diff options
Diffstat (limited to 'deps/npm/node_modules/hawk/test')
-rwxr-xr-x | deps/npm/node_modules/hawk/test/browser.js | 1492 | ||||
-rwxr-xr-x | deps/npm/node_modules/hawk/test/client.js | 440 | ||||
-rwxr-xr-x | deps/npm/node_modules/hawk/test/crypto.js | 70 | ||||
-rwxr-xr-x | deps/npm/node_modules/hawk/test/index.js | 378 | ||||
-rwxr-xr-x | deps/npm/node_modules/hawk/test/readme.js | 94 | ||||
-rwxr-xr-x | deps/npm/node_modules/hawk/test/server.js | 1328 | ||||
-rwxr-xr-x | deps/npm/node_modules/hawk/test/uri.js | 837 | ||||
-rwxr-xr-x | deps/npm/node_modules/hawk/test/utils.js | 149 |
8 files changed, 0 insertions, 4788 deletions
diff --git a/deps/npm/node_modules/hawk/test/browser.js b/deps/npm/node_modules/hawk/test/browser.js deleted file mode 100755 index 9bec675fe6..0000000000 --- a/deps/npm/node_modules/hawk/test/browser.js +++ /dev/null @@ -1,1492 +0,0 @@ -// Load modules - -var Url = require('url'); -var Code = require('code'); -var Hawk = require('../lib'); -var Hoek = require('hoek'); -var Lab = require('lab'); -var Browser = require('../lib/browser'); - - -// Declare internals - -var internals = {}; - - -// Test shortcuts - -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - - -describe('Browser', function () { - - var credentialsFunc = function (id, callback) { - - var credentials = { - id: id, - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: (id === '1' ? 'sha1' : 'sha256'), - user: 'steve' - }; - - return callback(null, credentials); - }; - - it('should generate a bewit then successfully authenticate it', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?a=1&b=2', - host: 'example.com', - port: 80 - }; - - credentialsFunc('123456', function (err, credentials1) { - - var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100, ext: 'some-app-data' }); - req.url += '&bewit=' + bewit; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(attributes.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - - it('should generate a bewit then successfully authenticate it (no ext)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?a=1&b=2', - host: 'example.com', - port: 80 - }; - - credentialsFunc('123456', function (err, credentials1) { - - var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100 }); - req.url += '&bewit=' + bewit; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - done(); - }); - }); - }); - - describe('bewit()', function () { - - it('returns a valid bewit value', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6'); - done(); - }); - - it('returns a valid bewit value (explicit HTTP port)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit('http://example.com:8080/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcaFpiSjNQMmNLRW80a3kwQzhqa1pBa1J5Q1p1ZWc0V1NOYnhWN3ZxM3hIVT1ceGFuZHlhbmR6'); - done(); - }); - - it('returns a valid bewit value (explicit HTTPS port)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit('https://example.com:8043/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcL2t4UjhwK0xSaTdvQTRnUXc3cWlxa3BiVHRKYkR4OEtRMC9HRUwvVytTUT1ceGFuZHlhbmR6'); - done(); - }); - - it('returns a valid bewit value (null ext)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: null }); - expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcSUdZbUxnSXFMckNlOEN4dktQczRKbFdJQStValdKSm91d2dBUmlWaENBZz1c'); - done(); - }); - - it('errors on invalid options', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', 4); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on missing uri', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit('', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on invalid uri', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit(5, { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on invalid credentials (id)', function (done) { - - var credentials = { - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on missing credentials', function (done) { - - var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { ttlSec: 3000, ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on invalid credentials (key)', function (done) { - - var credentials = { - id: '123456', - algorithm: 'sha256' - }; - - var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on invalid algorithm', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'hmac-sha-0' - }; - - var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on missing options', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'hmac-sha-0' - }; - - var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow'); - expect(bewit).to.equal(''); - done(); - }); - }); - - it('generates a header then successfully parse it (configuration)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field; - expect(req.authorization).to.exist(); - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (node request)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(res.headers['server-authorization']).to.exist(); - - expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (browserify)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - }, - getHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(res.headers['server-authorization']).to.exist(); - - expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (time offset)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', localtimeOffsetMsec: 100000 }).field; - expect(req.authorization).to.exist(); - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 100000 }, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (no server header options)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts); - expect(res.headers['server-authorization']).to.exist(); - - expect(Browser.client.authenticate(res, credentials2, artifacts)).to.equal(true); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (no server header)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - expect(Browser.client.authenticate(res, credentials2, artifacts)).to.equal(true); - done(); - }); - }); - }); - - it('generates a header with stale ts and successfully authenticate on second call', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - Browser.utils.setNtpOffset(60 * 60 * 1000); - var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }); - req.authorization = header.field; - expect(req.authorization).to.exist(); - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Stale timestamp'); - - var res = { - headers: { - 'www-authenticate': err.output.headers['WWW-Authenticate'] - }, - getResponseHeader: function (lookup) { - - return res.headers[lookup.toLowerCase()]; - } - }; - - expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000); - expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true); - expect(Browser.utils.getNtpOffset()).to.equal(0); - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field; - expect(req.authorization).to.exist(); - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials3, artifacts3) { - - expect(err).to.not.exist(); - expect(credentials3.user).to.equal('steve'); - expect(artifacts3.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - }); - - it('generates a header with stale ts and successfully authenticate on second call (manual localStorage)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - var localStorage = new Browser.internals.LocalStorage(); - - Browser.utils.setStorage(localStorage); - - Browser.utils.setNtpOffset(60 * 60 * 1000); - var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }); - req.authorization = header.field; - expect(req.authorization).to.exist(); - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Stale timestamp'); - - var res = { - headers: { - 'www-authenticate': err.output.headers['WWW-Authenticate'] - }, - getResponseHeader: function (lookup) { - - return res.headers[lookup.toLowerCase()]; - } - }; - - expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(60 * 60 * 1000); - expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000); - expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true); - expect(Browser.utils.getNtpOffset()).to.equal(0); - expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(0); - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field; - expect(req.authorization).to.exist(); - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials3, artifacts3) { - - expect(err).to.not.exist(); - expect(credentials3.user).to.equal('steve'); - expect(artifacts3.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - }); - - it('generates a header then fails to parse it (missing server header hash)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts); - expect(res.headers['server-authorization']).to.exist(); - - expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(false); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (with hash)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field; - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - - it('generates a header then successfully parse it then validate payload', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field; - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload('hola!', credentials2, artifacts)).to.be.true(); - expect(Hawk.server.authenticatePayload('hello!', credentials2, artifacts)).to.be.false(); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (app)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased' }).field; - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(artifacts.app).to.equal('asd23ased'); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (app, dlg)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' }).field; - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(artifacts.app).to.equal('asd23ased'); - expect(artifacts.dlg).to.equal('23434szr3q4d'); - done(); - }); - }); - }); - - it('generates a header then fail authentication due to bad hash', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field; - Hawk.server.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials2, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Bad payload hash'); - done(); - }); - }); - }); - - it('generates a header for one resource then fail to authenticate another', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field; - req.url = '/something/else'; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.exist(); - expect(credentials2).to.exist(); - done(); - }); - }); - }); - - describe('client', function () { - - describe('header()', function () { - - it('returns a valid authorization header (sha1)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="'); - done(); - }); - - it('returns a valid authorization header (sha256)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="'); - done(); - }); - - it('returns a valid authorization header (empty payload)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: '' }).field; - expect(header).to.equal('Hawk id=\"123456\", ts=\"1353809207\", nonce=\"Ygvqdz\", hash=\"404ghL7K+hfyhByKKejFBRGgTjU=\", ext=\"Bazinga!\", mac=\"Bh1sj1DOfFRWOdi3ww52nLCJdBE=\"'); - done(); - }); - - it('returns a valid authorization header (no ext)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="'); - done(); - }); - - it('returns a valid authorization header (null ext)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain', ext: null }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="'); - done(); - }); - - it('returns a valid authorization header (uri object)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var uri = Browser.utils.parseUri('https://example.net/somewhere/over/the/rainbow'); - var header = Browser.client.header(uri, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="'); - done(); - }); - - it('errors on missing options', function (done) { - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST'); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on empty uri', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Browser.client.header('', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on invalid uri', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Browser.client.header(4, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on missing method', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', '', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on invalid method', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 5, { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on missing credentials', function (done) { - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { ext: 'Bazinga!', timestamp: 1353809207 }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid credentials object'); - done(); - }); - - it('errors on invalid credentials (id)', function (done) { - - var credentials = { - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid credentials object'); - done(); - }); - - it('errors on invalid credentials (key)', function (done) { - - var credentials = { - id: '123456', - algorithm: 'sha256' - }; - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid credentials object'); - done(); - }); - - it('errors on invalid algorithm', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'hmac-sha-0' - }; - - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Unknown algorithm'); - done(); - }); - - it('uses a pre-calculated payload hash', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var options = { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }; - options.hash = Browser.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType); - var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', options).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="'); - done(); - }); - }); - - describe('authenticate()', function () { - - it('skips tsm validation when missing ts', function (done) { - - var res = { - headers: { - 'www-authenticate': 'Hawk error="Stale timestamp"' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var artifacts = { - ts: 1402135580, - nonce: 'iBRB6t', - method: 'GET', - resource: '/resource/4?filter=a', - host: 'example.com', - port: '8080', - ext: 'some-app-data' - }; - - expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true); - done(); - }); - - it('returns false on invalid header', function (done) { - - var res = { - headers: { - 'server-authorization': 'Hawk mac="abc", bad="xyz"' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - expect(Browser.client.authenticate(res, {})).to.equal(false); - done(); - }); - - it('returns false on invalid mac', function (done) { - - var res = { - headers: { - 'content-type': 'text/plain', - 'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1362336900', - nonce: 'eb5S_L', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - app: undefined, - dlg: undefined, - mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=', - id: '123456' - }; - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(false); - done(); - }); - - it('returns true on ignoring hash', function (done) { - - var res = { - headers: { - 'content-type': 'text/plain', - 'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1362336900', - nonce: 'eb5S_L', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - app: undefined, - dlg: undefined, - mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=', - id: '123456' - }; - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true); - done(); - }); - - it('errors on invalid WWW-Authenticate header format', function (done) { - - var res = { - headers: { - 'www-authenticate': 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - expect(Browser.client.authenticate(res, {})).to.equal(false); - done(); - }); - - it('errors on invalid WWW-Authenticate header format', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var res = { - headers: { - 'www-authenticate': 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"' - }, - getResponseHeader: function (header) { - - return res.headers[header.toLowerCase()]; - } - }; - - expect(Browser.client.authenticate(res, credentials)).to.equal(false); - done(); - }); - }); - - describe('message()', function () { - - it('generates an authorization then successfully parse it', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - done(); - }); - }); - }); - - it('generates an authorization using custom nonce/timestamp', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials, nonce: 'abc123', timestamp: 1398536270957 }); - expect(auth).to.exist(); - expect(auth.nonce).to.equal('abc123'); - expect(auth.ts).to.equal(1398536270957); - done(); - }); - }); - - it('errors on missing host', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Browser.client.message(null, 8080, 'some message', { credentials: credentials }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on invalid host', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Browser.client.message(5, 8080, 'some message', { credentials: credentials }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on missing port', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Browser.client.message('example.com', 0, 'some message', { credentials: credentials }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on invalid port', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Browser.client.message('example.com', 'a', 'some message', { credentials: credentials }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on missing message', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Browser.client.message('example.com', 8080, undefined, { credentials: credentials }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on null message', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Browser.client.message('example.com', 8080, null, { credentials: credentials }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on invalid message', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Browser.client.message('example.com', 8080, 5, { credentials: credentials }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on missing credentials', function (done) { - - var auth = Browser.client.message('example.com', 8080, 'some message', {}); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on missing options', function (done) { - - var auth = Browser.client.message('example.com', 8080, 'some message'); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on invalid credentials (id)', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var creds = Hoek.clone(credentials); - delete creds.id; - var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on invalid credentials (key)', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var creds = Hoek.clone(credentials); - delete creds.key; - var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('errors on invalid algorithm', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var creds = Hoek.clone(credentials); - creds.algorithm = 'blah'; - var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds }); - expect(auth).to.not.exist(); - done(); - }); - }); - }); - - describe('authenticateTimestamp()', function (done) { - - it('validates a timestamp', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var tsm = Hawk.crypto.timestampMessage(credentials); - expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(true); - done(); - }); - }); - - it('validates a timestamp without updating local time', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var offset = Browser.utils.getNtpOffset(); - var tsm = Hawk.crypto.timestampMessage(credentials, 10000); - expect(Browser.client.authenticateTimestamp(tsm, credentials, false)).to.equal(true); - expect(offset).to.equal(Browser.utils.getNtpOffset()); - done(); - }); - }); - - it('detects a bad timestamp', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var tsm = Hawk.crypto.timestampMessage(credentials); - tsm.ts = 4; - expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(false); - done(); - }); - }); - }); - }); - - describe('internals', function () { - - describe('LocalStorage', function () { - - it('goes through the full lifecycle', function (done) { - - var storage = new Browser.internals.LocalStorage(); - expect(storage.length).to.equal(0); - expect(storage.getItem('a')).to.equal(null); - storage.setItem('a', 5); - expect(storage.length).to.equal(1); - expect(storage.key()).to.equal('a'); - expect(storage.key(0)).to.equal('a'); - expect(storage.getItem('a')).to.equal('5'); - storage.setItem('b', 'test'); - expect(storage.key()).to.equal('a'); - expect(storage.key(0)).to.equal('a'); - expect(storage.key(1)).to.equal('b'); - expect(storage.length).to.equal(2); - expect(storage.getItem('b')).to.equal('test'); - storage.removeItem('a'); - expect(storage.length).to.equal(1); - expect(storage.getItem('a')).to.equal(null); - expect(storage.getItem('b')).to.equal('test'); - storage.clear(); - expect(storage.length).to.equal(0); - expect(storage.getItem('a')).to.equal(null); - expect(storage.getItem('b')).to.equal(null); - done(); - }); - }); - }); - - describe('utils', function () { - - describe('setStorage()', function () { - - it('sets storage for the first time', function (done) { - - Browser.utils.storage = new Browser.internals.LocalStorage(); // Reset state - - expect(Browser.utils.storage.getItem('hawk_ntp_offset')).to.not.exist(); - Browser.utils.storage.setItem('test', '1'); - Browser.utils.setStorage(new Browser.internals.LocalStorage()); - expect(Browser.utils.storage.getItem('test')).to.not.exist(); - Browser.utils.storage.setItem('test', '2'); - expect(Browser.utils.storage.getItem('test')).to.equal('2'); - done(); - }); - }); - - describe('setNtpOffset()', function (done) { - - it('catches localStorage errors', { parallel: false }, function (done) { - - var orig = Browser.utils.storage.setItem; - var consoleOrig = console.error; - var count = 0; - console.error = function () { - - if (count++ === 2) { - - console.error = consoleOrig; - } - }; - - Browser.utils.storage.setItem = function () { - - Browser.utils.storage.setItem = orig; - throw new Error(); - }; - - expect(function () { - - Browser.utils.setNtpOffset(100); - }).not.to.throw(); - - done(); - }); - }); - - describe('parseAuthorizationHeader()', function (done) { - - it('returns null on missing header', function (done) { - - expect(Browser.utils.parseAuthorizationHeader()).to.equal(null); - done(); - }); - - it('returns null on bad header syntax (structure)', function (done) { - - expect(Browser.utils.parseAuthorizationHeader('Hawk')).to.equal(null); - done(); - }); - - it('returns null on bad header syntax (parts)', function (done) { - - expect(Browser.utils.parseAuthorizationHeader(' ')).to.equal(null); - done(); - }); - - it('returns null on bad scheme name', function (done) { - - expect(Browser.utils.parseAuthorizationHeader('Basic asdasd')).to.equal(null); - done(); - }); - - it('returns null on bad attribute value', function (done) { - - expect(Browser.utils.parseAuthorizationHeader('Hawk test="\t"', ['test'])).to.equal(null); - done(); - }); - - it('returns null on duplicated attribute', function (done) { - - expect(Browser.utils.parseAuthorizationHeader('Hawk test="a", test="b"', ['test'])).to.equal(null); - done(); - }); - }); - - describe('parseUri()', function () { - - it('returns empty object on invalid', function (done) { - - var uri = Browser.utils.parseUri('ftp'); - expect(uri).to.deep.equal({ host: '', port: '', resource: '' }); - done(); - }); - - it('returns empty port when unknown scheme', function (done) { - - var uri = Browser.utils.parseUri('ftp://example.com'); - expect(uri.port).to.equal(''); - done(); - }); - - it('returns default port when missing', function (done) { - - var uri = Browser.utils.parseUri('http://example.com'); - expect(uri.port).to.equal('80'); - done(); - }); - - it('handles unusual characters correctly', function (done) { - - var parts = { - protocol: 'http+vnd.my-extension', - user: 'user!$&\'()*+,;=%40my-domain.com', - password: 'pass!$&\'()*+,;=%40:word', - hostname: 'foo-bar.com', - port: '99', - pathname: '/path/%40/!$&\'()*+,;=:@/', - query: 'query%40/!$&\'()*+,;=:@/?', - fragment: 'fragm%40/!$&\'()*+,;=:@/?' - }; - - parts.userInfo = parts.user + ':' + parts.password; - parts.authority = parts.userInfo + '@' + parts.hostname + ':' + parts.port; - parts.relative = parts.pathname + '?' + parts.query; - parts.resource = parts.relative + '#' + parts.fragment; - parts.source = parts.protocol + '://' + parts.authority + parts.resource; - - var uri = Browser.utils.parseUri(parts.source); - expect(uri.host).to.equal('foo-bar.com'); - expect(uri.port).to.equal('99'); - expect(uri.resource).to.equal(parts.pathname + '?' + parts.query); - done(); - }); - }); - - var str = 'https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=url'; - var base64str = 'aHR0cHM6Ly93d3cuZ29vZ2xlLmNhL3dlYmhwP3NvdXJjZWlkPWNocm9tZS1pbnN0YW50Jmlvbj0xJmVzcHY9MiZpZT1VVEYtOCNxPXVybA'; - - describe('base64urlEncode()', function () { - - it('should base64 URL-safe decode a string', function (done) { - - expect(Browser.utils.base64urlEncode(str)).to.equal(base64str); - done(); - }); - }); - }); -}); diff --git a/deps/npm/node_modules/hawk/test/client.js b/deps/npm/node_modules/hawk/test/client.js deleted file mode 100755 index d6be231ae8..0000000000 --- a/deps/npm/node_modules/hawk/test/client.js +++ /dev/null @@ -1,440 +0,0 @@ -// Load modules - -var Url = require('url'); -var Code = require('code'); -var Hawk = require('../lib'); -var Lab = require('lab'); - - -// Declare internals - -var internals = {}; - - -// Test shortcuts - -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - - -describe('Client', function () { - - describe('header()', function () { - - it('returns a valid authorization header (sha1)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var header = Hawk.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="'); - done(); - }); - - it('returns a valid authorization header (sha256)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="'); - done(); - }); - - it('returns a valid authorization header (no ext)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="'); - done(); - }); - - it('returns a valid authorization header (null ext)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain', ext: null }).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="'); - done(); - }); - - it('returns a valid authorization header (empty payload)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: '', contentType: 'text/plain' }).field; - expect(header).to.equal('Hawk id=\"123456\", ts=\"1353809207\", nonce=\"Ygvqdz\", hash=\"q/t+NNAkQZNlq/aAD6PlexImwQTxwgT2MahfTa9XRLA=\", mac=\"U5k16YEzn3UnBHKeBzsDXn067Gu3R4YaY6xOt9PYRZM=\"'); - done(); - }); - - it('returns a valid authorization header (pre hashed payload)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var options = { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }; - options.hash = Hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType); - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', options).field; - expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="'); - done(); - }); - - it('errors on missing uri', function (done) { - - var header = Hawk.client.header('', 'POST'); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on invalid uri', function (done) { - - var header = Hawk.client.header(4, 'POST'); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on missing method', function (done) { - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', ''); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on invalid method', function (done) { - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 5); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on missing options', function (done) { - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST'); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid argument type'); - done(); - }); - - it('errors on invalid credentials (id)', function (done) { - - var credentials = { - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid credential object'); - done(); - }); - - it('errors on missing credentials', function (done) { - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { ext: 'Bazinga!', timestamp: 1353809207 }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid credential object'); - done(); - }); - - it('errors on invalid credentials', function (done) { - - var credentials = { - id: '123456', - algorithm: 'sha256' - }; - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Invalid credential object'); - done(); - }); - - it('errors on invalid algorithm', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'hmac-sha-0' - }; - - var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 }); - expect(header.field).to.equal(''); - expect(header.err).to.equal('Unknown algorithm'); - done(); - }); - }); - - describe('authenticate()', function () { - - it('returns false on invalid header', function (done) { - - var res = { - headers: { - 'server-authorization': 'Hawk mac="abc", bad="xyz"' - } - }; - - expect(Hawk.client.authenticate(res, {})).to.equal(false); - done(); - }); - - it('returns false on invalid mac', function (done) { - - var res = { - headers: { - 'content-type': 'text/plain', - 'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"' - } - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1362336900', - nonce: 'eb5S_L', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - app: undefined, - dlg: undefined, - mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=', - id: '123456' - }; - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(false); - done(); - }); - - it('returns true on ignoring hash', function (done) { - - var res = { - headers: { - 'content-type': 'text/plain', - 'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"' - } - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1362336900', - nonce: 'eb5S_L', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - app: undefined, - dlg: undefined, - mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=', - id: '123456' - }; - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(true); - done(); - }); - - it('fails on invalid WWW-Authenticate header format', function (done) { - - var header = 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"'; - expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, {})).to.equal(false); - done(); - }); - - it('fails on invalid WWW-Authenticate header format', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var header = 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"'; - expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, credentials)).to.equal(false); - done(); - }); - - it('skips tsm validation when missing ts', function (done) { - - var header = 'Hawk error="Stale timestamp"'; - expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, {})).to.equal(true); - done(); - }); - }); - - describe('message()', function () { - - it('generates authorization', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.exist(); - expect(auth.ts).to.equal(1353809207); - expect(auth.nonce).to.equal('abc123'); - done(); - }); - - it('errors on invalid host', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message(5, 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on invalid port', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', '80', 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on missing host', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', 0, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on null message', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', 80, null, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on missing message', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', 80, undefined, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on invalid message', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', 80, 5, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on missing options', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', 80, 'I am the boodyman'); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on invalid credentials (id)', function (done) { - - var credentials = { - key: '2983d45yun89q', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.not.exist(); - done(); - }); - - it('errors on invalid credentials (key)', function (done) { - - var credentials = { - id: '123456', - algorithm: 'sha1' - }; - - var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' }); - expect(auth).to.not.exist(); - done(); - }); - }); -}); diff --git a/deps/npm/node_modules/hawk/test/crypto.js b/deps/npm/node_modules/hawk/test/crypto.js deleted file mode 100755 index 1131628bfb..0000000000 --- a/deps/npm/node_modules/hawk/test/crypto.js +++ /dev/null @@ -1,70 +0,0 @@ -// Load modules - -var Code = require('code'); -var Hawk = require('../lib'); -var Lab = require('lab'); - - -// Declare internals - -var internals = {}; - - -// Test shortcuts - -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - - -describe('Crypto', function () { - - describe('generateNormalizedString()', function () { - - it('should return a valid normalized string', function (done) { - - expect(Hawk.crypto.generateNormalizedString('header', { - ts: 1357747017, - nonce: 'k3k4j5', - method: 'GET', - resource: '/resource/something', - host: 'example.com', - port: 8080 - })).to.equal('hawk.1.header\n1357747017\nk3k4j5\nGET\n/resource/something\nexample.com\n8080\n\n\n'); - - done(); - }); - - it('should return a valid normalized string (ext)', function (done) { - - expect(Hawk.crypto.generateNormalizedString('header', { - ts: 1357747017, - nonce: 'k3k4j5', - method: 'GET', - resource: '/resource/something', - host: 'example.com', - port: 8080, - ext: 'this is some app data' - })).to.equal('hawk.1.header\n1357747017\nk3k4j5\nGET\n/resource/something\nexample.com\n8080\n\nthis is some app data\n'); - - done(); - }); - - it('should return a valid normalized string (payload + ext)', function (done) { - - expect(Hawk.crypto.generateNormalizedString('header', { - ts: 1357747017, - nonce: 'k3k4j5', - method: 'GET', - resource: '/resource/something', - host: 'example.com', - port: 8080, - hash: 'U4MKKSmiVxk37JCCrAVIjV/OhB3y+NdwoCr6RShbVkE=', - ext: 'this is some app data' - })).to.equal('hawk.1.header\n1357747017\nk3k4j5\nGET\n/resource/something\nexample.com\n8080\nU4MKKSmiVxk37JCCrAVIjV/OhB3y+NdwoCr6RShbVkE=\nthis is some app data\n'); - - done(); - }); - }); -}); diff --git a/deps/npm/node_modules/hawk/test/index.js b/deps/npm/node_modules/hawk/test/index.js deleted file mode 100755 index e67afab573..0000000000 --- a/deps/npm/node_modules/hawk/test/index.js +++ /dev/null @@ -1,378 +0,0 @@ -// Load modules - -var Url = require('url'); -var Code = require('code'); -var Hawk = require('../lib'); -var Lab = require('lab'); - - -// Declare internals - -var internals = {}; - - -// Test shortcuts - -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - - -describe('Hawk', function () { - - var credentialsFunc = function (id, callback) { - - var credentials = { - id: id, - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: (id === '1' ? 'sha1' : 'sha256'), - user: 'steve' - }; - - return callback(null, credentials); - }; - - it('generates a header then successfully parse it (configuration)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Hawk.client.header(Url.parse('http://example.com:8080/resource/4?filter=a'), req.method, { credentials: credentials1, ext: 'some-app-data' }).field; - expect(req.authorization).to.exist(); - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (node request)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - } - }; - - res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(res.headers['server-authorization']).to.exist(); - - expect(Hawk.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (absolute request uri)', function (done) { - - var req = { - method: 'POST', - url: 'http://example.com:8080/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - } - }; - - res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(res.headers['server-authorization']).to.exist(); - - expect(Hawk.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (no server header options)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - } - }; - - res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts); - expect(res.headers['server-authorization']).to.exist(); - - expect(Hawk.client.authenticate(res, credentials2, artifacts)).to.equal(true); - done(); - }); - }); - }); - - it('generates a header then fails to parse it (missing server header hash)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:8080', - 'content-type': 'text/plain;x=y' - } - }; - - var payload = 'some not so random text'; - - credentialsFunc('123456', function (err, credentials1) { - - var reqHeader = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] }); - req.headers.authorization = reqHeader.field; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true); - - var res = { - headers: { - 'content-type': 'text/plain' - } - }; - - res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts); - expect(res.headers['server-authorization']).to.exist(); - - expect(Hawk.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(false); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (with hash)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field; - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - - it('generates a header then successfully parse it then validate payload', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field; - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(Hawk.server.authenticatePayload('hola!', credentials2, artifacts)).to.be.true(); - expect(Hawk.server.authenticatePayload('hello!', credentials2, artifacts)).to.be.false(); - done(); - }); - }); - }); - - it('generates a header then successfully parses and validates payload', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field; - Hawk.server.authenticate(req, credentialsFunc, { payload: 'hola!' }, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (app)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased' }).field; - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(artifacts.app).to.equal('asd23ased'); - done(); - }); - }); - }); - - it('generates a header then successfully parse it (app, dlg)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' }).field; - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(artifacts.ext).to.equal('some-app-data'); - expect(artifacts.app).to.equal('asd23ased'); - expect(artifacts.dlg).to.equal('23434szr3q4d'); - done(); - }); - }); - }); - - it('generates a header then fail authentication due to bad hash', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field; - Hawk.server.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials2, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Bad payload hash'); - done(); - }); - }); - }); - - it('generates a header for one resource then fail to authenticate another', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - credentialsFunc('123456', function (err, credentials1) { - - req.authorization = Hawk.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field; - req.url = '/something/else'; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) { - - expect(err).to.exist(); - expect(credentials2).to.exist(); - done(); - }); - }); - }); -}); diff --git a/deps/npm/node_modules/hawk/test/readme.js b/deps/npm/node_modules/hawk/test/readme.js deleted file mode 100755 index 7a343f5e21..0000000000 --- a/deps/npm/node_modules/hawk/test/readme.js +++ /dev/null @@ -1,94 +0,0 @@ -// Load modules - -var Code = require('code'); -var Hawk = require('../lib'); -var Hoek = require('hoek'); -var Lab = require('lab'); - - -// Declare internals - -var internals = {}; - - -// Test shortcuts - -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - - -describe('README', function () { - - describe('core', function () { - - var credentials = { - id: 'dh37fgj492je', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256' - }; - - var options = { - credentials: credentials, - timestamp: 1353832234, - nonce: 'j4h3g2', - ext: 'some-app-ext-data' - }; - - it('should generate a header protocol example', function (done) { - - var header = Hawk.client.header('http://example.com:8000/resource/1?b=1&a=2', 'GET', options).field; - - expect(header).to.equal('Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", ext="some-app-ext-data", mac="6R4rV5iE+NPoym+WwjeHzjAGXUtLNIxmo1vpMofpLAE="'); - done(); - }); - - it('should generate a normalized string protocol example', function (done) { - - var normalized = Hawk.crypto.generateNormalizedString('header', { - credentials: credentials, - ts: options.timestamp, - nonce: options.nonce, - method: 'GET', - resource: '/resource?a=1&b=2', - host: 'example.com', - port: 8000, - ext: options.ext - }); - - expect(normalized).to.equal('hawk.1.header\n1353832234\nj4h3g2\nGET\n/resource?a=1&b=2\nexample.com\n8000\n\nsome-app-ext-data\n'); - done(); - }); - - var payloadOptions = Hoek.clone(options); - payloadOptions.payload = 'Thank you for flying Hawk'; - payloadOptions.contentType = 'text/plain'; - - it('should generate a header protocol example (with payload)', function (done) { - - var header = Hawk.client.header('http://example.com:8000/resource/1?b=1&a=2', 'POST', payloadOptions).field; - - expect(header).to.equal('Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", hash="Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=", ext="some-app-ext-data", mac="aSe1DERmZuRl3pI36/9BdZmnErTw3sNzOOAUlfeKjVw="'); - done(); - }); - - it('should generate a normalized string protocol example (with payload)', function (done) { - - var normalized = Hawk.crypto.generateNormalizedString('header', { - credentials: credentials, - ts: options.timestamp, - nonce: options.nonce, - method: 'POST', - resource: '/resource?a=1&b=2', - host: 'example.com', - port: 8000, - hash: Hawk.crypto.calculatePayloadHash(payloadOptions.payload, credentials.algorithm, payloadOptions.contentType), - ext: options.ext - }); - - expect(normalized).to.equal('hawk.1.header\n1353832234\nj4h3g2\nPOST\n/resource?a=1&b=2\nexample.com\n8000\nYi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=\nsome-app-ext-data\n'); - done(); - }); - }); -}); diff --git a/deps/npm/node_modules/hawk/test/server.js b/deps/npm/node_modules/hawk/test/server.js deleted file mode 100755 index 0fdf13d435..0000000000 --- a/deps/npm/node_modules/hawk/test/server.js +++ /dev/null @@ -1,1328 +0,0 @@ -// Load modules - -var Url = require('url'); -var Code = require('code'); -var Hawk = require('../lib'); -var Hoek = require('hoek'); -var Lab = require('lab'); - - -// Declare internals - -var internals = {}; - - -// Test shortcuts - -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - - -describe('Server', function () { - - var credentialsFunc = function (id, callback) { - - var credentials = { - id: id, - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: (id === '1' ? 'sha1' : 'sha256'), - user: 'steve' - }; - - return callback(null, credentials); - }; - - describe('authenticate()', function () { - - it('parses a valid authentication header (sha1)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="1", ts="1353788437", nonce="k3j4h2", mac="zy79QQ5/EYFmQqutVnYb73gAc/U=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.not.exist(); - expect(credentials.user).to.equal('steve'); - done(); - }); - }); - - it('parses a valid authentication header (sha256)', function (done) { - - var req = { - method: 'GET', - url: '/resource/1?b=1&a=2', - host: 'example.com', - port: 8000, - authorization: 'Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", mac="m8r1rHbXN6NgO+KIIhjO7sFRyd78RNGVUwehe8Cp2dU=", ext="some-app-data"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353832234000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.not.exist(); - expect(credentials.user).to.equal('steve'); - done(); - }); - }); - - it('parses a valid authentication header (host override)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - headers: { - host: 'example1.com:8080', - authorization: 'Hawk id="1", ts="1353788437", nonce="k3j4h2", mac="zy79QQ5/EYFmQqutVnYb73gAc/U=", ext="hello"' - } - }; - - Hawk.server.authenticate(req, credentialsFunc, { host: 'example.com', localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.not.exist(); - expect(credentials.user).to.equal('steve'); - done(); - }); - }); - - it('parses a valid authentication header (host port override)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - headers: { - host: 'example1.com:80', - authorization: 'Hawk id="1", ts="1353788437", nonce="k3j4h2", mac="zy79QQ5/EYFmQqutVnYb73gAc/U=", ext="hello"' - } - }; - - Hawk.server.authenticate(req, credentialsFunc, { host: 'example.com', port: 8080, localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.not.exist(); - expect(credentials.user).to.equal('steve'); - done(); - }); - }); - - it('parses a valid authentication header (POST with payload)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123456", ts="1357926341", nonce="1AwuJD", hash="qAiXIVv+yjDATneWxZP2YCTa9aHRgQdnH9b3Wc+o3dg=", ext="some-app-data", mac="UeYcj5UoTVaAWXNvJfLVia7kU3VabxCqrccXP8sUGC4="' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1357926341000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.not.exist(); - expect(credentials.user).to.equal('steve'); - done(); - }); - }); - - it('errors on missing hash', function (done) { - - var req = { - method: 'GET', - url: '/resource/1?b=1&a=2', - host: 'example.com', - port: 8000, - authorization: 'Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", mac="m8r1rHbXN6NgO+KIIhjO7sFRyd78RNGVUwehe8Cp2dU=", ext="some-app-data"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { payload: 'body', localtimeOffsetMsec: 1353832234000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Missing required payload hash'); - done(); - }); - }); - - it('errors on a stale timestamp', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123456", ts="1362337299", nonce="UzmxSs", ext="some-app-data", mac="wnNUxchvvryMH2RxckTdZ/gY3ijzvccx4keVvELC61w="' - }; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Stale timestamp'); - var header = err.output.headers['WWW-Authenticate']; - var ts = header.match(/^Hawk ts\=\"(\d+)\"\, tsm\=\"([^\"]+)\"\, error=\"Stale timestamp\"$/); - var now = Hawk.utils.now(); - expect(parseInt(ts[1], 10) * 1000).to.be.within(now - 1000, now + 1000); - - var res = { - headers: { - 'www-authenticate': header - } - }; - - expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(true); - done(); - }); - }); - - it('errors on a replay', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="bXx7a7p1h9QYQNZ8x7QhvDQym8ACgab4m3lVSFn4DBw=", ext="hello"' - }; - - var memoryCache = {}; - var options = { - localtimeOffsetMsec: 1353788437000 - Hawk.utils.now(), - nonceFunc: function (key, nonce, ts, callback) { - - if (memoryCache[key + nonce]) { - return callback(new Error()); - } - - memoryCache[key + nonce] = true; - return callback(); - } - }; - - Hawk.server.authenticate(req, credentialsFunc, options, function (err, credentials1, artifacts1) { - - expect(err).to.not.exist(); - expect(credentials1.user).to.equal('steve'); - - Hawk.server.authenticate(req, credentialsFunc, options, function (err, credentials2, artifacts2) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid nonce'); - done(); - }); - }); - }); - - it('does not error on nonce collision if keys differ', function (done) { - - var reqSteve = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="bXx7a7p1h9QYQNZ8x7QhvDQym8ACgab4m3lVSFn4DBw=", ext="hello"' - }; - - var reqBob = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="456", ts="1353788437", nonce="k3j4h2", mac="LXfmTnRzrLd9TD7yfH+4se46Bx6AHyhpM94hLCiNia4=", ext="hello"' - }; - - var credentialsFuncion = function (id, callback) { - - var credentials = { - '123': { - id: id, - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: (id === '1' ? 'sha1' : 'sha256'), - user: 'steve' - }, - '456': { - id: id, - key: 'xrunpaw3489ruxnpa98w4rxnwerxhqb98rpaxn39848', - algorithm: (id === '1' ? 'sha1' : 'sha256'), - user: 'bob' - } - }; - - return callback(null, credentials[id]); - }; - - var memoryCache = {}; - var options = { - localtimeOffsetMsec: 1353788437000 - Hawk.utils.now(), - nonceFunc: function (key, nonce, ts, callback) { - - if (memoryCache[key + nonce]) { - return callback(new Error()); - } - - memoryCache[key + nonce] = true; - return callback(); - } - }; - - Hawk.server.authenticate(reqSteve, credentialsFuncion, options, function (err, credentials1, artifacts1) { - - expect(err).to.not.exist(); - expect(credentials1.user).to.equal('steve'); - - Hawk.server.authenticate(reqBob, credentialsFuncion, options, function (err, credentials2, artifacts2) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('bob'); - done(); - }); - }); - }); - - it('errors on an invalid authentication header: wrong scheme', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Basic asdasdasdasd' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.not.exist(); - done(); - }); - }); - - it('errors on an invalid authentication header: no scheme', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: '!@#' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid header syntax'); - done(); - }); - }); - - it('errors on an missing authorization header', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.isMissing).to.equal(true); - done(); - }); - }); - - it('errors on an missing host header', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - headers: { - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - } - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid Host header'); - done(); - }); - }); - - it('errors on an missing authorization attribute (id)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Missing attributes'); - done(); - }); - }); - - it('errors on an missing authorization attribute (ts)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Missing attributes'); - done(); - }); - }); - - it('errors on an missing authorization attribute (nonce)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Missing attributes'); - done(); - }); - }); - - it('errors on an missing authorization attribute (mac)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Missing attributes'); - done(); - }); - }); - - it('errors on an unknown authorization attribute', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", x="3", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Unknown attribute: x'); - done(); - }); - }); - - it('errors on an bad authorization header format', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123\\", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Bad header format'); - done(); - }); - }); - - it('errors on an bad authorization attribute value', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="\t", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Bad attribute value: id'); - done(); - }); - }); - - it('errors on an empty authorization attribute value', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Bad attribute value: id'); - done(); - }); - }); - - it('errors on duplicated authorization attribute key', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", id="456", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Duplicate attribute: id'); - done(); - }); - }); - - it('errors on an invalid authorization header format', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk' - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid header syntax'); - done(); - }); - }); - - it('errors on an bad host header (missing host)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - headers: { - host: ':8080', - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - } - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid Host header'); - done(); - }); - }); - - it('errors on an bad host header (pad port)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - headers: { - host: 'example.com:something', - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - } - }; - - Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid Host header'); - done(); - }); - }); - - it('errors on credentialsFunc error', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - var credentialsFuncion = function (id, callback) { - - return callback(new Error('Unknown user')); - }; - - Hawk.server.authenticate(req, credentialsFuncion, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.message).to.equal('Unknown user'); - done(); - }); - }); - - it('errors on credentialsFunc error (with credentials)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - var credentialsFuncion = function (id, callback) { - - return callback(new Error('Unknown user'), { some: 'value' }); - }; - - Hawk.server.authenticate(req, credentialsFuncion, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.message).to.equal('Unknown user'); - expect(credentials.some).to.equal('value'); - done(); - }); - }); - - it('errors on missing credentials', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - var credentialsFuncion = function (id, callback) { - - return callback(null, null); - }; - - Hawk.server.authenticate(req, credentialsFuncion, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Unknown credentials'); - done(); - }); - }); - - it('errors on invalid credentials (id)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - var credentialsFuncion = function (id, callback) { - - var credentials = { - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - user: 'steve' - }; - - return callback(null, credentials); - }; - - Hawk.server.authenticate(req, credentialsFuncion, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid credentials'); - expect(err.output.payload.message).to.equal('An internal server error occurred'); - done(); - }); - }); - - it('errors on invalid credentials (key)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - var credentialsFuncion = function (id, callback) { - - var credentials = { - id: '23434d3q4d5345d', - user: 'steve' - }; - - return callback(null, credentials); - }; - - Hawk.server.authenticate(req, credentialsFuncion, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid credentials'); - expect(err.output.payload.message).to.equal('An internal server error occurred'); - done(); - }); - }); - - it('errors on unknown credentials algorithm', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - var credentialsFuncion = function (id, callback) { - - var credentials = { - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'hmac-sha-0', - user: 'steve' - }; - - return callback(null, credentials); - }; - - Hawk.server.authenticate(req, credentialsFuncion, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.message).to.equal('Unknown algorithm'); - expect(err.output.payload.message).to.equal('An internal server error occurred'); - done(); - }); - }); - - it('errors on unknown bad mac', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080, - authorization: 'Hawk id="123", ts="1353788437", nonce="k3j4h2", mac="/qwS4UjfVWMcU4jlr7T/wuKe3dKijvTvSos=", ext="hello"' - }; - - var credentialsFuncion = function (id, callback) { - - var credentials = { - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - return callback(null, credentials); - }; - - Hawk.server.authenticate(req, credentialsFuncion, { localtimeOffsetMsec: 1353788437000 - Hawk.utils.now() }, function (err, credentials, artifacts) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Bad mac'); - done(); - }); - }); - }); - - describe('header()', function () { - - it('generates header', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1398546787', - nonce: 'xUwusx', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - mac: 'dvIvMThwi28J61Jc3P0ryAhuKpanU63GXdx6hkmQkJA=', - id: '123456' - }; - - var header = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal('Hawk mac=\"n14wVJK4cOxAytPUMc5bPezQzuJGl5n7MYXhFQgEKsE=\", hash=\"f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=\", ext=\"response-specific\"'); - done(); - }); - - it('generates header (empty payload)', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1398546787', - nonce: 'xUwusx', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - mac: 'dvIvMThwi28J61Jc3P0ryAhuKpanU63GXdx6hkmQkJA=', - id: '123456' - }; - - var header = Hawk.server.header(credentials, artifacts, { payload: '', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal('Hawk mac=\"i8/kUBDx0QF+PpCtW860kkV/fa9dbwEoe/FpGUXowf0=\", hash=\"q/t+NNAkQZNlq/aAD6PlexImwQTxwgT2MahfTa9XRLA=\", ext=\"response-specific\"'); - done(); - }); - - it('generates header (pre calculated hash)', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1398546787', - nonce: 'xUwusx', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - mac: 'dvIvMThwi28J61Jc3P0ryAhuKpanU63GXdx6hkmQkJA=', - id: '123456' - }; - - var options = { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }; - options.hash = Hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType); - var header = Hawk.server.header(credentials, artifacts, options); - expect(header).to.equal('Hawk mac=\"n14wVJK4cOxAytPUMc5bPezQzuJGl5n7MYXhFQgEKsE=\", hash=\"f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=\", ext=\"response-specific\"'); - done(); - }); - - it('generates header (null ext)', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1398546787', - nonce: 'xUwusx', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - mac: 'dvIvMThwi28J61Jc3P0ryAhuKpanU63GXdx6hkmQkJA=', - id: '123456' - }; - - var header = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: null }); - expect(header).to.equal('Hawk mac=\"6PrybJTJs20jsgBw5eilXpcytD8kUbaIKNYXL+6g0ns=\", hash=\"f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=\"'); - done(); - }); - - it('errors on missing artifacts', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var header = Hawk.server.header(credentials, null, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); - done(); - }); - - it('errors on invalid artifacts', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'steve' - }; - - var header = Hawk.server.header(credentials, 5, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); - done(); - }); - - it('errors on missing credentials', function (done) { - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1398546787', - nonce: 'xUwusx', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - mac: 'dvIvMThwi28J61Jc3P0ryAhuKpanU63GXdx6hkmQkJA=', - id: '123456' - }; - - var header = Hawk.server.header(null, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); - done(); - }); - - it('errors on invalid credentials (key)', function (done) { - - var credentials = { - id: '123456', - algorithm: 'sha256', - user: 'steve' - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1398546787', - nonce: 'xUwusx', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - mac: 'dvIvMThwi28J61Jc3P0ryAhuKpanU63GXdx6hkmQkJA=', - id: '123456' - }; - - var header = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); - done(); - }); - - it('errors on invalid algorithm', function (done) { - - var credentials = { - id: '123456', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'x', - user: 'steve' - }; - - var artifacts = { - method: 'POST', - host: 'example.com', - port: '8080', - resource: '/resource/4?filter=a', - ts: '1398546787', - nonce: 'xUwusx', - hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=', - ext: 'some-app-data', - mac: 'dvIvMThwi28J61Jc3P0ryAhuKpanU63GXdx6hkmQkJA=', - id: '123456' - }; - - var header = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); - done(); - }); - }); - - describe('authenticateBewit()', function () { - - it('errors on uri too long', function (done) { - - var long = '/'; - for (var i = 0; i < 5000; ++i) { - long += 'x'; - } - - var req = { - method: 'GET', - url: long, - host: 'example.com', - port: 8080, - authorization: 'Hawk id="1", ts="1353788437", nonce="k3j4h2", mac="zy79QQ5/EYFmQqutVnYb73gAc/U=", ext="hello"' - }; - - Hawk.server.authenticateBewit(req, credentialsFunc, {}, function (err, credentials, bewit) { - - expect(err).to.exist(); - expect(err.output.statusCode).to.equal(400); - expect(err.message).to.equal('Resource path exceeds max length'); - done(); - }); - }); - }); - - describe('authenticateMessage()', function () { - - it('errors on invalid authorization (ts)', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - delete auth.ts; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid authorization'); - done(); - }); - }); - }); - - it('errors on invalid authorization (nonce)', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - delete auth.nonce; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid authorization'); - done(); - }); - }); - }); - - it('errors on invalid authorization (hash)', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - delete auth.hash; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid authorization'); - done(); - }); - }); - }); - - it('errors with credentials', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, function (id, callback) { - - callback(new Error('something'), { some: 'value' }); - }, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('something'); - expect(credentials2.some).to.equal('value'); - done(); - }); - }); - }); - - it('errors on nonce collision', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { - nonceFunc: function (key, nonce, ts, nonceCallback) { - - nonceCallback(true); - } - }, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid nonce'); - done(); - }); - }); - }); - - it('should generate an authorization then successfully parse it', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - done(); - }); - }); - }); - - it('should fail authorization on mismatching host', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example1.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Bad mac'); - done(); - }); - }); - }); - - it('should fail authorization on stale timestamp', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { localtimeOffsetMsec: 100000 }, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Stale timestamp'); - done(); - }); - }); - }); - - it('overrides timestampSkewSec', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1, localtimeOffsetMsec: 100000 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { timestampSkewSec: 500 }, function (err, credentials2) { - - expect(err).to.not.exist(); - done(); - }); - }); - }); - - it('should fail authorization on invalid authorization', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - delete auth.id; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid authorization'); - done(); - }); - }); - }); - - it('should fail authorization on bad hash', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message1', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Bad message hash'); - done(); - }); - }); - }); - - it('should fail authorization on nonce error', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { - nonceFunc: function (key, nonce, ts, callback) { - - callback(new Error('kaboom')); - } - }, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid nonce'); - done(); - }); - }); - }); - - it('should fail authorization on credentials error', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - var errFunc = function (id, callback) { - - callback(new Error('kablooey')); - }; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('kablooey'); - done(); - }); - }); - }); - - it('should fail authorization on missing credentials', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - var errFunc = function (id, callback) { - - callback(); - }; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Unknown credentials'); - done(); - }); - }); - }); - - it('should fail authorization on invalid credentials', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - var errFunc = function (id, callback) { - - callback(null, {}); - }; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid credentials'); - done(); - }); - }); - }); - - it('should fail authorization on invalid credentials algorithm', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - var errFunc = function (id, callback) { - - callback(null, { key: '123', algorithm: '456' }); - }; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Unknown algorithm'); - done(); - }); - }); - }); - - it('should fail on missing host', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var auth = Hawk.client.message(null, 8080, 'some message', { credentials: credentials }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('should fail on missing credentials', function (done) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', {}); - expect(auth).to.not.exist(); - done(); - }); - - it('should fail on invalid algorithm', function (done) { - - credentialsFunc('123456', function (err, credentials) { - - var creds = Hoek.clone(credentials); - creds.algorithm = 'blah'; - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: creds }); - expect(auth).to.not.exist(); - done(); - }); - }); - }); - - describe('authenticatePayloadHash()', function () { - - it('checks payload hash', function (done) { - - expect(Hawk.server.authenticatePayloadHash('abcdefg', { hash: 'abcdefg' })).to.equal(true); - expect(Hawk.server.authenticatePayloadHash('1234567', { hash: 'abcdefg' })).to.equal(false); - done(); - }); - }); -}); diff --git a/deps/npm/node_modules/hawk/test/uri.js b/deps/npm/node_modules/hawk/test/uri.js deleted file mode 100755 index 3dc8e6a1c5..0000000000 --- a/deps/npm/node_modules/hawk/test/uri.js +++ /dev/null @@ -1,837 +0,0 @@ -// Load modules - -var Http = require('http'); -var Url = require('url'); -var Code = require('code'); -var Hawk = require('../lib'); -var Hoek = require('hoek'); -var Lab = require('lab'); - - -// Declare internals - -var internals = {}; - - -// Test shortcuts - -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - - -describe('Uri', function () { - - var credentialsFunc = function (id, callback) { - - var credentials = { - id: id, - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: (id === '1' ? 'sha1' : 'sha256'), - user: 'steve' - }; - - return callback(null, credentials); - }; - - it('should generate a bewit then successfully authenticate it', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?a=1&b=2', - host: 'example.com', - port: 80 - }; - - credentialsFunc('123456', function (err, credentials1) { - - var bewit = Hawk.uri.getBewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100, ext: 'some-app-data' }); - req.url += '&bewit=' + bewit; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - expect(attributes.ext).to.equal('some-app-data'); - done(); - }); - }); - }); - - it('should generate a bewit then successfully authenticate it (no ext)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?a=1&b=2', - host: 'example.com', - port: 80 - }; - - credentialsFunc('123456', function (err, credentials1) { - - var bewit = Hawk.uri.getBewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100 }); - req.url += '&bewit=' + bewit; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - done(); - }); - }); - }); - - it('should successfully authenticate a request (last param)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?a=1&b=2&bewit=MTIzNDU2XDQ1MTE0ODQ2MjFcMzFjMmNkbUJFd1NJRVZDOVkva1NFb2c3d3YrdEVNWjZ3RXNmOGNHU2FXQT1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.not.exist(); - expect(credentials.user).to.equal('steve'); - expect(attributes.ext).to.equal('some-app-data'); - done(); - }); - }); - - it('should successfully authenticate a request (first param)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MTE0ODQ2MjFcMzFjMmNkbUJFd1NJRVZDOVkva1NFb2c3d3YrdEVNWjZ3RXNmOGNHU2FXQT1cc29tZS1hcHAtZGF0YQ&a=1&b=2', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.not.exist(); - expect(credentials.user).to.equal('steve'); - expect(attributes.ext).to.equal('some-app-data'); - done(); - }); - }); - - it('should successfully authenticate a request (only param)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MTE0ODQ2NDFcZm1CdkNWT3MvcElOTUUxSTIwbWhrejQ3UnBwTmo4Y1VrSHpQd3Q5OXJ1cz1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.not.exist(); - expect(credentials.user).to.equal('steve'); - expect(attributes.ext).to.equal('some-app-data'); - done(); - }); - }); - - it('should fail on multiple authentication', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MTE0ODQ2NDFcZm1CdkNWT3MvcElOTUUxSTIwbWhrejQ3UnBwTmo4Y1VrSHpQd3Q5OXJ1cz1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080, - authorization: 'Basic asdasdasdasd' - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Multiple authentications'); - done(); - }); - }); - - it('should fail on method other than GET', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - host: 'example.com', - port: 8080 - }; - - var exp = Math.floor(Hawk.utils.now() / 1000) + 60; - var ext = 'some-app-data'; - var mac = Hawk.crypto.calculateMac('bewit', credentials1, { - timestamp: exp, - nonce: '', - method: req.method, - resource: req.url, - host: req.host, - port: req.port, - ext: ext - }); - - var bewit = credentials1.id + '\\' + exp + '\\' + mac + '\\' + ext; - - req.url += '&bewit=' + Hoek.base64urlEncode(bewit); - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid method'); - done(); - }); - }); - }); - - it('should fail on invalid host header', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ', - headers: { - host: 'example.com:something' - } - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid Host header'); - done(); - }); - }); - - it('should fail on empty bewit', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Empty bewit'); - expect(err.isMissing).to.not.exist(); - done(); - }); - }); - - it('should fail on invalid bewit', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=*', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid bewit encoding'); - expect(err.isMissing).to.not.exist(); - done(); - }); - }); - - it('should fail on missing bewit', function (done) { - - var req = { - method: 'GET', - url: '/resource/4', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.not.exist(); - expect(err.isMissing).to.equal(true); - done(); - }); - }); - - it('should fail on invalid bewit structure', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=abc', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Invalid bewit structure'); - done(); - }); - }); - - it('should fail on empty bewit attribute', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=YVxcY1xk', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Missing bewit attributes'); - done(); - }); - }); - - it('should fail on missing bewit id attribute', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=XDQ1NTIxNDc2MjJcK0JFbFhQMXhuWjcvd1Nrbm1ldGhlZm5vUTNHVjZNSlFVRHk4NWpTZVJ4VT1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Missing bewit attributes'); - done(); - }); - }); - - it('should fail on expired access', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?a=1&b=2&bewit=MTIzNDU2XDEzNTY0MTg1ODNcWk1wZlMwWU5KNHV0WHpOMmRucTRydEk3NXNXTjFjeWVITTcrL0tNZFdVQT1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Access expired'); - done(); - }); - }); - - it('should fail on credentials function error', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, function (id, callback) { - - callback(Hawk.error.badRequest('Boom')); - }, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Boom'); - done(); - }); - }); - - it('should fail on credentials function error with credentials', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, function (id, callback) { - - callback(Hawk.error.badRequest('Boom'), { some: 'value' }); - }, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Boom'); - expect(credentials.some).to.equal('value'); - done(); - }); - }); - - it('should fail on null credentials function response', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, function (id, callback) { - - callback(null, null); - }, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Unknown credentials'); - done(); - }); - }); - - it('should fail on invalid credentials function response', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, function (id, callback) { - - callback(null, {}); - }, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid credentials'); - done(); - }); - }); - - it('should fail on invalid credentials function response (unknown algorithm)', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, function (id, callback) { - - callback(null, { key: 'xxx', algorithm: 'xxx' }); - }, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.message).to.equal('Unknown algorithm'); - done(); - }); - }); - - it('should fail on expired access', function (done) { - - var req = { - method: 'GET', - url: '/resource/4?bewit=MTIzNDU2XDQ1MDk5OTE3MTlcTUE2eWkwRWRwR0pEcWRwb0JkYVdvVDJrL0hDSzA1T0Y3MkhuZlVmVy96Zz1cc29tZS1hcHAtZGF0YQ', - host: 'example.com', - port: 8080 - }; - - Hawk.uri.authenticate(req, function (id, callback) { - - callback(null, { key: 'xxx', algorithm: 'sha256' }); - }, {}, function (err, credentials, attributes) { - - expect(err).to.exist(); - expect(err.output.payload.message).to.equal('Bad mac'); - done(); - }); - }); - - describe('getBewit()', function () { - - it('returns a valid bewit value', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6'); - done(); - }); - - it('returns a valid bewit value (explicit port)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit('https://example.com:8080/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcaFpiSjNQMmNLRW80a3kwQzhqa1pBa1J5Q1p1ZWc0V1NOYnhWN3ZxM3hIVT1ceGFuZHlhbmR6'); - done(); - }); - - it('returns a valid bewit value (null ext)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: null }); - expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcSUdZbUxnSXFMckNlOEN4dktQczRKbFdJQStValdKSm91d2dBUmlWaENBZz1c'); - done(); - }); - - it('returns a valid bewit value (parsed uri)', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit(Url.parse('https://example.com/somewhere/over/the/rainbow'), { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6'); - done(); - }); - - it('errors on invalid options', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', 4); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on missing uri', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit('', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on invalid uri', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit(5, { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on invalid credentials (id)', function (done) { - - var credentials = { - key: '2983d45yun89q', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on missing credentials', function (done) { - - var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { ttlSec: 3000, ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on invalid credentials (key)', function (done) { - - var credentials = { - id: '123456', - algorithm: 'sha256' - }; - - var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on invalid algorithm', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'hmac-sha-0' - }; - - var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, ext: 'xandyandz' }); - expect(bewit).to.equal(''); - done(); - }); - - it('errors on missing options', function (done) { - - var credentials = { - id: '123456', - key: '2983d45yun89q', - algorithm: 'hmac-sha-0' - }; - - var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow'); - expect(bewit).to.equal(''); - done(); - }); - }); - - describe('authenticateMessage()', function () { - - it('should generate an authorization then successfully parse it', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.not.exist(); - expect(credentials2.user).to.equal('steve'); - done(); - }); - }); - }); - - it('should fail authorization on mismatching host', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example1.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Bad mac'); - done(); - }); - }); - }); - - it('should fail authorization on stale timestamp', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { localtimeOffsetMsec: 100000 }, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Stale timestamp'); - done(); - }); - }); - }); - - it('overrides timestampSkewSec', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1, localtimeOffsetMsec: 100000 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { timestampSkewSec: 500 }, function (err, credentials2) { - - expect(err).to.not.exist(); - done(); - }); - }); - }); - - it('should fail authorization on invalid authorization', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - delete auth.id; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid authorization'); - done(); - }); - }); - }); - - it('should fail authorization on bad hash', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message1', auth, credentialsFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Bad message hash'); - done(); - }); - }); - }); - - it('should fail authorization on nonce error', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { - nonceFunc: function (key, nonce, ts, callback) { - - callback(new Error('kaboom')); - } - }, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid nonce'); - done(); - }); - }); - }); - - it('should fail authorization on credentials error', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - var errFunc = function (id, callback) { - - callback(new Error('kablooey')); - }; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('kablooey'); - done(); - }); - }); - }); - - it('should fail authorization on missing credentials', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - var errFunc = function (id, callback) { - - callback(); - }; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Unknown credentials'); - done(); - }); - }); - }); - - it('should fail authorization on invalid credentials', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - var errFunc = function (id, callback) { - - callback(null, {}); - }; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Invalid credentials'); - done(); - }); - }); - }); - - it('should fail authorization on invalid credentials algorithm', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.exist(); - - var errFunc = function (id, callback) { - - callback(null, { key: '123', algorithm: '456' }); - }; - - Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, function (err, credentials2) { - - expect(err).to.exist(); - expect(err.message).to.equal('Unknown algorithm'); - done(); - }); - }); - }); - - it('should fail on missing host', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var auth = Hawk.client.message(null, 8080, 'some message', { credentials: credentials1 }); - expect(auth).to.not.exist(); - done(); - }); - }); - - it('should fail on missing credentials', function (done) { - - var auth = Hawk.client.message('example.com', 8080, 'some message', {}); - expect(auth).to.not.exist(); - done(); - }); - - it('should fail on invalid algorithm', function (done) { - - credentialsFunc('123456', function (err, credentials1) { - - var creds = Hoek.clone(credentials1); - creds.algorithm = 'blah'; - var auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: creds }); - expect(auth).to.not.exist(); - done(); - }); - }); - }); -}); diff --git a/deps/npm/node_modules/hawk/test/utils.js b/deps/npm/node_modules/hawk/test/utils.js deleted file mode 100755 index a2f17e590d..0000000000 --- a/deps/npm/node_modules/hawk/test/utils.js +++ /dev/null @@ -1,149 +0,0 @@ -// Load modules - -var Code = require('code'); -var Hawk = require('../lib'); -var Lab = require('lab'); -var Package = require('../package.json'); - - -// Declare internals - -var internals = {}; - - -// Test shortcuts - -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - - -describe('Utils', function () { - - describe('parseHost()', function () { - - it('returns port 80 for non tls node request', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com', - 'content-type': 'text/plain;x=y' - } - }; - - expect(Hawk.utils.parseHost(req, 'Host').port).to.equal(80); - done(); - }); - - it('returns port 443 for non tls node request', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: 'example.com', - 'content-type': 'text/plain;x=y' - }, - connection: { - encrypted: true - } - }; - - expect(Hawk.utils.parseHost(req, 'Host').port).to.equal(443); - done(); - }); - - it('returns port 443 for non tls node request (IPv6)', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: '[123:123:123]', - 'content-type': 'text/plain;x=y' - }, - connection: { - encrypted: true - } - }; - - expect(Hawk.utils.parseHost(req, 'Host').port).to.equal(443); - done(); - }); - - it('parses IPv6 headers', function (done) { - - var req = { - method: 'POST', - url: '/resource/4?filter=a', - headers: { - host: '[123:123:123]:8000', - 'content-type': 'text/plain;x=y' - }, - connection: { - encrypted: true - } - }; - - var host = Hawk.utils.parseHost(req, 'Host'); - expect(host.port).to.equal('8000'); - expect(host.name).to.equal('[123:123:123]'); - done(); - }); - - it('errors on header too long', function (done) { - - var long = ''; - for (var i = 0; i < 5000; ++i) { - long += 'x'; - } - - expect(Hawk.utils.parseHost({ headers: { host: long } })).to.be.null(); - done(); - }); - }); - - describe('parseAuthorizationHeader()', function () { - - it('errors on header too long', function (done) { - - var long = 'Scheme a="'; - for (var i = 0; i < 5000; ++i) { - long += 'x'; - } - long += '"'; - - var err = Hawk.utils.parseAuthorizationHeader(long, ['a']); - expect(err).to.be.instanceof(Error); - expect(err.message).to.equal('Header length too long'); - done(); - }); - }); - - describe('version()', function () { - - it('returns the correct package version number', function (done) { - - expect(Hawk.utils.version()).to.equal(Package.version); - done(); - }); - }); - - describe('unauthorized()', function () { - - it('returns a hawk 401', function (done) { - - expect(Hawk.utils.unauthorized('kaboom').output.headers['WWW-Authenticate']).to.equal('Hawk error="kaboom"'); - done(); - }); - - it('supports attributes', function (done) { - - expect(Hawk.utils.unauthorized('kaboom', { a: 'b' }).output.headers['WWW-Authenticate']).to.equal('Hawk a="b", error="kaboom"'); - done(); - }); - }); -}); |