Closed michielbdejong closed 2 years ago
Create
-> Using PUT in non-existing container
-> is disallowed without accessTo Write or Append
seems to pass when run in isolation
Investigating Create › Using PATCH in existing container › is disallowed without default Write
. This is the ACL:
SolidAuthFetcher curl -v -X 'PUT' -d '@prefix acl: <http://www.w3.org/ns/auth/acl#>.
SolidAuthFetcher
SolidAuthFetcher <#alice> a acl:Authorization;
SolidAuthFetcher acl:agent <https://solidtestsuite.solidcommunity.net/profile/card#me>;
SolidAuthFetcher acl:accessTo <http://localhost:3000/web-access-control-tests-1655121303903/10/allOtherModes/>;
SolidAuthFetcher acl:default <http://localhost:3000/web-access-control-tests-1655121303903/10/allOtherModes/>;
SolidAuthFetcher acl:mode acl:Read, acl:Write, acl:Control.
SolidAuthFetcher <#bobAccessTo> a acl:Authorization;
SolidAuthFetcher acl:agent <https://solid-crud-tests-example-2.solidcommunity.net/profile/card#me>;
SolidAuthFetcher acl:accessTo <http://localhost:3000/web-access-control-tests-1655121303903/10/allOtherModes/>;
SolidAuthFetcher acl:mode acl:Read, acl:Append, acl:Write, acl:Control.
SolidAuthFetcher <#bobDefault> a acl:Authorization;
SolidAuthFetcher acl:agent <https://solid-crud-tests-example-2.solidcommunity.net/profile/card#me>;
SolidAuthFetcher acl:default <http://localhost:3000/web-access-control-tests-1655121303903/10/allOtherModes/>;
SolidAuthFetcher acl:mode acl:Read, acl:Append, acl:Control.
SolidAuthFetcher ' -H 'Content-Type: text/turtle' -H 'authorization: DPoP eyJhbGciOiJSUzI1NiIsImtpZCI6IkpxS29zX2J0SHBnIn0.eyJpc3MiOiJodHRwczovL3NvbGlkY29tbXVuaXR5Lm5ldCIsImF1ZCI6InNvbGlkIiwic3ViIjoiaHR0cHM6Ly9zb2xpZHRlc3RzdWl0ZS5zb2xpZGNvbW11bml0eS5uZXQvcHJvZmlsZS9jYXJkI21lIiwiZXhwIjoxNjU2MzMwOTA0LCJpYXQiOjE2NTUxMjEzMDQsImp0aSI6IjU5OGMwZDZkOWY2OTg4NzIiLCJjbmYiOnsiamt0IjoiS18wOXF0Q2JKZTlTXzVrQ1BkX2RSRVhOT3AybHczaDNiS1NzNU13RmZzZyJ9LCJjbGllbnRfaWQiOiJmMTQyOWY5OWJiMjM0YzdkNjc5MTQ5ZWNkNmU2ZmM4NyIsIndlYmlkIjoiaHR0cHM6Ly9zb2xpZHRlc3RzdWl0ZS5zb2xpZGNvbW11bml0eS5uZXQvcHJvZmlsZS9jYXJkI21lIn0.DiOMqQGnVQvQp2rcq8zdQ3AuGrTBPG_HEmOTKmssIzKKr9c9S330WcUHGlXAOqs13prTqkrQnATjG7pOmEWoD-i_m4BYBw8qOZ2XcPo6QOn7JyGcFL-CHZWEfFfq7y3voohC5xzvcdjWQnklFhbnO26x8chjXQ2t5-0Ay9yV02mTbmBmbK8TeRxh47ndiZ8ExJ_jQjH2onZMbSgWzprmdgiwBM5HZ522rYb_qgVu5BgKcC4PlxD93UyKkNZiWDSGBW4mwcl9Z-HHKl8F76MqSwLtsUo35oUcJtBCudSQFwirRU8ZieuVPK_LFg7S8tapcwv1YEijbF1aAy0NL9vOoA' -H 'dpop: eyJhbGciOiJSUzI1NiIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6IlJTQSIsImtpZCI6IktfMDlxdENiSmU5U181a0NQZF9kUkVYTk9wMmx3M2gzYktTczVNd0Zmc2ciLCJ1c2UiOiJzaWciLCJhbGciOiJSUzI1NiIsImUiOiJBUUFCIiwibiI6IjNmZ2c5MGhWUUtORjdQZXNhMmZSdFdBQ05TX1VXTFRHcDR5ZEt0NDM1ZWtUakFVVVdINGNtOV9ScXpIM0FFQ3Vaek0tbzU1TEllbDFxQ1JZc0NhNVBCd0M2SmJ5V29JQmJlQjljZExtWEhXdHdfQmFRQXNvbDZnTTlDazJxTXFqTWQ1Q2doTzVRME1VdXU0S1RKeWhvaFM1US0zT2xiUHNiU3lNSXdYV2NENVdCODBEMHBxU0dEUUVmcGV0Sm4xbFNpci1Qd2tGTGtEUmRmUGk5OWd5QktQbkI5RVpwNTVWUmhvWW1WNkplMGdmNS1rOEJQY3Q0ZWhVVGY0Qi1vUWZ2aERKVGc4by1Fc3RlN2g5Nnl0QXNtWnA2TU9zb0VaaUk0ZjVwRlhDVmdudjhqRjZWeUVnTHNPaHo3d3R2bEZNaGFqTWcyblpvWTFXNkNTQXZWR2NidyJ9fQ.eyJodHUiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvd2ViLWFjY2Vzcy1jb250cm9sLXRlc3RzLTE2NTUxMjEzMDM5MDMvMTAvYWxsT3RoZXJNb2Rlcy8uYWNsIiwiaHRtIjoiUFVUIiwianRpIjoiNjMyYWQ5YjgtMTEwMi00YTllLTlhODUtMWVlNTg1ZDlmYjMxIiwiaWF0IjoxNjU1MTIxMzA1LCJleHAiOjE2NTUxMjQ5MDV9.QHYBpGmWmJzMyHSKRmTDqIo-hxyQ3E18Op0LRmI22zKbpLJJX2_nij63HaPJHVN0bZGksMgLiRZfBPDbAGu6ASh6-RPJHxIhdoe2SXysUsR7w1EV9ecURCFl5Nzsa_aEHhvVlqQtf3fCoWrTAx5Z8cLSCSK1uAltVMdKsIVGX8Tj9oPtxLpG2z-YG4XV88oz08VKLxX9a_YjTDnwOBJ4UJ7tvOVsYOJpUhoWFcRiCUsLfKcjOJDiPiB6lpK3YNdUt6r1syV1gRzigbd-2sYQ6vWx6Alag33CemRWB-7JIqIb7-Cz5WKQ2WbjLdyIcfWZ1iCV-OcM7KNi3Mkc4U9A8Q' http://localhost:3000/web-access-control-tests-1655121303903/10/allOtherModes/.acl +84ms
This is the request that the test thinks should be disallowed:
SolidAuthFetcher curl -v -X 'PATCH' -d '@prefix solid: <http://www.w3.org/ns/solid/terms#>.
SolidAuthFetcher <#patch> a solid:InsertDeletePatch;
SolidAuthFetcher solid:inserts { <#hello> <#linked> <#world> .}.
SolidAuthFetcher ' -H 'Content-Type: text/n3' -H 'authorization: DPoP eyJhbGciOiJSUzI1NiIsImtpZCI6IkpxS29zX2J0SHBnIn0.eyJpc3MiOiJodHRwczovL3NvbGlkY29tbXVuaXR5Lm5ldCIsImF1ZCI6InNvbGlkIiwic3ViIjoiaHR0cHM6Ly9zb2xpZC1jcnVkLXRlc3RzLWV4YW1wbGUtMi5zb2xpZGNvbW11bml0eS5uZXQvcHJvZmlsZS9jYXJkI21lIiwiZXhwIjoxNjU2MzMwOTA1LCJpYXQiOjE2NTUxMjEzMDUsImp0aSI6IjhkZThmMjExYjEyNDQ5ZWQiLCJjbmYiOnsiamt0IjoiekdfbVRSY2NCb0ZKTmFlVXVlQVBLY0NQUGxEcWxFZjlpR3plZGVSekZIZyJ9LCJjbGllbnRfaWQiOiIwN2FjMDhjNjk3NjhmN2VhNzNlNjc1ZTRkYTdmNzYzNCIsIndlYmlkIjoiaHR0cHM6Ly9zb2xpZC1jcnVkLXRlc3RzLWV4YW1wbGUtMi5zb2xpZGNvbW11bml0eS5uZXQvcHJvZmlsZS9jYXJkI21lIn0.NgyOXEVYxgiKoHZRUwb5l2-kuwZ5sbXYW-_fonGC_kEKuA0Vl2ajY2tYDaE6z_Fn-EcneH_5KSIZdLdkZR3Xh5fpcN8mx3R0L3m9hpzVUCT7QgdnPyal1gKBzgEToY_CvvLm5x7PogwJia04MfROKcJe3ILFyUO6ngXwG_S991W-5fCs3lOCkGNv2uG1HzALNo_CNvP7TjhJpMKDZeVVWCxlOGjCoEBs9k_n8w_Txgl0Tay7ypOF7Rzoh6DfHvk4MtrdZ4Z1opGsLtrmc2n2b3VBKxNVMAZv1IftEcup2cB2B_zjEdlveXASfp56YH2TfnxBgAZIudZEHPRgHfAe1g' -H 'dpop: eyJhbGciOiJSUzI1NiIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6IlJTQSIsImtpZCI6InpHX21UUmNjQm9GSk5hZVV1ZUFQS2NDUFBsRHFsRWY5aUd6ZWRlUnpGSGciLCJ1c2UiOiJzaWciLCJhbGciOiJSUzI1NiIsImUiOiJBUUFCIiwibiI6InB6WWJlRTFxUzhCNWhabHNiSWNQcUw3X1FKaXZWVVVkSks1eXZ0WTdfRmZtcnBKMmdmeG1WR0FlZ1hFVjQyaDRiMkttR0d3eldLVzIyTWxDTUlkUXJuSmhnZFBvdHMxWDBCZHluQmE5MWZhZE10dnJiejl4UWVsQUx6Wi1Cc0xHVGkxMjBUZ0h2Q2pEaHFzZEhOOXdRWDliN1BFMjh4bXVITHp5MEtGVlhKdkVrdzZNWFZvQXZmcktwYjNKSmFJY0JfOW9zMi1HbE1rUWNINm5wZElOR3pid0FORnctaWI2TDB1UERQNHZ1X2ZrMF9UWGtyekdXQ2tMLTcxMjRjZjRiR3NxbFJVQXpTYWVINmxhV3VzNjZLeWIzMU9GdGY1bzdETTlJM1RLZVlfR0RWbXZuczVUbjJwYjZmT05TaEw4UEozdzgyV1JFRGtJZVRHS1RpYmVVdyJ9fQ.eyJodHUiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvd2ViLWFjY2Vzcy1jb250cm9sLXRlc3RzLTE2NTUxMjEzMDM5MDMvMTAvYWxsT3RoZXJNb2Rlcy9uZXcudHh0IiwiaHRtIjoiUEFUQ0giLCJqdGkiOiI3OWU4ODI2Mi1jMWEwLTQ5NTgtOGUxOC1kMmFhMDdkY2FjNzAiLCJpYXQiOjE2NTUxMjEzMDUsImV4cCI6MTY1NTEyNDkwNX0.V0JH6xZsNt9hCQg-9sR8km4r3ugdtRMpBoaebf42pg3Yk1rPWsWYMWLCQeaflv_ja8ZjguFhQwCmuJg01iziHDj2D0yGRmXGu4Gd7WmYx1AYASgLa16bGZbGMYIZEyKERo-JoeNawFPAijLHEd5AbczjLSBBVY6fprDrwholQWh7aJa7o-rHyF_zlc7qFzZh-PAUYPGoBxHzBpFFeh-E5TVZzLwaUHpUA4KGpNCX35w_GeP4ybC_QA5vg7l7JbdndBFacOEcePtwWdLcnwmmsXM_2l-rK4LCD2suXmUfVSRxXgWgHz4aTSVHFYjQmUtkODk_wj2_KVC_hJUOKskXHw' http://localhost:3000/web-access-control-tests-1655121303903/10/allOtherModes/new.txt +62ms
Edit line 32 of node_modules/@solid/access-token-verifier/dist/algorithm/verifyDpopProof.js to reproduce this:
curl -v -X 'PUT' -d @acl.ttl -H 'Content-Type: text/turtle' -H 'authorization: DPoP eyJhbGciOiJSUzI1NiIsImtpZCI6IkpxS29zX2J0SHBnIn0.eyJpc3MiOiJodHRwczovL3NvbGlkY29tbXVuaXR5Lm5ldCIsImF1ZCI6InNvbGlkIiwic3ViIjoiaHR0cHM6Ly9zb2xpZHRlc3RzdWl0ZS5zb2xpZGNvbW11bml0eS5uZXQvcHJvZmlsZS9jYXJkI21lIiwiZXhwIjoxNjU2MzMwOTA0LCJpYXQiOjE2NTUxMjEzMDQsImp0aSI6IjU5OGMwZDZkOWY2OTg4NzIiLCJjbmYiOnsiamt0IjoiS18wOXF0Q2JKZTlTXzVrQ1BkX2RSRVhOT3AybHczaDNiS1NzNU13RmZzZyJ9LCJjbGllbnRfaWQiOiJmMTQyOWY5OWJiMjM0YzdkNjc5MTQ5ZWNkNmU2ZmM4NyIsIndlYmlkIjoiaHR0cHM6Ly9zb2xpZHRlc3RzdWl0ZS5zb2xpZGNvbW11bml0eS5uZXQvcHJvZmlsZS9jYXJkI21lIn0.DiOMqQGnVQvQp2rcq8zdQ3AuGrTBPG_HEmOTKmssIzKKr9c9S330WcUHGlXAOqs13prTqkrQnATjG7pOmEWoD-i_m4BYBw8qOZ2XcPo6QOn7JyGcFL-CHZWEfFfq7y3voohC5xzvcdjWQnklFhbnO26x8chjXQ2t5-0Ay9yV02mTbmBmbK8TeRxh47ndiZ8ExJ_jQjH2onZMbSgWzprmdgiwBM5HZ522rYb_qgVu5BgKcC4PlxD93UyKkNZiWDSGBW4mwcl9Z-HHKl8F76MqSwLtsUo35oUcJtBCudSQFwirRU8ZieuVPK_LFg7S8tapcwv1YEijbF1aAy0NL9vOoA' -H 'dpop: eyJhbGciOiJSUzI1NiIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6IlJTQSIsImtpZCI6IktfMDlxdENiSmU5U181a0NQZF9kUkVYTk9wMmx3M2gzYktTczVNd0Zmc2ciLCJ1c2UiOiJzaWciLCJhbGciOiJSUzI1NiIsImUiOiJBUUFCIiwibiI6IjNmZ2c5MGhWUUtORjdQZXNhMmZSdFdBQ05TX1VXTFRHcDR5ZEt0NDM1ZWtUakFVVVdINGNtOV9ScXpIM0FFQ3Vaek0tbzU1TEllbDFxQ1JZc0NhNVBCd0M2SmJ5V29JQmJlQjljZExtWEhXdHdfQmFRQXNvbDZnTTlDazJxTXFqTWQ1Q2doTzVRME1VdXU0S1RKeWhvaFM1US0zT2xiUHNiU3lNSXdYV2NENVdCODBEMHBxU0dEUUVmcGV0Sm4xbFNpci1Qd2tGTGtEUmRmUGk5OWd5QktQbkI5RVpwNTVWUmhvWW1WNkplMGdmNS1rOEJQY3Q0ZWhVVGY0Qi1vUWZ2aERKVGc4by1Fc3RlN2g5Nnl0QXNtWnA2TU9zb0VaaUk0ZjVwRlhDVmdudjhqRjZWeUVnTHNPaHo3d3R2bEZNaGFqTWcyblpvWTFXNkNTQXZWR2NidyJ9fQ.eyJodHUiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvd2ViLWFjY2Vzcy1jb250cm9sLXRlc3RzLTE2NTUxMjEzMDM5MDMvMTAvYWxsT3RoZXJNb2Rlcy8uYWNsIiwiaHRtIjoiUFVUIiwianRpIjoiNjMyYWQ5YjgtMTEwMi00YTllLTlhODUtMWVlNTg1ZDlmYjMxIiwiaWF0IjoxNjU1MTIxMzA1LCJleHAiOjE2NTUxMjQ5MDV9.QHYBpGmWmJzMyHSKRmTDqIo-hxyQ3E18Op0LRmI22zKbpLJJX2_nij63HaPJHVN0bZGksMgLiRZfBPDbAGu6ASh6-RPJHxIhdoe2SXysUsR7w1EV9ecURCFl5Nzsa_aEHhvVlqQtf3fCoWrTAx5Z8cLSCSK1uAltVMdKsIVGX8Tj9oPtxLpG2z-YG4XV88oz08VKLxX9a_YjTDnwOBJ4UJ7tvOVsYOJpUhoWFcRiCUsLfKcjOJDiPiB6lpK3YNdUt6r1syV1gRzigbd-2sYQ6vWx6Alag33CemRWB-7JIqIb7-Cz5WKQ2WbjLdyIcfWZ1iCV-OcM7KNi3Mkc4U9A8Q' http://localhost:3000/web-access-control-tests-1655121303903/10/allOtherModes/.acl
curl -v -X 'PATCH' -d @patch.ttl -H 'Content-Type: text/n3' -H 'authorization: DPoP eyJhbGciOiJSUzI1NiIsImtpZCI6IkpxS29zX2J0SHBnIn0.eyJpc3MiOiJodHRwczovL3NvbGlkY29tbXVuaXR5Lm5ldCIsImF1ZCI6InNvbGlkIiwic3ViIjoiaHR0cHM6Ly9zb2xpZC1jcnVkLXRlc3RzLWV4YW1wbGUtMi5zb2xpZGNvbW11bml0eS5uZXQvcHJvZmlsZS9jYXJkI21lIiwiZXhwIjoxNjU2MzMwOTA1LCJpYXQiOjE2NTUxMjEzMDUsImp0aSI6IjhkZThmMjExYjEyNDQ5ZWQiLCJjbmYiOnsiamt0IjoiekdfbVRSY2NCb0ZKTmFlVXVlQVBLY0NQUGxEcWxFZjlpR3plZGVSekZIZyJ9LCJjbGllbnRfaWQiOiIwN2FjMDhjNjk3NjhmN2VhNzNlNjc1ZTRkYTdmNzYzNCIsIndlYmlkIjoiaHR0cHM6Ly9zb2xpZC1jcnVkLXRlc3RzLWV4YW1wbGUtMi5zb2xpZGNvbW11bml0eS5uZXQvcHJvZmlsZS9jYXJkI21lIn0.NgyOXEVYxgiKoHZRUwb5l2-kuwZ5sbXYW-_fonGC_kEKuA0Vl2ajY2tYDaE6z_Fn-EcneH_5KSIZdLdkZR3Xh5fpcN8mx3R0L3m9hpzVUCT7QgdnPyal1gKBzgEToY_CvvLm5x7PogwJia04MfROKcJe3ILFyUO6ngXwG_S991W-5fCs3lOCkGNv2uG1HzALNo_CNvP7TjhJpMKDZeVVWCxlOGjCoEBs9k_n8w_Txgl0Tay7ypOF7Rzoh6DfHvk4MtrdZ4Z1opGsLtrmc2n2b3VBKxNVMAZv1IftEcup2cB2B_zjEdlveXASfp56YH2TfnxBgAZIudZEHPRgHfAe1g' -H 'dpop: eyJhbGciOiJSUzI1NiIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6IlJTQSIsImtpZCI6InpHX21UUmNjQm9GSk5hZVV1ZUFQS2NDUFBsRHFsRWY5aUd6ZWRlUnpGSGciLCJ1c2UiOiJzaWciLCJhbGciOiJSUzI1NiIsImUiOiJBUUFCIiwibiI6InB6WWJlRTFxUzhCNWhabHNiSWNQcUw3X1FKaXZWVVVkSks1eXZ0WTdfRmZtcnBKMmdmeG1WR0FlZ1hFVjQyaDRiMkttR0d3eldLVzIyTWxDTUlkUXJuSmhnZFBvdHMxWDBCZHluQmE5MWZhZE10dnJiejl4UWVsQUx6Wi1Cc0xHVGkxMjBUZ0h2Q2pEaHFzZEhOOXdRWDliN1BFMjh4bXVITHp5MEtGVlhKdkVrdzZNWFZvQXZmcktwYjNKSmFJY0JfOW9zMi1HbE1rUWNINm5wZElOR3pid0FORnctaWI2TDB1UERQNHZ1X2ZrMF9UWGtyekdXQ2tMLTcxMjRjZjRiR3NxbFJVQXpTYWVINmxhV3VzNjZLeWIzMU9GdGY1bzdETTlJM1RLZVlfR0RWbXZuczVUbjJwYjZmT05TaEw4UEozdzgyV1JFRGtJZVRHS1RpYmVVdyJ9fQ.eyJodHUiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvd2ViLWFjY2Vzcy1jb250cm9sLXRlc3RzLTE2NTUxMjEzMDM5MDMvMTAvYWxsT3RoZXJNb2Rlcy9uZXcudHh0IiwiaHRtIjoiUEFUQ0giLCJqdGkiOiI3OWU4ODI2Mi1jMWEwLTQ5NTgtOGUxOC1kMmFhMDdkY2FjNzAiLCJpYXQiOjE2NTUxMjEzMDUsImV4cCI6MTY1NTEyNDkwNX0.V0JH6xZsNt9hCQg-9sR8km4r3ugdtRMpBoaebf42pg3Yk1rPWsWYMWLCQeaflv_ja8ZjguFhQwCmuJg01iziHDj2D0yGRmXGu4Gd7WmYx1AYASgLa16bGZbGMYIZEyKERo-JoeNawFPAijLHEd5AbczjLSBBVY6fprDrwholQWh7aJa7o-rHyF_zlc7qFzZh-PAUYPGoBxHzBpFFeh-E5TVZzLwaUHpUA4KGpNCX35w_GeP4ybC_QA5vg7l7JbdndBFacOEcePtwWdLcnwmmsXM_2l-rK4LCD2suXmUfVSRxXgWgHz4aTSVHFYjQmUtkODk_wj2_KVC_hJUOKskXHw' http://localhost:3000/web-access-control-tests-1655121303903/10/allOtherModes/new.txt
Just read the spec again and I think the CSS behaviour is correct here -> https://github.com/solid-contrib/web-access-control-tests/issues/52
Continuing with the access-to-append-suffice-to-create
branch, now seeing 7 failures:
Create
Using POST to existing container
✓ Is allowed with accessTo Append access (1383 ms)
✓ Is allowed with accessTo Write access (479 ms)
✓ Is disallowed otherwise (433 ms)
Using PUT in existing container
✓ Is allowed with accessTo Write and default Write access (402 ms)
✕ Is allowed with accessTo Write and default Append access (401 ms)
✓ Is allowed with accessTo Append and default Write access (409 ms)
✕ Is allowed with accessTo Append and default Append access (386 ms)
✓ is disallowed without default Write or Append (391 ms)
✓ is disallowed without accessTo Write or Append (372 ms)
Using PATCH in existing container
✓ Is allowed with accessTo Write and default Write access (384 ms)
✓ Is allowed with accessTo Write and default Append access (381 ms)
✓ Is allowed with accessTo Append and default Write access (393 ms)
✓ Is allowed with accessTo Append and default Append access (421 ms)
✓ is disallowed without default Write or Append (376 ms)
✓ is disallowed without accessTo Write or Append (363 ms)
Using PUT in non-existing container
✓ Is allowed with accessTo Write and default Write access (362 ms)
✕ Is allowed with accessTo Write and default Append access (346 ms)
✕ Is allowed with accessTo Append and default Write access (330 ms)
✕ Is allowed with accessTo Append and default Append access (304 ms)
✓ is disallowed without default Write or Append (369 ms)
✕ is disallowed without accessTo Write or Append (368 ms)
Using PATCH in non-existing container
✓ Is allowed with accessTo Write and default Write access (360 ms)
✓ Is allowed with accessTo Write and default Append access (399 ms)
✓ Is allowed with accessTo Append and default Write access (360 ms)
✓ Is allowed with accessTo Append and default Append access (358 ms)
✓ is disallowed without default Write or Append (356 ms)
Will test which of these fail when run in isolation
After clean up of test container names in the access-to-append-suffice-to-create
branch, seeing:
● Create › Using PUT in existing container › Is allowed with accessTo Write and default Append access
● Create › Using PUT in existing container › Is allowed with accessTo Append and default Append access
● Create › Using PUT in non-existing container › is disallowed without accessTo Write or Append
● Create › Using PATCH in non-existing container › is disallowed without accessTo Write or Append
Created https://github.com/solid/web-access-control-spec/issues/105 about those first two.
It's uploading http://localhost:3000/web-access-control-tests-1655126590886/using-PUT-in-non-existing-test-disallowed-accessTo/.acl with accessTo 'acl:Read, acl:Control'
and default 'acl:Read, acl:Append, acl:Write, acl:Control'
and then tries to PUT
http://localhost:3000/web-access-control-tests-1655126590886/using-PUT-in-non-existing-test-disallowed-accessTo/nested/new.txt
Save this as acl.ttl
:
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
<#access-to-read> a acl:Authorization;
acl:agentClass foaf:Agent;
acl:accessTo <http://localhost:3000/>;
acl:mode acl:Read.
<#default-read-write> a acl:Authorization;
acl:agentClass foaf:Agent;
acl:default <http://localhost:3000/>;
acl:mode acl:Read, acl:Write.
And upload it to a newly started CSS v4.0.1 instance using:
curl -v -X PUT -H 'Content-Type: text/turtle' -T acl.ttl http://localhost:3000/.acl
Now try these commands:
curl -v -X PUT -H 'Content-Type: text/plain' -d hello http://localhost:3000/test.txt
curl -v -X PUT -H 'Content-Type: text/plain' -d hello http://localhost:3000/nested/test.txt
The first will give a 401, the second a 201. And indeed, if you then run curl http://localhost:3000/
you will see that although the creation of /test.txt
was blocked correctly, the creation of a /nested
folder in the pod root was not prevented:
@prefix dc: <http://purl.org/dc/terms/>.
@prefix ldp: <http://www.w3.org/ns/ldp#>.
@prefix posix: <http://www.w3.org/ns/posix/stat#>.
@prefix xsd: <http://www.w3.org/2001/XMLSchema#>.
<> a <http://www.w3.org/ns/pim/space#Storage>, ldp:Container, ldp:BasicContainer, ldp:Resource;
dc:modified "2022-06-13T13:51:47.000Z"^^xsd:dateTime;
<http://www.w3.org/ns/auth/acl#accessControl> <.acl>;
ldp:contains <index.html>, <nested/>.
OK, so to conclude, we found that CSS v4.0.1 passes all known tests for Solid spec v0.9, except:
CSS v4.0.1, node v12.19.1, npm v6.14.8
Save this as acl.ttl
which gives any agent read-only access to the server root, and read-write access to any contained resources:
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
<#access-to-read> a acl:Authorization;
acl:agentClass foaf:Agent;
acl:accessTo <http://localhost:3000/>;
acl:mode acl:Read.
<#default-read-write> a acl:Authorization;
acl:agentClass foaf:Agent;
acl:default <http://localhost:3000/>;
acl:mode acl:Read, acl:Write.
And upload it to a newly started CSS v4.0.1 instance using:
curl -v -X PUT -H 'Content-Type: text/turtle' -T acl.ttl http://localhost:3000/.acl
Now try these commands:
curl -v -X PUT -H 'Content-Type: text/plain' -d hello http://localhost:3000/test.txt
curl -v -X PUT -H 'Content-Type: text/plain' -d hello http://localhost:3000/nested/test.txt
The first will give a 401, the second a 201. And indeed, if you then run curl http://localhost:3000/
you will see that although the creation of /test.txt
was blocked correctly, the creation of a /nested
folder in the pod root was not prevented:
@prefix dc: <http://purl.org/dc/terms/>.
@prefix ldp: <http://www.w3.org/ns/ldp#>.
@prefix posix: <http://www.w3.org/ns/posix/stat#>.
@prefix xsd: <http://www.w3.org/2001/XMLSchema#>.
<> a <http://www.w3.org/ns/pim/space#Storage>, ldp:Container, ldp:BasicContainer, ldp:Resource;
dc:modified "2022-06-13T13:51:47.000Z"^^xsd:dateTime;
<http://www.w3.org/ns/auth/acl#accessControl> <.acl>;
ldp:contains <index.html>, <nested/>.
However, the spec says that creating that nested/
folder should have require Write or Append on /. Is WAC not enforced for the "mkdir -p" behaviour of creating nested folders?
CSS v4.0.1, node v12.19.1, npm v6.14.8
Save this file as acl.ttl:
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
<#read-append> a acl:Authorization;
acl:agentClass foaf:Agent;
acl:accessTo <http://localhost:3000/>;
acl:default <http://localhost:3000/>;
acl:mode acl:Read, acl:Append.
Upload it to http://localhost:3000/.acl by doing:
curl -v -X PUT -H 'Content-Type: text/turtle' -T acl.ttl http://localhost:3000/.acl
Now save this as patch.n3:
@prefix solid: <http://www.w3.org/ns/solid/terms#>.
<#patch> a solid:InsertDeletePatch;
solid:inserts { <#hello> <#linked> <#world> .}.
and run the following two curl commands:
curl -X PUT -d '<#hello> <#linked> <#world>.' -H 'Content-Type: text/turtle' http://localhost:3000/with-put.ttl
curl -X PATCH -T patch.n3 -H 'Content-Type: text/n3' http://localhost:3000/with-patch.ttl
You will see the first one results in a 401, the second one in a 201, and indeed when you do curl http://localhost:3000/
you see /with-patch.ttl
was created and /with-put.ttl
was not:
[...]
ldp:contains <index.html>, <with-patch.ttl>.
And with curl http://localhost:3000/with-patch.ttl
you can see the contents:
<#hello> <#linked> <#world>.
Why is this different depending on the verb?
See also https://github.com/solid/web-access-control-spec/issues/105.
These are not actually part of the requirements, so that's fine.
As reported by @mrvahedi68 - just reproduced it: