Merge pull request #1710 from nodeSolidServer/issue1707-1708

bourgeoa · web-flow · commit dbee984de42a · 2022-11-12T08:52:56.000+01:00
issues 1707-1708
diff --git a/lib/handlers/put.js b/lib/handlers/put.js
@@ -11,9 +11,11 @@ async function handler (req, res, next) {
   res.header('MS-Author-Via', 'SPARQL')
 
   const contentType = req.get('content-type')
-  if (isAuxiliary(req)) {
+  // check for valid rdf content for auxiliary resource and /profile/card
+  // in future we may check that /profile/card is a minimal valid WebID card
+  if (isAuxiliary(req) || req.originalUrl === '/profile/card') {
     if (contentType === 'text/turtle') {
-      return bodyParser.text({ type: () => true })(req, res, () => putAuxiliary(req, res, next))
+      return bodyParser.text({ type: () => true })(req, res, () => putValidRdf(req, res, next))
     } else return next(new HTTPError(415, 'RDF file contains invalid syntax'))
   }
   return putStream(req, res, next)
@@ -37,7 +39,7 @@ async function putStream (req, res, next, stream = req) {
 
 // needed to avoid breaking access with bad acl
 // or breaking containement triples for meta
-function putAuxiliary (req, res, next) {
+function putValidRdf (req, res, next) {
   const ldp = req.app.locals.ldp
   const contentType = req.get('content-type')
   const requestUri = ldp.resourceMapper.getRequestUrl(req)
diff --git a/lib/ldp.js b/lib/ldp.js
@@ -535,8 +535,8 @@ class LDP {
       return this.deleteContainer(path)
     } else {
       // DELETE method not allowed on podRoot/.acl
-      if ((url.url || url) === '/' + this.suffixAcl) {
-        throw error(405, 'DELETE of PodRoot/.acl is not allowed')
+      if (['/' + this.suffixAcl, '/profile/card'].some(item => (url.url || url) === item)) {
+        throw error(405, `DELETE of ${url.url || url} is not allowed`)
       }
       return this.deleteDocument(path)
     }
diff --git a/test/integration/http-test.js b/test/integration/http-test.js
@@ -587,6 +587,7 @@ describe('HTTP APIs', function () {
       return Promise.all([
         rm('/false-file-48484848'),
         createTestResource('/.acl'),
+        createTestResource('/profile/card$.ttl'),
         createTestResource('/delete-test-empty-container/.meta.acl'),
         createTestResource('/put-resource-1.ttl'),
         createTestResource('/put-resource-with-acl.ttl'),
@@ -625,6 +626,20 @@ describe('HTTP APIs', function () {
         })
     })
 
+    it('should return 405 status when deleting /profile/card', function (done) {
+      server.delete('/profile/card')
+        .expect(405)
+        .end((err, res) => {
+          if (err) return done(err)
+          try {
+            assert.equal(res.get('allow').includes('DELETE'), false) // ,'res methods')
+          } catch (err) {
+            return done(err)
+          }
+          done()
+        })
+    })
+
     it('should return 404 status when deleting a file that does not exists',
       function (done) {
         server.delete('/false-file-48484848')
@@ -672,6 +687,7 @@ describe('HTTP APIs', function () {
 
     after(function () {
       // Clean up after DELETE API tests
+      rm('/profile/')
       rm('/put-resource-1.ttl')
       rm('/delete-test-non-empty/')
       rm('/delete-test-empty-container/test.txt.acl')

Original file line number	Diff line number	Diff line change
`@@ -535,8 +535,8 @@ class LDP {`
`535`	`535`	`return this.deleteContainer(path)`
`536`	`536`	`} else {`
`537`	`537`	`// DELETE method not allowed on podRoot/.acl`
`538`		`- if ((url.url \|\| url) === '/' + this.suffixAcl) {`
`539`		`- throw error(405, 'DELETE of PodRoot/.acl is not allowed')`
	`538`	`+ if (['/' + this.suffixAcl, '/profile/card'].some(item => (url.url \|\| url) === item)) {`
	`539`	+ throw error(405, `DELETE of ${url.url \|\| url} is not allowed`)
`540`	`540`	`}`
`541`	`541`	`return this.deleteDocument(path)`
`542`	`542`	`}`