solidos icon indicating copy to clipboard operation
solidos copied to clipboard
verified publisher icon SolidOS

unauthenticated using CSS webId's in group acl on NSS pod

Open bourgeoa opened this issue 3 years ago • 9 comments

500 error using group acl with CSS webIds Group ACL is created with mashlib Contacts app

https://gitter.im/solid/solidos?at=62c662539f29d42bed0f7c70

image

The issue seems related to inrupt fetch factory module.

image

The problem arise on NSS pods with CSS webId's There is no problem on NSS pod with NSS webId's The problem also arise on CSS pods for NSS or CSS webId's but the issue is then a 403 error.

bourgeoa avatar Jul 16 '22 14:07 bourgeoa

@bourgeoa Let me understand .. The problem is only when CSS instead of NSS is used for what — the home webid and pod of the user doing the actions, when that CSS-based user has access though being i n a group? ((All my test users are NSS based, my pod is CSS based. Currently.))

In the example you seem to be logging in with https://bourgeoa.bourgeoa.ga:3100/profile/card#me which I assume is CSS based.

Have you checked the group file? What is the group? Maybe the group file has a parse error. That could explain to 500 instead of 403, maybe? Why else an "internal" error...

timbl avatar Jul 16 '22 18:07 timbl

The thing you are trying to PUT is in https://solidos.solidcommunity.net/public/SolidOS%20team%20meetings/2022/ and is https://solidos.solidcommunity.net/public/SolidOS%20team%20meetings/2022/2022-07-13.md and the group is https://solidos.solidcommunity.net/Contacts/Group/SolidOS_Team.ttl#this which seems to be public and parsable.

timbl avatar Jul 16 '22 19:07 timbl

The thing you are trying to PUT is in https://solidos.solidcommunity.net/public/SolidOS%20team%20meetings/2022/ and is https://solidos.solidcommunity.net/public/SolidOS%20team%20meetings/2022/2022-07-13.md and the group is https://solidos.solidcommunity.net/Contacts/Group/SolidOS_Team.ttl#this which seems to be public and parsable.

Yes this is correct

bourgeoa avatar Jul 16 '22 19:07 bourgeoa

In the example you seem to be logging in with https://bourgeoa.bourgeoa.ga:3100/profile/card#me which I assume is CSS based.

yes it CSS based

bourgeoa avatar Jul 16 '22 19:07 bourgeoa

Does the server put a stack dump in the body of the 500 error I wonder.

timbl avatar Jul 16 '22 19:07 timbl

You should be able to reproduce the errors

  • by creating a group in timbl.com CSS with an NSS webId like timbl.inrupt.net and trying to edit a file on timbl.com with the Group. You will have a 403
  • you could also add timbl.com CSS webId to https://solidos.solidcommunity.net/Contacts (I don't know your webid)

bourgeoa avatar Jul 16 '22 20:07 bourgeoa

timbl.com is not running an IDP .. it has no webids. There are no timbl.com accounts. My webids are all on NSS.

timbl avatar Jul 17 '22 16:07 timbl

timbl.com is not running an IDP .. it has no webids. There are no timbl.com accounts. My webids are all on NSS.

For test purpose you may create one on https://solidweb.me with no default settings or on https://solid.redpencil.io from @madnificent this one has default settings, or on https://bourgeoa.ga:3000 with settings and not /public (https://bourgeoa.ga:3000/idp/register/)

bourgeoa avatar Jul 17 '22 17:07 bourgeoa

It seems the same type of error we already add when using an unauthenticated fetch in some part of mashlib code.

bourgeoa avatar Jul 20 '22 12:07 bourgeoa

resoolved in https://github.com/nodeSolidServer/jose/pull/19

bourgeoa avatar Sep 14 '22 14:09 bourgeoa