SolidOS Auth Upgrade #38
Comments
|
@jaxoncreed Can I help. I have all access rights including nom publish. solid/test-suite may be added to your steps ? It is used in NSS CI I saw your PR's and tried to run solid/solidos lerna beginning step by step on https://alice.localhost:8443
How do you want me to report this ? |
|
@bourgeoa Reporting here is fine. I haven't completed the tests yet. They'll need to be updated for this new login. |
|
@jaxoncreed - What's the best way to test this all? My guess - pull latest solidos, pull your newest mashlib, solid-ui, solid-logic into their respective workspaces under solidos, then build mashlib. If there's an easier or way, please let me know. :-) |
you must add solid-panes. I passed that by replacing with Build now passes including mashlib The above hack is not the solution |
|
With some help from @bourgeoa, I got the lerna links set and am now able to build the new versions of solid-logic and solid-ui but when I try to build solid-panes, even after the fix Alain showed above, I get these two errors : |
|
Also note that I have not completed all the tasks yet so there will be errors. |
|
Okay, no problem, let me know when things are ready to test or if there's errors I might be able to help track down (typescript is not my forte). |
|
@jackson in your integration of solid-client-authn-js-browser you should add solid-panes. Solid-panes is using : solid-auth-client either as require or via solid-ui.
|
|
I built your latest PRs and ran mashlib in Data-Kitchen. I can login to NSS. With modifications, I can read local containers and resources in the same window. More testing ahead, but looks good so far. Great work! |
|
Thanks @jeff-zucker . What modifications did you need? |
|
I'll post a list of them when I'm further along. Basically, I need to have fetcher do a context-sensitive fetch so that it uses solid-client-authn-browser for http(s):// fetches and solid-rest for serverless file-system file:/// fetches. Then I need to make sure that when looking at local files we don't demand a login and use $SolidTestEnvironment.username instead (but only for file fetches) , that will allow us to get a user's local profile and preferenes from local files without calling login. Then various similar things with currentUser so that it treats local file user differently from logged in user but handles both in the same databrowser instance. I am making things as generic as possible so, for example if someone later adds a dropbox:// fetch in their app, it will be picked up and used as a context-sensitve fetch within SolidOS. If the above doesn't make sense, or there are better ways, let me know. |
|
@jaxoncreed - Great work, thanks! I got your mashlib working with CSS by using the config in community-server-recipes/mashlib, putting a modified version of browse.html in the CSS root folder and having it point to the location of mashilib.min.js and mash.css. I will create another branch of Data-Kitchen with my non-server and server versions. Sorry about the mixup, I should have committed my versions two years ago when I began working on them. Please ping me if there's anything I can do to help. |
|
@jaxoncreed just updated to latest following today's meeting and noticed that :
|
|
@jeff-zucker Thanks for checking that out |
|
@jaxoncreed
|
|
@jaxoncreed |
|
@jaxoncreed and @bourgeoa - I will have a few small modifications to solid-ui to accomodate Data-Kitchen. How should I submit them. As PR's against the auth-upgrade branch? |
|
Sorry I don't know. |
|
@jeff-zucker Yeah a PR against this branch would be perfect. |
|
@jaxoncreed - When unauthorized to view a private Dokeli resource, Dokeli offers the old login/register buttons. They work! In other words, They work in the sense that they popup and redirect to the dokeli iframe and make it accessible - you see the formerly forbidden content in the iframe. But the login does not authorize you for anything but that resource. try to write in the container and I'm asked for login! This is all with pulls from your latest auth-upgrade. |
|
Following on from this issue on solid-client-authn-js, if you're at a page (page A) in your application and log in then log out, if you then change to a different page (page B; and perhaps you get a "401 - you need to sign in") and then log in. The redirect will be to the first page (page A), not the new page (page B). @jaxoncreed 1. I don't want to scope creep your excellent work here. 2. You may already know about this. 3. It may already be fixed as part of the work to fix the previously linked to issue. |
|
@AJamesPhillips Yep, I patched that issue recently. I save the URL to localstorage before doing the refresh and then restore it after the refresh. |
|
Today I could build the latest auth branch for solid-logic, solid-ui and solid-panes. Remark: solid-logic needs to have rdflib changed to v 2.2.7 (otherwise there are build problems in ui and panes). I also found out that the code starting on line https://github.com/solid/solid-logic/blob/cdb87bca4fc06ee07f0756e9d7f0bb75e605cfff/src/index.ts#L25 with the explicit functions is not needed any more if solid-logic rdflib is upgraded to 2.2.7. |
|
@theRealImy I'll look into the TextEncoder problem today. |
|
A proposed 'ReferenceError: TextEncoder is not defined' solution: https://github.com/solid/solid-ui/pull/425 |
|
@jaxoncreed - I have created documentation for the changes Data-Kitchen and similar apps need in SolidOS at Using Private resources in SolidOS. There are other places in the code where I need to make similar changes to the one in dashboard pane based on the reasoning in that doc. Note the docs use slightly different property names than the code in my PRs, I intend to fix the code to match the more sensible naming in the documentation. I'd like to chat briefly before making those changes, please ping me in the chat at your convenience. |
|
@jeff-zucker @bourgeoa @theRealImy Thanks for your help. I should've fixed a good number of the bugs. Let me know if you've encountered anymore. If not, I think we can get to merging and deploying! |
|
@jaxoncreed - I really do need to talk to you about #38 (comment). Also logout of NSS is quite broken in Data Kitchen, and possibly elsewhere, please see my detailed notes. |
|
This is after logging out and then refreshing the page :
|
|
@bourgeoa okay I pushed an update to SolidUI that should fix it. |
|
@jaxoncreed I tried it throughfully taking all auth-upgrade branches :
Nothing has improved. Same problem as before. redone twice to be sure I did not miss something This is the config-alain.json I use : |
|
@bourgeoa Huh, that's weird. I still think there might be some build problems here, as it looks like some code is missing from the mashlib.min.js deployed on https://solidcommunity.net:8443 For example, if I search for the string |
|
@jaxoncreed as I wrote above, I did not install NSS with the mashlib build out of your new solid-ui on the test server https://solid community.net:8443 Just locally and had the same logout problem as indicated by @jeff-zucker. |
|
Oh sorry, I missed the fact that you did that locally. Does your local deployment contain two instances of |
|
@jaxoncreed, @bourgeoa. I did a git pull, npm ci, npm run build on mashlib @1.7.5-alpha-3-98ed3958 and there are zero occurrences of loginIssuer in mashlib.js. |
|
@jaxoncreed Yes there are 2 instances of I also tried : The debug was displayed when logout |
|
I'm having trouble recreating the bug, @bourgeoa . Could you upload the current version to the test server so I can check it out? Thanks |
|
@jaxoncreed done. New version installed on https://solidcommunity.net:8443 |
|
@bourgeoa , @jaxoncreed unfortunately, same behavior on logout. I'm not sure it makes any difference, but @jaxoncreed, logout is never called from your logout button directly, it is called from the drop-down user menu of the solid-ui-header which calls _authn.authSession.logout(). |
|
@jaxoncreed
it looks like the logout event is not received |
|
@jeff-zucker @bourgeoa Both of those are fine. Long story short, logout is being triggered in both instances. The alert text will display only when you use the logout button, not the dropdown (so the logout event is being received even if you don't see the alert). It doesn't seem like the problem is in mashlib. Whenever I logout I see that the Is there any way I can get closer to the test server to experiment around? @bourgeoa I can send you my public key. |
|
What I think might be happening is that there is no refresh happening or it's a bit flaky in some panes when you log out. So if you are looking at a source pane file while logged in and you click log out the page/file you are looking at remains. But if you hit refresh to refresh the page you no longer can view it. I witnessed this happening the first time I clicked logout, but afterwards it seems to be refreshing the page now when I click logout. However, after clicking logout and having my pane refresh (no longer able to view my file in source pane). I was able to go to my public folder and click on sharing and I was indeed able to change the sharing. This happened right now on solidcommunity.net:8443 with a new login I created. I don't have any experience with the sharing pane, but will see if I can find it. solid-panes/src/sharing/sharingPane.ts still researching but it doesn't call currentUser(). I don't know yet if it should, but it definitely doesn't. |
|
Okay this is my last test for today because my findings are inconsistent. Better to discuss perhaps.
|
|
@jaxoncreed see my comments on gitter private |
|
Today, I checked on the steps Sharon reported above on the test server and I get 401 as reported and ACL reading problems. |
|
@theRealImy I went to your pod and was surprised by the result, so I went to the server to understand your results. |
I think I misread the debug message : userId is undefined
So your code do not do anything. Here is a display of |
|
@jaxoncreed To reproduce using chrome open the dev panel and look at Application>Storage>Cookies
If you manually delete the remaining cookie after logout everything is ok. The problem is resolved. |
|
The cookie staying around is fine. The important thing is that the UserID is deleted server side. |
|
@jaxoncreed the userId is recreated before any action on the reloaded page. |
And when logout it is always the
|
|
I was able to fully logout following these steps :
Then everything is ok all cookies are deleted and you are effectively logged out. |
|
Turns out the problem was forgetting to include the |
I don't see the PR |
|
The official announcement of this issue on the forum : Major updates to SolidOS, NSS, and solidcommunity.netPlease note : If you have a pod on solidcommunity.net, be sure to read the impact on users section below. After months of work, a new SolidOS is about to be released. SolidOS, the Solid operating system, comes in four flavors :
SolidOS, in all of its flavors, provides pod navigation and management tools; semantic views of all data; productivity apps like notepads, and task-mangers; and collaboration apps like chat apps and meeting schedulers. All features have the aim of supporting the core Solid vision - user control, freedom from vendor lock-in, and re-usability of data. This release is focused on security and it makes the code stack Solid-OIDC specification compliant. All code using solid-auth-client was replaced by code using @inrupt/solid-client-authn. The release also includes improvements to handling of Javascript, JSON-LD, and a variety of bug-fixes and UI improvements. See this list of upgrade issues for details. For reference : the releases are SolidOS v1.7.7 and NSS (Node solid-server) v5.6.12. The release impacts users of solidcommunity.net, developers using the SolidOS software stack, and pod providers who use NSS. Impact on usersOwners of Pods on solidcommunity.net with an index.html file located in the root of their Pod (ex: https://user.solidcommunity.net/index.html) : your first page on the Pod will change. Previously the index.html file was provisioned with a login button which will no longer work due to the authentication library upgrade. Upon release, we will be running a server script to rename all existing index.html files in the root of Pods to index_1.html. If you wish to get your index.html back, you can remove any login code and buttons from the document and then rename it back to index.html. Unfortunately, there is currently no easy way to provide a login button on a pod root index page. Impact on developersDevelopers who use the SolidOS stack (mashlib, solid-panes, solid-ui, solid-logic, rdflib) should be aware that these libraries have all switched to using Inrupt's solid-client-authn instead of solid-auth-client. Impact on Pod providersAs mentioned above under impacts on users, index.html pages with login buttons will no longer work. You should contact us to get a script to rename these files and warn your users before installing the new NSS. Join our team!The changes in SolidOS, NSS, and solidcommunity.net are the work of an active open source team led by Sir Tim Berners-Lee. The open source team actively welcomes collaborators. Please |
This ticket Represents Sub-Project 1 of the SolidOS Auth upgrade:
See #38 (comment) for the official announcement of the completion of this project.
ReferenceError: TextEncoder is not definedwith node v16.5, v14.17 or v12.19 on a windows WSL1 to build.currentUserThe following libraries are linter and test fixes that should be merged in first:
Auth Upgrade includes the following libraries:
The text was updated successfully, but these errors were encountered: