7 @@ describe('An AuthenticatedLdpHandler', (): void => {
const response: HttpResponse = {} as any;
const preferences: RepresentationPreferences = { type: { 'text/turtle': 0.9 }};
let operation: Operation;
const credentials: Credentials = {};
const credentials: CredentialSet = {};
const permissions: PermissionSet = { read: true, write: false, append: false, control: false };
const authorization: Authorization = { addMetadata: jest.fn() };
const result: ResponseDescription = new ResetResponseDescription();