Home Explore Help
Sign In
kevin
/
anissah
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4345ab50a2
Branches Tags
anissah
/
user
/
themes
/
anissabensalah
/
node_modules
/
hawk
/
test
/
client.js

client.js 17 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440 
  1. // Load modules
    2. 

  2. 

  3. var Url = require('url');
    4. 

  4. var Code = require('code');
    5. 

  5. var Hawk = require('../lib');
    6. 

  6. var Lab = require('lab');
    7. 

  7. 

  8. 

  9. // Declare internals
    10. 

  10. 

  11. var internals = {};
    12. 

  12. 

  13. 

  14. // Test shortcuts
    15. 

  15. 

  16. var lab = exports.lab = Lab.script();
    17. 

  17. var describe = lab.experiment;
    18. 

  18. var it = lab.test;
    19. 

  19. var expect = Code.expect;
    20. 

  20. 

  21. 

  22. describe('Client', function () {
    23. 

  23. 

  24.     describe('header()', function () {
    25. 

  25. 

  26.         it('returns a valid authorization header (sha1)', function (done) {
    27. 

  27. 

  28.             var credentials = {
    29. 

  29.                 id: '123456',
    30. 

  30.                 key: '2983d45yun89q',
    31. 

  31.                 algorithm: 'sha1'
    32. 

  32.             };
    33. 

  33. 

  34.             var header = Hawk.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;
    35. 

  35.             expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');
    36. 

  36.             done();
    37. 

  37.         });
    38. 

  38. 

  39.         it('returns a valid authorization header (sha256)', function (done) {
    40. 

  40. 

  41.             var credentials = {
    42. 

  42.                 id: '123456',
    43. 

  43.                 key: '2983d45yun89q',
    44. 

  44.                 algorithm: 'sha256'
    45. 

  45.             };
    46. 

  46. 

  47.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
    48. 

  48.             expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
    49. 

  49.             done();
    50. 

  50.         });
    51. 

  51. 

  52.         it('returns a valid authorization header (no ext)', function (done) {
    53. 

  53. 

  54.             var credentials = {
    55. 

  55.                 id: '123456',
    56. 

  56.                 key: '2983d45yun89q',
    57. 

  57.                 algorithm: 'sha256'
    58. 

  58.             };
    59. 

  59. 

  60.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
    61. 

  61.             expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
    62. 

  62.             done();
    63. 

  63.         });
    64. 

  64. 

  65.         it('returns a valid authorization header (null ext)', function (done) {
    66. 

  66. 

  67.             var credentials = {
    68. 

  68.                 id: '123456',
    69. 

  69.                 key: '2983d45yun89q',
    70. 

  70.                 algorithm: 'sha256'
    71. 

  71.             };
    72. 

  72. 

  73.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain', ext: null }).field;
    74. 

  74.             expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
    75. 

  75.             done();
    76. 

  76.         });
    77. 

  77. 

  78.         it('returns a valid authorization header (empty payload)', function (done) {
    79. 

  79. 

  80.             var credentials = {
    81. 

  81.                 id: '123456',
    82. 

  82.                 key: '2983d45yun89q',
    83. 

  83.                 algorithm: 'sha256'
    84. 

  84.             };
    85. 

  85. 

  86.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: '', contentType: 'text/plain' }).field;
    87. 

  87.             expect(header).to.equal('Hawk id=\"123456\", ts=\"1353809207\", nonce=\"Ygvqdz\", hash=\"q/t+NNAkQZNlq/aAD6PlexImwQTxwgT2MahfTa9XRLA=\", mac=\"U5k16YEzn3UnBHKeBzsDXn067Gu3R4YaY6xOt9PYRZM=\"');
    88. 

  88.             done();
    89. 

  89.         });
    90. 

  90. 

  91.         it('returns a valid authorization header (pre hashed payload)', function (done) {
    92. 

  92. 

  93.             var credentials = {
    94. 

  94.                 id: '123456',
    95. 

  95.                 key: '2983d45yun89q',
    96. 

  96.                 algorithm: 'sha256'
    97. 

  97.             };
    98. 

  98. 

  99.             var options = { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' };
    100. 

  100.             options.hash = Hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType);
    101. 

  101.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', options).field;
    102. 

  102.             expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
    103. 

  103.             done();
    104. 

  104.         });
    105. 

  105. 

  106.         it('errors on missing uri', function (done) {
    107. 

  107. 

  108.             var header = Hawk.client.header('', 'POST');
    109. 

  109.             expect(header.field).to.equal('');
    110. 

  110.             expect(header.err).to.equal('Invalid argument type');
    111. 

  111.             done();
    112. 

  112.         });
    113. 

  113. 

  114.         it('errors on invalid uri', function (done) {
    115. 

  115. 

  116.             var header = Hawk.client.header(4, 'POST');
    117. 

  117.             expect(header.field).to.equal('');
    118. 

  118.             expect(header.err).to.equal('Invalid argument type');
    119. 

  119.             done();
    120. 

  120.         });
    121. 

  121. 

  122.         it('errors on missing method', function (done) {
    123. 

  123. 

  124.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', '');
    125. 

  125.             expect(header.field).to.equal('');
    126. 

  126.             expect(header.err).to.equal('Invalid argument type');
    127. 

  127.             done();
    128. 

  128.         });
    129. 

  129. 

  130.         it('errors on invalid method', function (done) {
    131. 

  131. 

  132.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 5);
    133. 

  133.             expect(header.field).to.equal('');
    134. 

  134.             expect(header.err).to.equal('Invalid argument type');
    135. 

  135.             done();
    136. 

  136.         });
    137. 

  137. 

  138.         it('errors on missing options', function (done) {
    139. 

  139. 

  140.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST');
    141. 

  141.             expect(header.field).to.equal('');
    142. 

  142.             expect(header.err).to.equal('Invalid argument type');
    143. 

  143.             done();
    144. 

  144.         });
    145. 

  145. 

  146.         it('errors on invalid credentials (id)', function (done) {
    147. 

  147. 

  148.             var credentials = {
    149. 

  149.                 key: '2983d45yun89q',
    150. 

  150.                 algorithm: 'sha256'
    151. 

  151.             };
    152. 

  152. 

  153.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
    154. 

  154.             expect(header.field).to.equal('');
    155. 

  155.             expect(header.err).to.equal('Invalid credential object');
    156. 

  156.             done();
    157. 

  157.         });
    158. 

  158. 

  159.         it('errors on missing credentials', function (done) {
    160. 

  160. 

  161.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { ext: 'Bazinga!', timestamp: 1353809207 });
    162. 

  162.             expect(header.field).to.equal('');
    163. 

  163.             expect(header.err).to.equal('Invalid credential object');
    164. 

  164.             done();
    165. 

  165.         });
    166. 

  166. 

  167.         it('errors on invalid credentials', function (done) {
    168. 

  168. 

  169.             var credentials = {
    170. 

  170.                 id: '123456',
    171. 

  171.                 algorithm: 'sha256'
    172. 

  172.             };
    173. 

  173. 

  174.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
    175. 

  175.             expect(header.field).to.equal('');
    176. 

  176.             expect(header.err).to.equal('Invalid credential object');
    177. 

  177.             done();
    178. 

  178.         });
    179. 

  179. 

  180.         it('errors on invalid algorithm', function (done) {
    181. 

  181. 

  182.             var credentials = {
    183. 

  183.                 id: '123456',
    184. 

  184.                 key: '2983d45yun89q',
    185. 

  185.                 algorithm: 'hmac-sha-0'
    186. 

  186.             };
    187. 

  187. 

  188.             var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 });
    189. 

  189.             expect(header.field).to.equal('');
    190. 

  190.             expect(header.err).to.equal('Unknown algorithm');
    191. 

  191.             done();
    192. 

  192.         });
    193. 

  193.     });
    194. 

  194. 

  195.     describe('authenticate()', function () {
    196. 

  196. 

  197.         it('returns false on invalid header', function (done) {
    198. 

  198. 

  199.             var res = {
    200. 

  200.                 headers: {
    201. 

  201.                     'server-authorization': 'Hawk mac="abc", bad="xyz"'
    202. 

  202.                 }
    203. 

  203.             };
    204. 

  204. 

  205.             expect(Hawk.client.authenticate(res, {})).to.equal(false);
    206. 

  206.             done();
    207. 

  207.         });
    208. 

  208. 

  209.         it('returns false on invalid mac', function (done) {
    210. 

  210. 

  211.             var res = {
    212. 

  212.                 headers: {
    213. 

  213.                     'content-type': 'text/plain',
    214. 

  214.                     'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
    215. 

  215.                 }
    216. 

  216.             };
    217. 

  217. 

  218.             var artifacts = {
    219. 

  219.                 method: 'POST',
    220. 

  220.                 host: 'example.com',
    221. 

  221.                 port: '8080',
    222. 

  222.                 resource: '/resource/4?filter=a',
    223. 

  223.                 ts: '1362336900',
    224. 

  224.                 nonce: 'eb5S_L',
    225. 

  225.                 hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
    226. 

  226.                 ext: 'some-app-data',
    227. 

  227.                 app: undefined,
    228. 

  228.                 dlg: undefined,
    229. 

  229.                 mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
    230. 

  230.                 id: '123456'
    231. 

  231.             };
    232. 

  232. 

  233.             var credentials = {
    234. 

  234.                 id: '123456',
    235. 

  235.                 key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
    236. 

  236.                 algorithm: 'sha256',
    237. 

  237.                 user: 'steve'
    238. 

  238.             };
    239. 

  239. 

  240.             expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(false);
    241. 

  241.             done();
    242. 

  242.         });
    243. 

  243. 

  244.         it('returns true on ignoring hash', function (done) {
    245. 

  245. 

  246.             var res = {
    247. 

  247.                 headers: {
    248. 

  248.                     'content-type': 'text/plain',
    249. 

  249.                     'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
    250. 

  250.                 }
    251. 

  251.             };
    252. 

  252. 

  253.             var artifacts = {
    254. 

  254.                 method: 'POST',
    255. 

  255.                 host: 'example.com',
    256. 

  256.                 port: '8080',
    257. 

  257.                 resource: '/resource/4?filter=a',
    258. 

  258.                 ts: '1362336900',
    259. 

  259.                 nonce: 'eb5S_L',
    260. 

  260.                 hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
    261. 

  261.                 ext: 'some-app-data',
    262. 

  262.                 app: undefined,
    263. 

  263.                 dlg: undefined,
    264. 

  264.                 mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
    265. 

  265.                 id: '123456'
    266. 

  266.             };
    267. 

  267. 

  268.             var credentials = {
    269. 

  269.                 id: '123456',
    270. 

  270.                 key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
    271. 

  271.                 algorithm: 'sha256',
    272. 

  272.                 user: 'steve'
    273. 

  273.             };
    274. 

  274. 

  275.             expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(true);
    276. 

  276.             done();
    277. 

  277.         });
    278. 

  278. 

  279.         it('fails on invalid WWW-Authenticate header format', function (done) {
    280. 

  280. 

  281.             var header = 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"';
    282. 

  282.             expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, {})).to.equal(false);
    283. 

  283.             done();
    284. 

  284.         });
    285. 

  285. 

  286.         it('fails on invalid WWW-Authenticate header format', function (done) {
    287. 

  287. 

  288.             var credentials = {
    289. 

  289.                 id: '123456',
    290. 

  290.                 key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
    291. 

  291.                 algorithm: 'sha256',
    292. 

  292.                 user: 'steve'
    293. 

  293.             };
    294. 

  294. 

  295.             var header = 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"';
    296. 

  296.             expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, credentials)).to.equal(false);
    297. 

  297.             done();
    298. 

  298.         });
    299. 

  299. 

  300.         it('skips tsm validation when missing ts', function (done) {
    301. 

  301. 

  302.             var header = 'Hawk error="Stale timestamp"';
    303. 

  303.             expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, {})).to.equal(true);
    304. 

  304.             done();
    305. 

  305.         });
    306. 

  306.     });
    307. 

  307. 

  308.     describe('message()', function () {
    309. 

  309. 

  310.         it('generates authorization', function (done) {
    311. 

  311. 

  312.             var credentials = {
    313. 

  313.                 id: '123456',
    314. 

  314.                 key: '2983d45yun89q',
    315. 

  315.                 algorithm: 'sha1'
    316. 

  316.             };
    317. 

  317. 

  318.             var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    319. 

  319.             expect(auth).to.exist();
    320. 

  320.             expect(auth.ts).to.equal(1353809207);
    321. 

  321.             expect(auth.nonce).to.equal('abc123');
    322. 

  322.             done();
    323. 

  323.         });
    324. 

  324. 

  325.         it('errors on invalid host', function (done) {
    326. 

  326. 

  327.             var credentials = {
    328. 

  328.                 id: '123456',
    329. 

  329.                 key: '2983d45yun89q',
    330. 

  330.                 algorithm: 'sha1'
    331. 

  331.             };
    332. 

  332. 

  333.             var auth = Hawk.client.message(5, 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    334. 

  334.             expect(auth).to.not.exist();
    335. 

  335.             done();
    336. 

  336.         });
    337. 

  337. 

  338.         it('errors on invalid port', function (done) {
    339. 

  339. 

  340.             var credentials = {
    341. 

  341.                 id: '123456',
    342. 

  342.                 key: '2983d45yun89q',
    343. 

  343.                 algorithm: 'sha1'
    344. 

  344.             };
    345. 

  345. 

  346.             var auth = Hawk.client.message('example.com', '80', 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    347. 

  347.             expect(auth).to.not.exist();
    348. 

  348.             done();
    349. 

  349.         });
    350. 

  350. 

  351.         it('errors on missing host', function (done) {
    352. 

  352. 

  353.             var credentials = {
    354. 

  354.                 id: '123456',
    355. 

  355.                 key: '2983d45yun89q',
    356. 

  356.                 algorithm: 'sha1'
    357. 

  357.             };
    358. 

  358. 

  359.             var auth = Hawk.client.message('example.com', 0, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    360. 

  360.             expect(auth).to.not.exist();
    361. 

  361.             done();
    362. 

  362.         });
    363. 

  363. 

  364.         it('errors on null message', function (done) {
    365. 

  365. 

  366.             var credentials = {
    367. 

  367.                 id: '123456',
    368. 

  368.                 key: '2983d45yun89q',
    369. 

  369.                 algorithm: 'sha1'
    370. 

  370.             };
    371. 

  371. 

  372.             var auth = Hawk.client.message('example.com', 80, null, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    373. 

  373.             expect(auth).to.not.exist();
    374. 

  374.             done();
    375. 

  375.         });
    376. 

  376. 

  377.         it('errors on missing message', function (done) {
    378. 

  378. 

  379.             var credentials = {
    380. 

  380.                 id: '123456',
    381. 

  381.                 key: '2983d45yun89q',
    382. 

  382.                 algorithm: 'sha1'
    383. 

  383.             };
    384. 

  384. 

  385.             var auth = Hawk.client.message('example.com', 80, undefined, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    386. 

  386.             expect(auth).to.not.exist();
    387. 

  387.             done();
    388. 

  388.         });
    389. 

  389. 

  390.         it('errors on invalid message', function (done) {
    391. 

  391. 

  392.             var credentials = {
    393. 

  393.                 id: '123456',
    394. 

  394.                 key: '2983d45yun89q',
    395. 

  395.                 algorithm: 'sha1'
    396. 

  396.             };
    397. 

  397. 

  398.             var auth = Hawk.client.message('example.com', 80, 5, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    399. 

  399.             expect(auth).to.not.exist();
    400. 

  400.             done();
    401. 

  401.         });
    402. 

  402. 

  403.         it('errors on missing options', function (done) {
    404. 

  404. 

  405.             var credentials = {
    406. 

  406.                 id: '123456',
    407. 

  407.                 key: '2983d45yun89q',
    408. 

  408.                 algorithm: 'sha1'
    409. 

  409.             };
    410. 

  410. 

  411.             var auth = Hawk.client.message('example.com', 80, 'I am the boodyman');
    412. 

  412.             expect(auth).to.not.exist();
    413. 

  413.             done();
    414. 

  414.         });
    415. 

  415. 

  416.         it('errors on invalid credentials (id)', function (done) {
    417. 

  417. 

  418.             var credentials = {
    419. 

  419.                 key: '2983d45yun89q',
    420. 

  420.                 algorithm: 'sha1'
    421. 

  421.             };
    422. 

  422. 

  423.             var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    424. 

  424.             expect(auth).to.not.exist();
    425. 

  425.             done();
    426. 

  426.         });
    427. 

  427. 

  428.         it('errors on invalid credentials (key)', function (done) {
    429. 

  429. 

  430.             var credentials = {
    431. 

  431.                 id: '123456',
    432. 

  432.                 algorithm: 'sha1'
    433. 

  433.             };
    434. 

  434. 

  435.             var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
    436. 

  436.             expect(auth).to.not.exist();
    437. 

  437.             done();
    438. 

  438.         });
    439. 

  439.     });
    440. 

  440. });
    441.