[WIP] Auth-Upgrade (#1611)

* Changed error page to display the Databrowser instead

* Fixed error page tests

* Updated more tests

* Fix tests

* Fixed test suite tests

* Update test/resources/accounts/localhost/index.html

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>

* Update test/resources/accounts/single-user/index.html

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>

* upgrade to mashlib@1.7.5-alpha

* Cleared user from session when not authenticated

* Fixed tests

* Added request to dependencies

* Hackily removed sendFile so that test suite passes

* Made the logout route remove the user

* mashlib@1.7.5-alpha-2-98ed3958

* mashlib@1.7.5-alpha-3-98ed3958

* v5.6.9-alpha-d9bd19aa

* v5.6.9-alpha-23942afd

* v5.6.9-beta

* mashlib@1.7.5-beta-1

* add solid-auth-client

* mashlib@1.7.5-beta.2

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: bourgeoa <alain.bourgeois10@gmail.com>

Author: 3 people

lib/create-app.js

@@ -236,6 +236,9 @@ function initWebId (argv, app, ldp) {
       // Ensure this modified session is not saved
       req.session.save = (done) => done()
     }
+    if (isLogoutRequest(req)) {
+      delete req.session.userId
+    }
     next()
   })
 

lib/handlers/error-pages.js

@@ -125,6 +125,24 @@ function sendErrorPage (statusCode, res, err, ldp) {
   })
 }
 
+/**
+ * Renders the databrowser
+ *
+ * @param req {IncomingRequest}
+ * @param res {ServerResponse}
+ */
+function renderDataBrowser (req, res) {
+  res.set('Content-Type', 'text/html')
+  const ldp = req.app.locals.ldp
+  const defaultDataBrowser = require.resolve('mashlib/dist/databrowser.html')
+  const dataBrowserPath = ldp.dataBrowserPath === 'default' ? defaultDataBrowser : ldp.dataBrowserPath
+  debug('   sending data browser file: ' + dataBrowserPath)
+  const dataBrowserHtml = fs.readFileSync(dataBrowserPath, 'utf8')
+  // Note: This must be done instead of sendFile because the test suite doesn't accept 412 responses
+  res.set('content-type', 'text/html')
+  res.send(dataBrowserHtml)
+}
+
 /**
  * Renders a 401 response explaining that a login is required.
  *
@@ -136,7 +154,11 @@ function renderLoginRequired (req, res, err) {
   debug(`Display login-required for ${currentUrl}`)
   res.statusMessage = err.message
   res.status(401)
-  res.render('auth/login-required', { currentUrl })
+  if (req.accepts('html')) {
+    renderDataBrowser(req, res)
+  } else {
+    res.send('Not Authenticated')
+  }
 }
 
 /**
@@ -147,12 +169,14 @@ function renderLoginRequired (req, res, err) {
  */
 function renderNoPermission (req, res, err) {
   const currentUrl = util.fullUrlForReq(req)
-  let webId = ''
-  if (req.session) webId = req.session.userId
   debug(`Display no-permission for ${currentUrl}`)
   res.statusMessage = err.message
   res.status(403)
-  res.render('auth/no-permission', { currentUrl, webId })
+  if (req.accepts('html')) {
+    renderDataBrowser(req, res)
+  } else {
+    res.send('Not Authorized')
+  }
 }
 
 /**