Граф коммитов

386 Коммитов

Автор SHA1 Сообщение Дата
Yarik 6096dadcca
Merge pull request #294 from mozilla/revert-290-sec-fix-payload-verification
Revert "Security fix"
2024-04-02 16:31:49 +02:00
Yarik 0388a5d1bf
Revert "Security fix" 2024-04-02 16:26:00 +02:00
Yarik 01f3d35479
Merge pull request #292 from mozilla/chore/codeql-v2
Migrate CodeQL to V2
2023-07-10 13:04:53 +02:00
Yaraslau Kurmyza bbf6563385
Migrate CodeQL to V2
V1 was deprecated: https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
2023-07-10 10:25:39 +02:00
Yarik b175ee27e4
Merge pull request #290 from chrisdlangton/sec-fix-payload-verification
Security fix
2023-07-10 10:24:10 +02:00
Yarik 8a344af0b4
Apply suggestions from code review 2023-07-07 13:37:35 +02:00
Yarik fe746ef1e5
Merge pull request #291 from thusoy/mac-before-expiry
Validate bewit MAC before expiry
2023-06-15 19:30:34 +02:00
Tarjei Husøy 85f525a3f3
Validate MAC before expiry
Checking expiry before validating the MAC means that we are passing
untrusted values into parseInt, which might have unintended
consequences (also consider other languages that copy the algorithm
here since this is the reference implementation). This is only done
in the wrong order for bewit validation, regular header auth already
checks the MAC first.

Had to update the other expiry test since it apparently didn't have a
valid MAC.
2023-06-14 15:04:15 +02:00
chris adeb7e7e2a
feat(crypto)!: Deprecate calculateMac replaced by calculateServerMac or generateRequestMac 2023-06-10 23:08:05 +10:00
Yaraslau Kurmyza f1426e4712
Fix host parsing 2022-05-03 18:14:53 +02:00
Matt Boris d10d72ca82
Merge pull request #286 from lotas/regex-exploit-fix
Parse URLs using stdlib
2022-05-03 11:11:35 -04:00
Yaraslau Kurmyza ade134119b
Parse URLs using stdlib 2022-05-02 18:55:21 +02:00
Dustin J. Mitchell aa5e09e8e2 9.0.0 2020-12-11 17:30:38 +00:00
Dustin J. Mitchell c61eeddb2a
Merge pull request #279 from mozilla/remove-browser
Remove remnants of the browser-specific version
2020-12-11 12:28:52 -05:00
Dustin J. Mitchell 0b684f4368 Remove remnants of the browser-specific version
Users of this library in a browser are expected to build it with
webpack, and that has been the case since 7.1.0 (mozilla/hawk#253).
2020-12-08 22:13:03 +00:00
Dustin J. Mitchell 09d27b099e
Merge pull request #277 from mozilla/issue276
Do not require @hapi/sntp anymore
2020-11-02 11:43:29 -05:00
Dustin J. Mitchell 51c08e2a57 Do not require @hapi/sntp anymore
This removes a Node-specific dependency from the packge, allowing its
use in a browser context (via webpack or the like).

This is a breaking change for users of SNTP, but the change is
straightforward.  For those using this functionality, note that
@hapi/sntp is no longer maintained.
2020-10-28 18:44:02 +00:00
Dustin J. Mitchell cf105e0a56 fix require() in API.js 2020-10-23 16:30:45 +00:00
Dustin J. Mitchell 58ba9c867d
Merge pull request #275 from mozilla/issue272
remove Hapi plugin
2020-10-23 09:58:34 -04:00
Dustin J. Mitchell 86d68ecbe0 remove Hapi plugin 2020-10-22 22:28:21 +00:00
Dustin J. Mitchell 764c97ee89 8.0.1 2020-10-22 22:18:32 +00:00
Dustin J. Mitchell 2621007b1a some history 2020-10-22 22:17:32 +00:00
Dustin J. Mitchell 866e8cb77f
Merge pull request #274 from mozilla/issue273
switch from Travis-CI to Taskcluster (and drop multiple HAPI checks)
2020-10-22 18:08:34 -04:00
Dustin J. Mitchell 4772624a7d switch from Travis-CI to Taskcluster (and drop multiple HAPI version checks) 2020-10-22 22:07:48 +00:00
Dustin J. Mitchell 668dd86a8f add repo files (fixes #271) 2020-10-22 21:40:06 +00:00
Dustin J. Mitchell 71668bcddc link to API in README 2020-10-22 20:56:13 +00:00
Dustin J. Mitchell ae552b5698
Create codeql-analysis.yml 2020-10-22 16:41:03 -04:00
Eran Hammer 791b5814e7
Update package.json 2020-10-22 12:47:05 -07:00
Eran Hammer d1f3f59b71
Update README.md 2020-10-22 12:26:58 -07:00
Eran Hammer 1e4d7f0b97 8.0.0 2020-01-09 21:30:07 -08:00
Eran Hammer dd54922ce4 Update deps. Closes #267. Closes #268 2020-01-09 21:30:00 -08:00
Eran Hammer bbd672b0a5
Merge pull request #266 from nwhitmont/master
Add link to changelog in README
2020-01-05 12:18:58 -08:00
nwhitmont ae9d31c561
add link to changelog 2020-01-03 16:24:22 -08:00
nwhitmont 8a4110edd3
delete changelog 2020-01-03 16:23:56 -08:00
Eran Hammer ea45382153
Merge pull request #263 from jarrodyellets/master
Update README to new template
2019-10-08 18:49:30 -07:00
Jarrod Yellets 0605ba1667
Update README to new template 2019-10-07 09:42:48 +02:00
Nicolas Morel f9012b9585
Merge pull request #262 from jarrodyellets/master
Move Readme to API
2019-09-26 14:23:07 +02:00
jarrodyellets fbf2463270 Move Readme to API 2019-09-26 13:59:16 +02:00
Eran Hammer 2de3ad8a0d
Update README.md 2019-09-17 12:13:09 -07:00
Eran Hammer fe970646a4
Closes #152 2019-09-17 01:41:04 -07:00
Eran Hammer 95b4263604 7.1.2 2019-09-14 23:04:06 -07:00
Eran Hammer c52428a961 For #258 2019-09-14 23:04:02 -07:00
Eran Hammer 61458a5049
Merge pull request #258 from salarelv/master
Checks correctly routes auth strategy
2019-09-14 23:03:02 -07:00
Eran Hammer f455587c08 7.1.1 2019-08-15 06:54:19 +00:00
Eran Hammer 52a8dd8b44 Update deps. Closes #261 2019-08-15 06:54:16 +00:00
salarelv 0d93c8cf61
Update lib/plugin.js
Co-Authored-By: devin ivy <devin@bigroomstudios.com>
2019-07-04 08:41:31 +03:00
salarelv 8f9d56b203
Checks correctly routes auth strategy
When setting the default auth strategy hawk didn't respect that and crashed with: TypeError: Cannot read property 'payload' of undefined
2019-07-04 00:22:00 +03:00
Eran Hammer 39797fc54e
Update .travis.yml 2019-04-24 23:21:07 -07:00
Eran Hammer 3e8ae0096e
Update README.md 2019-04-24 20:09:29 -07:00
Eran Hammer eca9781360
Update README.md 2019-04-24 20:07:12 -07:00