From 8960647d7ac2b34620f402d151a6f0a65649501a Mon Sep 17 00:00:00 2001 From: nicola Date: Wed, 11 May 2016 14:27:42 -0400 Subject: [PATCH 01/10] designing the scenario for accounts with OIDC --- test/accounts.js | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 test/accounts.js diff --git a/test/accounts.js b/test/accounts.js new file mode 100644 index 000000000..5478787e0 --- /dev/null +++ b/test/accounts.js @@ -0,0 +1,73 @@ +const Solid = require('../') +const parallel = require('run-parallel') +const waterfall = require('run-waterfall') +const path = require('path') +const supertest = require('supertest') + +// In this test we always assume that we are Alice + +function getBobFoo (alice, bob, done) { + bob.get('/foo') + .expect(401) + .end(done) +} + +function postBobDiscoverSignIn (alice, bob, done) { + done() +} + +function entersPasswordAndConsent (alice, bob, done) { + +} + +describe('OIDC flow', () => { + let aliceServer + let bobServer + let alice + let bob + + const solid = Solid.createServer({ + root: path.join(__dirname, '/resources'), + sslKey: path.join(__dirname, '/keys/key.pem'), + sslCert: path.join(__dirname, '/keys/cert.pem'), + webid: true + }) + + before(function (done) { + parallel([ + (cb) => { + aliceServer = solid.listen(3456, cb) + alice = supertest('https://localhost:3456') + }, + (cb) => { + bobServer = solid.listen(3457, cb) + bob = supertest('https://localhost:3457') + } + ], done) + }) + + after(function () { + if (aliceServer) aliceServer.close() + if (bobServer) bobServer.close() + }) + + it('step1: User tries to get /foo and gets 401 and meta redirect', (done) => { + getBobFoo(alice, bob, done) + }) + + it('step2: User enters webId to signin', (done) => { + postBobDiscoverSignIn(alice, bob, done) + }) + + it('step3: User enters password', (done) => { + entersPasswordAndConsent(alice, bob, done) + }) + + it('entire flow', (done) => { + waterfall([ + (cb) => getBobFoo(alice, bob, cb), + (cb) => postBobDiscoverSignIn(alice, bob, cb), + (cb) => entersPasswordAndConsent(alice, bob, cb) + ], done) + }) +}) From 5a7c27c0d9cdecff4ccf195173b9cf2b51276a74 Mon Sep 17 00:00:00 2001 From: nicola Date: Wed, 11 May 2016 14:43:25 -0400 Subject: [PATCH 02/10] adding waterfall --- package.json | 1 + test/accounts.js | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 05727fb3a..7418f2196 100644 --- a/package.json +++ b/package.json @@ -65,6 +65,7 @@ "mocha": "^2.2.5", "nock": "^7.0.2", "rsvp": "^3.1.0", + "run-waterfall": "^1.1.3", "sinon": "^1.17.4", "standard": "^7.0.1", "supertest": "^1.0.1" diff --git a/test/accounts.js b/test/accounts.js index 5478787e0..d4b84ca9a 100644 --- a/test/accounts.js +++ b/test/accounts.js @@ -7,7 +7,7 @@ const supertest = require('supertest') // In this test we always assume that we are Alice function getBobFoo (alice, bob, done) { - bob.get('/foo') + bob.get('/') .expect(401) .end(done) } @@ -17,7 +17,7 @@ function postBobDiscoverSignIn (alice, bob, done) { } function entersPasswordAndConsent (alice, bob, done) { - + done() } describe('OIDC flow', () => { From fb75ffbd8ea5b3b04136d57b4b9f74f5ac3c907e Mon Sep 17 00:00:00 2001 From: nicola Date: Wed, 11 May 2016 15:21:53 -0400 Subject: [PATCH 03/10] adding scenario workflow --- test/scenarios.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 test/scenarios.md diff --git a/test/scenarios.md b/test/scenarios.md new file mode 100644 index 000000000..44e942dcc --- /dev/null +++ b/test/scenarios.md @@ -0,0 +1,23 @@ +- Full tests (Solid) + - with registered user, user is logged out + - (1) User tries to get a resource + - GET BOB/foo + - sends 401 with redirect in HTML header + - redirect GET BOB/discoverSignin + - (2) User enters the webId so that the authorization endpoint is discovered + - POST BOB/signin with WebID + - response is a 302 to ALICE/authorize?callback=BOB/api/oidc/rp + - (3) User is prompted password? and consent + - (user enters password)? + - user presses conset + - form submit to ALICE/authorize?callback=BOB/api/oidc/rp + - response is a 302 to BOB/api/oidc/rp + - BOB/api/oidc/rp redirects to BOB/foo + + + - needing registration + - (0) User registers an account + - POST ALICE/api/accounts/new + - gives User + - set the cookie + - send an email (for verfication) From 25921b8a282b29fd18d175a23cd5a2e9d016e22c Mon Sep 17 00:00:00 2001 From: Nicola Greco Date: Wed, 11 May 2016 17:00:42 -0400 Subject: [PATCH 04/10] Update scenarios.md --- test/scenarios.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/scenarios.md b/test/scenarios.md index 44e942dcc..5436c0861 100644 --- a/test/scenarios.md +++ b/test/scenarios.md @@ -3,14 +3,14 @@ - (1) User tries to get a resource - GET BOB/foo - sends 401 with redirect in HTML header - - redirect GET BOB/discoverSignin + - redirect GET BOB/api/accounts/signin - (2) User enters the webId so that the authorization endpoint is discovered - POST BOB/signin with WebID - - response is a 302 to ALICE/authorize?callback=BOB/api/oidc/rp + - response is a 302 to oidc.ALICE/authorize?callback=BOB/api/oidc/rp - (3) User is prompted password? and consent - (user enters password)? - user presses conset - - form submit to ALICE/authorize?callback=BOB/api/oidc/rp + - form submit to oidc.ALICE/authorize?callback=BOB/api/oidc/rp - response is a 302 to BOB/api/oidc/rp - BOB/api/oidc/rp redirects to BOB/foo From 99bc4841f956e1b167ddce6b73b936652d9052e9 Mon Sep 17 00:00:00 2001 From: nicola Date: Thu, 12 May 2016 09:31:42 -0400 Subject: [PATCH 05/10] adding scenario folders --- test/accounts.js | 27 +++++++++++++------- test/resources/accounts-scenario/alice/.acl | 5 ++++ test/resources/accounts-scenario/bob/.acl | 5 ++++ test/resources/accounts-scenario/bob/foo | 1 + test/resources/accounts-scenario/bob/foo.acl | 5 ++++ 5 files changed, 34 insertions(+), 9 deletions(-) create mode 100644 test/resources/accounts-scenario/alice/.acl create mode 100644 test/resources/accounts-scenario/bob/.acl create mode 100644 test/resources/accounts-scenario/bob/foo create mode 100644 test/resources/accounts-scenario/bob/foo.acl diff --git a/test/accounts.js b/test/accounts.js index d4b84ca9a..53a1738cf 100644 --- a/test/accounts.js +++ b/test/accounts.js @@ -3,11 +3,10 @@ const parallel = require('run-parallel') const waterfall = require('run-waterfall') const path = require('path') const supertest = require('supertest') - // In this test we always assume that we are Alice function getBobFoo (alice, bob, done) { - bob.get('/') + bob.get('/foo') .expect(401) .end(done) } @@ -26,22 +25,32 @@ describe('OIDC flow', () => { let alice let bob - const solid = Solid.createServer({ - root: path.join(__dirname, '/resources'), + const alicePod = Solid.createServer({ + root: path.join(__dirname, '/resources/accounts-scenario/alice'), + sslKey: path.join(__dirname, '/keys/key.pem'), + sslCert: path.join(__dirname, '/keys/cert.pem'), + auth: 'oidc', + dataBrowser: false, + fileBrowser: false + }) + const bobPod = Solid.createServer({ + root: path.join(__dirname, '/resources/accounts-scenario/bob'), sslKey: path.join(__dirname, '/keys/key.pem'), sslCert: path.join(__dirname, '/keys/cert.pem'), - webid: true + auth: 'oidc', + dataBrowser: false, + fileBrowser: false }) before(function (done) { parallel([ (cb) => { - aliceServer = solid.listen(3456, cb) - alice = supertest('https://localhost:3456') + aliceServer = alicePod.listen(5000, cb) + alice = supertest('https://localhost:5000') }, (cb) => { - bobServer = solid.listen(3457, cb) - bob = supertest('https://localhost:3457') + bobServer = bobPod.listen(5001, cb) + bob = supertest('https://localhost:5001') } ], done) }) diff --git a/test/resources/accounts-scenario/alice/.acl b/test/resources/accounts-scenario/alice/.acl new file mode 100644 index 000000000..9362b71cf --- /dev/null +++ b/test/resources/accounts-scenario/alice/.acl @@ -0,0 +1,5 @@ +<#Owner> + a ; + <./>; + ; + , , . \ No newline at end of file diff --git a/test/resources/accounts-scenario/bob/.acl b/test/resources/accounts-scenario/bob/.acl new file mode 100644 index 000000000..49a249208 --- /dev/null +++ b/test/resources/accounts-scenario/bob/.acl @@ -0,0 +1,5 @@ +<#Owner> + a ; + <./>; + ; + , , . \ No newline at end of file diff --git a/test/resources/accounts-scenario/bob/foo b/test/resources/accounts-scenario/bob/foo new file mode 100644 index 000000000..191028156 --- /dev/null +++ b/test/resources/accounts-scenario/bob/foo @@ -0,0 +1 @@ +foo \ No newline at end of file diff --git a/test/resources/accounts-scenario/bob/foo.acl b/test/resources/accounts-scenario/bob/foo.acl new file mode 100644 index 000000000..4cf18c1c8 --- /dev/null +++ b/test/resources/accounts-scenario/bob/foo.acl @@ -0,0 +1,5 @@ +<#Alice> + a ; + <./foo>; + ; + , , . \ No newline at end of file From db98b3b7f913728a9321e676e51c2a085c5eaa59 Mon Sep 17 00:00:00 2001 From: nicola Date: Thu, 12 May 2016 09:34:20 -0400 Subject: [PATCH 06/10] enabling webid --- test/accounts.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/accounts.js b/test/accounts.js index 53a1738cf..3ec15501a 100644 --- a/test/accounts.js +++ b/test/accounts.js @@ -31,7 +31,8 @@ describe('OIDC flow', () => { sslCert: path.join(__dirname, '/keys/cert.pem'), auth: 'oidc', dataBrowser: false, - fileBrowser: false + fileBrowser: false, + webid: true }) const bobPod = Solid.createServer({ root: path.join(__dirname, '/resources/accounts-scenario/bob'), @@ -39,7 +40,8 @@ describe('OIDC flow', () => { sslCert: path.join(__dirname, '/keys/cert.pem'), auth: 'oidc', dataBrowser: false, - fileBrowser: false + fileBrowser: false, + webid: true }) before(function (done) { From 0525cc1dcbd468ec4da327a852db043fb3726cc9 Mon Sep 17 00:00:00 2001 From: nicola Date: Thu, 12 May 2016 09:37:32 -0400 Subject: [PATCH 07/10] starting writing first test --- test/accounts.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/accounts.js b/test/accounts.js index 3ec15501a..baa639896 100644 --- a/test/accounts.js +++ b/test/accounts.js @@ -3,12 +3,17 @@ const parallel = require('run-parallel') const waterfall = require('run-waterfall') const path = require('path') const supertest = require('supertest') +const expect = require('chai').expect // In this test we always assume that we are Alice function getBobFoo (alice, bob, done) { bob.get('/foo') .expect(401) - .end(done) + .end((err, res) => { + if (err) return done(err) + expect(res).to.match(/META http-equiv="refresh"/) + done() + }) } function postBobDiscoverSignIn (alice, bob, done) { From 01bddd074b9d25d6893b10f1cc5aaa70fa362ec7 Mon Sep 17 00:00:00 2001 From: nicola Date: Thu, 12 May 2016 10:13:16 -0400 Subject: [PATCH 08/10] rename to test/api-accounts --- test/{accounts.js => api-accounts.js} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename test/{accounts.js => api-accounts.js} (100%) diff --git a/test/accounts.js b/test/api-accounts.js similarity index 100% rename from test/accounts.js rename to test/api-accounts.js From 8328c446477625ec4d736e9af0872a7aacc90484 Mon Sep 17 00:00:00 2001 From: nicola Date: Thu, 12 May 2016 10:14:03 -0400 Subject: [PATCH 09/10] skipping tests for now --- test/api-accounts.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/api-accounts.js b/test/api-accounts.js index baa639896..24f848628 100644 --- a/test/api-accounts.js +++ b/test/api-accounts.js @@ -67,19 +67,19 @@ describe('OIDC flow', () => { if (bobServer) bobServer.close() }) - it('step1: User tries to get /foo and gets 401 and meta redirect', (done) => { + it.skip('step1: User tries to get /foo and gets 401 and meta redirect', (done) => { getBobFoo(alice, bob, done) }) - it('step2: User enters webId to signin', (done) => { + it.skip('step2: User enters webId to signin', (done) => { postBobDiscoverSignIn(alice, bob, done) }) - it('step3: User enters password', (done) => { + it.skip('step3: User enters password', (done) => { entersPasswordAndConsent(alice, bob, done) }) - it('entire flow', (done) => { + it.skip('entire flow', (done) => { waterfall([ (cb) => getBobFoo(alice, bob, cb), (cb) => postBobDiscoverSignIn(alice, bob, cb), From 27bfdfebad52c81ee073e82feeddb4a9b041ec73 Mon Sep 17 00:00:00 2001 From: nicola Date: Thu, 12 May 2016 12:59:29 -0400 Subject: [PATCH 10/10] do not skip the tests --- test/api-accounts.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/api-accounts.js b/test/api-accounts.js index 24f848628..baa639896 100644 --- a/test/api-accounts.js +++ b/test/api-accounts.js @@ -67,19 +67,19 @@ describe('OIDC flow', () => { if (bobServer) bobServer.close() }) - it.skip('step1: User tries to get /foo and gets 401 and meta redirect', (done) => { + it('step1: User tries to get /foo and gets 401 and meta redirect', (done) => { getBobFoo(alice, bob, done) }) - it.skip('step2: User enters webId to signin', (done) => { + it('step2: User enters webId to signin', (done) => { postBobDiscoverSignIn(alice, bob, done) }) - it.skip('step3: User enters password', (done) => { + it('step3: User enters password', (done) => { entersPasswordAndConsent(alice, bob, done) }) - it.skip('entire flow', (done) => { + it('entire flow', (done) => { waterfall([ (cb) => getBobFoo(alice, bob, cb), (cb) => postBobDiscoverSignIn(alice, bob, cb),