Most tests work

Author: jaxoncreed

test/integration/authentication-oidc-test.js

@@ -526,6 +526,9 @@ describe('Authentication API (OIDC)', () => {
     let authorizationUri, loginUri, authParams, callbackUri
     let loginFormFields = ''
     let bearerToken
+    let postLoginUri
+    let cookie
+    let postConsentUri
 
     before(() => {
       auth = new SolidAuthOIDC({ store: localStorage, window: { location: {} } })
@@ -627,25 +630,50 @@ describe('Authentication API (OIDC)', () => {
       })
         .then(res => {
           expect(res.status).to.equal(302)
-          let postLoginUri = res.headers.get('location')
-          let cookie = res.headers.get('set-cookie')
+          postLoginUri = res.headers.get('location')
+          cookie = res.headers.get('set-cookie')
 
           // Successful login gets redirected back to /authorize and then
           // back to app
-          expect(postLoginUri.startsWith(aliceServerUri + '/authorize'))
+          expect(postLoginUri.startsWith(aliceServerUri + '/consent'))
             .to.be.true()
-
-          return fetch(postLoginUri, { redirect: 'manual', headers: { cookie } })
-        })
-        .then(res => {
-          // User gets redirected back to original app
-          expect(res.status).to.equal(302)
-          callbackUri = res.headers.get('location')
-          expect(callbackUri.startsWith('https://app.example.com#'))
         })
     })
 
-    // Step 6: Web App extracts tokens from the uri hash fragment, uses
+    // Step 6: User consents to the app accessing certain things
+    it('should consent via the /consent form', () => {
+      loginFormFields += `&access_mode=Read&access_mode=Write&consent=true`
+
+      return fetch(aliceServerUri + '/consent', {
+        method: 'POST',
+        body: loginFormFields,
+        redirect: 'manual',
+        headers: {
+          'content-type': 'application/x-www-form-urlencoded',
+          cookie
+        },
+        credentials: 'include'
+      })
+      .then(res => {
+        expect(res.status).to.equal(302)
+        postConsentUri = res.headers.get('location')
+        // cookie = res.headers.get('set-cookie')
+
+        // Successful login gets redirected back to /authorize and then
+        // back to app
+        expect(postConsentUri.startsWith(aliceServerUri + '/authorize'))
+          .to.be.true()
+        return fetch(postConsentUri, { redirect: 'manual', headers: { cookie } })
+      })
+      .then(res => {
+        // User gets redirected back to original app
+        expect(res.status).to.equal(302)
+        callbackUri = res.headers.get('location')
+        expect(callbackUri.startsWith('https://app.example.com#'))
+      })
+    })
+
+    // Step 7: Web App extracts tokens from the uri hash fragment, uses
     //  them to access protected resource
     it('should use id token from the callback uri to access shared resource (no origin)', () => {
       auth.window.location.href = callbackUri

test/integration/authentication-oidc-with-strict-origins-turned-off-test.js

@@ -399,6 +399,8 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => {
     let authorizationUri, loginUri, authParams, callbackUri
     let loginFormFields = ''
     let bearerToken
+    let cookie
+    let postLoginUri
 
     before(() => {
       auth = new SolidAuthOIDC({ store: localStorage, window: { location: {} } })
@@ -500,24 +502,50 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => {
       })
         .then(res => {
           expect(res.status).to.equal(302)
-          let postLoginUri = res.headers.get('location')
-          let cookie = res.headers.get('set-cookie')
+          postLoginUri = res.headers.get('location')
+          cookie = res.headers.get('set-cookie')
 
           // Successful login gets redirected back to /authorize and then
           // back to app
-          expect(postLoginUri.startsWith(aliceServerUri + '/authorize'))
+          expect(postLoginUri.startsWith(aliceServerUri + '/consent'))
             .to.be.true()
-
-          return fetch(postLoginUri, { redirect: 'manual', headers: { cookie } })
-        })
-        .then(res => {
-          // User gets redirected back to original app
-          expect(res.status).to.equal(302)
-          callbackUri = res.headers.get('location')
-          expect(callbackUri.startsWith('https://app.example.com#'))
         })
     })
 
+    // Step 6: User consents to the app accessing certain things
+    it('should consent via the /consent form', () => {
+      loginFormFields += `&access_mode=Read&access_mode=Write&consent=true`
+
+      return fetch(aliceServerUri + '/consent', {
+        method: 'POST',
+        body: loginFormFields,
+        redirect: 'manual',
+        headers: {
+          'content-type': 'application/x-www-form-urlencoded',
+          cookie
+        },
+        credentials: 'include'
+      })
+      .then(res => {
+        expect(res.status).to.equal(302)
+        let postLoginUri = res.headers.get('location')
+        let cookie = res.headers.get('set-cookie')
+
+        // Successful login gets redirected back to /authorize and then
+        // back to app
+        expect(postLoginUri.startsWith(aliceServerUri + '/authorize'))
+          .to.be.true()
+
+        return fetch(postLoginUri, { redirect: 'manual', headers: { cookie } })
+      })
+      .then(res => {
+        // User gets redirected back to original app
+        expect(res.status).to.equal(302)
+        callbackUri = res.headers.get('location')
+        expect(callbackUri.startsWith('https://app.example.com#'))
+      })
+    })
+
     // Step 6: Web App extracts tokens from the uri hash fragment, uses
     //  them to access protected resource
     it('should use id token from the callback uri to access shared resource (no origin)', () => {

test/resources/accounts-scenario/alice/profile/card$.ttl

@@ -1,4 +1,14 @@
+@prefix : <#>.
 @prefix acl: <http://www.w3.org/ns/auth/acl#>.
+@prefix c: <card#>.
+@prefix c0: <https://localhost:8443/profile/card#>.
 
-<#me> acl:trustedApp [  acl:origin <https://trusted.app>;
-                        acl:mode    acl:Read, acl:Write, acl:Append, acl:Control].
+c:me
+    acl:trustedApp
+    [ acl:mode acl:Read, acl:Write; acl:origin <https://app.example.com> ].
+c0:me
+    acl:trustedApp
+            [
+                acl:mode acl:Append, acl:Control, acl:Read, acl:Write;
+                acl:origin <https://trusted.app>
+            ].

test/resources/accounts-strict-origin-off/alice/profile/card$.ttl

@@ -1,4 +1,14 @@
+@prefix : <#>.
 @prefix acl: <http://www.w3.org/ns/auth/acl#>.
+@prefix c: <card#>.
+@prefix c0: <https://localhost:8443/profile/card#>.
 
-<#me> acl:trustedApp [  acl:origin <https://trusted.app>;
-                        acl:mode    acl:Read, acl:Write, acl:Append, acl:Control].
+c:me
+    acl:trustedApp
+    [ acl:mode acl:Read, acl:Write; acl:origin <https://app.example.com> ].
+c0:me
+    acl:trustedApp
+            [
+                acl:mode acl:Append, acl:Control, acl:Read, acl:Write;
+                acl:origin <https://trusted.app>
+            ].

test/unit/login-request-test.js

@@ -175,9 +175,9 @@ describe('LoginRequest', () => {
   })
 
   describe('redirectPostLogin()', () => {
-    it('should redirect to the /authorize url if response_type includes token', () => {
+    it('should redirect to the /consent url if response_type includes token', () => {
       let res = HttpMocks.createResponse()
-      let authUrl = 'https://localhost:8443/authorize?response_type=token'
+      let authUrl = 'https://localhost:8443/consent?response_type=token'
       let validUser = accountManager.userAccountFrom({ username: 'alice' })
 
       let authQueryParams = {