unauthenticated using CSS webId's in group acl on NSS pod

[bourgeoa]

500 error using group acl with CSS webIds Group ACL is created with mashlib Contacts app

https://gitter.im/solid/solidos?at=62c662539f29d42bed0f7c70

The issue seems related to inrupt fetch factory module.

The problem arise on NSS pods with CSS webId's There is no problem on NSS pod with NSS webId's The problem also arise on CSS pods for NSS or CSS webId's but the issue is then a 403 error.

[timbl]

@bourgeoa Let me understand .. The problem is only when CSS instead of NSS is used for what — the home webid and pod of the user doing the actions, when that CSS-based user has access though being i n a group? ((All my test users are NSS based, my pod is CSS based. Currently.))

In the example you seem to be logging in with https://bourgeoa.bourgeoa.ga:3100/profile/card#me which I assume is CSS based.

Have you checked the group file? What is the group? Maybe the group file has a parse error. That could explain to 500 instead of 403, maybe? Why else an "internal" error...

[timbl]

The thing you are trying to PUT is in https://solidos.solidcommunity.net/public/SolidOS%20team%20meetings/2022/ and is https://solidos.solidcommunity.net/public/SolidOS%20team%20meetings/2022/2022-07-13.md and the group is https://solidos.solidcommunity.net/Contacts/Group/SolidOS_Team.ttl#this which seems to be public and parsable.

[bourgeoa]

The thing you are trying to PUT is in https://solidos.solidcommunity.net/public/SolidOS%20team%20meetings/2022/ and is https://solidos.solidcommunity.net/public/SolidOS%20team%20meetings/2022/2022-07-13.md and the group is https://solidos.solidcommunity.net/Contacts/Group/SolidOS_Team.ttl#this which seems to be public and parsable.

Yes this is correct

[bourgeoa]

In the example you seem to be logging in with https://bourgeoa.bourgeoa.ga:3100/profile/card#me which I assume is CSS based.

yes it CSS based

[timbl]

Does the server put a stack dump in the body of the 500 error I wonder.

[bourgeoa]

You should be able to reproduce the errors

• by creating a group in timbl.com CSS with an NSS webId like timbl.inrupt.net and trying to edit a file on timbl.com with the Group. You will have a 403
• you could also add timbl.com CSS webId to https://solidos.solidcommunity.net/Contacts (I don't know your webid)

[timbl]

timbl.com is not running an IDP .. it has no webids. There are no timbl.com accounts. My webids are all on NSS.

[bourgeoa]

timbl.com is not running an IDP .. it has no webids. There are no timbl.com accounts. My webids are all on NSS.

For test purpose you may create one on https://solidweb.me with no default settings or on https://solid.redpencil.io from @madnificent this one has default settings, or on https://bourgeoa.ga:3000 with settings and not /public (https://bourgeoa.ga:3000/idp/register/)

[bourgeoa]

It seems the same type of error we already add when using an unauthenticated fetch in some part of mashlib code.

[bourgeoa]

resoolved in https://github.com/nodeSolidServer/jose/pull/19