Add token reuse test

Author: dmitrizagidulin

package.json

@@ -59,7 +59,7 @@
     "node-forge": "^0.6.38",
     "nodemailer": "^3.1.4",
     "nomnom": "^1.8.1",
-    "oidc-auth-manager": "^0.8.0",
+    "oidc-auth-manager": "^0.8.1",
     "oidc-op-express": "^0.0.3",
     "rdflib": "^0.15.0",
     "recursive-readdir": "^2.1.0",

test/integration/authentication-oidc-test.js

@@ -325,6 +325,7 @@ describe('Authentication API (OIDC)', () => {
     let auth
     let authorizationUri, loginUri, authParams, callbackUri
     let loginFormFields = ''
+    let bearerToken
 
     before(() => {
       auth = new SolidAuthOIDC({ store: localStorage, window: { location: {} } })
@@ -460,9 +461,11 @@ describe('Authentication API (OIDC)', () => {
           return auth.issuePoPTokenFor(bobServerUri, auth.session)
         })
         .then(popToken => {
+          bearerToken = popToken
+
           return fetch(protectedResourcePath, {
             headers: {
-              'Authorization': 'Bearer ' + popToken
+              'Authorization': 'Bearer ' + bearerToken
             }
           })
         })
@@ -475,6 +478,21 @@ describe('Authentication API (OIDC)', () => {
           expect(contents).to.equal('protected contents\n')
         })
     })
+
+    it('should not be able to reuse the bearer token for bob server on another server', () => {
+      let privateAliceResourcePath = aliceServerUri + '/private-for-alice.txt'
+
+      return fetch(privateAliceResourcePath, {
+        headers: {
+          // This is Alice's bearer token with her own Web ID
+          'Authorization': 'Bearer ' + bearerToken
+        }
+      })
+        .then(res => {
+          // It will get rejected; it was issued for Bob's server only
+          expect(res.status).to.equal(403)
+        })
+    })
   })
 
   describe('Post-logout page (GET /goodbye)', () => {

test/resources/accounts-scenario/alice/private-for-alice.txt

@@ -0,0 +1 @@
+protected contents for alice

test/resources/accounts-scenario/alice/private-for-alice.txt.acl

@@ -0,0 +1,12 @@
+<#Alice>
+ a <http://www.w3.org/ns/auth/acl#Authorization> ;
+
+ <http://www.w3.org/ns/auth/acl#accessTo> <./private-for-alice.txt>;
+
+ # Alice web id
+ <http://www.w3.org/ns/auth/acl#agent> <https://localhost:7000/profile/card#me>;
+
+ <http://www.w3.org/ns/auth/acl#mode>
+   <http://www.w3.org/ns/auth/acl#Read>,
+   <http://www.w3.org/ns/auth/acl#Write>,
+   <http://www.w3.org/ns/auth/acl#Control> .

test/resources/accounts/db/oidc/op/provider.json

@@ -408,4 +408,4 @@
     },
     "jwkSet": "{\"keys\":[{\"kid\":\"lNZOB-DPE1k\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"n\":\"uvih8HfZj7Wu5Y8knLHxRY6v7oHL2jXWD-B6hXCreYhwaG9EEUt6Rp94p8-JBug3ywo8C_9dNg0RtQLEttcIC_vhqqlJI3pZxpGKXuD9h7XK-PppFVvgnfIGADG0Z-WzbcGDxlefStohR31Hjw5U3ioG3VtXGAYbqlOHM1l2UgDMJwBD5qwFmPP8gp5E2WQKCsuLvxDuOrkAbSDjw2zaI3RRmbLzdj4QkGej8GXhBptgM9RwcKmnoXu0sUdlootmcdiEg74yQ9M6EshNMhiv4k_W0rl7RqVOEL2PsAdmdbF_iWL8a90rGYOEILBrlU6bBR2mTvjV_Hvq-ifFy1YAmQ\",\"e\":\"AQAB\",\"key_ops\":[\"verify\"],\"ext\":true},{\"kid\":\"Y38YKDtydoE\",\"kty\":\"RSA\",\"alg\":\"RS384\",\"n\":\"tfgZKLjc8UMIblfAlVibJI_2uAxDNprn2VVLebS0sp6d1mtCXQkMYLlJ6e-7kavl8we391Ovnq5bRgpsFRq_LtRX9MpVlfioAUHwWPEG-R6vrQjgo4uynVhI3UEPHyNmZA5J4u34HNVTfAgmquomwwOmOv29ZNRxuYP1kVtscz1JeFPwg6LA7BxWrLc9ev4FQR6tjJKdo2kdLjAXR92odbCzJZ_jdYT3vIVCexMHxhoKnqCImkhfgKbGXcPHXWcelmuA2tzBaLut-Jjo0nJVQjRNDqy0Gyac0TptwFIxaiyHeTqugolUmEaJSfBSLszIRdlOTIGPJ7zdg5dJFK_Lxw\",\"e\":\"AQAB\",\"key_ops\":[\"verify\"],\"ext\":true},{\"kid\":\"WyMVv6BJ5Dk\",\"kty\":\"RSA\",\"alg\":\"RS512\",\"n\":\"5JDlpbm2TjSW1wpdUZc5NHOqVVrNH_GumoODK_mk-MqImaIRpdR9b1ZJrK6FrW7HIF2bXvebD7olmp9a1goqe-ILbL_ORmhzlhRtyhjWQ-UOZqK5yOXqXXGQXgmok6TN-s55A-h_g12A7Yk5Y5S8EVa9EA4Axwqvm-Q_AkH0yS1qJo6BXYXb1fx205ucx-Ccot2LEBfxv8M7NOFTa-_G-sNchiKQMRoLhbZtLbSK2R1jkqGciEiRSLeXNG4nDu7Wd91-vhBixA1McxnzW96mW8lQwNXXo4gNH7SjONtYLlPQhZVEbmsQmXrOQN8a5RDkybFOIsbucItizSE9V_D7WQ\",\"e\":\"AQAB\",\"key_ops\":[\"verify\"],\"ext\":true},{\"kid\":\"UykSj_HLgFA\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"n\":\"u79eQlGJN2XFNR-uEmPVtrB_ENRqaS81o6m63tZ5-PwhGHCwJ7rfVnnnvf6Ij_p91Z9pNpWBIVyZcw6UmQIoIBH-3BfxdaqhBxX9bf_N78TKj8_HU5IYjGijale4gog3kj9W2tJJO7R9iA43msjwLRD7pbAHp1iKFJgVTSXJlyLRbC82Dj4ivsEgJjPGvZt16OsGP5myIQwXEGzSPcEI0R9daZE5iM6xFZosaJ8B77eU-Aj3ciwxUBPi5BSZi2P1ZsF4QgSj3N7ZLbVKNW4FFr84IamA2YI0D7PyyNAE2PUZT8n0jHWRJKunuZuy5mgBY8H41KdBI6gNJqY90nHeJw\",\"e\":\"AQAB\",\"key_ops\":[\"verify\"],\"ext\":true},{\"kid\":\"BJDNTt8RpPE\",\"kty\":\"RSA\",\"alg\":\"RS384\",\"n\":\"nXTd5AoT220nBkW6Zeax8caUI7_Tt0y4v9TEW8TOrzCVvhLBiKpQPjILUTfkGHzxPtysEzDQFSYdHWvg_fvGYItjJBunBMsKCNcb2_CDr2HXD6C0s62bAgct8bBSoaT1MLQ_3MaFKXSF3ZuB87X2B8CVUJ386HP2GY1kl54BuMdFELNZYhy9S_D0KHnQls52Vvb99X9WaYOyxvfr03PG-9EycnkWas5tn1pPFzT0DtJtBJ4IBtXQxTr98jpn_MCz1gRnMgzzkfSOcrMkkMXxePqxNINVKFXtRy7DaJiFOcCMbuK2RJUkSfY2uKcx0aKbp5Xhvix1W8N7c0Y90i6_6w\",\"e\":\"AQAB\",\"key_ops\":[\"verify\"],\"ext\":true},{\"kid\":\"z8iijSOOIs4\",\"kty\":\"RSA\",\"alg\":\"RS512\",\"n\":\"rPCHP9XeTGOLf1Ezxeq_bdGdvYQZa993YcSVudT0EN6drTWqjykhUVEkT4MGAvLvax38kLARbPUTgMUV9UckDDWn6lRq4q6IZ5pytNOieQKZHzjEmQGzlbnEn1F2m1i5SAfBL-qsnt5q2RXMAiIUXk9q1ChJEHJxOZxnRIoQMc7yTsjjSdtIZKePFiYFn0nsl3A234ByyIBRjzZeoYEtTQKjDR7fP9LO78oZAgpwoGqmfI4IltqQYkFoqrN8I8l1yiJGyuvZRgDXUZ2fxGOQx2WD4xvlFL2TOCfN1UaPE9R4JdbRLLAOf5u1Sqnh4XTjDBhBbVodsmmbtvk4wFo-GQ\",\"e\":\"AQAB\",\"key_ops\":[\"verify\"],\"ext\":true},{\"kid\":\"zD76wa11A2Y\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"n\":\"nMaSioq1An1J3tbkmc-zRrR8lkbP-WUVRuYhDxQvV-OcBw1R6cdyCcoeFJ1zuUT7ne6BlU6GMPRHuRKaH0KuOaiktUYtXm06T_HvtKFgCQSAKjMUj_ZHfTAJP8ahUsIc0D995XKp7nIGRF7Iy7I24QQFPRh7PmGlREZ52GJgYQgbm020-sWani0MqHoUFBlWxZW9NEqY1c3brN_qWnzjRKly6Kkk3sW1XHPcRLvoHnHQ6TKXJ8pfl-bNjTfK6zq9fDCZ_TY3qQZy66yT_2XPO6X0GHTdJsZlCj7Jg0qrilTHUkJra1bppTSAtVSQnSmYt_IV8zOYiVdJ3kw2khPcKw\",\"e\":\"AQAB\",\"key_ops\":[\"verify\"],\"ext\":true}]}"
   }
-}
+}