fix: make WebID profile fetch respect NODE_TLS_REJECT_UNAUTHORIZED in tests #1843
Description
Problem
The WebID-TLS integration tests timeout because the internal fetch() in lib/webid/lib/get.mjs doesn't respect NODE_TLS_REJECT_UNAUTHORIZED=0.
When verifying a WebID certificate, the server fetches the user's profile (e.g., https://tim.localhost:7777/profile/card#me). In tests, this URL uses a self-signed certificate that the internal fetch rejects.
Simplest Fix (~5 lines)
Modify lib/webid/lib/get.mjs to use an HTTPS agent that respects the environment variable:
import fetch from 'node-fetch'
import https from 'https'
import { URL } from 'url'
// Respect NODE_TLS_REJECT_UNAUTHORIZED for testing with self-signed certs
const agent = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0'
? new https.Agent({ rejectUnauthorized: false })
: undefined
export default function get (webid, callback) {
// ... existing code ...
fetch(uri.href, { method: 'GET', headers, agent })
// ...
}Why This Works
- In production:
NODE_TLS_REJECT_UNAUTHORIZEDis not set, so normal cert validation applies - In tests: The env var is already set by the test runner (
cross-env NODE_TLS_REJECT_UNAUTHORIZED=0) - No changes needed to test infrastructure or certificates
After This Fix
Remove describe.skip from test/integration/acl-tls-test.mjs and the tests should pass.
Related
- Enable WebID-TLS integration tests (fix self-signed cert verification loop) #1841 - Original tracking issue
- fix: re-enable WebID-TLS tests (tiny bug fix from 2019) #1842 - Documentation PR explaining the issue