Change sharing to consent | update sharing copy

Author: jaxoncreed

common/disclaimer.html

@@ -0,0 +1,49 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>{{title}}</title>
+  <!-- Bootstrap CSS and Theme for demo purposes -->
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <link rel="stylesheet" href="/common/css/solid.css">
+</head>
+<body>
+<div class="container title">
+  <h1>Authorize {{app_origin}} to access your Pod?</h1>
+  <p>Solid allows you to precisely choose what other people and apps can read and write in a Pod. This version of the authorization user interface (node-solid-server V5.1.1) only supports the toggle of global access permissions to all of the data in your Pod.</p>
+  <p><strong>If you don’t want to set these permissions at a global level, uncheck all of the boxes below, then click authorize.</strong> This will add the application origin to your authorization list, without granting it permission to any of your data yet. You will then need to manage those permissions yourself by setting them explicitly in the places you want this application to access.</p>
+  <div class="panel panel-default">
+    <div class="panel-body">
+      <div class="page-title">
+        <p>By clicking Authorize, any app from {{app_origin}} will be able to:</p>
+      </div>
+      <form method="post" action="/sharing">
+
+        <input id="read" type="checkbox" name="access_mode" value="Read" checked>
+        <label for="read">Read all documents in the Pod</label>
+        <br>
+
+        <input id="write" type="checkbox" name="access_mode" value="Write" checked>
+        <label for="write">Add data to existing documents, and create new documents</label>
+        <br>
+
+        <input id="append" type="checkbox" name="access_mode" value="Append" checked>
+        <label for="append">Modify and delete data in existing documents, and delete documents</label>
+        <br>
+
+        <input id="control" type="checkbox" name="access_mode" value="Control">
+        <label for="control">Give other people and apps access to the Pod, or revoke their (and your) access</label>
+        <br>
+        <br>
+
+        <button type="submit" class="btn btn-primary" name="consent" value="true">Authorize</button>
+        <button type="submit" class="btn btn-default" name="cancel" value="true">Cancel</button>
+        {{> auth/auth-hidden-fields}}
+      </form>
+    </div>
+  </div>
+  <p><i>This server (node-solid-server V5.1.1) only implements a limited subset of OpenID Connect, and doesn’t yet support token issuance for applications. OIDC Token Issuance and fine-grained management through this authorization user interface is currently in the development backlog for node-solid-server</i></p>
+</div>
+</body>
+</html>

default-views/auth/consent.hbs

@@ -8,7 +8,7 @@ const { routeResolvedFile } = require('../../utils')
 const bodyParser = require('body-parser').urlencoded({ extended: false })
 const OidcManager = require('../../models/oidc-manager')
 const { LoginRequest } = require('../../requests/login-request')
-const { ConsentRequest } = require('../../requests/consent-request')
+const { SharingRequest } = require('../../requests/sharing-request')
 
 const restrictToTopDomain = require('../../handlers/restrict-to-top-domain')
 
@@ -84,8 +84,8 @@ function middleware (oidc) {
 
   router.post('/login/tls', bodyParser, LoginRequest.loginTls)
 
-  router.get('/consent', ConsentRequest.get)
-  router.post('/consent', bodyParser, ConsentRequest.giveConsent)
+  router.get('/sharing', SharingRequest.get)
+  router.post('/sharing', bodyParser, SharingRequest.share)
 
   router.get('/account/password/reset', restrictToTopDomain, PasswordResetEmailRequest.get)
   router.post('/account/password/reset', restrictToTopDomain, bodyParser, PasswordResetEmailRequest.post)

default-views/auth/sharing.hbs

@@ -218,13 +218,13 @@ class AuthRequest {
     return url.format(signupUrl)
   }
 
-  consentUrl () {
+  sharingUrl () {
     let host = this.accountManager.host
-    let consentUrl = url.parse(url.resolve(host.serverUri, '/consent'))
+    let sharingUrl = url.parse(url.resolve(host.serverUri, '/sharing'))
 
-    consentUrl.query = this.authQueryParams
+    sharingUrl.query = this.authQueryParams
 
-    return url.format(consentUrl)
+    return url.format(sharingUrl)
   }
 }
 

lib/api/authn/webid-oidc.js

@@ -159,7 +159,7 @@ class LoginRequest extends AuthRequest {
   postLoginUrl (validUser) {
     // Login request is part of an app's auth flow
     if (/token|code/.test(this.authQueryParams['response_type'])) {
-      return this.consentUrl()
+      return this.sharingUrl()
     // Login request is a user going to /login in browser
     } else if (validUser) {
       return this.authQueryParams['redirect_uri'] || validUser.accountUri

lib/requests/auth-request.js

@@ -13,7 +13,7 @@ const ACL = $rdf.Namespace('http://www.w3.org/ns/auth/acl#')
 /**
  * Models a local Login request
  */
-class ConsentRequest extends AuthRequest {
+class SharingRequest extends AuthRequest {
   /**
    * @constructor
    * @param options {Object}
@@ -48,7 +48,7 @@ class ConsentRequest extends AuthRequest {
   static fromParams (req, res) {
     let options = AuthRequest.requestOptions(req, res)
 
-    return new ConsentRequest(options)
+    return new SharingRequest(options)
   }
 
   /**
@@ -64,7 +64,7 @@ class ConsentRequest extends AuthRequest {
    * @param res {ServerResponse}
    */
   static async get (req, res) {
-    const request = ConsentRequest.fromParams(req, res)
+    const request = SharingRequest.fromParams(req, res)
 
     const appUrl = request.getAppUrl()
     const appOrigin = `${appUrl.protocol}//${appUrl.host}`
@@ -75,10 +75,10 @@ class ConsentRequest extends AuthRequest {
         (appUrl && request.isSubdomain(serverUrl.host, appUrl.host) && appUrl.protocol === serverUrl.protocol) ||
         await request.isAppRegistered(req.app.locals.ldp, appOrigin, request.session.subject._id)
       ) {
-        request.setUserConsent(appOrigin)
-        request.redirectPostConsent()
+        request.setUserShared(appOrigin)
+        request.redirectPostSharing()
       } else {
-        request.renderForm(null, req)
+        request.renderForm(null, req, appOrigin)
       }
     }
   }
@@ -92,7 +92,7 @@ class ConsentRequest extends AuthRequest {
    *
    * @return {Promise}
    */
-  static async giveConsent (req, res) {
+  static async share (req, res) {
     let accessModes = []
     let consented = false
     if (req.body) {
@@ -103,20 +103,20 @@ class ConsentRequest extends AuthRequest {
       consented = req.body.consent
     }
 
-    let request = ConsentRequest.fromParams(req, res)
+    let request = SharingRequest.fromParams(req, res)
 
     if (request.isUserLoggedIn()) {
       const appUrl = request.getAppUrl()
       const appOrigin = `${appUrl.protocol}//${appUrl.host}`
-      debug('Providing consent for app sharing')
+      debug('Sharing App')
 
       if (consented) {
         await request.registerApp(req.app.locals.ldp, appOrigin, accessModes, request.session.subject._id)
-        request.setUserConsent(appOrigin)
+        request.setUserShared(appOrigin)
       }
 
       // Redirect once that's all done
-      request.redirectPostConsent()
+      request.redirectPostSharing()
     }
   }
 
@@ -131,7 +131,7 @@ class ConsentRequest extends AuthRequest {
     return true
   }
 
-  setUserConsent (appOrigin) {
+  setUserShared (appOrigin) {
     if (!this.session.consentedOrigins) {
       this.session.consentedOrigins = []
     }
@@ -215,42 +215,43 @@ class ConsentRequest extends AuthRequest {
    *
    * @return {string}
    */
-  postConsentUrl () {
+  postSharingUrl () {
     return this.authorizeUrl()
   }
 
   /**
    * Redirects the Login request to continue on the OIDC auth workflow.
    */
-  redirectPostConsent () {
-    let uri = this.postConsentUrl()
+  redirectPostSharing () {
+    let uri = this.postSharingUrl()
     debug('Login successful, redirecting to ', uri)
     this.response.redirect(uri)
   }
 
   /**
    * Renders the login form
    */
-  renderForm (error, req) {
+  renderForm (error, req, appOrigin) {
     let queryString = req && req.url && req.url.replace(/[^?]+\?/, '') || ''
     let params = Object.assign({}, this.authQueryParams,
       {
         registerUrl: this.registerUrl(),
         returnToUrl: this.returnToUrl,
         enablePassword: this.localAuth.password,
         enableTls: this.localAuth.tls,
-        tlsUrl: `/login/tls?${encodeURIComponent(queryString)}`
+        tlsUrl: `/login/tls?${encodeURIComponent(queryString)}`,
+        app_origin: appOrigin
       })
 
     if (error) {
       params.error = error.message
       this.response.status(error.statusCode)
     }
 
-    this.response.render('auth/consent', params)
+    this.response.render('auth/sharing', params)
   }
 }
 
 module.exports = {
-  ConsentRequest
+  SharingRequest
 }

lib/requests/login-request.js

@@ -528,7 +528,7 @@ describe('Authentication API (OIDC)', () => {
     let bearerToken
     let postLoginUri
     let cookie
-    let postConsentUri
+    let postSharingUri
 
     before(() => {
       auth = new SolidAuthOIDC({ store: localStorage, window: { location: {} } })
@@ -635,16 +635,16 @@ describe('Authentication API (OIDC)', () => {
 
           // Successful login gets redirected back to /authorize and then
           // back to app
-          expect(postLoginUri.startsWith(aliceServerUri + '/consent'))
+          expect(postLoginUri.startsWith(aliceServerUri + '/sharing'))
             .to.be.true()
         })
     })
 
-    // Step 6: User consents to the app accessing certain things
-    it('should consent via the /consent form', () => {
+    // Step 6: User shares with the app accessing certain things
+    it('should consent via the /sharing form', () => {
       loginFormFields += `&access_mode=Read&access_mode=Write&consent=true`
 
-      return fetch(aliceServerUri + '/consent', {
+      return fetch(aliceServerUri + '/sharing', {
         method: 'POST',
         body: loginFormFields,
         redirect: 'manual',
@@ -656,14 +656,14 @@ describe('Authentication API (OIDC)', () => {
       })
       .then(res => {
         expect(res.status).to.equal(302)
-        postConsentUri = res.headers.get('location')
+        postSharingUri = res.headers.get('location')
         // cookie = res.headers.get('set-cookie')
 
         // Successful login gets redirected back to /authorize and then
         // back to app
-        expect(postConsentUri.startsWith(aliceServerUri + '/authorize'))
+        expect(postSharingUri.startsWith(aliceServerUri + '/authorize'))
           .to.be.true()
-        return fetch(postConsentUri, { redirect: 'manual', headers: { cookie } })
+        return fetch(postSharingUri, { redirect: 'manual', headers: { cookie } })
       })
       .then(res => {
         // User gets redirected back to original app

lib/requests/consent-request.js lib/requests/sharing-request.jslib/requests/consent-request.js renamed to lib/requests/sharing-request.js

@@ -507,16 +507,16 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => {
 
           // Successful login gets redirected back to /authorize and then
           // back to app
-          expect(postLoginUri.startsWith(aliceServerUri + '/consent'))
+          expect(postLoginUri.startsWith(aliceServerUri + '/sharing'))
             .to.be.true()
         })
     })
 
     // Step 6: User consents to the app accessing certain things
-    it('should consent via the /consent form', () => {
+    it('should consent via the /sharing form', () => {
       loginFormFields += `&access_mode=Read&access_mode=Write&consent=true`
 
-      return fetch(aliceServerUri + '/consent', {
+      return fetch(aliceServerUri + '/sharing', {
         method: 'POST',
         body: loginFormFields,
         redirect: 'manual',