From 9684cca4b9be4fb861d68375a9dd8060634b3701 Mon Sep 17 00:00:00 2001 From: bourgeoa Date: Sat, 15 Apr 2023 17:45:21 +0200 Subject: [PATCH 1/2] isOwner --- lib/handlers/allow.js | 4 ++-- lib/handlers/patch.js | 2 +- lib/header.js | 2 +- lib/ldp.js | 6 +++--- test/integration/ldp-test.js | 12 ++++++------ 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js index a6886b104..2568ca277 100644 --- a/lib/handlers/allow.js +++ b/lib/handlers/allow.js @@ -72,8 +72,8 @@ function allow (mode) { } } - // check user is owner. Find owner from /.meta - if (resourceUrl.endsWith('.acl') && userId === await ldp.getOwner(req.hostname)) return next() + // check user is owner. Check isOwner from /.meta + if (resourceUrl.endsWith('.acl') && await ldp.isOwner(userId, req.hostname)) return next() const error = req.authError || await req.acl.getError(userId, mode) debug(`${mode} access denied to ${userId || '(none)'}: ${error.status} - ${error.message}`) diff --git a/lib/handlers/patch.js b/lib/handlers/patch.js index bda388393..9a9ee49b5 100644 --- a/lib/handlers/patch.js +++ b/lib/handlers/patch.js @@ -164,7 +164,7 @@ async function checkPermission (request, patchObject, resourceExists) { if (!allAllowed) { // check owner with Control const ldp = request.app.locals.ldp - if (request.path.endsWith('.acl') && userId === await ldp.getOwner(request.hostname)) return Promise.resolve(patchObject) + if (request.path.endsWith('.acl') && await ldp.isOwner(userId, request.hostname)) return Promise.resolve(patchObject) const errors = await Promise.all(modes.map(mode => acl.getError(userId, mode))) const error = errors.filter(error => !!error) diff --git a/lib/header.js b/lib/header.js index 7191565ac..5e8e37dd9 100644 --- a/lib/header.js +++ b/lib/header.js @@ -128,7 +128,7 @@ async function addPermissions (req, res, next) { getPermissionsFor(acl, null, req), getPermissionsFor(acl, session.userId, req) ]) - if (resource.endsWith('.acl') && userPerms === '' && session.userId === await ldp.getOwner(req.hostname)) userPerms = 'control' + if (resource.endsWith('.acl') && userPerms === '' && await ldp.isOwner(session.userId, req.hostname)) userPerms = 'control' debug.ACL(`Permissions on ${resource} for ${session.userId || '(none)'}: ${userPerms}`) debug.ACL(`Permissions on ${resource} for public: ${publicPerms}`) res.set('WAC-Allow', `user="${userPerms}",public="${publicPerms}"`) diff --git a/lib/ldp.js b/lib/ldp.js index e6ed2de7c..6c559e589 100644 --- a/lib/ldp.js +++ b/lib/ldp.js @@ -454,7 +454,7 @@ class LDP { // this is a hack to replace solid:owner, using solid:account in /.meta to avoid NSS migration // this /.meta has no functionality in actual NSS // comment https://github.com/solid/node-solid-server/pull/1604#discussion_r652903546 - async getOwner (hostname) { + async isOwner (webId, hostname) { // const ldp = req.app.locals.ldp const rootUrl = this.resourceMapper.resolveUrl(hostname) let graph @@ -462,8 +462,8 @@ class LDP { // TODO check for permission ?? Owner is a MUST graph = await this.getGraph(rootUrl + '/.meta') const SOLID = $rdf.Namespace('http://www.w3.org/ns/solid/terms#') - const owner = await graph.any(null, SOLID('account'), $rdf.sym(rootUrl + '/')) - return owner.uri + const owner = await graph.statementsMatching($rdf.sym(webId), SOLID('account'), $rdf.sym(rootUrl + '/')) + return owner.length } catch (error) { throw new Error(`Failed to get owner from ${rootUrl}/.meta, got ` + error) } diff --git a/test/integration/ldp-test.js b/test/integration/ldp-test.js index cca0cc2fc..b84971e78 100644 --- a/test/integration/ldp-test.js +++ b/test/integration/ldp-test.js @@ -89,12 +89,12 @@ describe('LDP', function () { }) }) - describe('getOwner', () => { - it('should return acl:owner', () => { - const owner1 = 'https://tim.localhost:7777/profile/card#me' - return ldp.getOwner('/resources/') - .then(owner => { - assert.equal(owner, owner1) + describe('isOwner', () => { + it('should return acl:owner true', () => { + const owner = 'https://tim.localhost:7777/profile/card#me' + return ldp.isOwner(owner, '/resources/') + .then(isOwner => { + assert.equal(isOwner, true) }) }) }) From 6822a82aec9c53ebca0bdec2be648d8e819eee0c Mon Sep 17 00:00:00 2001 From: bourgeoa Date: Sat, 15 Apr 2023 19:13:31 +0200 Subject: [PATCH 2/2] catch err --- lib/handlers/allow.js | 7 ++++--- test/integration/ldp-test.js | 7 +++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js index 2568ca277..70f0cfad4 100644 --- a/lib/handlers/allow.js +++ b/lib/handlers/allow.js @@ -72,9 +72,10 @@ function allow (mode) { } } - // check user is owner. Check isOwner from /.meta - if (resourceUrl.endsWith('.acl') && await ldp.isOwner(userId, req.hostname)) return next() - + // check if user is owner. Check isOwner from /.meta + try { + if (resourceUrl.endsWith('.acl') && (await ldp.isOwner(userId, req.hostname))) return next() + } catch (err) {} const error = req.authError || await req.acl.getError(userId, mode) debug(`${mode} access denied to ${userId || '(none)'}: ${error.status} - ${error.message}`) next(error) diff --git a/test/integration/ldp-test.js b/test/integration/ldp-test.js index b84971e78..e8931951d 100644 --- a/test/integration/ldp-test.js +++ b/test/integration/ldp-test.js @@ -97,6 +97,13 @@ describe('LDP', function () { assert.equal(isOwner, true) }) }) + it('should return acl:owner false', () => { + const owner = 'https://tim.localhost:7777/profile/card' + return ldp.isOwner(owner, '/resources/') + .then(isOwner => { + assert.equal(isOwner, false) + }) + }) }) describe('getGraph', () => { it('should read and parse an existing file', () => {