Release version 5.0.22

Author: namedgraph

README.md

@@ -60,10 +60,11 @@ It takes a few clicks and filling out a form to install the product into your ow
      ./bin/server-cert-gen.sh .env nginx ssl
      ```
      The script will create an `ssl` sub-folder where the SSL certificates and/or public keys will be placed.
-  4. Create the following secrets with certificate passwords:
+  4. Create the following secrets with certificate/truststore passwords:
      - `secrets/client_truststore_password.txt`
      - `secrets/owner_cert_password.txt`
      - `secrets/secretary_cert_password.txt`
+     The one you will need to remember in order to authenticate with LinkedDataHub using WebID client certificate is `owner_cert_password`.
   5. Launch the application services by running this from command line:
      ```shell
      docker-compose up --build

bin/add-object-block.sh bin/content/add-object-block.shbin/add-object-block.sh renamed to bin/content/add-object-block.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+print_usage()
+{
+    printf "Patches an RDF document using SPARQL update.\n"
+    printf "\n"
+    printf "Usage:  cat update.rq | %s options TARGET_URI\n" "$0"
+    printf "\n"
+    printf "Options:\n"
+    printf "  -f, --cert-pem-file CERT_FILE        .pem file with the WebID certificate of the agent\n"
+    printf "  -p, --cert-password CERT_PASSWORD    Password of the WebID certificate\n"
+    printf "  --proxy PROXY_URL                    The host this request will be proxied through (optional)\n"
+}
+
+hash turtle 2>/dev/null || { echo >&2 "turtle not on \$PATH.  Aborting."; exit 1; }
+hash curl 2>/dev/null || { echo >&2 "curl not on \$PATH. Aborting."; exit 1; }
+
+unknown=()
+while [[ $# -gt 0 ]]
+do
+    key="$1"
+
+    case $key in
+        -f|--cert-pem-file)
+        cert_pem_file="$2"
+        shift # past argument
+        shift # past value
+        ;;
+        -p|--cert-password)
+        cert_password="$2"
+        shift # past argument
+        shift # past value
+        ;;
+        --proxy)
+        proxy="$2"
+        shift # past argument
+        shift # past value
+        ;;
+        *)    # unknown option
+        unknown+=("$1") # save it in an array for later
+        shift # past argument
+        ;;
+    esac
+done
+set -- "${unknown[@]}" # restore args
+
+if [ -z "$cert_pem_file" ] ; then
+    print_usage
+    exit 1
+fi
+if [ -z "$cert_password" ] ; then
+    print_usage
+    exit 1
+fi
+if [ "$#" -ne 1 ]; then
+    print_usage
+    exit 1
+fi
+
+url="$1"
+
+if [ -n "$proxy" ]; then
+    # rewrite target hostname to proxy hostname
+    url_host=$(echo "$url" | cut -d '/' -f 1,2,3)
+    proxy_host=$(echo "$proxy" | cut -d '/' -f 1,2,3)
+    final_url="${url/$url_host/$proxy_host}"
+else
+    final_url="$url"
+fi
+
+# resolve SPARQL update from stdin against base URL and PATCH it to the server
+# uparse currently does not support --base: https://github.com/apache/jena/issues/3296
+cat - | curl -v -k -E "$cert_pem_file":"$cert_password" --data-binary @- -H "Content-Type: application/sparql-update" -X PATCH -o /dev/null "$final_url"

bin/add-xhtml-block.sh bin/content/add-xhtml-block.shbin/add-xhtml-block.sh renamed to bin/content/add-xhtml-block.sh

@@ -154,7 +154,7 @@ configs:
               server varnish-frontend:6060;
           }
 
-          limit_req_zone $$binary_remote_addr zone=linked_data:10m rate=6r/s;
+          limit_req_zone $$binary_remote_addr zone=linked_data:10m rate=15r/s;
           limit_req_zone $$binary_remote_addr zone=static_files:10m rate=20r/s;
           limit_req_status 429;
 
@@ -173,7 +173,7 @@ configs:
               location / {
                   proxy_pass http://linkeddatahub;
                   #proxy_cache backcache;
-                  limit_req zone=linked_data burst=20 nodelay;
+                  limit_req zone=linked_data burst=30 nodelay;
 
                   proxy_set_header Client-Cert '';
                   proxy_set_header Client-Cert $$ssl_client_escaped_cert;
@@ -212,7 +212,7 @@ configs:
               location / {
                   proxy_pass http://linkeddatahub;
                   #proxy_cache backcache;
-                  limit_req zone=linked_data burst=20 nodelay;
+                  limit_req zone=linked_data burst=30 nodelay;
 
                   proxy_set_header Client-Cert '';
                   proxy_set_header Client-Cert $$ssl_client_escaped_cert;

bin/remove-block.sh bin/content/remove-block.shbin/remove-block.sh renamed to bin/content/remove-block.sh

@@ -0,0 +1,134 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# add agent to the writers group
+
+add-agent-to-group.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  --agent "$AGENT_URI" \
+  "${ADMIN_BASE_URL}acl/groups/writers/"
+
+# create a new document with PUT to establish initial state
+
+slug="post-metadata-test-item"
+item="${END_USER_BASE_URL}${slug}/"
+
+(
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -X PUT \
+  -H "Accept: application/n-triples" \
+  -H "Content-Type: application/n-triples" \
+  --data-binary @- \
+  "$item" <<EOF
+<${item}> <http://purl.org/dc/terms/title> "POST Metadata Test Item" .
+<${item}> <http://example.com/initial-predicate> "initial value" .
+EOF
+) \
+| grep -q "$STATUS_CREATED"
+
+# get initial state and verify cardinalities after PUT
+
+item_ntriples=$(get.sh \
+  -f "$AGENT_CERT_FILE" \
+  -p "$AGENT_CERT_PWD" \
+  --accept 'application/n-triples' \
+  "$item"
+ )
+
+# check that exactly one dct:created exists and no dct:modified yet
+created_count=$(echo "$item_ntriples" | grep -c "<${item}> <http://purl.org/dc/terms/created> " || true)
+if [ "$created_count" -ne 1 ]; then
+    echo "Expected exactly 1 dct:created property after creation, found $created_count"
+    exit 1
+fi
+
+modified_count=$(echo "$item_ntriples" | grep -c "<${item}> <http://purl.org/dc/terms/modified> " || true)
+if [ "$modified_count" -ne 0 ]; then
+    echo "Expected no dct:modified property after creation, found $modified_count"
+    exit 1
+fi
+
+# perform first POST operation
+
+(
+curl -k -w "%{http_code}\n" -o /dev/null -f -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -H "Accept: application/n-triples" \
+  -H "Content-Type: application/n-triples" \
+  --data-binary @- \
+  "$item" <<EOF
+<${item}> <http://example.com/post-predicate-1> "first POST value" .
+EOF
+) \
+| grep -q "$STATUS_NO_CONTENT"
+
+# get state after first POST and verify cardinalities
+
+item_ntriples=$(get.sh \
+  -f "$AGENT_CERT_FILE" \
+  -p "$AGENT_CERT_PWD" \
+  --accept 'application/n-triples' \
+  "$item"
+ )
+
+# check that exactly one dct:created and one dct:modified exist
+created_count=$(echo "$item_ntriples" | grep -c "<${item}> <http://purl.org/dc/terms/created> " || true)
+if [ "$created_count" -ne 1 ]; then
+    echo "Expected exactly 1 dct:created property after first POST, found $created_count"
+    exit 1
+fi
+
+modified_count=$(echo "$item_ntriples" | grep -c "<${item}> <http://purl.org/dc/terms/modified> " || true)
+if [ "$modified_count" -ne 1 ]; then
+    echo "Expected exactly 1 dct:modified property after first POST, found $modified_count"
+    exit 1
+fi
+
+# perform second POST operation (this is the key test for accumulation bug)
+
+(
+curl -k -w "%{http_code}\n" -o /dev/null -f -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -H "Accept: application/n-triples" \
+  -H "Content-Type: application/n-triples" \
+  --data-binary @- \
+  "$item" <<EOF
+<${item}> <http://example.com/post-predicate-2> "second POST value" .
+EOF
+) \
+| grep -q "$STATUS_NO_CONTENT"
+
+# get final state and verify cardinalities (key test for the fix)
+
+item_ntriples=$(get.sh \
+  -f "$AGENT_CERT_FILE" \
+  -p "$AGENT_CERT_PWD" \
+  --accept 'application/n-triples' \
+  "$item"
+ )
+
+# check that exactly one dct:created and one dct:modified still exist
+created_count=$(echo "$item_ntriples" | grep -c "<${item}> <http://purl.org/dc/terms/created> " || true)
+if [ "$created_count" -ne 1 ]; then
+    echo "Expected exactly 1 dct:created property after second POST, found $created_count"
+    exit 1
+fi
+
+modified_count=$(echo "$item_ntriples" | grep -c "<${item}> <http://purl.org/dc/terms/modified> " || true)
+if [ "$modified_count" -ne 1 ]; then
+    echo "Expected exactly 1 dct:modified property after second POST, found $modified_count"
+    echo "This indicates the fix for accumulating dct:modified values in Graph::post() is not working"
+    exit 1
+fi
+
+# verify that all POST content was added (ensure POST operations work correctly)
+echo "$item_ntriples" | grep "\"first POST value\"" > /dev/null
+echo "$item_ntriples" | grep "\"second POST value\"" > /dev/null

bin/patch.sh

@@ -100,4 +100,18 @@ echo "$item_ntriples" | grep "<${item}> <http://purl.org/dc/terms/created> \""
 
 echo "$item_ntriples" | grep "<${item}> <http://purl.org/dc/terms/modified> \""
 
+# check that exactly one dct:created and one dct:modified exist (no accumulation)
+
+created_count=$(echo "$item_ntriples" | grep -c "<${item}> <http://purl.org/dc/terms/created> " || true)
+if [ "$created_count" -ne 1 ]; then
+    echo "Expected exactly 1 dct:created property after PUT, found $created_count"
+    exit 1
+fi
+
+modified_count=$(echo "$item_ntriples" | grep -c "<${item}> <http://purl.org/dc/terms/modified> " || true)
+if [ "$modified_count" -ne 1 ]; then
+    echo "Expected exactly 1 dct:modified property after PUT, found $modified_count"
+    exit 1
+fi
+
 # write the same data again into the existing graph

docker-compose.yml

@@ -24,7 +24,7 @@ content_type=$(curl -G --head -k -w "%{content_type}\n" -f -s -o /dev/null \
   --data-urlencode "accept=text/turtle" \
   "$END_USER_BASE_URL")
 
-[ "$content_type" = 'text/turtle' ] || exit 1
+[ "$content_type" = 'text/turtle;charset=UTF-8' ] || exit 1
 
 # check that ?accept URL param overrides Accept header and returns RDF/XML (use Chrome's default Accept value)
 
@@ -35,6 +35,6 @@ content_type=$(curl -G --head -k -w "%{content_type}\n" -f -s -o /dev/null \
   --data-urlencode "accept=application/rdf+xml" \
   "$END_USER_BASE_URL")
 
-[ "$content_type" = 'application/rdf+xml' ] || exit 1
+[ "$content_type" = 'application/rdf+xml;charset=UTF-8' ] || exit 1
 
 # TO-DO: try to actually parse the response as Turtle and RDF/XML?

http-tests/document-hierarchy/POST-item-metadata.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# add agent to the writers group - POST requests count as write operations
+
+add-agent-to-group.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  --agent "$AGENT_URI" \
+  "${ADMIN_BASE_URL}acl/groups/writers/"
+
+# execute SPARQL query using LDH as a proxy to query DBpedia
+
+response_body=$(curl -k -s \
+  -X POST \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -H 'Content-Type: application/sparql-query' \
+  -H 'Accept: application/sparql-results+xml' \
+  --url-query "uri=https://dbpedia.org/sparql" \
+  --data 'SELECT ?title WHERE { <https://dbpedia.org/resource/Copenhagen> <http://purl.org/dc/elements/1.1/title> ?title } LIMIT 1' \
+  "$END_USER_BASE_URL")
+
+http_code=$(curl -k -s -o /dev/null -w "%{http_code}" \
+  -X POST \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -H 'Content-Type: application/sparql-query' \
+  -H 'Accept: application/sparql-results+xml' \
+  --url-query "uri=https://dbpedia.org/sparql" \
+  --data 'SELECT ?title WHERE { <https://dbpedia.org/resource/Copenhagen> <http://purl.org/dc/elements/1.1/title> ?title } LIMIT 1' \
+  "$END_USER_BASE_URL")
+
+# verify response has non-empty body and successful status
+if [ "$http_code" -ne 200 ] || [ -z "$response_body" ]; then
+    exit 1
+fi