Deployed the page to Github Pages.
This commit is contained in:
parent
1d79754e93
commit
2c89899458
SSH key fingerprint:
SHA256:kEsnuHX+qbwhxSAXPUQ4ox535wFHu/hIRaa53FzxRpo
62797 changed files with 6551425 additions and 15279 deletions
817
node_modules/hawk/test/browser.js
generated
vendored
Executable file
817
node_modules/hawk/test/browser.js
generated
vendored
Executable file
|
|
@ -0,0 +1,817 @@
|
|||
// Load modules
|
||||
|
||||
var Lab = require('lab');
|
||||
var Hoek = require('hoek');
|
||||
var Hawk = require('../lib');
|
||||
var Browser = require('../lib/browser');
|
||||
var LocalStorage = require('localStorage');
|
||||
|
||||
|
||||
// Declare internals
|
||||
|
||||
var internals = {};
|
||||
|
||||
|
||||
// Test shortcuts
|
||||
|
||||
var expect = Lab.expect;
|
||||
var before = Lab.before;
|
||||
var after = Lab.after;
|
||||
var describe = Lab.experiment;
|
||||
var it = Lab.test;
|
||||
|
||||
|
||||
describe('Browser', function () {
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
var credentials = {
|
||||
id: id,
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: (id === '1' ? 'sha1' : 'sha256'),
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
return callback(null, credentials);
|
||||
};
|
||||
|
||||
it('should generate a header then successfully parse it (configuration)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;
|
||||
expect(req.authorization).to.exist;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (node request)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com:8080',
|
||||
'content-type': 'text/plain;x=y'
|
||||
}
|
||||
};
|
||||
|
||||
var payload = 'some not so random text';
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
|
||||
req.headers.authorization = reqHeader.field;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });
|
||||
expect(res.headers['server-authorization']).to.exist;
|
||||
|
||||
expect(Browser.client.authenticate(res, credentials, artifacts, { payload: 'some reply' })).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (no server header options)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com:8080',
|
||||
'content-type': 'text/plain;x=y'
|
||||
}
|
||||
};
|
||||
|
||||
var payload = 'some not so random text';
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
|
||||
req.headers.authorization = reqHeader.field;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts);
|
||||
expect(res.headers['server-authorization']).to.exist;
|
||||
|
||||
expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (no server header)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com:8080',
|
||||
'content-type': 'text/plain;x=y'
|
||||
}
|
||||
};
|
||||
|
||||
var payload = 'some not so random text';
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
|
||||
req.headers.authorization = reqHeader.field;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header with stale ts and successfully authenticate on second call', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
Browser.utils.setNtpOffset(60 * 60 * 1000);
|
||||
var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' });
|
||||
req.authorization = header.field;
|
||||
expect(req.authorization).to.exist;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.message).to.equal('Stale timestamp');
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'www-authenticate': err.response.headers['WWW-Authenticate']
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);
|
||||
expect(Browser.client.authenticate(res, credentials, header.artifacts)).to.equal(true);
|
||||
expect(Browser.utils.getNtpOffset()).to.equal(0);
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;
|
||||
expect(req.authorization).to.exist;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header with stale ts and successfully authenticate on second call (manual localStorage)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
Browser.utils.setStorage(LocalStorage)
|
||||
|
||||
Browser.utils.setNtpOffset(60 * 60 * 1000);
|
||||
var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' });
|
||||
req.authorization = header.field;
|
||||
expect(req.authorization).to.exist;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.message).to.equal('Stale timestamp');
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'www-authenticate': err.response.headers['WWW-Authenticate']
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
expect(parseInt(LocalStorage.getItem('hawk_ntp_offset'))).to.equal(60 * 60 * 1000);
|
||||
expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);
|
||||
expect(Browser.client.authenticate(res, credentials, header.artifacts)).to.equal(true);
|
||||
expect(Browser.utils.getNtpOffset()).to.equal(0);
|
||||
expect(parseInt(LocalStorage.getItem('hawk_ntp_offset'))).to.equal(0);
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;
|
||||
expect(req.authorization).to.exist;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then fails to parse it (missing server header hash)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com:8080',
|
||||
'content-type': 'text/plain;x=y'
|
||||
}
|
||||
};
|
||||
|
||||
var payload = 'some not so random text';
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
|
||||
req.headers.authorization = reqHeader.field;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts);
|
||||
expect(res.headers['server-authorization']).to.exist;
|
||||
|
||||
expect(Browser.client.authenticate(res, credentials, artifacts, { payload: 'some reply' })).to.equal(false);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (with hash)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it then validate payload', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload('hola!', credentials, artifacts)).to.be.true;
|
||||
expect(Hawk.server.authenticatePayload('hello!', credentials, artifacts)).to.be.false;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (app)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', app: 'asd23ased' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(artifacts.app).to.equal('asd23ased');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (app, dlg)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(artifacts.app).to.equal('asd23ased');
|
||||
expect(artifacts.dlg).to.equal('23434szr3q4d');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then fail authentication due to bad hash', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Bad payload hash');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header for one resource then fail to authenticate another', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;
|
||||
req.url = '/something/else';
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(credentials).to.exist;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('client', function () {
|
||||
|
||||
describe('#header', function () {
|
||||
|
||||
it('should return a valid authorization header (sha1)', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha1'
|
||||
};
|
||||
|
||||
var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;
|
||||
expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return a valid authorization header (sha256)', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
|
||||
expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return a valid authorization header (no ext)', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
|
||||
expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on missing options', function (done) {
|
||||
|
||||
var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST').field;
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on invalid credentials', function (done) {
|
||||
|
||||
var credentials = {
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 }).field;
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on invalid algorithm', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'hmac-sha-0'
|
||||
};
|
||||
|
||||
var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 }).field;
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
describe('#authenticate', function () {
|
||||
|
||||
it('should return false on invalid header', function (done) {
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'server-authorization': 'Hawk mac="abc", bad="xyz"'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
expect(Browser.client.authenticate(res, {})).to.equal(false);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return false on invalid mac', function (done) {
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain',
|
||||
'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
var artifacts = {
|
||||
method: 'POST',
|
||||
host: 'example.com',
|
||||
port: '8080',
|
||||
resource: '/resource/4?filter=a',
|
||||
ts: '1362336900',
|
||||
nonce: 'eb5S_L',
|
||||
hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
|
||||
ext: 'some-app-data',
|
||||
app: undefined,
|
||||
dlg: undefined,
|
||||
mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
|
||||
id: '123456'
|
||||
};
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(false);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return true on ignoring hash', function (done) {
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain',
|
||||
'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
var artifacts = {
|
||||
method: 'POST',
|
||||
host: 'example.com',
|
||||
port: '8080',
|
||||
resource: '/resource/4?filter=a',
|
||||
ts: '1362336900',
|
||||
nonce: 'eb5S_L',
|
||||
hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
|
||||
ext: 'some-app-data',
|
||||
app: undefined,
|
||||
dlg: undefined,
|
||||
mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
|
||||
id: '123456'
|
||||
};
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should fail on invalid WWW-Authenticate header format', function (done) {
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'www-authenticate': 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
expect(Browser.client.authenticate(res, {})).to.equal(false);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should fail on invalid WWW-Authenticate header format', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'www-authenticate': 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"'
|
||||
},
|
||||
getResponseHeader: function (header) {
|
||||
|
||||
return res.headers[header.toLowerCase()];
|
||||
}
|
||||
};
|
||||
|
||||
expect(Browser.client.authenticate(res, credentials)).to.equal(false);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
describe('#message', function () {
|
||||
it('should generate an authorization then successfully parse it', function (done) {
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials });
|
||||
expect(auth).to.exist;
|
||||
|
||||
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on missing host', function (done) {
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var auth = Browser.client.message(null, 8080, 'some message', { credentials: credentials });
|
||||
expect(auth).to.not.exist;
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on missing credentials', function (done) {
|
||||
|
||||
var auth = Browser.client.message('example.com', 8080, 'some message', {});
|
||||
expect(auth).to.not.exist;
|
||||
done();
|
||||
});
|
||||
|
||||
it('should fail on invalid algorithm', function (done) {
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var creds = Hoek.clone(credentials);
|
||||
creds.algorithm = 'blah';
|
||||
var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });
|
||||
expect(auth).to.not.exist;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('#authenticateTimestamp', function (done) {
|
||||
|
||||
it('should validate a timestamp', function (done) {
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var tsm = Hawk.crypto.timestampMessage(credentials);
|
||||
expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should detect a bad timestamp', function (done) {
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var tsm = Hawk.crypto.timestampMessage(credentials);
|
||||
tsm.ts = 4;
|
||||
expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(false);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('#parseAuthorizationHeader', function (done) {
|
||||
|
||||
it('returns null on missing header', function (done) {
|
||||
|
||||
expect(Browser.utils.parseAuthorizationHeader()).to.equal(null);
|
||||
done();
|
||||
});
|
||||
|
||||
it('returns null on bad header syntax (structure)', function (done) {
|
||||
|
||||
expect(Browser.utils.parseAuthorizationHeader('Hawk')).to.equal(null);
|
||||
done();
|
||||
});
|
||||
|
||||
it('returns null on bad header syntax (parts)', function (done) {
|
||||
|
||||
expect(Browser.utils.parseAuthorizationHeader(' ')).to.equal(null);
|
||||
done();
|
||||
});
|
||||
|
||||
it('returns null on bad scheme name', function (done) {
|
||||
|
||||
expect(Browser.utils.parseAuthorizationHeader('Basic asdasd')).to.equal(null);
|
||||
done();
|
||||
});
|
||||
|
||||
it('returns null on bad attribute value', function (done) {
|
||||
|
||||
expect(Browser.utils.parseAuthorizationHeader('Hawk test="\t"', ['test'])).to.equal(null);
|
||||
done();
|
||||
});
|
||||
|
||||
it('returns null on duplicated attribute', function (done) {
|
||||
|
||||
expect(Browser.utils.parseAuthorizationHeader('Hawk test="a", test="b"', ['test'])).to.equal(null);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
describe('#setNtpOffset', function (done) {
|
||||
|
||||
it('catches localStorage errors', function (done) {
|
||||
|
||||
var orig = Browser.utils.storage.setItem;
|
||||
var error = console.error;
|
||||
var count = 0;
|
||||
console.error = function () { if (count++ === 2) { console.error.error; } };
|
||||
Browser.utils.storage.setItem = function () {
|
||||
|
||||
Browser.utils.storage.setItem = orig;
|
||||
throw new Error()
|
||||
};
|
||||
|
||||
expect(function () {
|
||||
Browser.utils.setNtpOffset(100);
|
||||
}).not.to.throw();
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
206
node_modules/hawk/test/client.js
generated
vendored
Executable file
206
node_modules/hawk/test/client.js
generated
vendored
Executable file
|
|
@ -0,0 +1,206 @@
|
|||
// Load modules
|
||||
|
||||
var Url = require('url');
|
||||
var Lab = require('lab');
|
||||
var Hawk = require('../lib');
|
||||
|
||||
|
||||
// Declare internals
|
||||
|
||||
var internals = {};
|
||||
|
||||
|
||||
// Test shortcuts
|
||||
|
||||
var expect = Lab.expect;
|
||||
var before = Lab.before;
|
||||
var after = Lab.after;
|
||||
var describe = Lab.experiment;
|
||||
var it = Lab.test;
|
||||
|
||||
|
||||
describe('Hawk', function () {
|
||||
|
||||
describe('client', function () {
|
||||
|
||||
describe('#header', function () {
|
||||
|
||||
it('should return a valid authorization header (sha1)', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha1'
|
||||
};
|
||||
|
||||
var header = Hawk.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;
|
||||
expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return a valid authorization header (sha256)', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
|
||||
expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return a valid authorization header (no ext)', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
|
||||
expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on missing options', function (done) {
|
||||
|
||||
var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST').field;
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on invalid credentials', function (done) {
|
||||
|
||||
var credentials = {
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 }).field;
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on invalid algorithm', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'hmac-sha-0'
|
||||
};
|
||||
|
||||
var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 }).field;
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
describe('#authenticate', function () {
|
||||
|
||||
it('should return false on invalid header', function (done) {
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'server-authorization': 'Hawk mac="abc", bad="xyz"'
|
||||
}
|
||||
};
|
||||
|
||||
expect(Hawk.client.authenticate(res, {})).to.equal(false);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return false on invalid mac', function (done) {
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain',
|
||||
'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
|
||||
}
|
||||
};
|
||||
|
||||
var artifacts = {
|
||||
method: 'POST',
|
||||
host: 'example.com',
|
||||
port: '8080',
|
||||
resource: '/resource/4?filter=a',
|
||||
ts: '1362336900',
|
||||
nonce: 'eb5S_L',
|
||||
hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
|
||||
ext: 'some-app-data',
|
||||
app: undefined,
|
||||
dlg: undefined,
|
||||
mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
|
||||
id: '123456'
|
||||
};
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(false);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return true on ignoring hash', function (done) {
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain',
|
||||
'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
|
||||
}
|
||||
};
|
||||
|
||||
var artifacts = {
|
||||
method: 'POST',
|
||||
host: 'example.com',
|
||||
port: '8080',
|
||||
resource: '/resource/4?filter=a',
|
||||
ts: '1362336900',
|
||||
nonce: 'eb5S_L',
|
||||
hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
|
||||
ext: 'some-app-data',
|
||||
app: undefined,
|
||||
dlg: undefined,
|
||||
mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
|
||||
id: '123456'
|
||||
};
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(true);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should fail on invalid WWW-Authenticate header format', function (done) {
|
||||
|
||||
var header = 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"';
|
||||
expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, {})).to.equal(false);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should fail on invalid WWW-Authenticate header format', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
var header = 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"';
|
||||
expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, credentials)).to.equal(false);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
86
node_modules/hawk/test/crypto.js
generated
vendored
Executable file
86
node_modules/hawk/test/crypto.js
generated
vendored
Executable file
|
|
@ -0,0 +1,86 @@
|
|||
// Load modules
|
||||
|
||||
var Lab = require('lab');
|
||||
var Hawk = require('../lib');
|
||||
|
||||
|
||||
// Declare internals
|
||||
|
||||
var internals = {};
|
||||
|
||||
|
||||
// Test shortcuts
|
||||
|
||||
var expect = Lab.expect;
|
||||
var before = Lab.before;
|
||||
var after = Lab.after;
|
||||
var describe = Lab.experiment;
|
||||
var it = Lab.test;
|
||||
|
||||
|
||||
describe('Hawk', function () {
|
||||
|
||||
describe('Crypto', function () {
|
||||
|
||||
describe('#generateNormalizedString', function () {
|
||||
|
||||
it('should return a valid normalized string', function (done) {
|
||||
|
||||
expect(Hawk.crypto.generateNormalizedString('header', {
|
||||
credentials: {
|
||||
key: 'dasdfasdf',
|
||||
algorithm: 'sha256'
|
||||
},
|
||||
ts: 1357747017,
|
||||
nonce: 'k3k4j5',
|
||||
method: 'GET',
|
||||
resource: '/resource/something',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
})).to.equal('hawk.1.header\n1357747017\nk3k4j5\nGET\n/resource/something\nexample.com\n8080\n\n\n');
|
||||
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return a valid normalized string (ext)', function (done) {
|
||||
|
||||
expect(Hawk.crypto.generateNormalizedString('header', {
|
||||
credentials: {
|
||||
key: 'dasdfasdf',
|
||||
algorithm: 'sha256'
|
||||
},
|
||||
ts: 1357747017,
|
||||
nonce: 'k3k4j5',
|
||||
method: 'GET',
|
||||
resource: '/resource/something',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
ext: 'this is some app data'
|
||||
})).to.equal('hawk.1.header\n1357747017\nk3k4j5\nGET\n/resource/something\nexample.com\n8080\n\nthis is some app data\n');
|
||||
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return a valid normalized string (payload + ext)', function (done) {
|
||||
|
||||
expect(Hawk.crypto.generateNormalizedString('header', {
|
||||
credentials: {
|
||||
key: 'dasdfasdf',
|
||||
algorithm: 'sha256'
|
||||
},
|
||||
ts: 1357747017,
|
||||
nonce: 'k3k4j5',
|
||||
method: 'GET',
|
||||
resource: '/resource/something',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
hash: 'U4MKKSmiVxk37JCCrAVIjV/OhB3y+NdwoCr6RShbVkE=',
|
||||
ext: 'this is some app data'
|
||||
})).to.equal('hawk.1.header\n1357747017\nk3k4j5\nGET\n/resource/something\nexample.com\n8080\nU4MKKSmiVxk37JCCrAVIjV/OhB3y+NdwoCr6RShbVkE=\nthis is some app data\n');
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
316
node_modules/hawk/test/index.js
generated
vendored
Executable file
316
node_modules/hawk/test/index.js
generated
vendored
Executable file
|
|
@ -0,0 +1,316 @@
|
|||
// Load modules
|
||||
|
||||
var Url = require('url');
|
||||
var Lab = require('lab');
|
||||
var Hawk = require('../lib');
|
||||
|
||||
|
||||
// Declare internals
|
||||
|
||||
var internals = {};
|
||||
|
||||
|
||||
// Test shortcuts
|
||||
|
||||
var expect = Lab.expect;
|
||||
var before = Lab.before;
|
||||
var after = Lab.after;
|
||||
var describe = Lab.experiment;
|
||||
var it = Lab.test;
|
||||
|
||||
|
||||
describe('Hawk', function () {
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
var credentials = {
|
||||
id: id,
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: (id === '1' ? 'sha1' : 'sha256'),
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
return callback(null, credentials);
|
||||
};
|
||||
|
||||
it('should generate a header then successfully parse it (configuration)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Hawk.client.header(Url.parse('http://example.com:8080/resource/4?filter=a'), req.method, { credentials: credentials, ext: 'some-app-data' }).field;
|
||||
expect(req.authorization).to.exist;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (node request)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com:8080',
|
||||
'content-type': 'text/plain;x=y'
|
||||
}
|
||||
};
|
||||
|
||||
var payload = 'some not so random text';
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var reqHeader = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
|
||||
req.headers.authorization = reqHeader.field;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain'
|
||||
}
|
||||
};
|
||||
|
||||
res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });
|
||||
expect(res.headers['server-authorization']).to.exist;
|
||||
|
||||
expect(Hawk.client.authenticate(res, credentials, artifacts, { payload: 'some reply' })).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (no server header options)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com:8080',
|
||||
'content-type': 'text/plain;x=y'
|
||||
}
|
||||
};
|
||||
|
||||
var payload = 'some not so random text';
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var reqHeader = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
|
||||
req.headers.authorization = reqHeader.field;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain'
|
||||
}
|
||||
};
|
||||
|
||||
res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts);
|
||||
expect(res.headers['server-authorization']).to.exist;
|
||||
|
||||
expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then fails to parse it (missing server header hash)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com:8080',
|
||||
'content-type': 'text/plain;x=y'
|
||||
}
|
||||
};
|
||||
|
||||
var payload = 'some not so random text';
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var reqHeader = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
|
||||
req.headers.authorization = reqHeader.field;
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'content-type': 'text/plain'
|
||||
}
|
||||
};
|
||||
|
||||
res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts);
|
||||
expect(res.headers['server-authorization']).to.exist;
|
||||
|
||||
expect(Hawk.client.authenticate(res, credentials, artifacts, { payload: 'some reply' })).to.equal(false);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (with hash)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it then validate payload', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(Hawk.server.authenticatePayload('hola!', credentials, artifacts)).to.be.true;
|
||||
expect(Hawk.server.authenticatePayload('hello!', credentials, artifacts)).to.be.false;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (app)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', app: 'asd23ased' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(artifacts.app).to.equal('asd23ased');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then successfully parse it (app, dlg)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(artifacts.ext).to.equal('some-app-data');
|
||||
expect(artifacts.app).to.equal('asd23ased');
|
||||
expect(artifacts.dlg).to.equal('23434szr3q4d');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header then fail authentication due to bad hash', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;
|
||||
Hawk.server.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Bad payload hash');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a header for one resource then fail to authenticate another', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;
|
||||
req.url = '/something/else';
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(credentials).to.exist;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
98
node_modules/hawk/test/readme.js
generated
vendored
Executable file
98
node_modules/hawk/test/readme.js
generated
vendored
Executable file
|
|
@ -0,0 +1,98 @@
|
|||
// Load modules
|
||||
|
||||
var Lab = require('lab');
|
||||
var Hoek = require('hoek');
|
||||
var Hawk = require('../lib');
|
||||
|
||||
|
||||
// Declare internals
|
||||
|
||||
var internals = {};
|
||||
|
||||
|
||||
// Test shortcuts
|
||||
|
||||
var expect = Lab.expect;
|
||||
var before = Lab.before;
|
||||
var after = Lab.after;
|
||||
var describe = Lab.experiment;
|
||||
var it = Lab.test;
|
||||
|
||||
|
||||
describe('Hawk', function () {
|
||||
|
||||
describe('README', function () {
|
||||
|
||||
describe('core', function () {
|
||||
|
||||
var credentials = {
|
||||
id: 'dh37fgj492je',
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var options = {
|
||||
credentials: credentials,
|
||||
timestamp: 1353832234,
|
||||
nonce: 'j4h3g2',
|
||||
ext: 'some-app-ext-data'
|
||||
};
|
||||
|
||||
it('should generate a header protocol example', function (done) {
|
||||
|
||||
var header = Hawk.client.header('http://example.com:8000/resource/1?b=1&a=2', 'GET', options).field;
|
||||
|
||||
expect(header).to.equal('Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", ext="some-app-ext-data", mac="6R4rV5iE+NPoym+WwjeHzjAGXUtLNIxmo1vpMofpLAE="');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should generate a normalized string protocol example', function (done) {
|
||||
|
||||
var normalized = Hawk.crypto.generateNormalizedString('header', {
|
||||
credentials: credentials,
|
||||
ts: options.timestamp,
|
||||
nonce: options.nonce,
|
||||
method: 'GET',
|
||||
resource: '/resource?a=1&b=2',
|
||||
host: 'example.com',
|
||||
port: 8000,
|
||||
ext: options.ext
|
||||
});
|
||||
|
||||
expect(normalized).to.equal('hawk.1.header\n1353832234\nj4h3g2\nGET\n/resource?a=1&b=2\nexample.com\n8000\n\nsome-app-ext-data\n');
|
||||
done();
|
||||
});
|
||||
|
||||
var payloadOptions = Hoek.clone(options);
|
||||
payloadOptions.payload = 'Thank you for flying Hawk';
|
||||
payloadOptions.contentType = 'text/plain';
|
||||
|
||||
it('should generate a header protocol example (with payload)', function (done) {
|
||||
|
||||
var header = Hawk.client.header('http://example.com:8000/resource/1?b=1&a=2', 'POST', payloadOptions).field;
|
||||
|
||||
expect(header).to.equal('Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", hash="Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=", ext="some-app-ext-data", mac="aSe1DERmZuRl3pI36/9BdZmnErTw3sNzOOAUlfeKjVw="');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should generate a normalized string protocol example (with payload)', function (done) {
|
||||
|
||||
var normalized = Hawk.crypto.generateNormalizedString('header', {
|
||||
credentials: credentials,
|
||||
ts: options.timestamp,
|
||||
nonce: options.nonce,
|
||||
method: 'POST',
|
||||
resource: '/resource?a=1&b=2',
|
||||
host: 'example.com',
|
||||
port: 8000,
|
||||
hash: Hawk.crypto.calculatePayloadHash(payloadOptions.payload, credentials.algorithm, payloadOptions.contentType),
|
||||
ext: options.ext
|
||||
});
|
||||
|
||||
expect(normalized).to.equal('hawk.1.header\n1353832234\nj4h3g2\nPOST\n/resource?a=1&b=2\nexample.com\n8000\nYi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=\nsome-app-ext-data\n');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
686
node_modules/hawk/test/server.js
generated
vendored
Executable file
686
node_modules/hawk/test/server.js
generated
vendored
Executable file
|
|
@ -0,0 +1,686 @@
|
|||
// Load modules
|
||||
|
||||
var Url = require('url');
|
||||
var Lab = require('lab');
|
||||
var Hawk = require('../lib');
|
||||
|
||||
|
||||
// Declare internals
|
||||
|
||||
var internals = {};
|
||||
|
||||
|
||||
// Test shortcuts
|
||||
|
||||
var expect = Lab.expect;
|
||||
var before = Lab.before;
|
||||
var after = Lab.after;
|
||||
var describe = Lab.experiment;
|
||||
var it = Lab.test;
|
||||
|
||||
|
||||
describe('Hawk', function () {
|
||||
|
||||
describe('server', function () {
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
var credentials = {
|
||||
id: id,
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: (id === '1' ? 'sha1' : 'sha256'),
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
return callback(null, credentials);
|
||||
};
|
||||
|
||||
describe('#authenticate', function () {
|
||||
|
||||
it('should parse a valid authentication header (sha1)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="1", ts="1353788437", nonce="k3j4h2", mac="zy79QQ5/EYFmQqutVnYb73gAc/U=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should parse a valid authentication header (sha256)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/1?b=1&a=2',
|
||||
host: 'example.com',
|
||||
port: 8000,
|
||||
authorization: 'Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", mac="m8r1rHbXN6NgO+KIIhjO7sFRyd78RNGVUwehe8Cp2dU=", ext="some-app-data"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353832234000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should parse a valid authentication header (host override)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example1.com:8080',
|
||||
authorization: 'Hawk id="1", ts="1353788437", nonce="k3j4h2", mac="zy79QQ5/EYFmQqutVnYb73gAc/U=", ext="hello"'
|
||||
}
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { host: 'example.com', localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should parse a valid authentication header (host port override)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example1.com:80',
|
||||
authorization: 'Hawk id="1", ts="1353788437", nonce="k3j4h2", mac="zy79QQ5/EYFmQqutVnYb73gAc/U=", ext="hello"'
|
||||
}
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { host: 'example.com', port: 8080, localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should parse a valid authentication header (POST with payload)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123456", ts="1357926341", nonce="1AwuJD", hash="qAiXIVv+yjDATneWxZP2YCTa9aHRgQdnH9b3Wc+o3dg=", ext="some-app-data", mac="UeYcj5UoTVaAWXNvJfLVia7kU3VabxCqrccXP8sUGC4="'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1357926341000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on missing hash', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/1?b=1&a=2',
|
||||
host: 'example.com',
|
||||
port: 8000,
|
||||
authorization: 'Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", mac="m8r1rHbXN6NgO+KIIhjO7sFRyd78RNGVUwehe8Cp2dU=", ext="some-app-data"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { payload: 'body', localtimeOffsetMsec: 1353832234000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Missing required payload hash');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on a stale timestamp', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123456", ts="1362337299", nonce="UzmxSs", ext="some-app-data", mac="wnNUxchvvryMH2RxckTdZ/gY3ijzvccx4keVvELC61w="'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Stale timestamp');
|
||||
var header = err.response.headers['WWW-Authenticate'];
|
||||
var ts = header.match(/^Hawk ts\=\"(\d+)\"\, tsm\=\"([^\"]+)\"\, error=\"Stale timestamp\"$/);
|
||||
var now = Hawk.utils.now();
|
||||
expect(parseInt(ts[1], 10) * 1000).to.be.within(now - 1000, now + 1000);
|
||||
|
||||
var res = {
|
||||
headers: {
|
||||
'www-authenticate': header
|
||||
}
|
||||
};
|
||||
|
||||
expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on a replay', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="bXx7a7p1h9QYQNZ8x7QhvDQym8ACgab4m3lVSFn4DBw=", ext="hello"'
|
||||
};
|
||||
|
||||
var memoryCache = {};
|
||||
var options = {
|
||||
localtimeOffsetMsec: 1353788437000 - Hawk.utils.now(),
|
||||
nonceFunc: function (nonce, ts, callback) {
|
||||
|
||||
if (memoryCache[nonce]) {
|
||||
return callback(new Error());
|
||||
}
|
||||
|
||||
memoryCache[nonce] = true;
|
||||
return callback();
|
||||
}
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, options, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, options, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid nonce');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an invalid authentication header: wrong scheme', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Basic asdasdasdasd'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.not.exist;
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an invalid authentication header: no scheme', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: '!@#'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid header syntax');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an missing authorization header', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.isMissing).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an missing host header', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
}
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid Host header');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an missing authorization attribute (id)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Missing attributes');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an missing authorization attribute (ts)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Missing attributes');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an missing authorization attribute (nonce)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Missing attributes');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an missing authorization attribute (mac)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Missing attributes');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an unknown authorization attribute', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", x="3", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Unknown attribute: x');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an bad authorization header format', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123\\", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Bad header format');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an bad authorization attribute value', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="\t", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Bad attribute value: id');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an empty authorization attribute value', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Bad attribute value: id');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on duplicated authorization attribute key', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", id="456", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Duplicate attribute: id');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an invalid authorization header format', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk'
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid header syntax');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an bad host header (missing host)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: ':8080',
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
}
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid Host header');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on an bad host header (pad port)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com:something',
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
}
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid Host header');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on credentialsFunc error', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
return callback(new Error('Unknown user'));
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.message).to.equal('Unknown user');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on missing credentials', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
return callback(null, null);
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Unknown credentials');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on invalid credentials', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
var credentials = {
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
return callback(null, credentials);
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.message).to.equal('Invalid credentials');
|
||||
expect(err.response.payload.message).to.equal('An internal server error occurred');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on unknown credentials algorithm', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
var credentials = {
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'hmac-sha-0',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
return callback(null, credentials);
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.message).to.equal('Unknown algorithm');
|
||||
expect(err.response.payload.message).to.equal('An internal server error occurred');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on unknown bad mac', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcU4jlr7T/wuKe3dKijvTvSos=", ext="hello"'
|
||||
};
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
var credentials = {
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
return callback(null, credentials);
|
||||
};
|
||||
|
||||
Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Bad mac');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('#header', function () {
|
||||
|
||||
it('should return an empty authorization header on missing options', function (done) {
|
||||
|
||||
var header = Hawk.server.header();
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on missing credentials', function (done) {
|
||||
|
||||
var header = Hawk.server.header(null, {});
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on invalid credentials', function (done) {
|
||||
|
||||
var credentials = {
|
||||
key: '2983d45yun89q'
|
||||
};
|
||||
|
||||
var header = Hawk.server.header(credentials);
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty authorization header on invalid algorithm', function (done) {
|
||||
|
||||
var artifacts = {
|
||||
id: '123456'
|
||||
};
|
||||
|
||||
var credentials = {
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'hmac-sha-0'
|
||||
};
|
||||
|
||||
var header = Hawk.server.header(credentials, artifacts);
|
||||
expect(header).to.equal('');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
456
node_modules/hawk/test/uri.js
generated
vendored
Executable file
456
node_modules/hawk/test/uri.js
generated
vendored
Executable file
|
|
@ -0,0 +1,456 @@
|
|||
// Load modules
|
||||
|
||||
var Http = require('http');
|
||||
var Lab = require('lab');
|
||||
var Hawk = require('../lib');
|
||||
|
||||
|
||||
// Declare internals
|
||||
|
||||
var internals = {};
|
||||
|
||||
|
||||
// Test shortcuts
|
||||
|
||||
var expect = Lab.expect;
|
||||
var before = Lab.before;
|
||||
var after = Lab.after;
|
||||
var describe = Lab.experiment;
|
||||
var it = Lab.test;
|
||||
|
||||
|
||||
describe('Hawk', function () {
|
||||
|
||||
describe('Uri', function () {
|
||||
|
||||
var credentialsFunc = function (id, callback) {
|
||||
|
||||
var credentials = {
|
||||
id: id,
|
||||
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
|
||||
algorithm: 'sha256',
|
||||
user: 'steve'
|
||||
};
|
||||
|
||||
return callback(null, credentials);
|
||||
};
|
||||
|
||||
it('should generate a bewit then successfully authenticate it', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?a=1&b=2',
|
||||
host: 'example.com',
|
||||
port: 80
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var bewit = Hawk.uri.getBewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials, ttlSec: 60 * 60 * 24 * 365 * 100, ext: 'some-app-data' });
|
||||
req.url += '&bewit=' + bewit;
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(attributes.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should generate a bewit then successfully authenticate it (no ext)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?a=1&b=2',
|
||||
host: 'example.com',
|
||||
port: 80
|
||||
};
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var bewit = Hawk.uri.getBewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials, ttlSec: 60 * 60 * 24 * 365 * 100 });
|
||||
req.url += '&bewit=' + bewit;
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should successfully authenticate a request (last param)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?a=1&b=2&bewit=MTIzNDU2XDQ1MTE0ODQ2MjFcMzFjMmNkbUJFd1NJRVZDOVkva1NFb2c3d3YrdEVNWjZ3RXNmOGNHU2FXQT1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(attributes.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should successfully authenticate a request (first param)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MTE0ODQ2MjFcMzFjMmNkbUJFd1NJRVZDOVkva1NFb2c3d3YrdEVNWjZ3RXNmOGNHU2FXQT1cc29tZS1hcHAtZGF0YQ&a=1&b=2',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(attributes.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should successfully authenticate a request (only param)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MTE0ODQ2NDFcZm1CdkNWT3MvcElOTUUxSTIwbWhrejQ3UnBwTmo4Y1VrSHpQd3Q5OXJ1cz1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.not.exist;
|
||||
expect(credentials.user).to.equal('steve');
|
||||
expect(attributes.ext).to.equal('some-app-data');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on multiple authentication', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MTE0ODQ2NDFcZm1CdkNWT3MvcElOTUUxSTIwbWhrejQ3UnBwTmo4Y1VrSHpQd3Q5OXJ1cz1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080,
|
||||
authorization: 'Basic asdasdasdasd'
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Multiple authentications');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on method other than GET', function (done) {
|
||||
|
||||
credentialsFunc('123456', function (err, credentials) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
var exp = Math.floor(Hawk.utils.now() / 1000) + 60;
|
||||
var ext = 'some-app-data';
|
||||
var mac = Hawk.crypto.calculateMac('bewit', credentials, {
|
||||
timestamp: exp,
|
||||
nonce: '',
|
||||
method: req.method,
|
||||
resource: req.url,
|
||||
host: req.host,
|
||||
port: req.port,
|
||||
ext: ext
|
||||
});
|
||||
|
||||
var bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + ext;
|
||||
|
||||
req.url += '&bewit=' + Hawk.utils.base64urlEncode(bewit);
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid method');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on invalid host header', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ',
|
||||
headers: {
|
||||
host: 'example.com:something'
|
||||
}
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid Host header');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on empty bewit', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Empty bewit');
|
||||
expect(err.isMissing).to.not.exist;
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on invalid bewit', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=*',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid bewit encoding');
|
||||
expect(err.isMissing).to.not.exist;
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on missing bewit', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.not.exist;
|
||||
expect(err.isMissing).to.equal(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on invalid bewit structure', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=abc',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Invalid bewit structure');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on empty bewit attribute', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=YVxcY1xk',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Missing bewit attributes');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on expired access', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?a=1&b=2&bewit=MTIzNDU2XDEzNTY0MTg1ODNcWk1wZlMwWU5KNHV0WHpOMmRucTRydEk3NXNXTjFjeWVITTcrL0tNZFdVQT1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Access expired');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on credentials function error', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, function (id, callback) { callback(Hawk.error.badRequest('Boom')); }, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Boom');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on null credentials function response', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, function (id, callback) { callback(null, null); }, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Unknown credentials');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on invalid credentials function response', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, function (id, callback) { callback(null, {}); }, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.message).to.equal('Invalid credentials');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on invalid credentials function response (unknown algorithm)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, function (id, callback) { callback(null, { key: 'xxx', algorithm: 'xxx' }); }, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.message).to.equal('Unknown algorithm');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail on expired access', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'GET',
|
||||
url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ',
|
||||
host: 'example.com',
|
||||
port: 8080
|
||||
};
|
||||
|
||||
Hawk.uri.authenticate(req, function (id, callback) { callback(null, { key: 'xxx', algorithm: 'sha256' }); }, {}, function (err, credentials, attributes) {
|
||||
|
||||
expect(err).to.exist;
|
||||
expect(err.response.payload.message).to.equal('Bad mac');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('#getBewit', function () {
|
||||
|
||||
it('should return a valid bewit value', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
|
||||
expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty bewit on invalid credentials', function (done) {
|
||||
|
||||
var credentials = {
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'sha256'
|
||||
};
|
||||
|
||||
var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });
|
||||
expect(bewit).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty bewit on invalid algorithm', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'hmac-sha-0'
|
||||
};
|
||||
|
||||
var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, ext: 'xandyandz' });
|
||||
expect(bewit).to.equal('');
|
||||
done();
|
||||
});
|
||||
|
||||
it('should return an empty bewit on missing options', function (done) {
|
||||
|
||||
var credentials = {
|
||||
id: '123456',
|
||||
key: '2983d45yun89q',
|
||||
algorithm: 'hmac-sha-0'
|
||||
};
|
||||
|
||||
var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow');
|
||||
expect(bewit).to.equal('');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
120
node_modules/hawk/test/utils.js
generated
vendored
Executable file
120
node_modules/hawk/test/utils.js
generated
vendored
Executable file
|
|
@ -0,0 +1,120 @@
|
|||
// Load modules
|
||||
|
||||
var Lab = require('lab');
|
||||
var Hawk = require('../lib');
|
||||
var Package = require('../package.json');
|
||||
|
||||
|
||||
// Declare internals
|
||||
|
||||
var internals = {};
|
||||
|
||||
|
||||
// Test shortcuts
|
||||
|
||||
var expect = Lab.expect;
|
||||
var before = Lab.before;
|
||||
var after = Lab.after;
|
||||
var describe = Lab.experiment;
|
||||
var it = Lab.test;
|
||||
|
||||
|
||||
describe('Hawk', function () {
|
||||
|
||||
describe('Utils', function () {
|
||||
|
||||
describe('#parseHost', function () {
|
||||
|
||||
it('returns port 80 for non tls node request', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com',
|
||||
'content-type': 'text/plain;x=y'
|
||||
}
|
||||
};
|
||||
|
||||
expect(Hawk.utils.parseHost(req, 'Host').port).to.equal(80);
|
||||
done();
|
||||
});
|
||||
|
||||
it('returns port 443 for non tls node request', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: 'example.com',
|
||||
'content-type': 'text/plain;x=y'
|
||||
},
|
||||
connection: {
|
||||
encrypted: true
|
||||
}
|
||||
};
|
||||
|
||||
expect(Hawk.utils.parseHost(req, 'Host').port).to.equal(443);
|
||||
done();
|
||||
});
|
||||
|
||||
it('returns port 443 for non tls node request (IPv6)', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: '[123:123:123]',
|
||||
'content-type': 'text/plain;x=y'
|
||||
},
|
||||
connection: {
|
||||
encrypted: true
|
||||
}
|
||||
};
|
||||
|
||||
expect(Hawk.utils.parseHost(req, 'Host').port).to.equal(443);
|
||||
done();
|
||||
});
|
||||
|
||||
it('parses IPv6 headers', function (done) {
|
||||
|
||||
var req = {
|
||||
method: 'POST',
|
||||
url: '/resource/4?filter=a',
|
||||
headers: {
|
||||
host: '[123:123:123]:8000',
|
||||
'content-type': 'text/plain;x=y'
|
||||
},
|
||||
connection: {
|
||||
encrypted: true
|
||||
}
|
||||
};
|
||||
|
||||
var host = Hawk.utils.parseHost(req, 'Host');
|
||||
expect(host.port).to.equal('8000');
|
||||
expect(host.name).to.equal('[123:123:123]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
describe('#version', function () {
|
||||
|
||||
it('returns the correct package version number', function (done) {
|
||||
|
||||
expect(Hawk.utils.version()).to.equal(Package.version);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
describe('#unauthorized', function () {
|
||||
|
||||
it('returns a hawk 401', function (done) {
|
||||
|
||||
expect(Hawk.utils.unauthorized('kaboom').response.headers['WWW-Authenticate']).to.equal('Hawk error="kaboom"');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue