mozilla
/
hawk
зеркало из https://github.com/mozilla/hawk.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge branch 'master' of github.com:hueniverse/hawk

This commit is contained in:
Eran Hammer 2016-09-03 22:51:23 -07:00
Родитель 7d4d063047 a81a32c0f6
Коммит ac91522786
2 изменённых файлов: 16 добавлений и 262 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

15
test/client.js
Просмотреть файл

@ -495,7 +495,20 @@ describe('Client', () => {
algorithm: 'sha1'
};
const auth = Hawk.client.message('example.com', 0, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
const auth = Hawk.client.message(undefined, 0, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
expect(auth).to.not.exist();
done();
});
it('errors on missing port', (done) => {
const credentials = {
id: '123456',
key: '2983d45yun89q',
algorithm: 'sha1'
};
const auth = Hawk.client.message('example.com', undefined, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
expect(auth).to.not.exist();
done();
});

263
test/uri.js
Просмотреть файл

@ -175,7 +175,7 @@ describe('Uri', () => {
const exp = Math.floor(Hawk.utils.now() / 1000) + 60;
const ext = 'some-app-data';
const mac = Hawk.crypto.calculateMac('bewit', credentials1, {
timestamp: exp,
ts: exp,
nonce: '',
method: req.method,
resource: req.url,
@ -438,7 +438,7 @@ describe('Uri', () => {
});
});
it('should fail on expired access', (done) => {
it('should fail on invalid credentials function response (bad mac)', (done) => {
const req = {
method: 'GET',
@ -596,264 +596,5 @@ describe('Uri', () => {
done();
});
});
describe('authenticateMessage()', () => {
it('should generate an authorization then successfully parse it', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, (err, credentials2) => {
expect(err).to.not.exist();
expect(credentials2.user).to.equal('steve');
done();
});
});
});
it('should fail authorization on mismatching host', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
Hawk.server.authenticateMessage('example1.com', 8080, 'some message', auth, credentialsFunc, {}, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('Bad mac');
done();
});
});
});
it('should fail authorization on stale timestamp', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { localtimeOffsetMsec: 100000 }, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('Stale timestamp');
done();
});
});
});
it('overrides timestampSkewSec', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1, localtimeOffsetMsec: 100000 });
expect(auth).to.exist();
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, { timestampSkewSec: 500 }, (err, credentials2) => {
expect(err).to.not.exist();
done();
});
});
});
it('should fail authorization on invalid authorization', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
delete auth.id;
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('Invalid authorization');
done();
});
});
});
it('should fail authorization on bad hash', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
Hawk.server.authenticateMessage('example.com', 8080, 'some message1', auth, credentialsFunc, {}, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('Bad message hash');
done();
});
});
});
it('should fail authorization on nonce error', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {
nonceFunc: function (key, nonce, ts, callback) {
callback(new Error('kaboom'));
}
}, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('Invalid nonce');
done();
});
});
});
it('should fail authorization on credentials error', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
const errFunc = function (id, callback) {
callback(new Error('kablooey'));
};
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('kablooey');
done();
});
});
});
it('should fail authorization on missing credentials', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
const errFunc = function (id, callback) {
callback();
};
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('Unknown credentials');
done();
});
});
});
it('should fail authorization on invalid credentials', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
const errFunc = function (id, callback) {
callback(null, {});
};
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('Invalid credentials');
done();
});
});
});
it('should fail authorization on invalid credentials algorithm', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
expect(auth).to.exist();
const errFunc = function (id, callback) {
callback(null, { key: '123', algorithm: '456' });
};
Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, errFunc, {}, (err, credentials2) => {
expect(err).to.exist();
expect(err.message).to.equal('Unknown algorithm');
done();
});
});
});
it('should fail on missing host', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const auth = Hawk.client.message(null, 8080, 'some message', { credentials: credentials1 });
expect(auth).to.not.exist();
done();
});
});
it('should fail on missing credentials', (done) => {
const auth = Hawk.client.message('example.com', 8080, 'some message', {});
expect(auth).to.not.exist();
done();
});
it('should fail on invalid algorithm', (done) => {
credentialsFunc('123456', (err, credentials1) => {
expect(err).to.not.exist();
const creds = Hoek.clone(credentials1);
creds.algorithm = 'blah';
const auth = Hawk.client.message('example.com', 8080, 'some message', { credentials: creds });
expect(auth).to.not.exist();
done();
});
});
});
});