diff options
| author | Myles Borins <myles.borins@gmail.com> | 2017-10-26 22:35:25 -0400 |
|---|---|---|
| committer | Myles Borins <myles.borins@gmail.com> | 2017-10-29 21:32:15 -0400 |
| commit | ace4fe566fc3af4876c7458f983feeb5eae3df26 (patch) | |
| tree | 458d847e9bd56199cd0d8b34cec126c7410fb6ca /deps/npm/node_modules/request/node_modules/hawk/lib/client.js | |
| parent | 64168eb9b43e30e4c0b986c9b29c41be63e85df6 (diff) | |
| download | android-node-v8-ace4fe566fc3af4876c7458f983feeb5eae3df26.tar.gz android-node-v8-ace4fe566fc3af4876c7458f983feeb5eae3df26.tar.bz2 android-node-v8-ace4fe566fc3af4876c7458f983feeb5eae3df26.zip | |
deps: update npm to 5.5.1
Closes: https://github.com/nodejs/node/pull/16280
PR-URL: https://github.com/nodejs/node/pull/16509
Fixes: https://github.com/nodejs/node/issues/14161
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaƫl Zasso <targos@protonmail.com>
Diffstat (limited to 'deps/npm/node_modules/request/node_modules/hawk/lib/client.js')
| -rwxr-xr-x | deps/npm/node_modules/request/node_modules/hawk/lib/client.js | 119 |
1 files changed, 72 insertions, 47 deletions
diff --git a/deps/npm/node_modules/request/node_modules/hawk/lib/client.js b/deps/npm/node_modules/request/node_modules/hawk/lib/client.js index f9ae691713..13bd77b359 100755 --- a/deps/npm/node_modules/request/node_modules/hawk/lib/client.js +++ b/deps/npm/node_modules/request/node_modules/hawk/lib/client.js @@ -1,15 +1,17 @@ +'use strict'; + // Load modules -var Url = require('url'); -var Hoek = require('hoek'); -var Cryptiles = require('cryptiles'); -var Crypto = require('./crypto'); -var Utils = require('./utils'); +const Url = require('url'); +const Hoek = require('hoek'); +const Cryptiles = require('cryptiles'); +const Crypto = require('./crypto'); +const Utils = require('./utils'); // Declare internals -var internals = {}; +const internals = {}; // Generate an Authorization header for a given request @@ -30,7 +32,7 @@ var internals = {}; // Optional ext: 'application-specific', // Application specific data sent via the ext attribute - timestamp: Date.now(), // A pre-calculated timestamp + timestamp: Date.now() / 1000, // A pre-calculated timestamp in seconds nonce: '2334f34f', // A pre-generated nonce localtimeOffsetMsec: 400, // Time offset to sync with server time (ignored if timestamp provided) payload: '{"some":"payload"}', // UTF-8 encoded string for body hash generation (ignored if hash provided) @@ -43,7 +45,7 @@ var internals = {}; exports.header = function (uri, method, options) { - var result = { + const result = { field: '', artifacts: {} }; @@ -60,11 +62,11 @@ exports.header = function (uri, method, options) { // Application time - var timestamp = options.timestamp || Utils.nowSecs(options.localtimeOffsetMsec); + const timestamp = options.timestamp || Utils.nowSecs(options.localtimeOffsetMsec); // Validate credentials - var credentials = options.credentials; + const credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -87,10 +89,10 @@ exports.header = function (uri, method, options) { // Calculate signature - var artifacts = { + const artifacts = { ts: timestamp, nonce: options.nonce || Cryptiles.randomString(6), - method: method, + method, resource: uri.pathname + (uri.search || ''), // Maintain trailing '?' host: uri.hostname, port: uri.port || (uri.protocol === 'http:' ? 80 : 443), @@ -110,12 +112,12 @@ exports.header = function (uri, method, options) { artifacts.hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType); } - var mac = Crypto.calculateMac('header', credentials, artifacts); + const mac = Crypto.calculateMac('header', credentials, artifacts); // Construct header - var hasExt = artifacts.ext !== null && artifacts.ext !== undefined && artifacts.ext !== ''; // Other falsey values allowed - var header = 'Hawk id="' + credentials.id + + const hasExt = artifacts.ext !== null && artifacts.ext !== undefined && artifacts.ext !== ''; // Other falsey values allowed + let header = 'Hawk id="' + credentials.id + '", ts="' + artifacts.ts + '", nonce="' + artifacts.nonce + (artifacts.hash ? '", hash="' + artifacts.hash : '') + @@ -123,7 +125,7 @@ exports.header = function (uri, method, options) { '", mac="' + mac + '"'; if (artifacts.app) { - header += ', app="' + artifacts.app + + header = header + ', app="' + artifacts.app + (artifacts.dlg ? '", dlg="' + artifacts.dlg : '') + '"'; } @@ -144,26 +146,44 @@ exports.header = function (uri, method, options) { } */ -exports.authenticate = function (res, credentials, artifacts, options) { +exports.authenticate = function (res, credentials, artifacts, options, callback) { artifacts = Hoek.clone(artifacts); options = options || {}; + let wwwAttributes = null; + let serverAuthAttributes = null; + + const finalize = function (err) { + + if (callback) { + const headers = { + 'www-authenticate': wwwAttributes, + 'server-authorization': serverAuthAttributes + }; + + return callback(err, headers); + } + + return !err; + }; + if (res.headers['www-authenticate']) { // Parse HTTP WWW-Authenticate header - var wwwAttributes = Utils.parseAuthorizationHeader(res.headers['www-authenticate'], ['ts', 'tsm', 'error']); + wwwAttributes = Utils.parseAuthorizationHeader(res.headers['www-authenticate'], ['ts', 'tsm', 'error']); if (wwwAttributes instanceof Error) { - return false; + wwwAttributes = null; + return finalize(new Error('Invalid WWW-Authenticate header')); } // Validate server timestamp (not used to update clock since it is done via the SNPT client) if (wwwAttributes.ts) { - var tsm = Crypto.calculateTsMac(wwwAttributes.ts, credentials); + const tsm = Crypto.calculateTsMac(wwwAttributes.ts, credentials); if (tsm !== wwwAttributes.tsm) { - return false; + return finalize(new Error('Invalid server timestamp hash')); } } } @@ -173,34 +193,39 @@ exports.authenticate = function (res, credentials, artifacts, options) { if (!res.headers['server-authorization'] && !options.required) { - return true; + return finalize(); } - var attributes = Utils.parseAuthorizationHeader(res.headers['server-authorization'], ['mac', 'ext', 'hash']); - if (attributes instanceof Error) { - return false; + serverAuthAttributes = Utils.parseAuthorizationHeader(res.headers['server-authorization'], ['mac', 'ext', 'hash']); + if (serverAuthAttributes instanceof Error) { + serverAuthAttributes = null; + return finalize(new Error('Invalid Server-Authorization header')); } - artifacts.ext = attributes.ext; - artifacts.hash = attributes.hash; + artifacts.ext = serverAuthAttributes.ext; + artifacts.hash = serverAuthAttributes.hash; - var mac = Crypto.calculateMac('response', credentials, artifacts); - if (mac !== attributes.mac) { - return false; + const mac = Crypto.calculateMac('response', credentials, artifacts); + if (mac !== serverAuthAttributes.mac) { + return finalize(new Error('Bad response mac')); } if (!options.payload && options.payload !== '') { - return true; + return finalize(); + } + + if (!serverAuthAttributes.hash) { + return finalize(new Error('Missing response hash attribute')); } - if (!attributes.hash) { - return false; + const calculatedHash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, res.headers['content-type']); + if (calculatedHash !== serverAuthAttributes.hash) { + return finalize(new Error('Bad response payload mac')); } - var calculatedHash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, res.headers['content-type']); - return (calculatedHash === attributes.hash); + return finalize(); }; @@ -243,11 +268,11 @@ exports.getBewit = function (uri, options) { // Application time - var now = Utils.now(options.localtimeOffsetMsec); + const now = Utils.now(options.localtimeOffsetMsec); // Validate credentials - var credentials = options.credentials; + const credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -268,8 +293,8 @@ exports.getBewit = function (uri, options) { // Calculate signature - var exp = Math.floor(now / 1000) + options.ttlSec; - var mac = Crypto.calculateMac('bewit', credentials, { + const exp = Math.floor(now / 1000) + options.ttlSec; + const mac = Crypto.calculateMac('bewit', credentials, { ts: exp, nonce: '', method: 'GET', @@ -281,7 +306,7 @@ exports.getBewit = function (uri, options) { // Construct bewit: id\exp\mac\ext - var bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext; + const bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext; return Hoek.base64urlEncode(bewit); }; @@ -304,7 +329,7 @@ exports.getBewit = function (uri, options) { // Optional - timestamp: Date.now(), // A pre-calculated timestamp + timestamp: Date.now() / 1000, // A pre-calculated timestamp in seconds nonce: '2334f34f', // A pre-generated nonce localtimeOffsetMsec: 400, // Time offset to sync with server time (ignored if timestamp provided) } @@ -324,11 +349,11 @@ exports.message = function (host, port, message, options) { // Application time - var timestamp = options.timestamp || Utils.nowSecs(options.localtimeOffsetMsec); + const timestamp = options.timestamp || Utils.nowSecs(options.localtimeOffsetMsec); // Validate credentials - var credentials = options.credentials; + const credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -344,17 +369,17 @@ exports.message = function (host, port, message, options) { // Calculate signature - var artifacts = { + const artifacts = { ts: timestamp, nonce: options.nonce || Cryptiles.randomString(6), - host: host, - port: port, + host, + port, hash: Crypto.calculatePayloadHash(message, credentials.algorithm) }; // Construct authorization - var result = { + const result = { id: credentials.id, ts: artifacts.ts, nonce: artifacts.nonce, |