write a simple test that uses an ACL doc an a bearer token

[michielbdejong]

• start with a publicly writable pod
• do HEAD to pod root to determine ACL doc location
• do PUT to create ACL doc, giving only Alice access
• do PUT with a bearer token for Alice, it should succeed
• do PUT with a bearer token for Bob, it should fail

[michielbdejong]

<#write-acl-then-check-access> a test:AutomatedTest ;
    test:purpose "Write an ACL document, then check access"@en ;
    test:test_script <http://example.org/httplist#http_req_res_list_unauthenticated> ;
    test:params [
        test:requests ( <#discover-acl-doc-location-req> <#write-acl-doc-req> <#put-alice-req> <#put-bob-req>  ) ;
        test:responses ( <#discover-acl-doc-location-res> <#write-acl-doc-res> <#put-alice-res> <#put-bob-res> ) 
                ] 

[michielbdejong]

<#discover-acl-doc-location-req>
    <method> <HEAD>
    <path> </>
<#discover-acl-doc-location-res>
    <store-acl-doc-location> "true"

<#write-acl-doc-req>
    <method> <PUT>
    <use-acl-doc-location> true
    <body> "#alice [ a acl:Authorization; acl:default </>; acl:agent http://tester:3000/alice#me ]"
<#write-acl-doc-res>
    <status> "201"

<#put-alice-req>
    <method> <PUT>
    <use-pop-token> <http://tester:3000/alice#me>
    <body> "doc from alice"
<#put-alice-res>
    <status> "201"

<#put-bob-req>
    <method> <PUT>
    <use-pop-token> <http://tester:3000/bob#me>
    <body> "doc from bob"
<#put-bob-res>
    <status> "401"

[michielbdejong]

I will add a host into the Docker testnet with:

• http:/idp/alice
• http://idp/bob
• http://idp/.well-known/openid-configuration
• http://idp/jwks

And then I'll provide to you two strings:

• bearer token with identity http://tester:3000/alice#me inside it
• bearer token with identity http://tester:3000/bob#me inside it

[michielbdejong]

Maybe I'll even just add that http://idp as a third host into the Docker testnet, so you have idp + server + tester talking to each other over Docker local networking

[michielbdejong]

Then only the two bearer tokens need to be read from a file into perl

[michielbdejong]

another idea:

<#bearer-token-alice> <is> "ergvswrgv23qog;lbdktjyrhgvwelrtisugkfjhwertbpvo;lw3ksertjmghfvwseklrt"

in RDF, and the tests can refer to that

[michielbdejong]

and then you could just do:

<#put-alice-req>
    <method> <PUT>
    <use-bearer-token> <#bearer-token-alice>
    <body> "doc from alice"

[michielbdejong]

Or like in https://github.com/kjetilk/p5-test-fitesque-rdf/blob/1f8d01ec9830056e8fbf062384eb905e50723880/t/data/http-mix.ttl#L17, add bearer-token-alice as an extra param? or bearer-tokens?

[michielbdejong]

@kjetilk as discussed on gitter, i think if you ask @jaxoncreed he can probably give you a CLI script that takes a hostname and generates fixtures for:

• /.well-known/openid-configuration,
• /jwks,
• /profile/alice,
• /profile/bob, and
• valid bearer tokens for http://hostname/profile/alice#me
• and http://hostname/profile/bob#me

[michielbdejong]

idea of bearer token generator script superseded by @kjetilk's new plan as detailed there ^

leaving this issue open because even once #36 is completed, we will still want to write that simple test :)