NSS 5.0.0 =>10 to go!


#1

then the fun begins:-)


Local setup Solid-Server gets bugs
#2

Good, it looks like todo’s have gained some important bugs to fix:-) Makes me happy


#3

Readiness allusive as of this morning’s update
Firefox times out on TLS handshake and then other web pages hang such as a google search. When firefox is quit it then crashes

Vivaldi gets thru registration but no getting to user pages

Chrome - no getting to user pages

Hopefully this week will bring good news

— Dec 13 —
Firefox time out where there have been 7 to 8 same name self certs independent problem from nss

Created a user but wouldn’t authorize me to go to user host. If I type the public folder on I get there
https://roger.localhost:8443/public/

Out of Firefox, Chrome, Vivaldi, Opera ad Brave only Opera allowed me to create a folder under public

[Brave can’t do anything with a self cert]

My dev apps can’t get any authorization in public/

—Dec 18—
Same behavior stating from fresh clone of release/v5.0.0. by typing the url https://roger.localhost:8443/public/ can get to

image
and after hitting the green check got to
image
and if I hit the Log in button get the popup
image
hit the top left blue button get
image

the folder does not get created. Nor by rest calls from test client pages.
On server side get lots of messages like

  solid:ACL Permissions on https://roger.localhost:8443/public/ for public: read +0ms
  solid:get /public/ on roger.localhost +1ms
  solid:handlers GET -- Reading directory +2ms
  solid:handlers Files in directory: .acl +0ms
  solid:get    sending data browser file: /home/roger/NodeProjects/node-solid-server/static/databrowser.html +1ms
  solid:ACL Using ACL https://roger.localhost:8443/public/.acl for ./ +1s
  solid:ACL accessDenied: checking access to <https://roger.localhost:8443/public/> by null and origin null +0ms
  solid:ACL modesAllowed: checking access to <https://roger.localhost:8443/public/> by null and origin null +1ms
  solid:ACL    2 direct authentications about <https://roger.localhost:8443/public/> +0ms
  solid:ACL    Checking auth <https://roger.localhost:8443/public/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group/public check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL    Checking auth <https://roger.localhost:8443/public/.acl#public> with agent null +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL      Origin check not needed: no origin. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Read> +1ms
  solid:ACL   Mode required and allowed:<http://www.w3.org/ns/auth/acl#Read> +0ms

—Dec 20 —
same behavior


Web error: 401 (Unauthorized) on GET
#4

Can you give us the content of config.json ?

Before re-building Solid did you cleared /.dB ?
See issue#1025


#5

Hi,
I delete the entire node-solid-server and clone a fresh git working copy

then cd into node-solid-server and build it with
npm install
and preferring to use flags I launch with

export DEBUG=solid:*
bin/solid-test start --multiuser --port 8443 --ssl-cert /home/roger/NodeProjects/roger-g74s.cert --ssl-key /home/roger/NodeProjects/roger-g74s.key --root ./data 


#6

Okay, finally found something. For the two browser pages open to nss https://localhost:8443 and the user https://roger.localhost:8443 I needed to open developer tools, click on Storage tab and select https://localhost:8443 & https://roger.localhost:8443 respectively under Local Storage, right click and delete all. I see the other storages go away too.

Then refresh the page and I can login in again.

Maybe solid-auth-client doesn’t know to clean this between development restarts and upgrades?

More testing to follow…
This is repeatable…


#7

Have you tried

  1. checking what your public ip is, and then
  2. setting up port forwarding on your router and then
  3. accessing via http://yourPublicIP:8443

#8

The issue is solid-auth-client stores stuff in the browser and doesn’t know when a new node-solid-server is set up from scratch and user registered all anew; the oidc stuff stored by solid-auth-client in the browser for a now-deleted-nss is stale; needs to be cleaned out


#9

Now that I know this as an applying dev I can help myself out and am now testing other issues.

As nss is wiped the ~/node-solid-server/.db/oidc folder and content gets wiped. A server in a more production env will need to be careful with the oidc stuff on the server side and if any changes are associated they’ll need to be done carefully for end users


#10

Jan 21

cloned 5.0.0 branch and stood it up.

cleared local storage from firefox on main and user sub domain.

Can register a user and make a folder scad under public

https://roger.localhost:8443/public/

But if I expand scad I get

Outline.expand: Unable to fetch <https://roger.localhost:8443oger.localhost/public/scad/>: Failed to load <https://roger.localhost:8443oger.localhost/public/scad/> Fetcher: fetch failed: TypeError: https://roger.localhost:8443oger.localhost/public/scad/ is not a valid URL. status: 999

However if I go to https://roger.localhost:8443/public/scad/ I see the folder view for it and can create a folder in it but expand fails the same.


All my rest calls from my experimental apps fail with User unauthorized even though solid auth client logged in gave me the right webid


#11

NSS 5.0.0 does not only need an authorized user / webId, but every origin that tries to access data needs to be explicitly authorized as well. Try to add an acl:origin <https://your-app.example> statement to the authorization in your ACL files


#12

Hi @aveltens, I’m using fresh clone of https://github.com/solid/solid-auth-client

and going by https://github.com/solid/solid-spec/blob/master/api-rest.md. An Origin header? The only origin in the docs is Access-Control-Allow-Origin returned from an options call.

I found some of my troubles is the solid-auth-client local storage needs to be cleaned out of a browser when starting over with a fresh clone and registering a user anew. Not sure if something else is stored somewhere in the browser; did a refresh of firefox with same results


#13

Access-Control-Allow-Origin is about CORS, but I am talking about Authorization failures (HTTP 403). If you are facing these, then you might be missing the acl:origin <https://your-app.example> statement in the ACL resource. See https://github.com/solid/web-access-control-spec#referring-to-origins-ie-web-apps

But in this case the error message should be “Origin unauthorized” not “User unauthorized”. Are you sure you are getting “user unauthorized”? Could you paste the ACL of the resource you are trying to access and the exact errors you get?


#14

You’re saying all the acl files under ~/node-solid-server/data/roger.localhost/public needed to be edited?

In the public folder:

# ACL resource for the public folder
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

# The owner has all permissions
<#owner>
    a acl:Authorization;
    acl:agent <https://roger.localhost:8443/profile/card#me>;
    acl:accessTo <./>;
    acl:default <./>;
    acl:mode acl:Read, acl:Write, acl:Control.

# The public has read permissions
<#public>
    a acl:Authorization;
    acl:agentClass foaf:Agent;
    acl:accessTo <./>;
    acl:default <./>;
    acl:mode acl:Read.

I made scad folder under public via the https://roger.localhost:8443/public/ ui. The scad folder has no .acl

Then with a rest from app http://localhost:8888/repository_client.html
I try to write a file into the scad folder
nss log and the response say user unauthorized:

  solid:ACL Using ACL https://roger.localhost:8443/public/.acl for ./scad/primary-disk.scad +13s
  solid:ACL accessDenied: checking access to <https://roger.localhost:8443/public/scad/primary-disk.scad> by null and origin <http://localhost:8888> +0ms
  solid:ACL    2  default authentications about <https://roger.localhost:8443/public/> in <https://roger.localhost:8443/public/.acl> +1ms
  solid:ACL    Checking auth <https://roger.localhost:8443/public/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Write> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Write> Denying with User Unauthorized +0ms
  solid:ACL Write access denied to (none): 403 - User Unauthorized +0ms
  solid:server Error page because of: { [HTTPError: User Unauthorized] name: 'HTTPError', message: 'User Unauthorized', status: 403 } +0ms
  solid:server Display no-permission for https://roger.localhost:8443/public/scad/primary-disk.scad +0ms

I’ll try editing acl’s. This is all with a clone last night of nss and solid auth client since it’s last commit. If I mess up the acl’s I can easily start from scratch again


#15

after adding

acl:origin <http://localhost:8888/repository_client.html>;
acl:origin <https://localhost:8888/index.html>;

to the .acl under https://roger.localhost:8443/public/ the rainbow view now shows

image under “can read, write, and control sharing.”

same user unauthorized


#16

These are not Origins. The origin would be <https://localhost:8888>

But indeed you get User Unauthorized not origin…

This is weird:
by null and origin <http://localhost:8888>
Instead of null there should actually be your webId.

@rimmartin Could you check if the HTTP request that is done includes an Authorization Header? Are you authenticating with a TLS cert or by OIDC?


#17

Yea I first tried <https://localhost:8888> and <http://localhost:8888>with same results; went back to them

My launch of nss line is:

export DEBUG=solid:*
bin/solid-test start --webid --multiuser --port 8443 --ssl-cert /home/roger/NodeProjects/roger-g74s.cert --ssl-key /home/roger/NodeProjects/roger-g74s.key --root ./data 

I’ve since tried adding --auth oidc wit no change in behavior. Running on Ubuntu 16.04 with firefox v 64.0.

I’m not setting the ‘Auorization’ header; am I supposed to? or does soild auth client set it?

I’ve looked at a GET on the public folder https://roger.localhost:8443/public/ and a turtle does come back:

@prefix : <#>.
@prefix pub: <>.
@prefix ldp: <http://www.w3.org/ns/ldp#>.
@prefix terms: <http://purl.org/dc/terms/>.
@prefix XML: <http://www.w3.org/2001/XMLSchema#>.
@prefix sc: <https://roger.localhost:8443oger.localhost/public/scad/>.
@prefix st: <http://www.w3.org/ns/posix/stat#>.

pub:
    a ldp:BasicContainer, ldp:Container;
    terms:modified "2019-01-23T14:10:57Z"^^XML:dateTime;
    ldp:contains sc:;
    st:mtime 1548252657.12;
    st:size 4096.
sc:
    a ldp:BasicContainer, ldp:Container, ldp:Resource;
    terms:modified "2019-01-22T01:58:34Z"^^XML:dateTime;
    st:mtime 1548122314.518;
    st:size 4096.

the prefix sc looks strange.

perhaps I shouldn’t use the nss folder view to create sub folders?


#18

Should be set automatically.

Yes indeed, this is broken. Try to change it to <https://roger.localhost:8443/public/scad/> (Edit: ok, since it is a folder you cannot change it, but what if you delete and recreate the scad folder?) Does the folder look ok in your solid data directory?


#19

Hi @aveltens ,

I deleted node-solid-server soild-auth-client folders and cloned fresh copies. Stood up

export DEBUG=solid:*
bin/solid-test start --webid --auth oidc --multiuser --port 8443 --ssl-cert /home/roger/NodeProjects/roger-g74s.cert --ssl-key /home/roger/NodeProjects/roger-g74s.key --root ./data 

went thru registering my user, and with https://roger.localhost:8443/public/ view added the scad folder. Expand scad immeditately it is fine. When I reload https://roger.localhost:8443/public/ and re-expand scad I see the

Outline.expand: Unable to fetch <https://roger.localhost:8443oger.localhost/public/scad/>: Failed to load  <https://roger.localhost:8443oger.localhost/public/scad/> Fetcher: fetch failed: TypeError: https://roger.localhost:8443oger.localhost/public/scad/ is not a valid URL. status: 999

the <https://roger.localhost:8443oger.localhost/public/scad/&gt jumble

Looking in /home/roger/NodeProjects/node-solid-server/data/roger.localhost/public/ the .acl didn’t update; there is a linux scad folder with nothing in it; not even hidden files

This test does not involve my apps at all

public/.acl

# ACL resource for the public folder
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

# The owner has all permissions
<#owner>
    a acl:Authorization;
    acl:agent <https://roger.localhost:8443/profile/card#me>;
    acl:accessTo <./>;
    acl:default <./>;
    acl:mode acl:Read, acl:Write, acl:Control.

# The public has read permissions
<#public>
    a acl:Authorization;
    acl:agentClass foaf:Agent;
    acl:accessTo <./>;
    acl:default <./>;
    acl:mode acl:Read.

#20

delete of scad folder fails

   Icon base is: https://solid.github.io/solid-ui/src/icons/ mashlib.min.js:8:20236
Unique quadstore initialized. mashlib.min.js:1:4157
  registering pane: issue mashlib.min.js:1:49149
  registering pane: contact mashlib.min.js:1:49149
  registering pane: pad mashlib.min.js:1:49149
  registering pane: transaction mashlib.min.js:1:49149
  registering pane: period mashlib.min.js:1:49149
  registering pane: chat mashlib.min.js:1:49149
  registering pane: long chat mashlib.min.js:1:49149
  registering pane: meeting mashlib.min.js:1:49149
  registering pane: tabbed mashlib.min.js:1:49149
  registering pane: schedule mashlib.min.js:1:49149
  registering pane: link mashlib.min.js:1:49149
  registering pane: travel expenses mashlib.min.js:1:49149
  registering pane: image mashlib.min.js:1:49149
  registering pane: playlistSlot mashlib.min.js:1:49149
  registering pane: video mashlib.min.js:1:49149
  registering pane: audio mashlib.min.js:1:49149
  registering pane: Dokieli mashlib.min.js:1:49149
  registering pane: folder mashlib.min.js:1:49149
  registering pane: classInstance mashlib.min.js:1:49149
  registering pane: slideshow mashlib.min.js:1:49149
  registering pane: social mashlib.min.js:1:49149
  registering pane: humanReadable mashlib.min.js:1:49149
  registering pane: dataContents mashlib.min.js:1:49149
  registering pane: source mashlib.min.js:1:49149
  registering pane: n3 mashlib.min.js:1:49149
  registering pane: RDFXML mashlib.min.js:1:49149
  registering pane: form mashlib.min.js:1:49149
  registering pane: attachments mashlib.min.js:1:49149
  registering pane: tableOfClass mashlib.min.js:1:49149
  registering pane: default mashlib.min.js:1:49149
  registering pane: ui mashlib.min.js:1:49149
  registering pane: microblogPane mashlib.min.js:1:49149
  registering pane: sharing mashlib.min.js:1:49149
  registering pane: internal mashlib.min.js:1:49149
  registering pane: profile mashlib.min.js:1:49149
  registering pane: home mashlib.min.js:1:49149
(Logged in as <https://roger.localhost:8443/profile/card#me> by authentication) signin.js:844
@@@ looking for <http://www.w3.org/2007/ont/httph#content-type> fetcher.js:1332
preventBrowserDropEvents called. acl-control.js:24
Fetcher: <https://roger.localhost:8443oger.localhost/public/scad/> Non-HTTP fetch error: TypeError: https://roger.localhost:8443oger.localhost/public/scad/ is not a valid URL. fetcher.js:871
@@ Recording GET failure for <https://roger.localhost:8443oger.localhost/public/scad/>: 999 fetcher.js:1018
preventBrowserDropEvents called. acl-control.js:24
Failed to load  <https://roger.localhost:8443oger.localhost/public/scad/> Fetcher: fetch failed: TypeError: https://roger.localhost:8443oger.localhost/public/scad/ is not a valid URL. fetcher.js:952