mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
feat: Let Authorizers output an Authorization
This commit is contained in:
Joachim Van Herwegen
@@ -1,13 +1,23 @@
|
||||
import { AllowEverythingAuthorizer } from '../../../src/authorization/AllowEverythingAuthorizer';
|
||||
import type { PermissionSet } from '../../../src/ldp/permissions/PermissionSet';
|
||||
|
||||
describe('An AllowEverythingAuthorizer', (): void => {
|
||||
const authorizer = new AllowEverythingAuthorizer();
|
||||
const allowEverything: PermissionSet = {
|
||||
read: true,
|
||||
write: true,
|
||||
append: true,
|
||||
control: true,
|
||||
};
|
||||
|
||||
it('can handle everything.', async(): Promise<void> => {
|
||||
await expect(authorizer.canHandle({} as any)).resolves.toBeUndefined();
|
||||
});
|
||||
|
||||
it('always returns undefined.', async(): Promise<void> => {
|
||||
await expect(authorizer.handle()).resolves.toBeUndefined();
|
||||
it('always returns an empty Authorization.', async(): Promise<void> => {
|
||||
await expect(authorizer.handle()).resolves.toEqual({
|
||||
user: allowEverything,
|
||||
everyone: allowEverything,
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
43
test/unit/authorization/WebAclAuthorization.test.ts
Normal file
43
test/unit/authorization/WebAclAuthorization.test.ts
Normal file
@@ -0,0 +1,43 @@
|
||||
import { WebAclAuthorization } from '../../../src/authorization/WebAclAuthorization';
|
||||
import { RepresentationMetadata } from '../../../src/ldp/representation/RepresentationMetadata';
|
||||
import { ACL, AUTH } from '../../../src/util/Vocabularies';
|
||||
import 'jest-rdf';
|
||||
|
||||
describe('A WebAclAuthorization', (): void => {
|
||||
let authorization: WebAclAuthorization;
|
||||
let metadata: RepresentationMetadata;
|
||||
|
||||
beforeEach(async(): Promise<void> => {
|
||||
authorization = new WebAclAuthorization(
|
||||
{
|
||||
read: false,
|
||||
append: false,
|
||||
write: false,
|
||||
control: false,
|
||||
},
|
||||
{
|
||||
read: false,
|
||||
append: false,
|
||||
write: false,
|
||||
control: false,
|
||||
},
|
||||
);
|
||||
|
||||
metadata = new RepresentationMetadata();
|
||||
});
|
||||
|
||||
it('adds no metadata if there are no permissions.', async(): Promise<void> => {
|
||||
expect(authorization.addMetadata(metadata)).toBeUndefined();
|
||||
expect(metadata.quads()).toHaveLength(0);
|
||||
});
|
||||
|
||||
it('adds corresponding acl metadata for all permissions present.', async(): Promise<void> => {
|
||||
authorization.user.read = true;
|
||||
authorization.user.write = true;
|
||||
authorization.everyone.read = true;
|
||||
expect(authorization.addMetadata(metadata)).toBeUndefined();
|
||||
expect(metadata.quads()).toHaveLength(3);
|
||||
expect(metadata.getAll(AUTH.terms.userMode)).toEqualRdfTermArray([ ACL.terms.Read, ACL.terms.Write ]);
|
||||
expect(metadata.get(AUTH.terms.publicMode)).toEqualRdfTerm(ACL.terms.Read);
|
||||
});
|
||||
});
|
||||
@@ -1,5 +1,6 @@
|
||||
import { namedNode, quad } from '@rdfjs/data-model';
|
||||
import type { Credentials } from '../../../src/authentication/Credentials';
|
||||
import { WebAclAuthorization } from '../../../src/authorization/WebAclAuthorization';
|
||||
import { WebAclAuthorizer } from '../../../src/authorization/WebAclAuthorizer';
|
||||
import type { AuxiliaryIdentifierStrategy } from '../../../src/ldp/auxiliary/AuxiliaryIdentifierStrategy';
|
||||
import type { PermissionSet } from '../../../src/ldp/permissions/PermissionSet';
|
||||
@@ -29,6 +30,7 @@ describe('A WebAclAuthorizer', (): void => {
|
||||
let permissions: PermissionSet;
|
||||
let credentials: Credentials;
|
||||
let identifier: ResourceIdentifier;
|
||||
let authorization: WebAclAuthorization;
|
||||
|
||||
beforeEach(async(): Promise<void> => {
|
||||
permissions = {
|
||||
@@ -39,6 +41,20 @@ describe('A WebAclAuthorizer', (): void => {
|
||||
};
|
||||
credentials = {};
|
||||
identifier = { path: 'http://test.com/foo' };
|
||||
authorization = new WebAclAuthorization(
|
||||
{
|
||||
read: false,
|
||||
append: false,
|
||||
write: false,
|
||||
control: false,
|
||||
},
|
||||
{
|
||||
read: false,
|
||||
append: false,
|
||||
write: false,
|
||||
control: false,
|
||||
},
|
||||
);
|
||||
|
||||
store = {
|
||||
getRepresentation: jest.fn(),
|
||||
@@ -60,7 +76,9 @@ describe('A WebAclAuthorizer', (): void => {
|
||||
quad(nn('auth'), nn(`${acl}mode`), nn(`${acl}Read`)),
|
||||
quad(nn('auth'), nn(`${acl}mode`), nn(`${acl}Write`)),
|
||||
]) } as Representation);
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toBeUndefined();
|
||||
Object.assign(authorization.everyone, { read: true, write: true, append: true });
|
||||
Object.assign(authorization.user, { read: true, write: true, append: true });
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
|
||||
});
|
||||
|
||||
it('allows access if there is a parent acl file allowing all agents.', async(): Promise<void> => {
|
||||
@@ -77,7 +95,9 @@ describe('A WebAclAuthorizer', (): void => {
|
||||
]),
|
||||
} as Representation;
|
||||
};
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toBeUndefined();
|
||||
Object.assign(authorization.everyone, { read: true, write: true, append: true });
|
||||
Object.assign(authorization.user, { read: true, write: true, append: true });
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
|
||||
});
|
||||
|
||||
it('allows access to authorized agents if the acl files allows all authorized users.', async(): Promise<void> => {
|
||||
@@ -88,7 +108,8 @@ describe('A WebAclAuthorizer', (): void => {
|
||||
quad(nn('auth'), nn(`${acl}mode`), nn(`${acl}Write`)),
|
||||
]) } as Representation);
|
||||
credentials.webId = 'http://test.com/user';
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toBeUndefined();
|
||||
Object.assign(authorization.user, { read: true, write: true, append: true });
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
|
||||
});
|
||||
|
||||
it('errors if authorization is required but the agent is not authorized.', async(): Promise<void> => {
|
||||
@@ -109,7 +130,8 @@ describe('A WebAclAuthorizer', (): void => {
|
||||
quad(nn('auth'), nn(`${acl}mode`), nn(`${acl}Read`)),
|
||||
quad(nn('auth'), nn(`${acl}mode`), nn(`${acl}Write`)),
|
||||
]) } as Representation);
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toBeUndefined();
|
||||
Object.assign(authorization.user, { read: true, write: true, append: true });
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
|
||||
});
|
||||
|
||||
it('errors if a specific agents wants to access files not assigned to them.', async(): Promise<void> => {
|
||||
@@ -153,6 +175,7 @@ describe('A WebAclAuthorizer', (): void => {
|
||||
quad(nn('auth'), nn(`${acl}accessTo`), nn(identifier.path)),
|
||||
quad(nn('auth'), nn(`${acl}mode`), nn(`${acl}Write`)),
|
||||
]) } as Representation);
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toBeUndefined();
|
||||
Object.assign(authorization.user, { write: true, append: true });
|
||||
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user