Announcement: 5.0.0 Beta Series

Very strange, @adventure. I can’t reproduce. Do you have anything more in terms of errors or something? Web Console output, perhaps?

That was very strange, I believe I was signed into another pod while trying to login. Works just fine on my laptop. If thats not a rookie move, I don’t know what is. Sorry about that.

No problem at all! It sounds like we have an UX issue there anyway!

Any documentation how to authorize an app to acess/read/write to a folder and it’s subfolders?

The correct format for setting this in an .acl file?

acl:origin <http://localhost:8888/>;
acl:origin <https://localhost:8888/>;

is enough and goes where exactly?

I’ve found I can add an editors section in the public/.acl file to let my app have read write on the folder.

# Editors hav all read/write
<#editors>
    a acl:Authorization;
    acl:agentClass foaf:Agent;
    acl:accessTo <./>;
    acl:default <./>;
    acl:origin <http://localhost:8888>;
    acl:mode acl:Read, acl:Write.

And see

image756×88 3.84 KB

But how to make setting under “Access to things within this folder”?

I’m sensing this is why I can’t get a single REST to work in the public folder

Oh, sorry, for some reason Discourse didn’t send a notification for your previous response.

So, your own origin (in this case https://localhost:8888 ) will always be trusted, so you don’t need to set that explicitly. The origin needs setting to indicate trust in other apps that should be able to access your data.

I’m not so into the frontend part of that, i.e. how you do it in the UI. Perhaps you should open another thread about that?

Hi
I didn’t do it by the frontend; just used it to observe if anything changed after editing the .public/acl by hand and learning if

<#editors>

was the right name for the section. Is there any .acl docs that say what is possible?

I’ll try to make a small test case so I can illustrate what {'m seeing with “User unauthorized”

Are there any end-to-end REST’s tests that aren’t committed to the repository? If not I will make some especially if I know what test framework you like

The ACL doc is basically the specification. If you are hitting “User unauthorized”, then it is not the origin that is the problem, it would have said “Origin Unauthorized” if it were.

So, the end-to-end REST tests is basically next up on my agenda, but I need to release 5.0.0 first, and then, we’ll look into a test framework. Great if you’d like to participate!

Ah thanks. I’ll do some more exploring

I just updated my solid server to 5.0.0 beta 7. I am facing this issue - When i click login and enter my login details through my own server, The login button (green) changes to Logout (red color). But it is not displaying my ID. Its just the button changes. I am unable to navigate to my account because i dont have my webID. To find my ID, i have to click on register and click “Already have an account - Please Login in” button which directly takes me to the home page of my profile. Is this a bug or there is something wrong on my side?

I’ve updated my server to beta 7, it was originally installed as beta 5 and I’ve created a couple of accounts on it so far. One thing I wonder about, as I see it’s been some changes in the default acl files etc - is there a simple way to upgrade existing accounts, or should/can it be done manually?

@ztein There is a section called Upgrade Notes in the change log that I think will help you

Thanks @megoth - checked it and I think the migration scrip is for pre-5.0.0 servers while I had 5.0.0 beta5, so was looking for the files that was changed with beta7. And think I found it now, only 2 as far as I can see:

default-templates/new-account | missing foaf prefix in account root .acl | a month ago
default-templates/server | Remove unneeded ACL on index.html. | a month ago

So I’ll fix those manually for now, and see how it goes! My installation has been a bit odd so far - I don’t get the “content type” app that I see on inrupt and solid community when you create a pad or contact list etc, it’s just using the default browser. Not quite sure what’s missing there, anyone knows?

Still have some problems after fixing those files, so I’m getting a bit unsure if everything in my installation is updated properly. Some examples:

When I add a new notepad and try to enter it, I still get the default type view. And when I click on the notepad link in the “data” view, I get this error:
Outline.expand: Unable to fetch <http://www.w3.org/ns/pim/pad>: Failed to load <http://www.w3.org/ns/pim/pad> Fetcher: <http://www.w3.org/ns/pim/pad> Not Found status: 404
And indeed - that page is missing from the w3 server. Is that a w3 problem or do I have the wrong link?

Also on the main server index.html page, the template is not rendered - it looks like this:

Server info

Name
{{serverName}}
{{#if serverDescription}}

Description
{{serverDescription}}
{{/if}}

Details
Running on Solid {{serverVersion}} (Documentation)

I also tried to set myself as owner of the “root” folder and logged in to the main server root, but no change. Ideas?

Those are two strange issues indeed

https://www.w3.org/ns/pim/pad does indeed return a 404, and I suspect it’s only a namespace and shouldn’t need to be dereferenced. So it’s strange that you’re getting that error…

Reg your main index.html page, try to delete it (back it up first if want to be on the safe side) and restart your server; that should recreate it.

hey the last trick worked great for the index page - thanks man, I didn’t knew it could recreate files like that - nice!

I’ll keep looking for a clue on why the first one happens - do you know where those namespaces are defined, in the filesystem or src code?

I think the code resides the src of solid-panes, but not sure.

If you’re able to do a screencast (like make a gif where you show how you recreate the problem), that would be useful Makes it easier to reproduce the bug.

Yep will do that when I get something useful to share But right now, I’m starting to suspect that something is wrong with my installation or data files - or that something goes wrong when you run solid in a docker, behind a apache proxy, like I do. I’m running with debug enable, and see lots of odd ACL notes when I do stuff in my pod. For example, even if I’m logged in this pops up very often:

Mon, 04 Mar 2019 19:02:55 GMT solid:ACL accessDenied: checking access to https://me.my.solid.server/profile/card by null and origin null

And

Mon, 04 Mar 2019 19:02:55 GMT solid:ACL Checking auth https://me.my.solid.server/profile/.acl#owner with agent null
Mon, 04 Mar 2019 19:02:55 GMT solid:ACL Agent or group: Fail: not public and not logged on.
Mon, 04 Mar 2019 19:02:55 GMT solid:ACL The agent/group check fails
Mon, 04 Mar 2019 19:02:55 GMT solid:ACL Check failed: User Unauthorized
Mon, 04 Mar 2019 19:02:55 GMT solid:ACL accessDenied: modeURIorReasons: [“http://www.w3.org/ns/auth/acl#Read","User Unauthorized”]
Mon, 04 Mar 2019 19:02:55 GMT solid:ACL checking http://www.w3.org/ns/auth/acl#Control
Mon, 04 Mar 2019 19:02:55 GMT solid:ACL MODE REQUIRED NOT ALLOWED: http://www.w3.org/ns/auth/acl#Control Denying with All Required Access Modes Not Granted

This is mixed with a lot of authorized request though, but I’m confused on how I can be both authorized - and not - in the same request. The samples above are from a simple request where I make a folder in the private space. And the folder IS created, but I’m not sure if it’s properly created.

Full debug log of the request: Mon, 04 Mar 2019 19:02:55 GMT solid:ACL Using ACL https://me.my.solid.server/pro - Pastebin.com

@ztein

I’m more a user rather than a coder, but I note in a previous post that you are also running an Apache server as well as the Solid server, and I wondered if you were using it on Ubuntu.

I believe Apache on Ubuntu prevents web access via the www folder and instead insists on web access being made through the html folder. So it defaults to /usr/www/html/yoursite rather than to /usr/www/yoursite.

This may have nothing to do with your problem (if that’s the case just ignore my rambling! I am the living proof that a little knowledge is dangerous)

However, I wondered whether some sections of Solid expect to find data in the www folder whereas the data is actually in the html folder (or vice cersa).

Thanks for the suggestion @richard, but the debug log is not from apache (I just picked that format in pastebin, sorry for any confusion…) - it’s from solid itself

Apache is just acting as a proxy in this case, sending everything to Solid for processing, and Solid got it’s own storage folder (outside the apache web root) where it use it’s own access rules and file handling routines. So it’s pretty isolated from the “normal” web server and files - apache will never see or read those files directly. (unless you configure it to do it, but that would totally break all of Solids internal ACL system)

For the record here is the corresponding log from apache for the same request as above (which is the request sent from my client to the apache proxy):

1.2.3.4 - - [04/Mar/2019:19:02:55 +0100] “GET /profile/card HTTP/1.1” 200 2067 “https://me.my.solid.server/private/”
1.2.3.4 - - [04/Mar/2019:19:02:55 +0100] “PUT /private/testfolder3/.dummy HTTP/1.1” 201 1036 “https://me.my.solid.server/private/”
1.2.3.4 - - [04/Mar/2019:19:02:55 +0100] “DELETE /private/testfolder3/.dummy HTTP/1.1” 200 1069 “https://me.my.solid.server/private/”

This is a proxy setup that usually works fine (I got plenty of other app servers running in dockers behind the same proxy), but Solid is a bit more special, as it has to serve multiple vhost from the same backend (one for each pod). And it also have to be very careful about the access control for each vhost/pod. So I’m wondering if something get’s mixed up inside - but it’s just a guess for now.

But thanks for the suggestion!