--- /dev/null
+// Load modules\r
+\r
+var Url = require('url');\r
+var Code = require('code');\r
+var Hawk = require('../lib');\r
+var Hoek = require('hoek');\r
+var Lab = require('lab');\r
+var Browser = require('../lib/browser');\r
+\r
+\r
+// Declare internals\r
+\r
+var internals = {};\r
+\r
+\r
+// Test shortcuts\r
+\r
+var lab = exports.lab = Lab.script();\r
+var describe = lab.experiment;\r
+var it = lab.test;\r
+var expect = Code.expect;\r
+\r
+\r
+describe('Browser', function () {\r
+\r
+ var credentialsFunc = function (id, callback) {\r
+\r
+ var credentials = {\r
+ id: id,\r
+ key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',\r
+ algorithm: (id === '1' ? 'sha1' : 'sha256'),\r
+ user: 'steve'\r
+ };\r
+\r
+ return callback(null, credentials);\r
+ };\r
+\r
+ it('should generate a bewit then successfully authenticate it', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?a=1&b=2',\r
+ host: 'example.com',\r
+ port: 80\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100, ext: 'some-app-data' });\r
+ req.url += '&bewit=' + bewit;\r
+\r
+ Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(attributes.ext).to.equal('some-app-data');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('should generate a bewit then successfully authenticate it (no ext)', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?a=1&b=2',\r
+ host: 'example.com',\r
+ port: 80\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100 });\r
+ req.url += '&bewit=' + bewit;\r
+\r
+ Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ describe('bewit()', function () {\r
+\r
+ it('returns a valid bewit value', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });\r
+ expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6');\r
+ done();\r
+ });\r
+\r
+ it('returns a valid bewit value (explicit HTTP port)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('http://example.com:8080/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });\r
+ expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcaFpiSjNQMmNLRW80a3kwQzhqa1pBa1J5Q1p1ZWc0V1NOYnhWN3ZxM3hIVT1ceGFuZHlhbmR6');\r
+ done();\r
+ });\r
+\r
+ it('returns a valid bewit value (explicit HTTPS port)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('https://example.com:8043/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });\r
+ expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcL2t4UjhwK0xSaTdvQTRnUXc3cWlxa3BiVHRKYkR4OEtRMC9HRUwvVytTUT1ceGFuZHlhbmR6');\r
+ done();\r
+ });\r
+\r
+ it('returns a valid bewit value (null ext)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: null });\r
+ expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcSUdZbUxnSXFMckNlOEN4dktQczRKbFdJQStValdKSm91d2dBUmlWaENBZz1c');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid options', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', 4);\r
+ expect(bewit).to.equal('');\r
+ done();\r
+ });\r
+\r
+ it('errors on missing uri', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });\r
+ expect(bewit).to.equal('');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid uri', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit(5, { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });\r
+ expect(bewit).to.equal('');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid credentials (id)', function (done) {\r
+\r
+ var credentials = {\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });\r
+ expect(bewit).to.equal('');\r
+ done();\r
+ });\r
+\r
+ it('errors on missing credentials', function (done) {\r
+\r
+ var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { ttlSec: 3000, ext: 'xandyandz' });\r
+ expect(bewit).to.equal('');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid credentials (key)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });\r
+ expect(bewit).to.equal('');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid algorithm', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'hmac-sha-0'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, ext: 'xandyandz' });\r
+ expect(bewit).to.equal('');\r
+ done();\r
+ });\r
+\r
+ it('errors on missing options', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'hmac-sha-0'\r
+ };\r
+\r
+ var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow');\r
+ expect(bewit).to.equal('');\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (configuration)', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field;\r
+ expect(req.authorization).to.exist();\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (node request)', function (done) {\r
+\r
+ var req = {\r
+ method: 'POST',\r
+ url: '/resource/4?filter=a',\r
+ headers: {\r
+ host: 'example.com:8080',\r
+ 'content-type': 'text/plain;x=y'\r
+ }\r
+ };\r
+\r
+ var payload = 'some not so random text';\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });\r
+ req.headers.authorization = reqHeader.field;\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);\r
+\r
+ var res = {\r
+ headers: {\r
+ 'content-type': 'text/plain'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });\r
+ expect(res.headers['server-authorization']).to.exist();\r
+\r
+ expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true);\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (browserify)', function (done) {\r
+\r
+ var req = {\r
+ method: 'POST',\r
+ url: '/resource/4?filter=a',\r
+ headers: {\r
+ host: 'example.com:8080',\r
+ 'content-type': 'text/plain;x=y'\r
+ }\r
+ };\r
+\r
+ var payload = 'some not so random text';\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });\r
+ req.headers.authorization = reqHeader.field;\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);\r
+\r
+ var res = {\r
+ headers: {\r
+ 'content-type': 'text/plain'\r
+ },\r
+ getHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });\r
+ expect(res.headers['server-authorization']).to.exist();\r
+\r
+ expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true);\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (time offset)', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', localtimeOffsetMsec: 100000 }).field;\r
+ expect(req.authorization).to.exist();\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 100000 }, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (no server header options)', function (done) {\r
+\r
+ var req = {\r
+ method: 'POST',\r
+ url: '/resource/4?filter=a',\r
+ headers: {\r
+ host: 'example.com:8080',\r
+ 'content-type': 'text/plain;x=y'\r
+ }\r
+ };\r
+\r
+ var payload = 'some not so random text';\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });\r
+ req.headers.authorization = reqHeader.field;\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);\r
+\r
+ var res = {\r
+ headers: {\r
+ 'content-type': 'text/plain'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts);\r
+ expect(res.headers['server-authorization']).to.exist();\r
+\r
+ expect(Browser.client.authenticate(res, credentials2, artifacts)).to.equal(true);\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (no server header)', function (done) {\r
+\r
+ var req = {\r
+ method: 'POST',\r
+ url: '/resource/4?filter=a',\r
+ headers: {\r
+ host: 'example.com:8080',\r
+ 'content-type': 'text/plain;x=y'\r
+ }\r
+ };\r
+\r
+ var payload = 'some not so random text';\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });\r
+ req.headers.authorization = reqHeader.field;\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);\r
+\r
+ var res = {\r
+ headers: {\r
+ 'content-type': 'text/plain'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ expect(Browser.client.authenticate(res, credentials2, artifacts)).to.equal(true);\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header with stale ts and successfully authenticate on second call', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ Browser.utils.setNtpOffset(60 * 60 * 1000);\r
+ var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' });\r
+ req.authorization = header.field;\r
+ expect(req.authorization).to.exist();\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts2) {\r
+\r
+ expect(err).to.exist();\r
+ expect(err.message).to.equal('Stale timestamp');\r
+\r
+ var res = {\r
+ headers: {\r
+ 'www-authenticate': err.output.headers['WWW-Authenticate']\r
+ },\r
+ getResponseHeader: function (lookup) {\r
+\r
+ return res.headers[lookup.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);\r
+ expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true);\r
+ expect(Browser.utils.getNtpOffset()).to.equal(0);\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field;\r
+ expect(req.authorization).to.exist();\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials3, artifacts3) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials3.user).to.equal('steve');\r
+ expect(artifacts3.ext).to.equal('some-app-data');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header with stale ts and successfully authenticate on second call (manual localStorage)', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var localStorage = new Browser.internals.LocalStorage();\r
+\r
+ Browser.utils.setStorage(localStorage);\r
+\r
+ Browser.utils.setNtpOffset(60 * 60 * 1000);\r
+ var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' });\r
+ req.authorization = header.field;\r
+ expect(req.authorization).to.exist();\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts2) {\r
+\r
+ expect(err).to.exist();\r
+ expect(err.message).to.equal('Stale timestamp');\r
+\r
+ var res = {\r
+ headers: {\r
+ 'www-authenticate': err.output.headers['WWW-Authenticate']\r
+ },\r
+ getResponseHeader: function (lookup) {\r
+\r
+ return res.headers[lookup.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(60 * 60 * 1000);\r
+ expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);\r
+ expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true);\r
+ expect(Browser.utils.getNtpOffset()).to.equal(0);\r
+ expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(0);\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field;\r
+ expect(req.authorization).to.exist();\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials3, artifacts3) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials3.user).to.equal('steve');\r
+ expect(artifacts3.ext).to.equal('some-app-data');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then fails to parse it (missing server header hash)', function (done) {\r
+\r
+ var req = {\r
+ method: 'POST',\r
+ url: '/resource/4?filter=a',\r
+ headers: {\r
+ host: 'example.com:8080',\r
+ 'content-type': 'text/plain;x=y'\r
+ }\r
+ };\r
+\r
+ var payload = 'some not so random text';\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });\r
+ req.headers.authorization = reqHeader.field;\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);\r
+\r
+ var res = {\r
+ headers: {\r
+ 'content-type': 'text/plain'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts);\r
+ expect(res.headers['server-authorization']).to.exist();\r
+\r
+ expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(false);\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (with hash)', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it then validate payload', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ expect(Hawk.server.authenticatePayload('hola!', credentials2, artifacts)).to.be.true();\r
+ expect(Hawk.server.authenticatePayload('hello!', credentials2, artifacts)).to.be.false();\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (app)', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased' }).field;\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ expect(artifacts.app).to.equal('asd23ased');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then successfully parse it (app, dlg)', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' }).field;\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ expect(artifacts.ext).to.equal('some-app-data');\r
+ expect(artifacts.app).to.equal('asd23ased');\r
+ expect(artifacts.dlg).to.equal('23434szr3q4d');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header then fail authentication due to bad hash', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;\r
+ Hawk.server.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.exist();\r
+ expect(err.output.payload.message).to.equal('Bad payload hash');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates a header for one resource then fail to authenticate another', function (done) {\r
+\r
+ var req = {\r
+ method: 'GET',\r
+ url: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: 8080\r
+ };\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field;\r
+ req.url = '/something/else';\r
+\r
+ Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {\r
+\r
+ expect(err).to.exist();\r
+ expect(credentials2).to.exist();\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ describe('client', function () {\r
+\r
+ describe('header()', function () {\r
+\r
+ it('returns a valid authorization header (sha1)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha1'\r
+ };\r
+\r
+ var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;\r
+ expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');\r
+ done();\r
+ });\r
+\r
+ it('returns a valid authorization header (sha256)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;\r
+ expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');\r
+ done();\r
+ });\r
+\r
+ it('returns a valid authorization header (empty payload)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha1'\r
+ };\r
+\r
+ var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: '' }).field;\r
+ expect(header).to.equal('Hawk id=\"123456\", ts=\"1353809207\", nonce=\"Ygvqdz\", hash=\"404ghL7K+hfyhByKKejFBRGgTjU=\", ext=\"Bazinga!\", mac=\"Bh1sj1DOfFRWOdi3ww52nLCJdBE=\"');\r
+ done();\r
+ });\r
+\r
+ it('returns a valid authorization header (no ext)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;\r
+ expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');\r
+ done();\r
+ });\r
+\r
+ it('returns a valid authorization header (null ext)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain', ext: null }).field;\r
+ expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');\r
+ done();\r
+ });\r
+\r
+ it('returns a valid authorization header (uri object)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var uri = Browser.utils.parseUri('https://example.net/somewhere/over/the/rainbow');\r
+ var header = Browser.client.header(uri, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;\r
+ expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');\r
+ done();\r
+ });\r
+\r
+ it('errors on missing options', function (done) {\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST');\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Invalid argument type');\r
+ done();\r
+ });\r
+\r
+ it('errors on empty uri', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header('', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Invalid argument type');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid uri', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header(4, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Invalid argument type');\r
+ done();\r
+ });\r
+\r
+ it('errors on missing method', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', '', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Invalid argument type');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid method', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 5, { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Invalid argument type');\r
+ done();\r
+ });\r
+\r
+ it('errors on missing credentials', function (done) {\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { ext: 'Bazinga!', timestamp: 1353809207 });\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Invalid credentials object');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid credentials (id)', function (done) {\r
+\r
+ var credentials = {\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Invalid credentials object');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid credentials (key)', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Invalid credentials object');\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid algorithm', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'hmac-sha-0'\r
+ };\r
+\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 });\r
+ expect(header.field).to.equal('');\r
+ expect(header.err).to.equal('Unknown algorithm');\r
+ done();\r
+ });\r
+\r
+ it('uses a pre-calculated payload hash', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: '2983d45yun89q',\r
+ algorithm: 'sha256'\r
+ };\r
+\r
+ var options = { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' };\r
+ options.hash = Browser.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType);\r
+ var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', options).field;\r
+ expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');\r
+ done();\r
+ });\r
+ });\r
+\r
+ describe('authenticate()', function () {\r
+\r
+ it('skips tsm validation when missing ts', function (done) {\r
+\r
+ var res = {\r
+ headers: {\r
+ 'www-authenticate': 'Hawk error="Stale timestamp"'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',\r
+ algorithm: 'sha256',\r
+ user: 'steve'\r
+ };\r
+\r
+ var artifacts = {\r
+ ts: 1402135580,\r
+ nonce: 'iBRB6t',\r
+ method: 'GET',\r
+ resource: '/resource/4?filter=a',\r
+ host: 'example.com',\r
+ port: '8080',\r
+ ext: 'some-app-data'\r
+ };\r
+\r
+ expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);\r
+ done();\r
+ });\r
+\r
+ it('returns false on invalid header', function (done) {\r
+\r
+ var res = {\r
+ headers: {\r
+ 'server-authorization': 'Hawk mac="abc", bad="xyz"'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ expect(Browser.client.authenticate(res, {})).to.equal(false);\r
+ done();\r
+ });\r
+\r
+ it('returns false on invalid mac', function (done) {\r
+\r
+ var res = {\r
+ headers: {\r
+ 'content-type': 'text/plain',\r
+ 'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ var artifacts = {\r
+ method: 'POST',\r
+ host: 'example.com',\r
+ port: '8080',\r
+ resource: '/resource/4?filter=a',\r
+ ts: '1362336900',\r
+ nonce: 'eb5S_L',\r
+ hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',\r
+ ext: 'some-app-data',\r
+ app: undefined,\r
+ dlg: undefined,\r
+ mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',\r
+ id: '123456'\r
+ };\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',\r
+ algorithm: 'sha256',\r
+ user: 'steve'\r
+ };\r
+\r
+ expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(false);\r
+ done();\r
+ });\r
+\r
+ it('returns true on ignoring hash', function (done) {\r
+\r
+ var res = {\r
+ headers: {\r
+ 'content-type': 'text/plain',\r
+ 'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ var artifacts = {\r
+ method: 'POST',\r
+ host: 'example.com',\r
+ port: '8080',\r
+ resource: '/resource/4?filter=a',\r
+ ts: '1362336900',\r
+ nonce: 'eb5S_L',\r
+ hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',\r
+ ext: 'some-app-data',\r
+ app: undefined,\r
+ dlg: undefined,\r
+ mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',\r
+ id: '123456'\r
+ };\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',\r
+ algorithm: 'sha256',\r
+ user: 'steve'\r
+ };\r
+\r
+ expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid WWW-Authenticate header format', function (done) {\r
+\r
+ var res = {\r
+ headers: {\r
+ 'www-authenticate': 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ expect(Browser.client.authenticate(res, {})).to.equal(false);\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid WWW-Authenticate header format', function (done) {\r
+\r
+ var credentials = {\r
+ id: '123456',\r
+ key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',\r
+ algorithm: 'sha256',\r
+ user: 'steve'\r
+ };\r
+\r
+ var res = {\r
+ headers: {\r
+ 'www-authenticate': 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"'\r
+ },\r
+ getResponseHeader: function (header) {\r
+\r
+ return res.headers[header.toLowerCase()];\r
+ }\r
+ };\r
+\r
+ expect(Browser.client.authenticate(res, credentials)).to.equal(false);\r
+ done();\r
+ });\r
+ });\r
+\r
+ describe('message()', function () {\r
+\r
+ it('generates an authorization then successfully parse it', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials1) {\r
+\r
+ var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials1 });\r
+ expect(auth).to.exist();\r
+\r
+ Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) {\r
+\r
+ expect(err).to.not.exist();\r
+ expect(credentials2.user).to.equal('steve');\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ it('generates an authorization using custom nonce/timestamp', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials, nonce: 'abc123', timestamp: 1398536270957 });\r
+ expect(auth).to.exist();\r
+ expect(auth.nonce).to.equal('abc123');\r
+ expect(auth.ts).to.equal(1398536270957);\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on missing host', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var auth = Browser.client.message(null, 8080, 'some message', { credentials: credentials });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on invalid host', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var auth = Browser.client.message(5, 8080, 'some message', { credentials: credentials });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on missing port', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var auth = Browser.client.message('example.com', 0, 'some message', { credentials: credentials });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on invalid port', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var auth = Browser.client.message('example.com', 'a', 'some message', { credentials: credentials });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on missing message', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var auth = Browser.client.message('example.com', 8080, undefined, { credentials: credentials });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on null message', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var auth = Browser.client.message('example.com', 8080, null, { credentials: credentials });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on invalid message', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var auth = Browser.client.message('example.com', 8080, 5, { credentials: credentials });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on missing credentials', function (done) {\r
+\r
+ var auth = Browser.client.message('example.com', 8080, 'some message', {});\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+\r
+ it('errors on missing options', function (done) {\r
+\r
+ var auth = Browser.client.message('example.com', 8080, 'some message');\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+\r
+ it('errors on invalid credentials (id)', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var creds = Hoek.clone(credentials);\r
+ delete creds.id;\r
+ var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on invalid credentials (key)', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var creds = Hoek.clone(credentials);\r
+ delete creds.key;\r
+ var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('errors on invalid algorithm', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var creds = Hoek.clone(credentials);\r
+ creds.algorithm = 'blah';\r
+ var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });\r
+ expect(auth).to.not.exist();\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ describe('authenticateTimestamp()', function (done) {\r
+\r
+ it('validates a timestamp', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var tsm = Hawk.crypto.timestampMessage(credentials);\r
+ expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(true);\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('validates a timestamp without updating local time', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var offset = Browser.utils.getNtpOffset();\r
+ var tsm = Hawk.crypto.timestampMessage(credentials, 10000);\r
+ expect(Browser.client.authenticateTimestamp(tsm, credentials, false)).to.equal(true);\r
+ expect(offset).to.equal(Browser.utils.getNtpOffset());\r
+ done();\r
+ });\r
+ });\r
+\r
+ it('detects a bad timestamp', function (done) {\r
+\r
+ credentialsFunc('123456', function (err, credentials) {\r
+\r
+ var tsm = Hawk.crypto.timestampMessage(credentials);\r
+ tsm.ts = 4;\r
+ expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(false);\r
+ done();\r
+ });\r
+ });\r
+ });\r
+ });\r
+\r
+ describe('internals', function () {\r
+\r
+ describe('LocalStorage', function () {\r
+\r
+ it('goes through the full lifecycle', function (done) {\r
+\r
+ var storage = new Browser.internals.LocalStorage();\r
+ expect(storage.length).to.equal(0);\r
+ expect(storage.getItem('a')).to.equal(null);\r
+ storage.setItem('a', 5);\r
+ expect(storage.length).to.equal(1);\r
+ expect(storage.key()).to.equal('a');\r
+ expect(storage.key(0)).to.equal('a');\r
+ expect(storage.getItem('a')).to.equal('5');\r
+ storage.setItem('b', 'test');\r
+ expect(storage.key()).to.equal('a');\r
+ expect(storage.key(0)).to.equal('a');\r
+ expect(storage.key(1)).to.equal('b');\r
+ expect(storage.length).to.equal(2);\r
+ expect(storage.getItem('b')).to.equal('test');\r
+ storage.removeItem('a');\r
+ expect(storage.length).to.equal(1);\r
+ expect(storage.getItem('a')).to.equal(null);\r
+ expect(storage.getItem('b')).to.equal('test');\r
+ storage.clear();\r
+ expect(storage.length).to.equal(0);\r
+ expect(storage.getItem('a')).to.equal(null);\r
+ expect(storage.getItem('b')).to.equal(null);\r
+ done();\r
+ });\r
+ });\r
+ });\r
+\r
+ describe('utils', function () {\r
+\r
+ describe('setStorage()', function () {\r
+\r
+ it('sets storage for the first time', function (done) {\r
+\r
+ Browser.utils.storage = new Browser.internals.LocalStorage(); // Reset state\r
+\r
+ expect(Browser.utils.storage.getItem('hawk_ntp_offset')).to.not.exist();\r
+ Browser.utils.storage.setItem('test', '1');\r
+ Browser.utils.setStorage(new Browser.internals.LocalStorage());\r
+ expect(Browser.utils.storage.getItem('test')).to.not.exist();\r
+ Browser.utils.storage.setItem('test', '2');\r
+ expect(Browser.utils.storage.getItem('test')).to.equal('2');\r
+ done();\r
+ });\r
+ });\r
+\r
+ describe('setNtpOffset()', function (done) {\r
+\r
+ it('catches localStorage errors', { parallel: false }, function (done) {\r
+\r
+ var orig = Browser.utils.storage.setItem;\r
+ var consoleOrig = console.error;\r
+ var count = 0;\r
+ console.error = function () {\r
+\r
+ if (count++ === 2) {\r
+\r
+ console.error = consoleOrig;\r
+ }\r
+ };\r
+\r
+ Browser.utils.storage.setItem = function () {\r
+\r
+ Browser.utils.storage.setItem = orig;\r
+ throw new Error();\r
+ };\r
+\r
+ expect(function () {\r
+\r
+ Browser.utils.setNtpOffset(100);\r
+ }).not.to.throw();\r
+\r
+ done();\r
+ });\r
+ });\r
+\r
+ describe('parseAuthorizationHeader()', function (done) {\r
+\r
+ it('returns null on missing header', function (done) {\r
+\r
+ expect(Browser.utils.parseAuthorizationHeader()).to.equal(null);\r
+ done();\r
+ });\r
+\r
+ it('returns null on bad header syntax (structure)', function (done) {\r
+\r
+ expect(Browser.utils.parseAuthorizationHeader('Hawk')).to.equal(null);\r
+ done();\r
+ });\r
+\r
+ it('returns null on bad header syntax (parts)', function (done) {\r
+\r
+ expect(Browser.utils.parseAuthorizationHeader(' ')).to.equal(null);\r
+ done();\r
+ });\r
+\r
+ it('returns null on bad scheme name', function (done) {\r
+\r
+ expect(Browser.utils.parseAuthorizationHeader('Basic asdasd')).to.equal(null);\r
+ done();\r
+ });\r
+\r
+ it('returns null on bad attribute value', function (done) {\r
+\r
+ expect(Browser.utils.parseAuthorizationHeader('Hawk test="\t"', ['test'])).to.equal(null);\r
+ done();\r
+ });\r
+\r
+ it('returns null on duplicated attribute', function (done) {\r
+\r
+ expect(Browser.utils.parseAuthorizationHeader('Hawk test="a", test="b"', ['test'])).to.equal(null);\r
+ done();\r
+ });\r
+ });\r
+\r
+ describe('parseUri()', function () {\r
+\r
+ it('returns empty object on invalid', function (done) {\r
+\r
+ var uri = Browser.utils.parseUri('ftp');\r
+ expect(uri).to.deep.equal({ host: '', port: '', resource: '' });\r
+ done();\r
+ });\r
+\r
+ it('returns empty port when unknown scheme', function (done) {\r
+\r
+ var uri = Browser.utils.parseUri('ftp://example.com');\r
+ expect(uri.port).to.equal('');\r
+ done();\r
+ });\r
+\r
+ it('returns default port when missing', function (done) {\r
+\r
+ var uri = Browser.utils.parseUri('http://example.com');\r
+ expect(uri.port).to.equal('80');\r
+ done();\r
+ });\r
+\r
+ it('handles unusual characters correctly', function (done) {\r
+\r
+ var parts = {\r
+ protocol: 'http+vnd.my-extension',\r
+ user: 'user!$&\'()*+,;=%40my-domain.com',\r
+ password: 'pass!$&\'()*+,;=%40:word',\r
+ hostname: 'foo-bar.com',\r
+ port: '99',\r
+ pathname: '/path/%40/!$&\'()*+,;=:@/',\r
+ query: 'query%40/!$&\'()*+,;=:@/?',\r
+ fragment: 'fragm%40/!$&\'()*+,;=:@/?'\r
+ };\r
+\r
+ parts.userInfo = parts.user + ':' + parts.password;\r
+ parts.authority = parts.userInfo + '@' + parts.hostname + ':' + parts.port;\r
+ parts.relative = parts.pathname + '?' + parts.query;\r
+ parts.resource = parts.relative + '#' + parts.fragment;\r
+ parts.source = parts.protocol + '://' + parts.authority + parts.resource;\r
+\r
+ var uri = Browser.utils.parseUri(parts.source);\r
+ expect(uri.host).to.equal('foo-bar.com');\r
+ expect(uri.port).to.equal('99');\r
+ expect(uri.resource).to.equal(parts.pathname + '?' + parts.query);\r
+ done();\r
+ });\r
+ });\r
+\r
+ var str = 'https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=url';\r
+ var base64str = 'aHR0cHM6Ly93d3cuZ29vZ2xlLmNhL3dlYmhwP3NvdXJjZWlkPWNocm9tZS1pbnN0YW50Jmlvbj0xJmVzcHY9MiZpZT1VVEYtOCNxPXVybA';\r
+\r
+ describe('base64urlEncode()', function () {\r
+\r
+ it('should base64 URL-safe decode a string', function (done) {\r
+\r
+ expect(Browser.utils.base64urlEncode(str)).to.equal(base64str);\r
+ done();\r
+ });\r
+ });\r
+ });\r
+});\r