diff --git a/common/disclaimer.html b/common/disclaimer.html deleted file mode 100644 index 5413985e7..000000000 --- a/common/disclaimer.html +++ /dev/null @@ -1,44 +0,0 @@ - - - Solid Consent Disclaimer - - -

Granting access to an application as part of authentication

- -

TL:DR: This is a temporary option that will be removed once we have better ways of granting access to applications. We recommend you grant read and write access by default, but it depends on the application you want to trust.

- -

Applications provide very useful ways of consuming and producing data. Solid provides functionality that allows you to grant access to applications that you trust. This trust might be misplaced sometimes though, which Solid tries to mitigate to lessen the harm that malicious applications can cause.

- -

One of the strategies available in Solid is to check the origins of applications, and in solid-server in Node version 5 (NSS5) we set the configuration for this to be true by default. This strengthens the security of instances running on this codebase, but it also makes it more difficult for users to test applications without explicitly granting them access beforehand.

- -

To facilitate a better user experience, we introduced the option of granting access to applications as part of the authentication process. We believe this is a better flow then forcing users to navigate to their profile and use the functionality provided in the trusted applications pane, and offer this as a temporary solution.

- -

Which modes should I grant the application?

- -

That really depends on what the application needs to do. In general we suggest granting it Read and Write access.

- -

This is what the various modes allows the application to do:

- - - -

The last mode is a very powerful mode to grant an application. An application could use this to remove all of your control access, essentially locking you out of your pod. (This would also mean that the application couldn't get access to your pod though, as it is still relying on your authentication.)

- -

Why is it temporary?

- -

The way this solutions works "behind the scenes" is that you are granting the application access to all resources that you have access to and that is connected to your profile (in general this would be the pod that was created alongside your WebID). This is probably fine when you want to test an application that you or someone you trust are developing, but it's definitely not the granular access control we want to offer.

- -

We do not have a solution ready yet, but we are working on it. When the solution is specified and implemented in NSS, we will remove the option in the login flow, as you would go through another process of granting applications access that would result in a more granular control.

- -

Learn more

- -

The way that we handle access control in Solid is described in the Web Access Control specification (WAC). If you want to understand the reasoning for why we chose to turn origin checking on by default, you can read about it in the Meeting W3 Solid Community Group had March 7th 2019 (last point on the agenda).

- - \ No newline at end of file diff --git a/default-views/auth/consent.hbs b/default-views/auth/consent.hbs deleted file mode 100644 index 66629413d..000000000 --- a/default-views/auth/consent.hbs +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - {{title}} - - - - - -
-

Authorize this app to use your data?

-
-
-
-

You will be authorizing {{app_origin}} to have access to perform the actions indicated below.

-

NOTE: This screen is TEMPORARY. Eventually more fine-tuned controls will be available.

-

For more information see the full explanation.

-
-
- - - -
- - - -
- - - -
- - - -
-
- - - - {{> auth/auth-hidden-fields}} -
-
-
-
- - diff --git a/default-views/auth/sharing.hbs b/default-views/auth/sharing.hbs new file mode 100644 index 000000000..a645c47a4 --- /dev/null +++ b/default-views/auth/sharing.hbs @@ -0,0 +1,49 @@ + + + + + + {{title}} + + + + + +
+

Authorize {{app_origin}} to access your Pod?

+

Solid allows you to precisely choose what other people and apps can read and write in a Pod. This version of the authorization user interface (node-solid-server V5.1) only supports the toggle of global access permissions to all of the data in your Pod.

+

If you don’t want to set these permissions at a global level, uncheck all of the boxes below, then click authorize. This will add the application origin to your authorization list, without granting it permission to any of your data yet. You will then need to manage those permissions yourself by setting them explicitly in the places you want this application to access.

+
+
+
+

By clicking Authorize, any app from {{app_origin}} will be able to:

+
+
+ + + +
+ + + +
+ + + +
+ + + +
+
+ + + + {{> auth/auth-hidden-fields}} +
+
+
+

This server (node-solid-server V5.1) only implements a limited subset of OpenID Connect, and doesn’t yet support token issuance for applications. OIDC Token Issuance and fine-grained management through this authorization user interface is currently in the development backlog for node-solid-server

+
+ + diff --git a/lib/api/authn/webid-oidc.js b/lib/api/authn/webid-oidc.js index 73a5497df..b47e7937b 100644 --- a/lib/api/authn/webid-oidc.js +++ b/lib/api/authn/webid-oidc.js @@ -8,7 +8,7 @@ const { routeResolvedFile } = require('../../utils') const bodyParser = require('body-parser').urlencoded({ extended: false }) const OidcManager = require('../../models/oidc-manager') const { LoginRequest } = require('../../requests/login-request') -const { ConsentRequest } = require('../../requests/consent-request') +const { SharingRequest } = require('../../requests/sharing-request') const restrictToTopDomain = require('../../handlers/restrict-to-top-domain') @@ -84,8 +84,8 @@ function middleware (oidc) { router.post('/login/tls', bodyParser, LoginRequest.loginTls) - router.get('/consent', ConsentRequest.get) - router.post('/consent', bodyParser, ConsentRequest.giveConsent) + router.get('/sharing', SharingRequest.get) + router.post('/sharing', bodyParser, SharingRequest.share) router.get('/account/password/reset', restrictToTopDomain, PasswordResetEmailRequest.get) router.post('/account/password/reset', restrictToTopDomain, bodyParser, PasswordResetEmailRequest.post) diff --git a/lib/requests/auth-request.js b/lib/requests/auth-request.js index a467e46c3..4e8887e95 100644 --- a/lib/requests/auth-request.js +++ b/lib/requests/auth-request.js @@ -218,13 +218,13 @@ class AuthRequest { return url.format(signupUrl) } - consentUrl () { + sharingUrl () { let host = this.accountManager.host - let consentUrl = url.parse(url.resolve(host.serverUri, '/consent')) + let sharingUrl = url.parse(url.resolve(host.serverUri, '/sharing')) - consentUrl.query = this.authQueryParams + sharingUrl.query = this.authQueryParams - return url.format(consentUrl) + return url.format(sharingUrl) } } diff --git a/lib/requests/login-request.js b/lib/requests/login-request.js index 78a953ed9..86318a583 100644 --- a/lib/requests/login-request.js +++ b/lib/requests/login-request.js @@ -159,7 +159,7 @@ class LoginRequest extends AuthRequest { postLoginUrl (validUser) { // Login request is part of an app's auth flow if (/token|code/.test(this.authQueryParams['response_type'])) { - return this.consentUrl() + return this.sharingUrl() // Login request is a user going to /login in browser } else if (validUser) { return this.authQueryParams['redirect_uri'] || validUser.accountUri diff --git a/lib/requests/consent-request.js b/lib/requests/sharing-request.js similarity index 70% rename from lib/requests/consent-request.js rename to lib/requests/sharing-request.js index 75982f1dd..6fc8f416c 100644 --- a/lib/requests/consent-request.js +++ b/lib/requests/sharing-request.js @@ -13,7 +13,7 @@ const ACL = $rdf.Namespace('http://www.w3.org/ns/auth/acl#') /** * Models a local Login request */ -class ConsentRequest extends AuthRequest { +class SharingRequest extends AuthRequest { /** * @constructor * @param options {Object} @@ -48,7 +48,7 @@ class ConsentRequest extends AuthRequest { static fromParams (req, res) { let options = AuthRequest.requestOptions(req, res) - return new ConsentRequest(options) + return new SharingRequest(options) } /** @@ -64,19 +64,23 @@ class ConsentRequest extends AuthRequest { * @param res {ServerResponse} */ static async get (req, res) { - const request = ConsentRequest.fromParams(req, res) + const request = SharingRequest.fromParams(req, res) - const appOrigin = request.getAppOrigin() - // Check if is already registered or is data browser + const appUrl = request.getAppUrl() + const appOrigin = appUrl.origin + const serverUrl = new url.URL(req.app.locals.ldp.serverUri) + + // Check if is already registered or is data browser or the webId is not on this machine if (request.isUserLoggedIn()) { if ( - appOrigin === req.app.locals.ldp.serverUri || + new url.URL(request.session.subject._id).origin !== serverUrl.origin || + (appUrl && request.isSubdomain(serverUrl.host, appUrl.host) && appUrl.protocol === serverUrl.protocol) || await request.isAppRegistered(req.app.locals.ldp, appOrigin, request.session.subject._id) ) { - request.setUserConsent(appOrigin) - request.redirectPostConsent() + request.setUserShared(appOrigin) + request.redirectPostSharing() } else { - request.renderForm(null, req) + request.renderForm(null, req, appOrigin) } } } @@ -90,31 +94,46 @@ class ConsentRequest extends AuthRequest { * * @return {Promise} */ - static async giveConsent (req, res) { + static async share (req, res) { let accessModes = [] let consented = false if (req.body) { - accessModes = req.body.access_mode + accessModes = req.body.access_mode || [] + if (!Array.isArray(accessModes)) { + accessModes = [ accessModes ] + } consented = req.body.consent } - let request = ConsentRequest.fromParams(req, res) + let request = SharingRequest.fromParams(req, res) if (request.isUserLoggedIn()) { - const appOrigin = request.getAppOrigin() - debug('Providing consent for app sharing') + const appUrl = request.getAppUrl() + const appOrigin = `${appUrl.protocol}//${appUrl.host}` + debug('Sharing App') if (consented) { await request.registerApp(req.app.locals.ldp, appOrigin, accessModes, request.session.subject._id) - request.setUserConsent(appOrigin) + request.setUserShared(appOrigin) } // Redirect once that's all done - request.redirectPostConsent() + request.redirectPostSharing() + } + } + + isSubdomain (domain, subdomain) { + const domainArr = domain.split('.') + const subdomainArr = subdomain.split('.') + for (let i = 1; i <= domainArr.length; i++) { + if (subdomainArr[subdomainArr.length - i] !== domainArr[domainArr.length - i]) { + return false + } } + return true } - setUserConsent (appOrigin) { + setUserShared (appOrigin) { if (!this.session.consentedOrigins) { this.session.consentedOrigins = [] } @@ -133,16 +152,15 @@ class ConsentRequest extends AuthRequest { return true } - getAppOrigin () { - const parsed = url.parse(this.authQueryParams.redirect_uri) - return `${parsed.protocol}//${parsed.host}` + getAppUrl () { + return new url.URL(this.authQueryParams.redirect_uri) } async getProfileGraph (ldp, webId) { return await new Promise(async (resolve, reject) => { const store = $rdf.graph() const profileText = await ldp.readResource(webId) - $rdf.parse(profileText.toString(), store, 'https://localhost:8443/profile/card', 'text/turtle', (error, kb) => { + $rdf.parse(profileText.toString(), store, this.getWebIdFile(webId), 'text/turtle', (error, kb) => { if (error) { reject(error) } else { @@ -153,10 +171,15 @@ class ConsentRequest extends AuthRequest { } async saveProfileGraph (ldp, store, webId) { - const text = $rdf.serialize(undefined, store, webId, 'text/turtle') + const text = $rdf.serialize(undefined, store, this.getWebIdFile(webId), 'text/turtle') await ldp.put(webId, intoStream(text), 'text/turtle') } + getWebIdFile (webId) { + const webIdurl = new url.URL(webId) + return `${webIdurl.origin}${webIdurl.path}` + } + async isAppRegistered (ldp, appOrigin, webId) { const store = await this.getProfileGraph(ldp, webId) return store.each($rdf.sym(webId), ACL('trustedApp')).find((app) => { @@ -165,6 +188,7 @@ class ConsentRequest extends AuthRequest { } async registerApp (ldp, appOrigin, accessModes, webId) { + debug(`Registering app (${appOrigin}) with accessModes ${accessModes} for webId ${webId}`) const store = await this.getProfileGraph(ldp, webId) const origin = $rdf.sym(appOrigin) // remove existing statements on same origin - if it exists @@ -177,6 +201,7 @@ class ConsentRequest extends AuthRequest { const application = new $rdf.BlankNode() store.add($rdf.sym(webId), ACL('trustedApp'), application, webId) store.add(application, ACL('origin'), origin, webId) + accessModes.forEach(mode => { store.add(application, ACL('mode'), ACL(mode)) }) @@ -192,15 +217,15 @@ class ConsentRequest extends AuthRequest { * * @return {string} */ - postConsentUrl () { + postSharingUrl () { return this.authorizeUrl() } /** * Redirects the Login request to continue on the OIDC auth workflow. */ - redirectPostConsent () { - let uri = this.postConsentUrl() + redirectPostSharing () { + let uri = this.postSharingUrl() debug('Login successful, redirecting to ', uri) this.response.redirect(uri) } @@ -208,7 +233,7 @@ class ConsentRequest extends AuthRequest { /** * Renders the login form */ - renderForm (error, req) { + renderForm (error, req, appOrigin) { let queryString = req && req.url && req.url.replace(/[^?]+\?/, '') || '' let params = Object.assign({}, this.authQueryParams, { @@ -216,7 +241,8 @@ class ConsentRequest extends AuthRequest { returnToUrl: this.returnToUrl, enablePassword: this.localAuth.password, enableTls: this.localAuth.tls, - tlsUrl: `/login/tls?${encodeURIComponent(queryString)}` + tlsUrl: `/login/tls?${encodeURIComponent(queryString)}`, + app_origin: appOrigin }) if (error) { @@ -224,10 +250,10 @@ class ConsentRequest extends AuthRequest { this.response.status(error.statusCode) } - this.response.render('auth/consent', params) + this.response.render('auth/sharing', params) } } module.exports = { - ConsentRequest + SharingRequest } diff --git a/package-lock.json b/package-lock.json index 694371ba1..f0d5c705a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -247,6 +247,14 @@ "resolved": "https://registry.npmjs.org/@solid/better-simple-slideshow/-/better-simple-slideshow-0.1.0.tgz", "integrity": "sha512-A5b4I6f0Rzp9nCmzr8A4RHY8Ev5bMntwOzxv+MsMf2Ow1u6wfwuaHIIzK10xwyOpqyonWDbt0KxHoakXCpB82Q==" }, + "@solid/cli": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/@solid/cli/-/cli-0.1.0.tgz", + "integrity": "sha512-+VYDgDxsAKa48MGnoaX2CUwh0gLrTdqYY6lrxxWGwCHiFChGsg95RRbHOYz9c97+QcCltcHpMZ2AelGZrU673A==", + "requires": { + "@trust/oidc-rp": "0.6.0" + } + }, "@solid/jose": { "version": "0.1.8", "resolved": "https://registry.npmjs.org/@solid/jose/-/jose-0.1.8.tgz", @@ -337,6 +345,30 @@ "requires": { "graceful-fs": "^4.1.6" } + }, + "rdflib": { + "version": "0.17.1", + "resolved": "https://registry.npmjs.org/rdflib/-/rdflib-0.17.1.tgz", + "integrity": "sha512-onUce6sUbvk74UwZ/Dw7sr/PKU3+e2HPk2ZV6YLVUqzSlSZagDOjis6o/AVf0sIsONKmJJLVB16B1Gi8qVaEpQ==", + "requires": { + "async": "^0.9.x", + "jsonld": "^0.4.5", + "n3": "^0.4.1", + "node-fetch": "^1.7.1", + "solid-auth-client": "^2.2.3", + "xmldom": "^0.1.22" + }, + "dependencies": { + "node-fetch": { + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz", + "integrity": "sha512-NhZ4CsKx7cYm2vSrBAr2PvFOe6sWDf0UYLRqA6svUYg7+/TSfVAu49jYC4BvQ4Sms9SZgdqGBgroqfDhJdTyKQ==", + "requires": { + "encoding": "^0.1.11", + "is-stream": "^1.0.1" + } + } + } } } }, @@ -398,6 +430,35 @@ "kvplus-files": "0.0.4" } }, + "@trust/jose": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/@trust/jose/-/jose-0.1.7.tgz", + "integrity": "sha512-JlWY97+Q1pU2CN08Ux5oN1/CXcvxLtQ5YkL4UhgVs4z9TR/+I4rKqhqoZQ0TDGPvCLP1QaT7F6bHbKswbDwgOQ==", + "requires": { + "@trust/json-document": "^0.1.4", + "@trust/webcrypto": "^0.0.2", + "base64url": "^2.0.0", + "text-encoding": "^0.6.1" + }, + "dependencies": { + "@trust/webcrypto": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/@trust/webcrypto/-/webcrypto-0.0.2.tgz", + "integrity": "sha1-53xpouYSudOSJRxZZscxaFN+Jmc=", + "requires": { + "base64url": "^2.0.0", + "node-rsa": "^0.4.0", + "pem-jwk": "^1.5.1", + "text-encoding": "^0.6.1" + } + }, + "base64url": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/base64url/-/base64url-2.0.0.tgz", + "integrity": "sha1-6sFuA+oUOO/5Qj1puqNiYu0fcLs=" + } + } + }, "@trust/json-document": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/@trust/json-document/-/json-document-0.1.4.tgz", @@ -413,6 +474,47 @@ "elliptic": "^6.4.0" } }, + "@trust/oidc-rp": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/@trust/oidc-rp/-/oidc-rp-0.6.0.tgz", + "integrity": "sha512-6PgV0WI+gq6nGMjlg8oSxj7VgmS/m8Y61s6HPNBu3mX/NSVvnrXk+MqqR7KdxlBk84ti65O76HGSRNelJrRbeA==", + "requires": { + "@trust/jose": "^0.1.7", + "@trust/json-document": "^0.1.4", + "@trust/webcrypto": "0.4.0", + "base64url": "^2.0.0", + "node-fetch": "^1.7.3", + "text-encoding": "^0.6.4", + "whatwg-url": "^6.2.1" + }, + "dependencies": { + "@trust/webcrypto": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/@trust/webcrypto/-/webcrypto-0.4.0.tgz", + "integrity": "sha1-zIcSyomn5x01P877ZrJwemec9jU=", + "requires": { + "@trust/keyto": "^0.3.0", + "base64url": "^2.0.0", + "node-rsa": "^0.4.0", + "text-encoding": "^0.6.1" + } + }, + "base64url": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/base64url/-/base64url-2.0.0.tgz", + "integrity": "sha1-6sFuA+oUOO/5Qj1puqNiYu0fcLs=" + }, + "node-fetch": { + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz", + "integrity": "sha512-NhZ4CsKx7cYm2vSrBAr2PvFOe6sWDf0UYLRqA6svUYg7+/TSfVAu49jYC4BvQ4Sms9SZgdqGBgroqfDhJdTyKQ==", + "requires": { + "encoding": "^0.1.11", + "is-stream": "^1.0.1" + } + } + } + }, "@trust/webcrypto": { "version": "0.9.2", "resolved": "https://registry.npmjs.org/@trust/webcrypto/-/webcrypto-0.9.2.tgz", @@ -935,42 +1037,42 @@ }, "babel-plugin-syntax-async-functions": { "version": "6.13.0", - "resolved": "http://registry.npmjs.org/babel-plugin-syntax-async-functions/-/babel-plugin-syntax-async-functions-6.13.0.tgz", + "resolved": "https://registry.npmjs.org/babel-plugin-syntax-async-functions/-/babel-plugin-syntax-async-functions-6.13.0.tgz", "integrity": "sha1-ytnK0RkbWtY0vzCuCHI5HgZHvpU=" }, "babel-plugin-syntax-class-properties": { "version": "6.13.0", - "resolved": "http://registry.npmjs.org/babel-plugin-syntax-class-properties/-/babel-plugin-syntax-class-properties-6.13.0.tgz", + "resolved": "https://registry.npmjs.org/babel-plugin-syntax-class-properties/-/babel-plugin-syntax-class-properties-6.13.0.tgz", "integrity": "sha1-1+sjt5oxf4VDlixQW4J8fWysJ94=" }, "babel-plugin-syntax-exponentiation-operator": { "version": "6.13.0", - "resolved": "http://registry.npmjs.org/babel-plugin-syntax-exponentiation-operator/-/babel-plugin-syntax-exponentiation-operator-6.13.0.tgz", + "resolved": "https://registry.npmjs.org/babel-plugin-syntax-exponentiation-operator/-/babel-plugin-syntax-exponentiation-operator-6.13.0.tgz", "integrity": "sha1-nufoM3KQ2pUoggGmpX9BcDF4MN4=" }, "babel-plugin-syntax-export-extensions": { "version": "6.13.0", - "resolved": "http://registry.npmjs.org/babel-plugin-syntax-export-extensions/-/babel-plugin-syntax-export-extensions-6.13.0.tgz", + "resolved": "https://registry.npmjs.org/babel-plugin-syntax-export-extensions/-/babel-plugin-syntax-export-extensions-6.13.0.tgz", "integrity": "sha1-cKFITw+QiaToStRLrDU8lbmxJyE=" }, "babel-plugin-syntax-flow": { "version": "6.18.0", - "resolved": "http://registry.npmjs.org/babel-plugin-syntax-flow/-/babel-plugin-syntax-flow-6.18.0.tgz", + "resolved": "https://registry.npmjs.org/babel-plugin-syntax-flow/-/babel-plugin-syntax-flow-6.18.0.tgz", "integrity": "sha1-TDqyCiryaqIM0lmVw5jE63AxDI0=" }, "babel-plugin-syntax-function-bind": { "version": "6.13.0", - "resolved": "http://registry.npmjs.org/babel-plugin-syntax-function-bind/-/babel-plugin-syntax-function-bind-6.13.0.tgz", + "resolved": "https://registry.npmjs.org/babel-plugin-syntax-function-bind/-/babel-plugin-syntax-function-bind-6.13.0.tgz", "integrity": "sha1-SMSV8Xe98xqYHnMvVa3AvdJgH0Y=" }, "babel-plugin-syntax-jsx": { "version": "6.18.0", - "resolved": "http://registry.npmjs.org/babel-plugin-syntax-jsx/-/babel-plugin-syntax-jsx-6.18.0.tgz", + "resolved": "https://registry.npmjs.org/babel-plugin-syntax-jsx/-/babel-plugin-syntax-jsx-6.18.0.tgz", "integrity": "sha1-CvMqmm4Tyno/1QaeYtew9Y0NiUY=" }, "babel-plugin-syntax-object-rest-spread": { "version": "6.13.0", - "resolved": "http://registry.npmjs.org/babel-plugin-syntax-object-rest-spread/-/babel-plugin-syntax-object-rest-spread-6.13.0.tgz", + "resolved": "https://registry.npmjs.org/babel-plugin-syntax-object-rest-spread/-/babel-plugin-syntax-object-rest-spread-6.13.0.tgz", "integrity": "sha1-/WU28rzhODb/o6VFjEkDpZe7O/U=" }, "babel-plugin-syntax-trailing-function-commas": { @@ -2005,9 +2107,9 @@ "integrity": "sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs=" }, "caniuse-lite": { - "version": "1.0.30000948", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000948.tgz", - "integrity": "sha512-Lw4y7oz1X5MOMZm+2IFaSISqVVQvUuD+ZUSfeYK/SlYiMjkHN/eJ2PDfJehW5NA6JjrxYSSnIWfwjeObQMEjFQ==" + "version": "1.0.30000971", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000971.tgz", + "integrity": "sha512-TQFYFhRS0O5rdsmSbF1Wn+16latXYsQJat66f7S7lizXW1PVpWJeZw9wqqVLIjuxDRz7s7xRUj13QCfd8hKn6g==" }, "capture-stack-trace": { "version": "1.0.1", @@ -2402,9 +2504,9 @@ "integrity": "sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=" }, "core-js": { - "version": "2.6.5", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.5.tgz", - "integrity": "sha512-klh/kDpwX8hryYL14M9w/xei6vrv6sE8gTHDG7/T/+SEovB/G4ejwcfE/CBzO6Edsu+OETZMZ3wcX/EjUkrl5A==" + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.9.tgz", + "integrity": "sha512-HOpZf6eXmnl7la+cUdMnLvUxKNqLUzJvgIziQ0DiF3JwSImNphIqdGqzj6hIKyX04MmV0poclQ7+wjWvxQyR2A==" }, "core-util-is": { "version": "1.0.2", @@ -2965,9 +3067,9 @@ "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" }, "electron-to-chromium": { - "version": "1.3.116", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.116.tgz", - "integrity": "sha512-NKwKAXzur5vFCZYBHpdWjTMO8QptNLNP80nItkSIgUOapPAo9Uia+RvkCaZJtO7fhQaVElSvBPWEc2ku6cKsPA==" + "version": "1.3.144", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.144.tgz", + "integrity": "sha512-jNRFJpfNrYm5uJ4x0q9oYMOfbL0JPOlkNli8GS/5zEmCjnE5jAtoCo4BYajHiqSPqEeAjtTdItL4p7EZw+jSfg==" }, "elliptic": { "version": "6.4.1", @@ -3649,6 +3751,48 @@ "object-assign": "^4.0.1" } }, + "file-fetch": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/file-fetch/-/file-fetch-1.2.0.tgz", + "integrity": "sha512-DzwKhcH/afS7thk5hao1kVJXIqMNB2pz0DFpjpA5IlIAA0nSqi/fqFQpX++NP9IK+Te7Z1ZxA5KTWKmdzio+tA==", + "requires": { + "concat-stream": "^2.0.0", + "mime-types": "^2.1.17", + "node-fetch": "^2.3.0", + "readable-error": "^1.0.0" + }, + "dependencies": { + "concat-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-2.0.0.tgz", + "integrity": "sha512-MWufYdFw53ccGjCA+Ol7XJYpAlW6/prSMzuPOTRnJGcGzuhLn4Scrz7qf6o8bROZ514ltazcIFJZevcfbo0x7A==", + "requires": { + "buffer-from": "^1.0.0", + "inherits": "^2.0.3", + "readable-stream": "^3.0.2", + "typedarray": "^0.0.6" + } + }, + "readable-stream": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.4.0.tgz", + "integrity": "sha512-jItXPLmrSR8jmTRmRWJXCnGJsfy85mB3Wd/uINMXA65yrnFo0cPClFIUWzo2najVNSl+mx7/4W8ttlLWJe99pQ==", + "requires": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + } + }, + "string_decoder": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.2.0.tgz", + "integrity": "sha512-6YqyX6ZWEYguAxgZzHGL7SsCeGx3V2TtOTqZz1xSTSWnqsbWwbptafNyvf/ACquZUXV3DANr5BDIwNYe1mN42w==", + "requires": { + "safe-buffer": "~5.1.0" + } + } + } + }, "file-uri-to-path": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz", @@ -3915,6 +4059,11 @@ } } }, + "fs": { + "version": "0.0.1-security", + "resolved": "https://registry.npmjs.org/fs/-/fs-0.0.1-security.tgz", + "integrity": "sha1-invTcYa23d84E/I4WLV+yq9eQdQ=" + }, "fs-extra": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-2.1.2.tgz", @@ -4540,9 +4689,9 @@ "dev": true }, "intl-messageformat-parser": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/intl-messageformat-parser/-/intl-messageformat-parser-1.4.0.tgz", - "integrity": "sha1-tD1FqXRoytvkQzHXS7Ho3qRPwHU=" + "version": "1.6.5", + "resolved": "https://registry.npmjs.org/intl-messageformat-parser/-/intl-messageformat-parser-1.6.5.tgz", + "integrity": "sha512-hngOkdq6FZxT6iEpEqOzGO/8rshM/v+sShGBl6yv8SQmU6lCc4vtfBHNqpSC0Dxuq4tedMkYFQGnKy5b1Tx5GA==" }, "into-stream": { "version": "5.0.0", @@ -5062,7 +5211,7 @@ }, "jsesc": { "version": "0.5.0", - "resolved": "http://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", "integrity": "sha1-597mbjXW/Bb3EP6R1c9p9w8IkR0=" }, "json-parse-better-errors": { @@ -5447,26 +5596,12 @@ } }, "mashlib": { - "version": "0.7.18", - "resolved": "https://registry.npmjs.org/mashlib/-/mashlib-0.7.18.tgz", - "integrity": "sha512-PeZSqIX31WRq4WBmhUylguSHK4pyHmRduhvasumbO2FW5gvsG5QvypRQKkc4BBQtSBgh9ozE8C0ktOYU0fVpog==", + "version": "0.7.19", + "resolved": "https://registry.npmjs.org/mashlib/-/mashlib-0.7.19.tgz", + "integrity": "sha512-FOA6i4dM7Iq+GjVz9Rn794Lt3kxNHdrGjSJnmZUnC9rBKntVSRujkeuZ/mUcb9k7VehONQQffgCWGwgv32u9gQ==", "requires": { - "rdflib": ">=0.19.1", - "solid-panes": ">=1.3.1" - }, - "dependencies": { - "rdflib": { - "version": "0.19.1", - "resolved": "https://registry.npmjs.org/rdflib/-/rdflib-0.19.1.tgz", - "integrity": "sha512-O7osObhO5o++hsUPGOLTxdNwXRaI6O+uyL98E7yBmqWrQm0AfqUHFBiASb4gN9fYcLD2LLHBxfhJTIWl8VZHUg==", - "requires": { - "async": "^0.9.x", - "jsonld": "^0.4.5", - "n3": "^0.4.1", - "solid-auth-client": "^2.2.3", - "xmldom": "^0.1.22" - } - } + "rdflib": "^0.20.1", + "solid-panes": "^1.3.3" } }, "md5.js": { @@ -5993,6 +6128,11 @@ "asn1": "0.2.3" } }, + "node-uuid": { + "version": "1.4.8", + "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.8.tgz", + "integrity": "sha1-sEDrCSOWivq/jTL7HxfxFn/auQc=" + }, "nodemailer": { "version": "3.1.8", "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-3.1.8.tgz", @@ -6718,7 +6858,6 @@ "version": "1.5.1", "resolved": "https://registry.npmjs.org/pem-jwk/-/pem-jwk-1.5.1.tgz", "integrity": "sha1-eoY3/S9nqCflfAxC4cI8P9Us+wE=", - "dev": true, "requires": { "asn1.js": "1.0.3" }, @@ -6727,7 +6866,6 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-1.0.3.tgz", "integrity": "sha1-KBuj7B8kSP52X5Kk7s+IP+E2S1Q=", - "dev": true, "requires": { "bn.js": "^1.0.0", "inherits": "^2.0.1", @@ -6738,7 +6876,6 @@ "version": "1.3.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-1.3.0.tgz", "integrity": "sha1-DbTL+W+PI7dC9by50ap6mZSgXoM=", - "dev": true, "optional": true } } @@ -7074,31 +7211,50 @@ } } }, + "rdf-canonize": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/rdf-canonize/-/rdf-canonize-1.0.3.tgz", + "integrity": "sha512-piLMOB5Q6LJSVx2XzmdpHktYVb8TmVTy8coXJBFtdkcMC96DknZOuzpAYqCWx2ERZX7xEW+mMi8/wDuMJS/95w==", + "requires": { + "node-forge": "^0.8.1", + "semver": "^5.6.0" + }, + "dependencies": { + "node-forge": { + "version": "0.8.4", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.8.4.tgz", + "integrity": "sha512-UOfdpxivIYY4g5tqp5FNRNgROVNxRACUxxJREntJLFaJr1E0UEqFtUIk0F/jYx/E+Y6sVXd0KDi/m5My0yGCVw==" + } + } + }, "rdf-ns": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/rdf-ns/-/rdf-ns-0.1.0.tgz", "integrity": "sha1-OKwyu0izydyulTTIWrSGRAi92BY=" }, "rdflib": { - "version": "0.17.1", - "resolved": "https://registry.npmjs.org/rdflib/-/rdflib-0.17.1.tgz", - "integrity": "sha512-onUce6sUbvk74UwZ/Dw7sr/PKU3+e2HPk2ZV6YLVUqzSlSZagDOjis6o/AVf0sIsONKmJJLVB16B1Gi8qVaEpQ==", + "version": "0.20.1", + "resolved": "https://registry.npmjs.org/rdflib/-/rdflib-0.20.1.tgz", + "integrity": "sha512-5G1t7rURqPdsYE+mjpDW2e9/H19XFMuChTIjPFPtH2tI0fma+xlJYwrSgmd1aOm45SOYKpqwJfTSIvFpmP2n+g==", "requires": { "async": "^0.9.x", "jsonld": "^0.4.5", "n3": "^0.4.1", - "node-fetch": "^1.7.1", - "solid-auth-client": "^2.2.3", + "solid-auth-cli": "^0.1.12", + "solid-auth-client": "^2.3.0", "xmldom": "^0.1.22" }, "dependencies": { - "node-fetch": { - "version": "1.7.3", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz", - "integrity": "sha512-NhZ4CsKx7cYm2vSrBAr2PvFOe6sWDf0UYLRqA6svUYg7+/TSfVAu49jYC4BvQ4Sms9SZgdqGBgroqfDhJdTyKQ==", + "solid-auth-client": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/solid-auth-client/-/solid-auth-client-2.3.0.tgz", + "integrity": "sha512-+9RfqC64oWpH4afoWYhCtieuAziFyWiiW/isB9XEV6N+yb2jZ69UCJxpX7iBCpxK0j36bDeisdbp0zHRp/F46A==", "requires": { - "encoding": "^0.1.11", - "is-stream": "^1.0.1" + "@babel/runtime": "^7.0.0", + "@solid/oidc-rp": "^0.8.0", + "auth-header": "^1.0.0", + "commander": "^2.11.0", + "isomorphic-fetch": "^2.2.1" } } } @@ -7161,6 +7317,43 @@ "read-pkg": "^3.0.0" } }, + "readable-error": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/readable-error/-/readable-error-1.0.0.tgz", + "integrity": "sha512-CLnInu5bUphmFiZ3pD/BC6+Cg4/BzK6ZMvWfd0b2QMzYo159Z/f/nVFQ9L5IeMrqUxy0EFsp3XJ+BRfLfY13IQ==", + "requires": { + "readable-stream": "^2.3.3" + }, + "dependencies": { + "isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" + }, + "readable-stream": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", + "requires": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" + } + }, + "string_decoder": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "requires": { + "safe-buffer": "~5.1.0" + } + } + } + }, "readable-stream": { "version": "1.1.14", "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz", @@ -8433,6 +8626,51 @@ "socks": "^1.1.10" } }, + "solid-auth-cli": { + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/solid-auth-cli/-/solid-auth-cli-0.1.13.tgz", + "integrity": "sha512-mRZ4eaWniGd9jLRzSWD3n9EwMfTcmwlfXK5MggIzSQOyXa1XJCWxHnJDL0DWTX5sMi1ovYa6RI4u6TNOzsEZiw==", + "requires": { + "@solid/cli": "^0.1.0", + "async": "^2.6.1", + "file-fetch": "^1.1.1", + "fs": "0.0.1-security", + "isomorphic-fetch": "^2.2.1", + "jsonld": "^1.4.0", + "n3": "^1.0.3" + }, + "dependencies": { + "async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/async/-/async-2.6.2.tgz", + "integrity": "sha512-H1qVYh1MYhEEFLsP97cVKqCGo7KfCyTt6uEWqsTBr9SO84oK9Uwbyd/yCW+6rKJLHksBNUVWZDAjfS+Ccx0Bbg==", + "requires": { + "lodash": "^4.17.11" + } + }, + "jsonld": { + "version": "1.6.2", + "resolved": "https://registry.npmjs.org/jsonld/-/jsonld-1.6.2.tgz", + "integrity": "sha512-eMzFHqhF2kPMrMUjw8+Lz9IF1QkrxTOIfVndkP/OpuoZs31VdDtfDs8mLa5EOC/ROdemFTQGLdYPZbRtmMe2Yw==", + "requires": { + "rdf-canonize": "^1.0.2", + "request": "^2.88.0", + "semver": "^5.6.0", + "xmldom": "0.1.19" + } + }, + "n3": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/n3/-/n3-1.1.1.tgz", + "integrity": "sha512-GEJXn+wc0f4l2noP1N/rMUH9Gei1DQ8IDN03eBsH+uQKkNQUOLgL7ZJVaDjY+pP3LmbLxL1LpUg/AvZ7Kc7KVw==" + }, + "xmldom": { + "version": "0.1.19", + "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.19.tgz", + "integrity": "sha1-Yx/Ad3bv2EEYvyUXGzftTQdaCrw=" + } + } + }, "solid-auth-client": { "version": "2.2.13", "resolved": "https://registry.npmjs.org/solid-auth-client/-/solid-auth-client-2.2.13.tgz", @@ -8459,56 +8697,54 @@ } }, "solid-panes": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/solid-panes/-/solid-panes-1.3.1.tgz", - "integrity": "sha512-SGw98zxvsp9gNzi1pv7jPWC4+O3e4xySPePFipBA7WN6BlCPweOlg+7Bm6xp7kj0jFSydu3+ckdM78W/xxuKKQ==", + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/solid-panes/-/solid-panes-1.3.3.tgz", + "integrity": "sha512-Ti5ap1O16EVe8iCrnbLBoRU1DPft5RO1/nJGbnyWEQwOoH9Wu7prrG+G4ejHm5F+g01yufJ6EPBPnRswQ6LATg==", "requires": { "@solid/better-simple-slideshow": "^0.1.0", "babel-preset-env": "^1.6.1", "babel-preset-metalab": "^1.0.0", - "chat-pane": ">=1.2.7", + "chat-pane": "^1.2.7", "contacts-pane": "^1.0.3", "folder-pane": "^1.0.4", "issue-pane": "^1.0.4", "meeting-pane": "^1.0.4", - "mime-types": "^2.1.13", + "mime-types": "^2.1.24", "pane-registry": "^1.0.4", - "rdflib": ">=0.17.1", - "solid-ui": ">=0.12.0", + "rdflib": "^0.20.1", + "solid-ui": "^0.12.2", "source-pane": "^1.0.3" + }, + "dependencies": { + "mime-db": { + "version": "1.40.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.40.0.tgz", + "integrity": "sha512-jYdeOMPy9vnxEqFRRo6ZvTZ8d9oPb+k18PKoYNYUe2stVEBPPwsln/qWzdbmaIvnhZ9v2P+CuecK+fpUfsV2mA==" + }, + "mime-types": { + "version": "2.1.24", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.24.tgz", + "integrity": "sha512-WaFHS3MCl5fapm3oLxU4eYDw77IQM2ACcxQ9RIxfaC3ooc6PFuBMGZZsYpvoXS5D5QTWPieo1jjLdAm3TBP3cQ==", + "requires": { + "mime-db": "1.40.0" + } + } } }, "solid-ui": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/solid-ui/-/solid-ui-0.12.0.tgz", - "integrity": "sha512-ImiLiBE0SZP61kZ5dWweDRKQPxHYTFI8Jmxsz4yQIyPVcQB9SGM0Tdchz4zmSDRPvuw8GRFsC3USIHwIuvxj2g==", + "version": "0.12.2", + "resolved": "https://registry.npmjs.org/solid-ui/-/solid-ui-0.12.2.tgz", + "integrity": "sha512-die0J3CIClQB+W0EWUZIERFrsCmFIBxRIDy45dBs59QRb7LQJ6TXf3p4DLNIWwU7iMyDQD0Svnw+dqmTRlYj2w==", "requires": { "escape-html": "^1.0.3", "mime-types": "^2.1.20", "node-uuid": "^1.4.7", - "rdflib": "^0.19.1", + "rdflib": ">=0.20.1", "solid-auth-client": "^2.2.13", "solid-auth-tls": "^0.1.2", "solid-namespace": "0.2.0" }, "dependencies": { - "node-uuid": { - "version": "1.4.8", - "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.8.tgz", - "integrity": "sha1-sEDrCSOWivq/jTL7HxfxFn/auQc=" - }, - "rdflib": { - "version": "0.19.1", - "resolved": "https://registry.npmjs.org/rdflib/-/rdflib-0.19.1.tgz", - "integrity": "sha512-O7osObhO5o++hsUPGOLTxdNwXRaI6O+uyL98E7yBmqWrQm0AfqUHFBiASb4gN9fYcLD2LLHBxfhJTIWl8VZHUg==", - "requires": { - "async": "^0.9.x", - "jsonld": "^0.4.5", - "n3": "^0.4.1", - "solid-auth-client": "^2.2.3", - "xmldom": "^0.1.22" - } - }, "solid-namespace": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/solid-namespace/-/solid-namespace-0.2.0.tgz", diff --git a/package.json b/package.json index 37c5fdeb2..8bcc03c87 100644 --- a/package.json +++ b/package.json @@ -83,7 +83,7 @@ "ip-range-check": "0.0.2", "is-ip": "^2.0.0", "li": "^1.0.1", - "mashlib": "^0.7.18", + "mashlib": "^0.7.19", "mime-types": "^2.1.11", "mkdir-recursive": "^0.4.0", "negotiator": "^0.6.0", @@ -93,7 +93,7 @@ "oidc-op-express": "^0.0.3", "owasp-password-strength-test": "^1.3.0", "proper-lockfile": "^3.2.0", - "rdflib": "^0.17.1", + "rdflib": "^0.20.1", "recursive-readdir": "^2.1.0", "rimraf": "^2.5.0", "solid-auth-client": "^2.2.12", diff --git a/test/integration/authentication-oidc-test.js b/test/integration/authentication-oidc-test.js index c9d0cd31c..76422fc0f 100644 --- a/test/integration/authentication-oidc-test.js +++ b/test/integration/authentication-oidc-test.js @@ -528,7 +528,7 @@ describe('Authentication API (OIDC)', () => { let bearerToken let postLoginUri let cookie - let postConsentUri + let postSharingUri before(() => { auth = new SolidAuthOIDC({ store: localStorage, window: { location: {} } }) @@ -635,16 +635,16 @@ describe('Authentication API (OIDC)', () => { // Successful login gets redirected back to /authorize and then // back to app - expect(postLoginUri.startsWith(aliceServerUri + '/consent')) + expect(postLoginUri.startsWith(aliceServerUri + '/sharing')) .to.be.true() }) }) - // Step 6: User consents to the app accessing certain things - it('should consent via the /consent form', () => { + // Step 6: User shares with the app accessing certain things + it('should consent via the /sharing form', () => { loginFormFields += `&access_mode=Read&access_mode=Write&consent=true` - return fetch(aliceServerUri + '/consent', { + return fetch(aliceServerUri + '/sharing', { method: 'POST', body: loginFormFields, redirect: 'manual', @@ -656,14 +656,14 @@ describe('Authentication API (OIDC)', () => { }) .then(res => { expect(res.status).to.equal(302) - postConsentUri = res.headers.get('location') + postSharingUri = res.headers.get('location') // cookie = res.headers.get('set-cookie') // Successful login gets redirected back to /authorize and then // back to app - expect(postConsentUri.startsWith(aliceServerUri + '/authorize')) + expect(postSharingUri.startsWith(aliceServerUri + '/authorize')) .to.be.true() - return fetch(postConsentUri, { redirect: 'manual', headers: { cookie } }) + return fetch(postSharingUri, { redirect: 'manual', headers: { cookie } }) }) .then(res => { // User gets redirected back to original app diff --git a/test/integration/authentication-oidc-with-strict-origins-turned-off-test.js b/test/integration/authentication-oidc-with-strict-origins-turned-off-test.js index 839b53b1d..104e103b9 100644 --- a/test/integration/authentication-oidc-with-strict-origins-turned-off-test.js +++ b/test/integration/authentication-oidc-with-strict-origins-turned-off-test.js @@ -507,16 +507,16 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => { // Successful login gets redirected back to /authorize and then // back to app - expect(postLoginUri.startsWith(aliceServerUri + '/consent')) + expect(postLoginUri.startsWith(aliceServerUri + '/sharing')) .to.be.true() }) }) // Step 6: User consents to the app accessing certain things - it('should consent via the /consent form', () => { + it('should consent via the /sharing form', () => { loginFormFields += `&access_mode=Read&access_mode=Write&consent=true` - return fetch(aliceServerUri + '/consent', { + return fetch(aliceServerUri + '/sharing', { method: 'POST', body: loginFormFields, redirect: 'manual', diff --git a/test/resources/accounts-acl/config/views/auth/consent.hbs b/test/resources/accounts-acl/config/views/auth/consent.hbs index f30ddd81f..af0b68e98 100644 --- a/test/resources/accounts-acl/config/views/auth/consent.hbs +++ b/test/resources/accounts-acl/config/views/auth/consent.hbs @@ -10,23 +10,40 @@
-
-

Authorize this app to use your data?

-

You will be authorizing {{app_origin}} to have access perform the actions indicated below.

-

NOTE: This screen is TEMPORARY. Eventually more fine-tuned controls will be available.

-
+

Authorize {{app_origin}} to access your Pod?

+
+
+
+

Solid allows you to precisely choose what other people and apps can read and write in a Pod. This version of the authorization user interface (node-solid-server V5.1) only supports the toggle of global access permissions to all of the data in your Pod.

+

If you don’t want to set these permissions at a global level, uncheck all of the boxes below, then click authorize. This will add the application origin to your authorization list, without granting it permission to any of your data yet. You will then need to manage those permissions yourself by setting them explicitly in the places you want this application to access.

+

By clicking Authorize, any app from {{app_origin}} will be able to:

+
+
+ + + +
- + + +
- Read your data
- Write new data
- Add to existing data
- Control who can access your data
+ + +
- - - {{> auth/auth-hidden-fields}} -
+ + +
+
+ + + + {{> auth/auth-hidden-fields}} + +

This server (node-solid-server V5.1) only implements a limited subset of OpenID Connect, and doesn’t yet support token issuance for applications. OIDC Token Issuance and fine-grained management through this authorization user interface is currently in the development backlog for node-solid-server

+
+
diff --git a/test/resources/accounts-scenario/alice/profile/card$.ttl b/test/resources/accounts-scenario/alice/profile/card$.ttl index d2b1287e8..8e9d0a10e 100644 --- a/test/resources/accounts-scenario/alice/profile/card$.ttl +++ b/test/resources/accounts-scenario/alice/profile/card$.ttl @@ -1,6 +1,6 @@ @prefix : <#>. @prefix acl: . -@prefix c: . +@prefix c: . @prefix c0: . c:me diff --git a/test/resources/accounts-strict-origin-off/alice/profile/card$.ttl b/test/resources/accounts-strict-origin-off/alice/profile/card$.ttl index d2b1287e8..588e53ae7 100644 --- a/test/resources/accounts-strict-origin-off/alice/profile/card$.ttl +++ b/test/resources/accounts-strict-origin-off/alice/profile/card$.ttl @@ -1,6 +1,6 @@ @prefix : <#>. @prefix acl: . -@prefix c: . +@prefix c: . @prefix c0: . c:me diff --git a/test/unit/login-request-test.js b/test/unit/login-request-test.js index ab8bf58ce..aa00291c0 100644 --- a/test/unit/login-request-test.js +++ b/test/unit/login-request-test.js @@ -175,9 +175,9 @@ describe('LoginRequest', () => { }) describe('redirectPostLogin()', () => { - it('should redirect to the /consent url if response_type includes token', () => { + it('should redirect to the /sharing url if response_type includes token', () => { let res = HttpMocks.createResponse() - let authUrl = 'https://localhost:8443/consent?response_type=token' + let authUrl = 'https://localhost:8443/sharing?response_type=token' let validUser = accountManager.userAccountFrom({ username: 'alice' }) let authQueryParams = {