browser.js 58 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492
  1. // Load modules
  2. var Url = require('url');
  3. var Code = require('code');
  4. var Hawk = require('../lib');
  5. var Hoek = require('hoek');
  6. var Lab = require('lab');
  7. var Browser = require('../lib/browser');
  8. // Declare internals
  9. var internals = {};
  10. // Test shortcuts
  11. var lab = exports.lab = Lab.script();
  12. var describe = lab.experiment;
  13. var it = lab.test;
  14. var expect = Code.expect;
  15. describe('Browser', function () {
  16. var credentialsFunc = function (id, callback) {
  17. var credentials = {
  18. id: id,
  19. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  20. algorithm: (id === '1' ? 'sha1' : 'sha256'),
  21. user: 'steve'
  22. };
  23. return callback(null, credentials);
  24. };
  25. it('should generate a bewit then successfully authenticate it', function (done) {
  26. var req = {
  27. method: 'GET',
  28. url: '/resource/4?a=1&b=2',
  29. host: 'example.com',
  30. port: 80
  31. };
  32. credentialsFunc('123456', function (err, credentials1) {
  33. var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100, ext: 'some-app-data' });
  34. req.url += '&bewit=' + bewit;
  35. Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) {
  36. expect(err).to.not.exist();
  37. expect(credentials2.user).to.equal('steve');
  38. expect(attributes.ext).to.equal('some-app-data');
  39. done();
  40. });
  41. });
  42. });
  43. it('should generate a bewit then successfully authenticate it (no ext)', function (done) {
  44. var req = {
  45. method: 'GET',
  46. url: '/resource/4?a=1&b=2',
  47. host: 'example.com',
  48. port: 80
  49. };
  50. credentialsFunc('123456', function (err, credentials1) {
  51. var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100 });
  52. req.url += '&bewit=' + bewit;
  53. Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) {
  54. expect(err).to.not.exist();
  55. expect(credentials2.user).to.equal('steve');
  56. done();
  57. });
  58. });
  59. });
  60. describe('bewit()', function () {
  61. it('returns a valid bewit value', function (done) {
  62. var credentials = {
  63. id: '123456',
  64. key: '2983d45yun89q',
  65. algorithm: 'sha256'
  66. };
  67. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  68. expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6');
  69. done();
  70. });
  71. it('returns a valid bewit value (explicit HTTP port)', function (done) {
  72. var credentials = {
  73. id: '123456',
  74. key: '2983d45yun89q',
  75. algorithm: 'sha256'
  76. };
  77. var bewit = Browser.client.bewit('http://example.com:8080/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  78. expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcaFpiSjNQMmNLRW80a3kwQzhqa1pBa1J5Q1p1ZWc0V1NOYnhWN3ZxM3hIVT1ceGFuZHlhbmR6');
  79. done();
  80. });
  81. it('returns a valid bewit value (explicit HTTPS port)', function (done) {
  82. var credentials = {
  83. id: '123456',
  84. key: '2983d45yun89q',
  85. algorithm: 'sha256'
  86. };
  87. var bewit = Browser.client.bewit('https://example.com:8043/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  88. expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcL2t4UjhwK0xSaTdvQTRnUXc3cWlxa3BiVHRKYkR4OEtRMC9HRUwvVytTUT1ceGFuZHlhbmR6');
  89. done();
  90. });
  91. it('returns a valid bewit value (null ext)', function (done) {
  92. var credentials = {
  93. id: '123456',
  94. key: '2983d45yun89q',
  95. algorithm: 'sha256'
  96. };
  97. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: null });
  98. expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcSUdZbUxnSXFMckNlOEN4dktQczRKbFdJQStValdKSm91d2dBUmlWaENBZz1c');
  99. done();
  100. });
  101. it('errors on invalid options', function (done) {
  102. var credentials = {
  103. id: '123456',
  104. key: '2983d45yun89q',
  105. algorithm: 'sha256'
  106. };
  107. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', 4);
  108. expect(bewit).to.equal('');
  109. done();
  110. });
  111. it('errors on missing uri', function (done) {
  112. var credentials = {
  113. id: '123456',
  114. key: '2983d45yun89q',
  115. algorithm: 'sha256'
  116. };
  117. var bewit = Browser.client.bewit('', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  118. expect(bewit).to.equal('');
  119. done();
  120. });
  121. it('errors on invalid uri', function (done) {
  122. var credentials = {
  123. id: '123456',
  124. key: '2983d45yun89q',
  125. algorithm: 'sha256'
  126. };
  127. var bewit = Browser.client.bewit(5, { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  128. expect(bewit).to.equal('');
  129. done();
  130. });
  131. it('errors on invalid credentials (id)', function (done) {
  132. var credentials = {
  133. key: '2983d45yun89q',
  134. algorithm: 'sha256'
  135. };
  136. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });
  137. expect(bewit).to.equal('');
  138. done();
  139. });
  140. it('errors on missing credentials', function (done) {
  141. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { ttlSec: 3000, ext: 'xandyandz' });
  142. expect(bewit).to.equal('');
  143. done();
  144. });
  145. it('errors on invalid credentials (key)', function (done) {
  146. var credentials = {
  147. id: '123456',
  148. algorithm: 'sha256'
  149. };
  150. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });
  151. expect(bewit).to.equal('');
  152. done();
  153. });
  154. it('errors on invalid algorithm', function (done) {
  155. var credentials = {
  156. id: '123456',
  157. key: '2983d45yun89q',
  158. algorithm: 'hmac-sha-0'
  159. };
  160. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, ext: 'xandyandz' });
  161. expect(bewit).to.equal('');
  162. done();
  163. });
  164. it('errors on missing options', function (done) {
  165. var credentials = {
  166. id: '123456',
  167. key: '2983d45yun89q',
  168. algorithm: 'hmac-sha-0'
  169. };
  170. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow');
  171. expect(bewit).to.equal('');
  172. done();
  173. });
  174. });
  175. it('generates a header then successfully parse it (configuration)', function (done) {
  176. var req = {
  177. method: 'GET',
  178. url: '/resource/4?filter=a',
  179. host: 'example.com',
  180. port: 8080
  181. };
  182. credentialsFunc('123456', function (err, credentials1) {
  183. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field;
  184. expect(req.authorization).to.exist();
  185. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  186. expect(err).to.not.exist();
  187. expect(credentials2.user).to.equal('steve');
  188. expect(artifacts.ext).to.equal('some-app-data');
  189. done();
  190. });
  191. });
  192. });
  193. it('generates a header then successfully parse it (node request)', function (done) {
  194. var req = {
  195. method: 'POST',
  196. url: '/resource/4?filter=a',
  197. headers: {
  198. host: 'example.com:8080',
  199. 'content-type': 'text/plain;x=y'
  200. }
  201. };
  202. var payload = 'some not so random text';
  203. credentialsFunc('123456', function (err, credentials1) {
  204. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  205. req.headers.authorization = reqHeader.field;
  206. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  207. expect(err).to.not.exist();
  208. expect(credentials2.user).to.equal('steve');
  209. expect(artifacts.ext).to.equal('some-app-data');
  210. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  211. var res = {
  212. headers: {
  213. 'content-type': 'text/plain'
  214. },
  215. getResponseHeader: function (header) {
  216. return res.headers[header.toLowerCase()];
  217. }
  218. };
  219. res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });
  220. expect(res.headers['server-authorization']).to.exist();
  221. expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true);
  222. done();
  223. });
  224. });
  225. });
  226. it('generates a header then successfully parse it (browserify)', function (done) {
  227. var req = {
  228. method: 'POST',
  229. url: '/resource/4?filter=a',
  230. headers: {
  231. host: 'example.com:8080',
  232. 'content-type': 'text/plain;x=y'
  233. }
  234. };
  235. var payload = 'some not so random text';
  236. credentialsFunc('123456', function (err, credentials1) {
  237. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  238. req.headers.authorization = reqHeader.field;
  239. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  240. expect(err).to.not.exist();
  241. expect(credentials2.user).to.equal('steve');
  242. expect(artifacts.ext).to.equal('some-app-data');
  243. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  244. var res = {
  245. headers: {
  246. 'content-type': 'text/plain'
  247. },
  248. getHeader: function (header) {
  249. return res.headers[header.toLowerCase()];
  250. }
  251. };
  252. res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });
  253. expect(res.headers['server-authorization']).to.exist();
  254. expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true);
  255. done();
  256. });
  257. });
  258. });
  259. it('generates a header then successfully parse it (time offset)', function (done) {
  260. var req = {
  261. method: 'GET',
  262. url: '/resource/4?filter=a',
  263. host: 'example.com',
  264. port: 8080
  265. };
  266. credentialsFunc('123456', function (err, credentials1) {
  267. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', localtimeOffsetMsec: 100000 }).field;
  268. expect(req.authorization).to.exist();
  269. Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 100000 }, function (err, credentials2, artifacts) {
  270. expect(err).to.not.exist();
  271. expect(credentials2.user).to.equal('steve');
  272. expect(artifacts.ext).to.equal('some-app-data');
  273. done();
  274. });
  275. });
  276. });
  277. it('generates a header then successfully parse it (no server header options)', function (done) {
  278. var req = {
  279. method: 'POST',
  280. url: '/resource/4?filter=a',
  281. headers: {
  282. host: 'example.com:8080',
  283. 'content-type': 'text/plain;x=y'
  284. }
  285. };
  286. var payload = 'some not so random text';
  287. credentialsFunc('123456', function (err, credentials1) {
  288. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  289. req.headers.authorization = reqHeader.field;
  290. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  291. expect(err).to.not.exist();
  292. expect(credentials2.user).to.equal('steve');
  293. expect(artifacts.ext).to.equal('some-app-data');
  294. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  295. var res = {
  296. headers: {
  297. 'content-type': 'text/plain'
  298. },
  299. getResponseHeader: function (header) {
  300. return res.headers[header.toLowerCase()];
  301. }
  302. };
  303. res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts);
  304. expect(res.headers['server-authorization']).to.exist();
  305. expect(Browser.client.authenticate(res, credentials2, artifacts)).to.equal(true);
  306. done();
  307. });
  308. });
  309. });
  310. it('generates a header then successfully parse it (no server header)', function (done) {
  311. var req = {
  312. method: 'POST',
  313. url: '/resource/4?filter=a',
  314. headers: {
  315. host: 'example.com:8080',
  316. 'content-type': 'text/plain;x=y'
  317. }
  318. };
  319. var payload = 'some not so random text';
  320. credentialsFunc('123456', function (err, credentials1) {
  321. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  322. req.headers.authorization = reqHeader.field;
  323. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  324. expect(err).to.not.exist();
  325. expect(credentials2.user).to.equal('steve');
  326. expect(artifacts.ext).to.equal('some-app-data');
  327. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  328. var res = {
  329. headers: {
  330. 'content-type': 'text/plain'
  331. },
  332. getResponseHeader: function (header) {
  333. return res.headers[header.toLowerCase()];
  334. }
  335. };
  336. expect(Browser.client.authenticate(res, credentials2, artifacts)).to.equal(true);
  337. done();
  338. });
  339. });
  340. });
  341. it('generates a header with stale ts and successfully authenticate on second call', function (done) {
  342. var req = {
  343. method: 'GET',
  344. url: '/resource/4?filter=a',
  345. host: 'example.com',
  346. port: 8080
  347. };
  348. credentialsFunc('123456', function (err, credentials1) {
  349. Browser.utils.setNtpOffset(60 * 60 * 1000);
  350. var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' });
  351. req.authorization = header.field;
  352. expect(req.authorization).to.exist();
  353. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts2) {
  354. expect(err).to.exist();
  355. expect(err.message).to.equal('Stale timestamp');
  356. var res = {
  357. headers: {
  358. 'www-authenticate': err.output.headers['WWW-Authenticate']
  359. },
  360. getResponseHeader: function (lookup) {
  361. return res.headers[lookup.toLowerCase()];
  362. }
  363. };
  364. expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);
  365. expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true);
  366. expect(Browser.utils.getNtpOffset()).to.equal(0);
  367. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field;
  368. expect(req.authorization).to.exist();
  369. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials3, artifacts3) {
  370. expect(err).to.not.exist();
  371. expect(credentials3.user).to.equal('steve');
  372. expect(artifacts3.ext).to.equal('some-app-data');
  373. done();
  374. });
  375. });
  376. });
  377. });
  378. it('generates a header with stale ts and successfully authenticate on second call (manual localStorage)', function (done) {
  379. var req = {
  380. method: 'GET',
  381. url: '/resource/4?filter=a',
  382. host: 'example.com',
  383. port: 8080
  384. };
  385. credentialsFunc('123456', function (err, credentials1) {
  386. var localStorage = new Browser.internals.LocalStorage();
  387. Browser.utils.setStorage(localStorage);
  388. Browser.utils.setNtpOffset(60 * 60 * 1000);
  389. var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' });
  390. req.authorization = header.field;
  391. expect(req.authorization).to.exist();
  392. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts2) {
  393. expect(err).to.exist();
  394. expect(err.message).to.equal('Stale timestamp');
  395. var res = {
  396. headers: {
  397. 'www-authenticate': err.output.headers['WWW-Authenticate']
  398. },
  399. getResponseHeader: function (lookup) {
  400. return res.headers[lookup.toLowerCase()];
  401. }
  402. };
  403. expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(60 * 60 * 1000);
  404. expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);
  405. expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true);
  406. expect(Browser.utils.getNtpOffset()).to.equal(0);
  407. expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(0);
  408. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field;
  409. expect(req.authorization).to.exist();
  410. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials3, artifacts3) {
  411. expect(err).to.not.exist();
  412. expect(credentials3.user).to.equal('steve');
  413. expect(artifacts3.ext).to.equal('some-app-data');
  414. done();
  415. });
  416. });
  417. });
  418. });
  419. it('generates a header then fails to parse it (missing server header hash)', function (done) {
  420. var req = {
  421. method: 'POST',
  422. url: '/resource/4?filter=a',
  423. headers: {
  424. host: 'example.com:8080',
  425. 'content-type': 'text/plain;x=y'
  426. }
  427. };
  428. var payload = 'some not so random text';
  429. credentialsFunc('123456', function (err, credentials1) {
  430. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  431. req.headers.authorization = reqHeader.field;
  432. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  433. expect(err).to.not.exist();
  434. expect(credentials2.user).to.equal('steve');
  435. expect(artifacts.ext).to.equal('some-app-data');
  436. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  437. var res = {
  438. headers: {
  439. 'content-type': 'text/plain'
  440. },
  441. getResponseHeader: function (header) {
  442. return res.headers[header.toLowerCase()];
  443. }
  444. };
  445. res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts);
  446. expect(res.headers['server-authorization']).to.exist();
  447. expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(false);
  448. done();
  449. });
  450. });
  451. });
  452. it('generates a header then successfully parse it (with hash)', function (done) {
  453. var req = {
  454. method: 'GET',
  455. url: '/resource/4?filter=a',
  456. host: 'example.com',
  457. port: 8080
  458. };
  459. credentialsFunc('123456', function (err, credentials1) {
  460. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;
  461. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  462. expect(err).to.not.exist();
  463. expect(credentials2.user).to.equal('steve');
  464. expect(artifacts.ext).to.equal('some-app-data');
  465. done();
  466. });
  467. });
  468. });
  469. it('generates a header then successfully parse it then validate payload', function (done) {
  470. var req = {
  471. method: 'GET',
  472. url: '/resource/4?filter=a',
  473. host: 'example.com',
  474. port: 8080
  475. };
  476. credentialsFunc('123456', function (err, credentials1) {
  477. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;
  478. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  479. expect(err).to.not.exist();
  480. expect(credentials2.user).to.equal('steve');
  481. expect(artifacts.ext).to.equal('some-app-data');
  482. expect(Hawk.server.authenticatePayload('hola!', credentials2, artifacts)).to.be.true();
  483. expect(Hawk.server.authenticatePayload('hello!', credentials2, artifacts)).to.be.false();
  484. done();
  485. });
  486. });
  487. });
  488. it('generates a header then successfully parse it (app)', function (done) {
  489. var req = {
  490. method: 'GET',
  491. url: '/resource/4?filter=a',
  492. host: 'example.com',
  493. port: 8080
  494. };
  495. credentialsFunc('123456', function (err, credentials1) {
  496. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased' }).field;
  497. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  498. expect(err).to.not.exist();
  499. expect(credentials2.user).to.equal('steve');
  500. expect(artifacts.ext).to.equal('some-app-data');
  501. expect(artifacts.app).to.equal('asd23ased');
  502. done();
  503. });
  504. });
  505. });
  506. it('generates a header then successfully parse it (app, dlg)', function (done) {
  507. var req = {
  508. method: 'GET',
  509. url: '/resource/4?filter=a',
  510. host: 'example.com',
  511. port: 8080
  512. };
  513. credentialsFunc('123456', function (err, credentials1) {
  514. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' }).field;
  515. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  516. expect(err).to.not.exist();
  517. expect(credentials2.user).to.equal('steve');
  518. expect(artifacts.ext).to.equal('some-app-data');
  519. expect(artifacts.app).to.equal('asd23ased');
  520. expect(artifacts.dlg).to.equal('23434szr3q4d');
  521. done();
  522. });
  523. });
  524. });
  525. it('generates a header then fail authentication due to bad hash', function (done) {
  526. var req = {
  527. method: 'GET',
  528. url: '/resource/4?filter=a',
  529. host: 'example.com',
  530. port: 8080
  531. };
  532. credentialsFunc('123456', function (err, credentials1) {
  533. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;
  534. Hawk.server.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials2, artifacts) {
  535. expect(err).to.exist();
  536. expect(err.output.payload.message).to.equal('Bad payload hash');
  537. done();
  538. });
  539. });
  540. });
  541. it('generates a header for one resource then fail to authenticate another', function (done) {
  542. var req = {
  543. method: 'GET',
  544. url: '/resource/4?filter=a',
  545. host: 'example.com',
  546. port: 8080
  547. };
  548. credentialsFunc('123456', function (err, credentials1) {
  549. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field;
  550. req.url = '/something/else';
  551. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  552. expect(err).to.exist();
  553. expect(credentials2).to.exist();
  554. done();
  555. });
  556. });
  557. });
  558. describe('client', function () {
  559. describe('header()', function () {
  560. it('returns a valid authorization header (sha1)', function (done) {
  561. var credentials = {
  562. id: '123456',
  563. key: '2983d45yun89q',
  564. algorithm: 'sha1'
  565. };
  566. var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;
  567. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');
  568. done();
  569. });
  570. it('returns a valid authorization header (sha256)', function (done) {
  571. var credentials = {
  572. id: '123456',
  573. key: '2983d45yun89q',
  574. algorithm: 'sha256'
  575. };
  576. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
  577. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
  578. done();
  579. });
  580. it('returns a valid authorization header (empty payload)', function (done) {
  581. var credentials = {
  582. id: '123456',
  583. key: '2983d45yun89q',
  584. algorithm: 'sha1'
  585. };
  586. var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: '' }).field;
  587. expect(header).to.equal('Hawk id=\"123456\", ts=\"1353809207\", nonce=\"Ygvqdz\", hash=\"404ghL7K+hfyhByKKejFBRGgTjU=\", ext=\"Bazinga!\", mac=\"Bh1sj1DOfFRWOdi3ww52nLCJdBE=\"');
  588. done();
  589. });
  590. it('returns a valid authorization header (no ext)', function (done) {
  591. var credentials = {
  592. id: '123456',
  593. key: '2983d45yun89q',
  594. algorithm: 'sha256'
  595. };
  596. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
  597. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
  598. done();
  599. });
  600. it('returns a valid authorization header (null ext)', function (done) {
  601. var credentials = {
  602. id: '123456',
  603. key: '2983d45yun89q',
  604. algorithm: 'sha256'
  605. };
  606. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain', ext: null }).field;
  607. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
  608. done();
  609. });
  610. it('returns a valid authorization header (uri object)', function (done) {
  611. var credentials = {
  612. id: '123456',
  613. key: '2983d45yun89q',
  614. algorithm: 'sha256'
  615. };
  616. var uri = Browser.utils.parseUri('https://example.net/somewhere/over/the/rainbow');
  617. var header = Browser.client.header(uri, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
  618. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
  619. done();
  620. });
  621. it('errors on missing options', function (done) {
  622. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST');
  623. expect(header.field).to.equal('');
  624. expect(header.err).to.equal('Invalid argument type');
  625. done();
  626. });
  627. it('errors on empty uri', function (done) {
  628. var credentials = {
  629. id: '123456',
  630. key: '2983d45yun89q',
  631. algorithm: 'sha256'
  632. };
  633. var header = Browser.client.header('', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });
  634. expect(header.field).to.equal('');
  635. expect(header.err).to.equal('Invalid argument type');
  636. done();
  637. });
  638. it('errors on invalid uri', function (done) {
  639. var credentials = {
  640. id: '123456',
  641. key: '2983d45yun89q',
  642. algorithm: 'sha256'
  643. };
  644. var header = Browser.client.header(4, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });
  645. expect(header.field).to.equal('');
  646. expect(header.err).to.equal('Invalid argument type');
  647. done();
  648. });
  649. it('errors on missing method', function (done) {
  650. var credentials = {
  651. id: '123456',
  652. key: '2983d45yun89q',
  653. algorithm: 'sha256'
  654. };
  655. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', '', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });
  656. expect(header.field).to.equal('');
  657. expect(header.err).to.equal('Invalid argument type');
  658. done();
  659. });
  660. it('errors on invalid method', function (done) {
  661. var credentials = {
  662. id: '123456',
  663. key: '2983d45yun89q',
  664. algorithm: 'sha256'
  665. };
  666. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 5, { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });
  667. expect(header.field).to.equal('');
  668. expect(header.err).to.equal('Invalid argument type');
  669. done();
  670. });
  671. it('errors on missing credentials', function (done) {
  672. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { ext: 'Bazinga!', timestamp: 1353809207 });
  673. expect(header.field).to.equal('');
  674. expect(header.err).to.equal('Invalid credentials object');
  675. done();
  676. });
  677. it('errors on invalid credentials (id)', function (done) {
  678. var credentials = {
  679. key: '2983d45yun89q',
  680. algorithm: 'sha256'
  681. };
  682. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
  683. expect(header.field).to.equal('');
  684. expect(header.err).to.equal('Invalid credentials object');
  685. done();
  686. });
  687. it('errors on invalid credentials (key)', function (done) {
  688. var credentials = {
  689. id: '123456',
  690. algorithm: 'sha256'
  691. };
  692. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
  693. expect(header.field).to.equal('');
  694. expect(header.err).to.equal('Invalid credentials object');
  695. done();
  696. });
  697. it('errors on invalid algorithm', function (done) {
  698. var credentials = {
  699. id: '123456',
  700. key: '2983d45yun89q',
  701. algorithm: 'hmac-sha-0'
  702. };
  703. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 });
  704. expect(header.field).to.equal('');
  705. expect(header.err).to.equal('Unknown algorithm');
  706. done();
  707. });
  708. it('uses a pre-calculated payload hash', function (done) {
  709. var credentials = {
  710. id: '123456',
  711. key: '2983d45yun89q',
  712. algorithm: 'sha256'
  713. };
  714. var options = { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' };
  715. options.hash = Browser.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType);
  716. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', options).field;
  717. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
  718. done();
  719. });
  720. });
  721. describe('authenticate()', function () {
  722. it('skips tsm validation when missing ts', function (done) {
  723. var res = {
  724. headers: {
  725. 'www-authenticate': 'Hawk error="Stale timestamp"'
  726. },
  727. getResponseHeader: function (header) {
  728. return res.headers[header.toLowerCase()];
  729. }
  730. };
  731. var credentials = {
  732. id: '123456',
  733. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  734. algorithm: 'sha256',
  735. user: 'steve'
  736. };
  737. var artifacts = {
  738. ts: 1402135580,
  739. nonce: 'iBRB6t',
  740. method: 'GET',
  741. resource: '/resource/4?filter=a',
  742. host: 'example.com',
  743. port: '8080',
  744. ext: 'some-app-data'
  745. };
  746. expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);
  747. done();
  748. });
  749. it('returns false on invalid header', function (done) {
  750. var res = {
  751. headers: {
  752. 'server-authorization': 'Hawk mac="abc", bad="xyz"'
  753. },
  754. getResponseHeader: function (header) {
  755. return res.headers[header.toLowerCase()];
  756. }
  757. };
  758. expect(Browser.client.authenticate(res, {})).to.equal(false);
  759. done();
  760. });
  761. it('returns false on invalid mac', function (done) {
  762. var res = {
  763. headers: {
  764. 'content-type': 'text/plain',
  765. 'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
  766. },
  767. getResponseHeader: function (header) {
  768. return res.headers[header.toLowerCase()];
  769. }
  770. };
  771. var artifacts = {
  772. method: 'POST',
  773. host: 'example.com',
  774. port: '8080',
  775. resource: '/resource/4?filter=a',
  776. ts: '1362336900',
  777. nonce: 'eb5S_L',
  778. hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
  779. ext: 'some-app-data',
  780. app: undefined,
  781. dlg: undefined,
  782. mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
  783. id: '123456'
  784. };
  785. var credentials = {
  786. id: '123456',
  787. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  788. algorithm: 'sha256',
  789. user: 'steve'
  790. };
  791. expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(false);
  792. done();
  793. });
  794. it('returns true on ignoring hash', function (done) {
  795. var res = {
  796. headers: {
  797. 'content-type': 'text/plain',
  798. 'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
  799. },
  800. getResponseHeader: function (header) {
  801. return res.headers[header.toLowerCase()];
  802. }
  803. };
  804. var artifacts = {
  805. method: 'POST',
  806. host: 'example.com',
  807. port: '8080',
  808. resource: '/resource/4?filter=a',
  809. ts: '1362336900',
  810. nonce: 'eb5S_L',
  811. hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
  812. ext: 'some-app-data',
  813. app: undefined,
  814. dlg: undefined,
  815. mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
  816. id: '123456'
  817. };
  818. var credentials = {
  819. id: '123456',
  820. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  821. algorithm: 'sha256',
  822. user: 'steve'
  823. };
  824. expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);
  825. done();
  826. });
  827. it('errors on invalid WWW-Authenticate header format', function (done) {
  828. var res = {
  829. headers: {
  830. 'www-authenticate': 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"'
  831. },
  832. getResponseHeader: function (header) {
  833. return res.headers[header.toLowerCase()];
  834. }
  835. };
  836. expect(Browser.client.authenticate(res, {})).to.equal(false);
  837. done();
  838. });
  839. it('errors on invalid WWW-Authenticate header format', function (done) {
  840. var credentials = {
  841. id: '123456',
  842. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  843. algorithm: 'sha256',
  844. user: 'steve'
  845. };
  846. var res = {
  847. headers: {
  848. 'www-authenticate': 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"'
  849. },
  850. getResponseHeader: function (header) {
  851. return res.headers[header.toLowerCase()];
  852. }
  853. };
  854. expect(Browser.client.authenticate(res, credentials)).to.equal(false);
  855. done();
  856. });
  857. });
  858. describe('message()', function () {
  859. it('generates an authorization then successfully parse it', function (done) {
  860. credentialsFunc('123456', function (err, credentials1) {
  861. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
  862. expect(auth).to.exist();
  863. Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) {
  864. expect(err).to.not.exist();
  865. expect(credentials2.user).to.equal('steve');
  866. done();
  867. });
  868. });
  869. });
  870. it('generates an authorization using custom nonce/timestamp', function (done) {
  871. credentialsFunc('123456', function (err, credentials) {
  872. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials, nonce: 'abc123', timestamp: 1398536270957 });
  873. expect(auth).to.exist();
  874. expect(auth.nonce).to.equal('abc123');
  875. expect(auth.ts).to.equal(1398536270957);
  876. done();
  877. });
  878. });
  879. it('errors on missing host', function (done) {
  880. credentialsFunc('123456', function (err, credentials) {
  881. var auth = Browser.client.message(null, 8080, 'some message', { credentials: credentials });
  882. expect(auth).to.not.exist();
  883. done();
  884. });
  885. });
  886. it('errors on invalid host', function (done) {
  887. credentialsFunc('123456', function (err, credentials) {
  888. var auth = Browser.client.message(5, 8080, 'some message', { credentials: credentials });
  889. expect(auth).to.not.exist();
  890. done();
  891. });
  892. });
  893. it('errors on missing port', function (done) {
  894. credentialsFunc('123456', function (err, credentials) {
  895. var auth = Browser.client.message('example.com', 0, 'some message', { credentials: credentials });
  896. expect(auth).to.not.exist();
  897. done();
  898. });
  899. });
  900. it('errors on invalid port', function (done) {
  901. credentialsFunc('123456', function (err, credentials) {
  902. var auth = Browser.client.message('example.com', 'a', 'some message', { credentials: credentials });
  903. expect(auth).to.not.exist();
  904. done();
  905. });
  906. });
  907. it('errors on missing message', function (done) {
  908. credentialsFunc('123456', function (err, credentials) {
  909. var auth = Browser.client.message('example.com', 8080, undefined, { credentials: credentials });
  910. expect(auth).to.not.exist();
  911. done();
  912. });
  913. });
  914. it('errors on null message', function (done) {
  915. credentialsFunc('123456', function (err, credentials) {
  916. var auth = Browser.client.message('example.com', 8080, null, { credentials: credentials });
  917. expect(auth).to.not.exist();
  918. done();
  919. });
  920. });
  921. it('errors on invalid message', function (done) {
  922. credentialsFunc('123456', function (err, credentials) {
  923. var auth = Browser.client.message('example.com', 8080, 5, { credentials: credentials });
  924. expect(auth).to.not.exist();
  925. done();
  926. });
  927. });
  928. it('errors on missing credentials', function (done) {
  929. var auth = Browser.client.message('example.com', 8080, 'some message', {});
  930. expect(auth).to.not.exist();
  931. done();
  932. });
  933. it('errors on missing options', function (done) {
  934. var auth = Browser.client.message('example.com', 8080, 'some message');
  935. expect(auth).to.not.exist();
  936. done();
  937. });
  938. it('errors on invalid credentials (id)', function (done) {
  939. credentialsFunc('123456', function (err, credentials) {
  940. var creds = Hoek.clone(credentials);
  941. delete creds.id;
  942. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });
  943. expect(auth).to.not.exist();
  944. done();
  945. });
  946. });
  947. it('errors on invalid credentials (key)', function (done) {
  948. credentialsFunc('123456', function (err, credentials) {
  949. var creds = Hoek.clone(credentials);
  950. delete creds.key;
  951. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });
  952. expect(auth).to.not.exist();
  953. done();
  954. });
  955. });
  956. it('errors on invalid algorithm', function (done) {
  957. credentialsFunc('123456', function (err, credentials) {
  958. var creds = Hoek.clone(credentials);
  959. creds.algorithm = 'blah';
  960. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });
  961. expect(auth).to.not.exist();
  962. done();
  963. });
  964. });
  965. });
  966. describe('authenticateTimestamp()', function (done) {
  967. it('validates a timestamp', function (done) {
  968. credentialsFunc('123456', function (err, credentials) {
  969. var tsm = Hawk.crypto.timestampMessage(credentials);
  970. expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(true);
  971. done();
  972. });
  973. });
  974. it('validates a timestamp without updating local time', function (done) {
  975. credentialsFunc('123456', function (err, credentials) {
  976. var offset = Browser.utils.getNtpOffset();
  977. var tsm = Hawk.crypto.timestampMessage(credentials, 10000);
  978. expect(Browser.client.authenticateTimestamp(tsm, credentials, false)).to.equal(true);
  979. expect(offset).to.equal(Browser.utils.getNtpOffset());
  980. done();
  981. });
  982. });
  983. it('detects a bad timestamp', function (done) {
  984. credentialsFunc('123456', function (err, credentials) {
  985. var tsm = Hawk.crypto.timestampMessage(credentials);
  986. tsm.ts = 4;
  987. expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(false);
  988. done();
  989. });
  990. });
  991. });
  992. });
  993. describe('internals', function () {
  994. describe('LocalStorage', function () {
  995. it('goes through the full lifecycle', function (done) {
  996. var storage = new Browser.internals.LocalStorage();
  997. expect(storage.length).to.equal(0);
  998. expect(storage.getItem('a')).to.equal(null);
  999. storage.setItem('a', 5);
  1000. expect(storage.length).to.equal(1);
  1001. expect(storage.key()).to.equal('a');
  1002. expect(storage.key(0)).to.equal('a');
  1003. expect(storage.getItem('a')).to.equal('5');
  1004. storage.setItem('b', 'test');
  1005. expect(storage.key()).to.equal('a');
  1006. expect(storage.key(0)).to.equal('a');
  1007. expect(storage.key(1)).to.equal('b');
  1008. expect(storage.length).to.equal(2);
  1009. expect(storage.getItem('b')).to.equal('test');
  1010. storage.removeItem('a');
  1011. expect(storage.length).to.equal(1);
  1012. expect(storage.getItem('a')).to.equal(null);
  1013. expect(storage.getItem('b')).to.equal('test');
  1014. storage.clear();
  1015. expect(storage.length).to.equal(0);
  1016. expect(storage.getItem('a')).to.equal(null);
  1017. expect(storage.getItem('b')).to.equal(null);
  1018. done();
  1019. });
  1020. });
  1021. });
  1022. describe('utils', function () {
  1023. describe('setStorage()', function () {
  1024. it('sets storage for the first time', function (done) {
  1025. Browser.utils.storage = new Browser.internals.LocalStorage(); // Reset state
  1026. expect(Browser.utils.storage.getItem('hawk_ntp_offset')).to.not.exist();
  1027. Browser.utils.storage.setItem('test', '1');
  1028. Browser.utils.setStorage(new Browser.internals.LocalStorage());
  1029. expect(Browser.utils.storage.getItem('test')).to.not.exist();
  1030. Browser.utils.storage.setItem('test', '2');
  1031. expect(Browser.utils.storage.getItem('test')).to.equal('2');
  1032. done();
  1033. });
  1034. });
  1035. describe('setNtpOffset()', function (done) {
  1036. it('catches localStorage errors', { parallel: false }, function (done) {
  1037. var orig = Browser.utils.storage.setItem;
  1038. var consoleOrig = console.error;
  1039. var count = 0;
  1040. console.error = function () {
  1041. if (count++ === 2) {
  1042. console.error = consoleOrig;
  1043. }
  1044. };
  1045. Browser.utils.storage.setItem = function () {
  1046. Browser.utils.storage.setItem = orig;
  1047. throw new Error();
  1048. };
  1049. expect(function () {
  1050. Browser.utils.setNtpOffset(100);
  1051. }).not.to.throw();
  1052. done();
  1053. });
  1054. });
  1055. describe('parseAuthorizationHeader()', function (done) {
  1056. it('returns null on missing header', function (done) {
  1057. expect(Browser.utils.parseAuthorizationHeader()).to.equal(null);
  1058. done();
  1059. });
  1060. it('returns null on bad header syntax (structure)', function (done) {
  1061. expect(Browser.utils.parseAuthorizationHeader('Hawk')).to.equal(null);
  1062. done();
  1063. });
  1064. it('returns null on bad header syntax (parts)', function (done) {
  1065. expect(Browser.utils.parseAuthorizationHeader(' ')).to.equal(null);
  1066. done();
  1067. });
  1068. it('returns null on bad scheme name', function (done) {
  1069. expect(Browser.utils.parseAuthorizationHeader('Basic asdasd')).to.equal(null);
  1070. done();
  1071. });
  1072. it('returns null on bad attribute value', function (done) {
  1073. expect(Browser.utils.parseAuthorizationHeader('Hawk test="\t"', ['test'])).to.equal(null);
  1074. done();
  1075. });
  1076. it('returns null on duplicated attribute', function (done) {
  1077. expect(Browser.utils.parseAuthorizationHeader('Hawk test="a", test="b"', ['test'])).to.equal(null);
  1078. done();
  1079. });
  1080. });
  1081. describe('parseUri()', function () {
  1082. it('returns empty object on invalid', function (done) {
  1083. var uri = Browser.utils.parseUri('ftp');
  1084. expect(uri).to.deep.equal({ host: '', port: '', resource: '' });
  1085. done();
  1086. });
  1087. it('returns empty port when unknown scheme', function (done) {
  1088. var uri = Browser.utils.parseUri('ftp://example.com');
  1089. expect(uri.port).to.equal('');
  1090. done();
  1091. });
  1092. it('returns default port when missing', function (done) {
  1093. var uri = Browser.utils.parseUri('http://example.com');
  1094. expect(uri.port).to.equal('80');
  1095. done();
  1096. });
  1097. it('handles unusual characters correctly', function (done) {
  1098. var parts = {
  1099. protocol: 'http+vnd.my-extension',
  1100. user: 'user!$&\'()*+,;=%40my-domain.com',
  1101. password: 'pass!$&\'()*+,;=%40:word',
  1102. hostname: 'foo-bar.com',
  1103. port: '99',
  1104. pathname: '/path/%40/!$&\'()*+,;=:@/',
  1105. query: 'query%40/!$&\'()*+,;=:@/?',
  1106. fragment: 'fragm%40/!$&\'()*+,;=:@/?'
  1107. };
  1108. parts.userInfo = parts.user + ':' + parts.password;
  1109. parts.authority = parts.userInfo + '@' + parts.hostname + ':' + parts.port;
  1110. parts.relative = parts.pathname + '?' + parts.query;
  1111. parts.resource = parts.relative + '#' + parts.fragment;
  1112. parts.source = parts.protocol + '://' + parts.authority + parts.resource;
  1113. var uri = Browser.utils.parseUri(parts.source);
  1114. expect(uri.host).to.equal('foo-bar.com');
  1115. expect(uri.port).to.equal('99');
  1116. expect(uri.resource).to.equal(parts.pathname + '?' + parts.query);
  1117. done();
  1118. });
  1119. });
  1120. var str = 'https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=url';
  1121. var base64str = 'aHR0cHM6Ly93d3cuZ29vZ2xlLmNhL3dlYmhwP3NvdXJjZWlkPWNocm9tZS1pbnN0YW50Jmlvbj0xJmVzcHY9MiZpZT1VVEYtOCNxPXVybA';
  1122. describe('base64urlEncode()', function () {
  1123. it('should base64 URL-safe decode a string', function (done) {
  1124. expect(Browser.utils.base64urlEncode(str)).to.equal(base64str);
  1125. done();
  1126. });
  1127. });
  1128. });
  1129. });