Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jul 01 23:27
    kjetilk synchronize #95
  • Jul 01 23:27

    kjetilk on run-scripts

    Review RDF tests (compare)

  • Jun 29 09:30

    michielbdejong on main

    Inrupt ESS stopped supporting W… (compare)

  • Jun 29 09:25

    michielbdejong on main

    Update README.md (compare)

  • May 28 14:26
    michielbdejong commented #124
  • May 28 14:13
    michielbdejong commented #124
  • May 28 14:09
    michielbdejong opened #124
  • May 25 10:08

    michielbdejong on main

    Add Startin'blox as sponsor \o/ (compare)

  • May 13 07:17

    michielbdejong on main

    list programming languages link… (compare)

  • May 13 07:14

    michielbdejong on main

    add Reactive-SoLiD and DexPod t… (compare)

  • May 13 07:09

    michielbdejong on main

    clarify point about documenting… (compare)

  • May 13 06:58

    michielbdejong on main

    Add Travis and Understory as sp… (compare)

  • May 10 10:51
    dependabot[bot] labeled #123
  • May 10 10:51
    dependabot[bot] opened #123
  • May 10 10:51

    dependabot[bot] on npm_and_yarn

    Bump hosted-git-info in /tester… (compare)

  • May 07 14:26

    dependabot[bot] on npm_and_yarn

    (compare)

  • May 07 14:26

    michielbdejong on main

    Bump lodash from 4.17.15 to 4.1… Merge pull request #122 from so… (compare)

  • May 07 14:26
    michielbdejong closed #122
  • May 07 14:14

    dependabot[bot] on npm_and_yarn

    (compare)

  • May 07 14:14
    dependabot[bot] closed #104
Aaron Coburn
@acoburn

Re: query string in the htu claim: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-4.2

"htu": The HTTP URI used for the request, without query and fragment parts (REQUIRED).

Fred Gibson
@gibsonf1
@acoburn In that case, the query strategy would not work then?
Or actually, we just have the token check ignore the querystring
Thanks @acoburn !
Aaron Coburn
@acoburn
The query strategy works just fine. The purpose of a DPoP token is to bind an access token to a request. That is independent of authorization rules
The access token asserts: "user X would like to perform an operation at an HTTP API"
The DPoP Proof asserts: "user X is in possession of a keypair that is bound to this HTTP session"
(in fact DPoP doesn't care about "user X", it just cares that the agent in possession of the access token also is in possession of the keypair)
Fred Gibson
@gibsonf1
:thumbsup:
Fred Gibson
@gibsonf1
great news gentlemen, https://stage.graphmetrix.net now works with liqid-chat - the acl issues had prevented it in the past - thanks!!
Yvo Brevoort
@ylebre
woohoo :)
Fred Gibson
@gibsonf1
We are also going to add a header so that apps only get Linked Data Hypergraph responses (including states, attributes, events, processes) if they request it, so it will be standard LDP by default
Fred Gibson
@gibsonf1
We'd like to request a unique URI be created for each test so that we can document what the test does and link the URI to specs etc going forward
Fred Gibson
@gibsonf1
Or even better would be a unique URI for each Solid spec requirement, and then associate that uri with the test
We would be happpy to host that indexing for public read at https://solid.trinpod.org
or point any domain needed at the trinpod server so its easily moved if needed maintaining the URI for perpetuity
Roger Perry
@roger-perry-gmx

Test "acl-doc-application-text.ts -> ACL doc with acl:default on container" seems to add a default read ACL for bob to containerUrl. Why does test:

it('does not allow GET accessTo/', async () => {
      const result = await solidLogicBob.fetch(containerUrl);
      expect(result.status).toEqual(403);
    });

expect a 403 for a /GET request from bob to containerUrl. I would have thought he had read permission to that folder with the ACL that was applied.

Roger Perry
@roger-perry-gmx

Test "create.test.ts -> Create › Using POST to existing container › Is disallowed otherwise " creates the following ACLs:

<#alice> a acl:Authorization;
        acl:agent <https://solidtestsuite.solidcommunity.net/profile/card#me>;
        acl:accessTo <http://solid-tests.localhost:8333/web-access-control-tests-1626901589501/3/allOtherModes/>;
        acl:default <http://solid-tests.localhost:8333/web-access-control-tests-1626901589501/3/allOtherModes/>;
        acl:mode acl:Read, acl:Write, acl:Control.
      <#bobAccessTo> a acl:Authorization;
        acl:agent <https://solid-crud-tests-example-2.solidcommunity.net/profile/card#me>;
        acl:accessTo <http://solid-tests.localhost:8333/web-access-control-tests-1626901589501/3/allOtherModes/>;
        acl:mode acl:Read, acl:Control.
      <#bobDefault> a acl:Authorization;
        acl:agent <https://solid-crud-tests-example-2.solidcommunity.net/profile/card#me>;
        acl:default <http://solid-tests.localhost:8333/web-access-control-tests-1626901589501/3/allOtherModes/>;
        acl:mode acl:Read, acl:Append, acl:Write, acl:Control.

why is Bob writing to http://solid-tests.localhost:8333/web-access-control-tests-1626901589501/3/allOtherModes/ expected to return a 403. I would think that the acl:default mode acl:write would allow him to write to that container.

Pete Edwards
@edwardsph
@roger-perry-gmx To answer your question about the RDFa test... Firstly, the beforeAll is an async function so will definitely not run before your jsonText2 console statement - try moving that into the itIs block and you should see the logs in order. Secondly, does TrinPod support processing RDFa? It is not required by the spec and not all implementations support it. The spec (https://solidproject.org/TR/protocol#resource-representations) basically says that IF the server created the resource as an RDF document then it must return it as turtle or JSON-LD so if you don't process RDFa into and RDF document you don't have to return it as RDF.
Pete Edwards
@edwardsph
@gibsonf1 I still have some problems with the ACLs. In this example, I created a resource, used the same user alice to add an ACL for that resource, tried to get the ACL as alice to check it, and then used bob to read the resource. It accepted the ACL but said alice was not authorized (401) to view it despite having acl:Control and then returned a 500 error with no other information when bob attempted to read. The ACL grants bob write access and the public have read and append. That should imply that bob gets read, append and write since he is both an authenticated agent and also public.
# FIND THE ACL LINK
REQUEST  HEAD https://solid-tests.stage.graphmetrix.net/c790c779-246b-43ce-b9f5-0d5d70b216e3/facac2d0-1107-4547-b9bd-1f44713fc81a/31949740-6c54-40ed-89ce-8e317fba4c9e.ttl
HEADER   Authorization: DPoP ***usA1zw
HEADER   DPoP: ***PQPqtQ
HEADER   User-Agent: Solid-Conformance-Test-Suite
RESPONSE HEAD https://solid-tests.stage.graphmetrix.net/c790c779-246b-43ce-b9f5-0d5d70b216e3/facac2d0-1107-4547-b9bd-1f44713fc81a/31949740-6c54-40ed-89ce-8e317fba4c9e.ttl
HEADER   content-type: application/octet-stream; charset=utf-8
HEADER   link: <https://solid-tests.stage.graphmetrix.net/node/t_46m?acl=U2FsdGVkX1998IOJjDyK9h8a1bWwvQd4KikojpIcVSkONVqP8aBRUQLTIKUCU8HZ>; rel="acl"
HEADER   wac-allow: user="read write control",public=""
HEADER   x-powered-by: TrinPod-Server/2.2.83

# PUTTING THIS ACL
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
<#owner> a acl:Authorization;
  acl:agent <https://solid-crud-tests-example-1.solidcommunity.net/profile/card#me>;
  acl:accessTo <https://solid-tests.stage.graphmetrix.net/c790c779-246b-43ce-b9f5-0d5d70b216e3/facac2d0-1107-4547-b9bd-1f44713fc81a/31949740-6c54-40ed-89ce-8e317fba4c9e.ttl>;
  acl:default <https://solid-tests.stage.graphmetrix.net/c790c779-246b-43ce-b9f5-0d5d70b216e3/facac2d0-1107-4547-b9bd-1f44713fc81a/31949740-6c54-40ed-89ce-8e317fba4c9e.ttl>;
  acl:mode acl:Read, acl:Write, acl:Control.
<#bobAccessTo> a acl:Authorization;
  acl:agent <https://solid-test-suite-bob.inrupt.net/profile/card#me>;
  acl:accessTo <https://solid-tests.stage.graphmetrix.net/c790c779-246b-43ce-b9f5-0d5d70b216e3/facac2d0-1107-4547-b9bd-1f44713fc81a/31949740-6c54-40ed-89ce-8e317fba4c9e.ttl>;
  acl:mode acl:Write.
<#publicAccessTo> a acl:Authorization;
  acl:agentClass foaf:Agent;
  acl:accessTo <https://solid-tests.stage.graphmetrix.net/c790c779-246b-43ce-b9f5-0d5d70b216e3/facac2d0-1107-4547-b9bd-1f44713fc81a/31949740-6c54-40ed-89ce-8e317fba4c9e.ttl>;
  acl:mode acl:Read, acl:Append. for https://solid-tests.stage.graphmetrix.net/node/t_46m?acl=U2FsdGVkX1998IOJjDyK9h8a1bWwvQd4KikojpIcVSkONVqP8aBRUQLTIKUCU8HZ

REQUEST  PUT https://solid-tests.stage.graphmetrix.net/node/t_46m?acl=U2FsdGVkX1998IOJjDyK9h8a1bWwvQd4KikojpIcVSkONVqP8aBRUQLTIKUCU8HZ
HEADER   Authorization: DPoP ***usA1zw
HEADER   Content-Type: text/turtle
HEADER   DPoP: ***AYacvA
HEADER   User-Agent: Solid-Conformance-Test-Suite
RESPONSE PUT https://solid-tests.stage.graphmetrix.net/node/t_46m?acl=U2FsdGVkX1998IOJjDyK9h8a1bWwvQd4KikojpIcVSkONVqP8aBRUQLTIKUCU8HZ
STATUS   200
HEADER   content-type: text/html
HEADER   date: Thu, 22 Jul 2021 10:15:59 GMT

# GET THE ACL JUST CREATED
1 > GET https://solid-tests.stage.graphmetrix.net/node/t_46m?acl=U2FsdGVkX1998IOJjDyK9h8a1bWwvQd4KikojpIcVSkONVqP8aBRUQLTIKUCU8HZ
1 > Accept: text/turtle
1 > Authorization: DPoP ***usA1zw
1 > User-Agent: Solid-Conformance-Test-Suite
1 > DPoP: ***N5v5mw
1 > Host: solid-tests.stage.graphmetrix.net
1 > Connection: Keep-Alive
1 > Accept-Encoding: gzip,deflate

1 < 401
1 < Date: Thu, 22 Jul 2021 10:16:00 GMT
1 < Accept-Patch: application/sparql-update
1 < Etag: solid-tests:t_46m?acl=U2FsdGVkX1%2FULS8io3Gw1iYe2G961ErXQ0NQHzYNOYO5EjYA8Jbqx7iX2muNmzIL|3835937757
1 < Allow: OPTIONS, GET, HEAD, POST, PATCH, PUT, DELETE
1 < Access-Control-Allow-Credentials: true
1 < Vary: Accept, Authorization, Origin
1 < X-Powered-By: TrinPod-Server/2.2.83
1 < X-Content-Type-Options: nosniff
1 < Transfer-Encoding: chunked
And when Bob tried to read
1 > GET https://solid-tests.stage.graphmetrix.net/c012265c-4e78-4a76-85ed-ac0a4c28152c/5305bad8-7828-48b9-b29c-afab5dc1e9df/d9a8fb4e-3df8-4a12-9549-cf8e78a4ff58.ttl
1 > Authorization: DPoP ***hmGxow
1 > User-Agent: Solid-Conformance-Test-Suite
1 > DPoP: ***jjwp0A
1 > Host: solid-tests.stage.graphmetrix.net
1 > Connection: Keep-Alive
1 > Accept-Encoding: gzip,deflate

1 < 500
1 < Date: Thu, 22 Jul 2021 10:26:56 GMT
1 < Content-Length: 0
Roger Perry
@roger-perry-gmx

@edwardsph ok thanks, moving the console.log into the itIs block shows that valid JSON-LD (checked with https://json-ld.org/playground/) is passed to the asTriples function. The problem is that apparently rdflib.parse(text, store, url, type, resolve); doesn't parse it JSON-LD

  async function asTriples(text, url, type) {
    const store = getStore();
    await new Promise((resolve, reject) => {
      try {
        rdflib.parse(text, store, url, type, resolve);
      } catch (e) {
        console.log(e);
        reject(e);
      }
    });
    console.log("store.statements", store.statements);

console.log("store.statements", store.statements); returns

console.log
      store.statements []

is there anything special we need to do to enable rdflib to parse JSON-LD?

Fred Gibson
@gibsonf1
@edwardsph The server error was due to 403.html file missing - its now on there. If you could please try again
Pete Edwards
@edwardsph
@roger-perry-gmx Those tests were working against other servers to I'm not sure what the issue is - it might need to be @michielbdejong who helps you with that.
@gibsonf1 That's good - I don't get a 500 error now. However, I still get a 401 when trying to get back the ACL I just created - is there a reason for that? Where I used to get the 500 I now get a 403 error (I think you need to check the header in 403.html as it has <title>404 NOT FOUND</title>). Why am I getting a 403 - Bob should have access according to the ACL I set.
Pete Edwards
@edwardsph
@gibsonf1 Can I ask how you are using 401/403 status codes? If I send correct credentials but am not allowed the requested mode of access to a resource due to ACL restrictions, I would expect a 403 error but I appear to be getting 401 (unless something is breaking in the authorization process).
Fred Gibson
@gibsonf1
We had an earlier issue with our library that prevented us using 403 (strange but true) which we have now fixed - there are still a couple 401's we need to change back to 403's
Michiel de Jong
@michielbdejong
I would think that the acl:default mode acl:write would allow him to write to that container.
No, creating a resource adds a containment triple to the container, so you need accessTo Append or accessTo Write on the container itself too
Bob there only has accessTo Read and Control, so 403

Test "acl-doc-application-text.ts -> ACL doc with acl:default on container" seems to add a default read ACL for bob to containerUrl. Why does test:

it('does not allow GET accessTo/', async () => {
const result = await solidLogicBob.fetch(containerUrl);
expect(result.status).toEqual(403);
});
expect a 403 for a /GET request from bob to containerUrl. I would have thought he had read permission to that folder with the ACL that was applied

Michiel de Jong
@michielbdejong
-> same reason, default Read is given, but accessTo Read is needed, so 403
Regarding the JSON parsing problems, please open a GitHub issue!
Pete Edwards
@edwardsph
@roger-perry-gmx The relevant requirement is https://solid.github.io/web-access-control-spec/#acl-default - basically, acl:default provides a rule that can be applied to anything inside the container but does not apply to the container itself where you need to use acl:accessTo
Alain Bourgeois
@bourgeoa

@roger-perry-gmx

is there anything special we need to do to enable rdflib to parse JSON-LD?

What version are you using latest rdflib@v2.2.7 repairs jsonLdParser https://github.com/linkeddata/rdflib.js/releases/tag/v2.2.7

Vivien Kraus
@LetsChat___twitter
Hello! I’m developing a Solid stack, and I would like to be able to run the test for my server. There are some very important parts that are still missing, like webfinger, json-ld and ld-patch, but I would like to know which interface the server should adopt to be able to run the test suite. My code is here, https://labo.planete-kraus.eu/webid-oidc.git (I’m running it with GNU Guix), and there is a public server at https://data.planete-kraus.eu. I’d rather not give the password publicly though (it’s not meant to be secure, I’ll give you privately if you ask), and this is one of the reasons why I’d like to know how to run the tests without a public password.
(oh and no websocket support either)
sjoertrix
@sjoertrix:utwente.io
[m]
Welcome to the party Vivien, I hope some of the technical people can point you in the right direction, @michielbdejong , @roger-perry-gmx ?
Vivien Kraus
@LetsChat___twitter
If you prefer to run it with docker, I’m currently pushing vivienkraus/webid-oidc:0.5.1-22-gd13509b, but my internet connection is pretty slow.
Fred Gibson
@gibsonf1
I was just looking at the great work at https://github.com/solid/conformance-test-harness and noticed some turtle referencing a spec vocab on w3: https://www.w3.org/ns/spec#Specification . Does anyone know where that whole ontology can be downloaded from?
Pete Edwards
@edwardsph
That is the possible namespace for a vocab that Sarven has started. The source is here: https://github.com/solid/vocab/blob/specification-terms/spec.ttl
Fred Gibson
@gibsonf1
Thanks @edwardsph !
Michiel de Jong
@michielbdejong
@LetsChat___twitter welcome indeed! I'll have a look later this week.
Webfinger is not part of Solid, we use full URI's as agent identifiers
Vivien Kraus
@LetsChat___twitter
I’ve had a bit of chat with @edwardsph but I still have questions! The test harness features a client to query the pod. Solid OIDC requires that client either use an anonymous ID, or have a real client ID that is dereferenced to a webid / client registration. Which one is it?
The test harness requires the pod to have 2 users, but my server is only for a single user. Is it possible to run 2 different instances of the server, one for each user? If not, why is it required that the two users use the same host or maybe the same identity provider?
Vivien Kraus
@LetsChat___twitter
Huh, to be clear I’m reading the solid/conformance-test-harness project, which allows for different servers for Alice and Bob. Sorry, don’t bother answering for the second question.
Pete Edwards
@edwardsph
The config for either test harness requires a WebID for alice and bob, the issuer URL (IdP that issued the WebIDs), and credentials to authenticate to the IdP. The credentials can vary but you either need a username/password plus a login endpoint for the IdP, or if you use the client_credentials flow you need a client_id (which is the WebID) and a client_secret. There are other options for refresh tokens but I would stick to the first 2. Both test harness give instructions about the environment variables needed.
Kjetil Kjernsmo
@kjetilk
@LetsChat___twitter great to hear you're writing a server!
Vivien Kraus
@LetsChat___twitter
I’m also writing the client, but I’d prefer debugging one thing at a time!
Kjetil Kjernsmo
@kjetilk
great stuff!