mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
a47f5236ef
Complete rewrite of the account management and related systems. Makes the architecture more modular, allowing for easier extensions and configurations.
97 lines
3.1 KiB
TypeScript
97 lines
3.1 KiB
TypeScript
import { fetch } from 'cross-fetch';
|
|
import type { App } from '../../src/init/App';
|
|
import { joinUrl } from '../../src/util/PathUtil';
|
|
import { register } from '../util/AccountUtil';
|
|
import type { User } from '../util/AccountUtil';
|
|
import { getPort } from '../util/Util';
|
|
import { getDefaultVariables, getTestConfigPath, instantiateFromConfig } from './Config';
|
|
|
|
const port = getPort('RestrictedIdentity');
|
|
const baseUrl = `http://localhost:${port}/`;
|
|
|
|
// Undo the global access token verifier mock
|
|
jest.unmock('@solid/access-token-verifier');
|
|
|
|
// Prevent panva/node-openid-client from emitting DraftWarning
|
|
jest.spyOn(process, 'emitWarning').mockImplementation();
|
|
|
|
describe('A server with restricted IDP access', (): void => {
|
|
let app: App;
|
|
const user: User = {
|
|
podName: 'alice',
|
|
email: 'alice@test.email',
|
|
password: 'password',
|
|
};
|
|
const webId = joinUrl(baseUrl, 'alice/profile/card#me');
|
|
let controls: any;
|
|
|
|
beforeAll(async(): Promise<void> => {
|
|
const instances = await instantiateFromConfig(
|
|
'urn:solid-server:test:Instances',
|
|
getTestConfigPath('restricted-idp.json'),
|
|
getDefaultVariables(port, baseUrl),
|
|
) as Record<string, any>;
|
|
({ app } = instances);
|
|
await app.start();
|
|
});
|
|
|
|
afterAll(async(): Promise<void> => {
|
|
await app.stop();
|
|
});
|
|
|
|
it('has ACL resources in the relevant containers.', async(): Promise<void> => {
|
|
let res = await fetch(joinUrl(baseUrl, '.well-known/.acl'));
|
|
expect(res.status).toBe(200);
|
|
|
|
res = await fetch(joinUrl(baseUrl, '.account/.acl'));
|
|
expect(res.status).toBe(200);
|
|
});
|
|
|
|
it('can create a pod.', async(): Promise<void> => {
|
|
const result = await register(baseUrl, user);
|
|
({ controls } = result);
|
|
expect(result.webId).toBe(webId);
|
|
});
|
|
|
|
it('can restrict account creation.', async(): Promise<void> => {
|
|
// Only allow new WebID to register
|
|
const restrictedAcl = `@prefix acl: <http://www.w3.org/ns/auth/acl#>.
|
|
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
|
|
|
|
<#authorization>
|
|
a acl:Authorization;
|
|
acl:agent <${webId}>;
|
|
acl:mode acl:Read, acl:Write, acl:Control;
|
|
acl:accessTo <./>.`;
|
|
|
|
let res = await fetch(`${controls.account.create}.acl`, {
|
|
method: 'PUT',
|
|
headers: { 'content-type': 'text/turtle' },
|
|
body: restrictedAcl,
|
|
});
|
|
expect(res.status).toBe(201);
|
|
expect(res.headers.get('location')).toBe(`${controls.account.create}.acl`);
|
|
|
|
// Registration is now disabled
|
|
res = await fetch(controls.account.create);
|
|
expect(res.status).toBe(401);
|
|
|
|
res = await fetch(controls.account.create, { method: 'POST' });
|
|
expect(res.status).toBe(401);
|
|
});
|
|
|
|
it('can still create accounts with the correct credentials.', async(): Promise<void> => {
|
|
// Account creation still works for the WebID
|
|
let res = await fetch(controls.account.create, {
|
|
headers: { authorization: `WebID ${webId}` },
|
|
});
|
|
expect(res.status).toBe(200);
|
|
|
|
res = await fetch(controls.account.create, {
|
|
method: 'POST',
|
|
headers: { authorization: `WebID ${webId}` },
|
|
});
|
|
expect(res.status).toBe(200);
|
|
});
|
|
});
|