react / wstein / node_modules / jest-cli / node_modules / jsdom / node_modules / request / node_modules / hawk / test / browser.js
81146 views// Load modules12var Url = require('url');3var Code = require('code');4var Hawk = require('../lib');5var Hoek = require('hoek');6var Lab = require('lab');7var Browser = require('../lib/browser');8910// Declare internals1112var internals = {};131415// Test shortcuts1617var lab = exports.lab = Lab.script();18var describe = lab.experiment;19var it = lab.test;20var expect = Code.expect;212223describe('Browser', function () {2425var credentialsFunc = function (id, callback) {2627var credentials = {28id: id,29key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',30algorithm: (id === '1' ? 'sha1' : 'sha256'),31user: 'steve'32};3334return callback(null, credentials);35};3637it('should generate a bewit then successfully authenticate it', function (done) {3839var req = {40method: 'GET',41url: '/resource/4?a=1&b=2',42host: 'example.com',43port: 8044};4546credentialsFunc('123456', function (err, credentials) {4748var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials, ttlSec: 60 * 60 * 24 * 365 * 100, ext: 'some-app-data' });49req.url += '&bewit=' + bewit;5051Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {5253expect(err).to.not.exist();54expect(credentials.user).to.equal('steve');55expect(attributes.ext).to.equal('some-app-data');56done();57});58});59});6061it('should generate a bewit then successfully authenticate it (no ext)', function (done) {6263var req = {64method: 'GET',65url: '/resource/4?a=1&b=2',66host: 'example.com',67port: 8068};6970credentialsFunc('123456', function (err, credentials) {7172var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials, ttlSec: 60 * 60 * 24 * 365 * 100 });73req.url += '&bewit=' + bewit;7475Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {7677expect(err).to.not.exist();78expect(credentials.user).to.equal('steve');79done();80});81});82});8384describe('#bewit', function () {8586it('returns a valid bewit value', function (done) {8788var credentials = {89id: '123456',90key: '2983d45yun89q',91algorithm: 'sha256'92};9394var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });95expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6');96done();97});9899it('returns a valid bewit value (explicit HTTP port)', function (done) {100101var credentials = {102id: '123456',103key: '2983d45yun89q',104algorithm: 'sha256'105};106107var bewit = Browser.client.bewit('http://example.com:8080/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });108expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcaFpiSjNQMmNLRW80a3kwQzhqa1pBa1J5Q1p1ZWc0V1NOYnhWN3ZxM3hIVT1ceGFuZHlhbmR6');109done();110});111112it('returns a valid bewit value (explicit HTTPS port)', function (done) {113114var credentials = {115id: '123456',116key: '2983d45yun89q',117algorithm: 'sha256'118};119120var bewit = Browser.client.bewit('https://example.com:8043/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });121expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcL2t4UjhwK0xSaTdvQTRnUXc3cWlxa3BiVHRKYkR4OEtRMC9HRUwvVytTUT1ceGFuZHlhbmR6');122done();123});124125it('returns a valid bewit value (null ext)', function (done) {126127var credentials = {128id: '123456',129key: '2983d45yun89q',130algorithm: 'sha256'131};132133var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: null });134expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcSUdZbUxnSXFMckNlOEN4dktQczRKbFdJQStValdKSm91d2dBUmlWaENBZz1c');135done();136});137138it('errors on invalid options', function (done) {139140var credentials = {141id: '123456',142key: '2983d45yun89q',143algorithm: 'sha256'144};145146var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', 4);147expect(bewit).to.equal('');148done();149});150151it('errors on missing uri', function (done) {152153var credentials = {154id: '123456',155key: '2983d45yun89q',156algorithm: 'sha256'157};158159var bewit = Browser.client.bewit('', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });160expect(bewit).to.equal('');161done();162});163164it('errors on invalid uri', function (done) {165166var credentials = {167id: '123456',168key: '2983d45yun89q',169algorithm: 'sha256'170};171172var bewit = Browser.client.bewit(5, { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });173expect(bewit).to.equal('');174done();175});176177it('errors on invalid credentials (id)', function (done) {178179var credentials = {180key: '2983d45yun89q',181algorithm: 'sha256'182};183184var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });185expect(bewit).to.equal('');186done();187});188189it('errors on missing credentials', function (done) {190191var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { ttlSec: 3000, ext: 'xandyandz' });192expect(bewit).to.equal('');193done();194});195196it('errors on invalid credentials (key)', function (done) {197198var credentials = {199id: '123456',200algorithm: 'sha256'201};202203var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });204expect(bewit).to.equal('');205done();206});207208it('errors on invalid algorithm', function (done) {209210var credentials = {211id: '123456',212key: '2983d45yun89q',213algorithm: 'hmac-sha-0'214};215216var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, ext: 'xandyandz' });217expect(bewit).to.equal('');218done();219});220221it('errors on missing options', function (done) {222223var credentials = {224id: '123456',225key: '2983d45yun89q',226algorithm: 'hmac-sha-0'227};228229var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow');230expect(bewit).to.equal('');231done();232});233});234235it('generates a header then successfully parse it (configuration)', function (done) {236237var req = {238method: 'GET',239url: '/resource/4?filter=a',240host: 'example.com',241port: 8080242};243244credentialsFunc('123456', function (err, credentials) {245246req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;247expect(req.authorization).to.exist();248249Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {250251expect(err).to.not.exist();252expect(credentials.user).to.equal('steve');253expect(artifacts.ext).to.equal('some-app-data');254done();255});256});257});258259it('generates a header then successfully parse it (node request)', function (done) {260261var req = {262method: 'POST',263url: '/resource/4?filter=a',264headers: {265host: 'example.com:8080',266'content-type': 'text/plain;x=y'267}268};269270var payload = 'some not so random text';271272credentialsFunc('123456', function (err, credentials) {273274var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });275req.headers.authorization = reqHeader.field;276277Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {278279expect(err).to.not.exist();280expect(credentials.user).to.equal('steve');281expect(artifacts.ext).to.equal('some-app-data');282expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);283284var res = {285headers: {286'content-type': 'text/plain'287},288getResponseHeader: function (header) {289290return res.headers[header.toLowerCase()];291}292};293294res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });295expect(res.headers['server-authorization']).to.exist();296297expect(Browser.client.authenticate(res, credentials, artifacts, { payload: 'some reply' })).to.equal(true);298done();299});300});301});302303it('generates a header then successfully parse it (browserify)', function (done) {304305var req = {306method: 'POST',307url: '/resource/4?filter=a',308headers: {309host: 'example.com:8080',310'content-type': 'text/plain;x=y'311}312};313314var payload = 'some not so random text';315316credentialsFunc('123456', function (err, credentials) {317318var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });319req.headers.authorization = reqHeader.field;320321Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {322323expect(err).to.not.exist();324expect(credentials.user).to.equal('steve');325expect(artifacts.ext).to.equal('some-app-data');326expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);327328var res = {329headers: {330'content-type': 'text/plain'331},332getHeader: function (header) {333334return res.headers[header.toLowerCase()];335}336};337338res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });339expect(res.headers['server-authorization']).to.exist();340341expect(Browser.client.authenticate(res, credentials, artifacts, { payload: 'some reply' })).to.equal(true);342done();343});344});345});346347it('generates a header then successfully parse it (time offset)', function (done) {348349var req = {350method: 'GET',351url: '/resource/4?filter=a',352host: 'example.com',353port: 8080354};355356credentialsFunc('123456', function (err, credentials) {357358req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', localtimeOffsetMsec: 100000 }).field;359expect(req.authorization).to.exist();360361Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 100000 }, function (err, credentials, artifacts) {362363expect(err).to.not.exist();364expect(credentials.user).to.equal('steve');365expect(artifacts.ext).to.equal('some-app-data');366done();367});368});369});370371it('generates a header then successfully parse it (no server header options)', function (done) {372373var req = {374method: 'POST',375url: '/resource/4?filter=a',376headers: {377host: 'example.com:8080',378'content-type': 'text/plain;x=y'379}380};381382var payload = 'some not so random text';383384credentialsFunc('123456', function (err, credentials) {385386var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });387req.headers.authorization = reqHeader.field;388389Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {390391expect(err).to.not.exist();392expect(credentials.user).to.equal('steve');393expect(artifacts.ext).to.equal('some-app-data');394expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);395396var res = {397headers: {398'content-type': 'text/plain'399},400getResponseHeader: function (header) {401402return res.headers[header.toLowerCase()];403}404};405406res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts);407expect(res.headers['server-authorization']).to.exist();408409expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);410done();411});412});413});414415it('generates a header then successfully parse it (no server header)', function (done) {416417var req = {418method: 'POST',419url: '/resource/4?filter=a',420headers: {421host: 'example.com:8080',422'content-type': 'text/plain;x=y'423}424};425426var payload = 'some not so random text';427428credentialsFunc('123456', function (err, credentials) {429430var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });431req.headers.authorization = reqHeader.field;432433Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {434435expect(err).to.not.exist();436expect(credentials.user).to.equal('steve');437expect(artifacts.ext).to.equal('some-app-data');438expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);439440var res = {441headers: {442'content-type': 'text/plain'443},444getResponseHeader: function (header) {445446return res.headers[header.toLowerCase()];447}448};449450expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);451done();452});453});454});455456it('generates a header with stale ts and successfully authenticate on second call', function (done) {457458var req = {459method: 'GET',460url: '/resource/4?filter=a',461host: 'example.com',462port: 8080463};464465credentialsFunc('123456', function (err, credentials) {466467Browser.utils.setNtpOffset(60 * 60 * 1000);468var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' });469req.authorization = header.field;470expect(req.authorization).to.exist();471472Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {473474expect(err).to.exist();475expect(err.message).to.equal('Stale timestamp');476477var res = {478headers: {479'www-authenticate': err.output.headers['WWW-Authenticate']480},481getResponseHeader: function (header) {482483return res.headers[header.toLowerCase()];484}485};486487expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);488expect(Browser.client.authenticate(res, credentials, header.artifacts)).to.equal(true);489expect(Browser.utils.getNtpOffset()).to.equal(0);490491req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;492expect(req.authorization).to.exist();493494Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {495496expect(err).to.not.exist();497expect(credentials.user).to.equal('steve');498expect(artifacts.ext).to.equal('some-app-data');499done();500});501});502});503});504505it('generates a header with stale ts and successfully authenticate on second call (manual localStorage)', function (done) {506507var req = {508method: 'GET',509url: '/resource/4?filter=a',510host: 'example.com',511port: 8080512};513514credentialsFunc('123456', function (err, credentials) {515516var localStorage = new Browser.internals.LocalStorage();517518Browser.utils.setStorage(localStorage)519520Browser.utils.setNtpOffset(60 * 60 * 1000);521var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' });522req.authorization = header.field;523expect(req.authorization).to.exist();524525Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {526527expect(err).to.exist();528expect(err.message).to.equal('Stale timestamp');529530var res = {531headers: {532'www-authenticate': err.output.headers['WWW-Authenticate']533},534getResponseHeader: function (header) {535536return res.headers[header.toLowerCase()];537}538};539540expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(60 * 60 * 1000);541expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);542expect(Browser.client.authenticate(res, credentials, header.artifacts)).to.equal(true);543expect(Browser.utils.getNtpOffset()).to.equal(0);544expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(0);545546req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;547expect(req.authorization).to.exist();548549Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {550551expect(err).to.not.exist();552expect(credentials.user).to.equal('steve');553expect(artifacts.ext).to.equal('some-app-data');554done();555});556});557});558});559560it('generates a header then fails to parse it (missing server header hash)', function (done) {561562var req = {563method: 'POST',564url: '/resource/4?filter=a',565headers: {566host: 'example.com:8080',567'content-type': 'text/plain;x=y'568}569};570571var payload = 'some not so random text';572573credentialsFunc('123456', function (err, credentials) {574575var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });576req.headers.authorization = reqHeader.field;577578Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {579580expect(err).to.not.exist();581expect(credentials.user).to.equal('steve');582expect(artifacts.ext).to.equal('some-app-data');583expect(Hawk.server.authenticatePayload(payload, credentials, artifacts, req.headers['content-type'])).to.equal(true);584585var res = {586headers: {587'content-type': 'text/plain'588},589getResponseHeader: function (header) {590591return res.headers[header.toLowerCase()];592}593};594595res.headers['server-authorization'] = Hawk.server.header(credentials, artifacts);596expect(res.headers['server-authorization']).to.exist();597598expect(Browser.client.authenticate(res, credentials, artifacts, { payload: 'some reply' })).to.equal(false);599done();600});601});602});603604it('generates a header then successfully parse it (with hash)', function (done) {605606var req = {607method: 'GET',608url: '/resource/4?filter=a',609host: 'example.com',610port: 8080611};612613credentialsFunc('123456', function (err, credentials) {614615req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;616Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {617618expect(err).to.not.exist();619expect(credentials.user).to.equal('steve');620expect(artifacts.ext).to.equal('some-app-data');621done();622});623});624});625626it('generates a header then successfully parse it then validate payload', function (done) {627628var req = {629method: 'GET',630url: '/resource/4?filter=a',631host: 'example.com',632port: 8080633};634635credentialsFunc('123456', function (err, credentials) {636637req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;638Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {639640expect(err).to.not.exist();641expect(credentials.user).to.equal('steve');642expect(artifacts.ext).to.equal('some-app-data');643expect(Hawk.server.authenticatePayload('hola!', credentials, artifacts)).to.be.true();644expect(Hawk.server.authenticatePayload('hello!', credentials, artifacts)).to.be.false();645done();646});647});648});649650it('generates a header then successfully parse it (app)', function (done) {651652var req = {653method: 'GET',654url: '/resource/4?filter=a',655host: 'example.com',656port: 8080657};658659credentialsFunc('123456', function (err, credentials) {660661req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', app: 'asd23ased' }).field;662Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {663664expect(err).to.not.exist();665expect(credentials.user).to.equal('steve');666expect(artifacts.ext).to.equal('some-app-data');667expect(artifacts.app).to.equal('asd23ased');668done();669});670});671});672673it('generates a header then successfully parse it (app, dlg)', function (done) {674675var req = {676method: 'GET',677url: '/resource/4?filter=a',678host: 'example.com',679port: 8080680};681682credentialsFunc('123456', function (err, credentials) {683684req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' }).field;685Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {686687expect(err).to.not.exist();688expect(credentials.user).to.equal('steve');689expect(artifacts.ext).to.equal('some-app-data');690expect(artifacts.app).to.equal('asd23ased');691expect(artifacts.dlg).to.equal('23434szr3q4d');692done();693});694});695});696697it('generates a header then fail authentication due to bad hash', function (done) {698699var req = {700method: 'GET',701url: '/resource/4?filter=a',702host: 'example.com',703port: 8080704};705706credentialsFunc('123456', function (err, credentials) {707708req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' }).field;709Hawk.server.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials, artifacts) {710711expect(err).to.exist();712expect(err.output.payload.message).to.equal('Bad payload hash');713done();714});715});716});717718it('generates a header for one resource then fail to authenticate another', function (done) {719720var req = {721method: 'GET',722url: '/resource/4?filter=a',723host: 'example.com',724port: 8080725};726727credentialsFunc('123456', function (err, credentials) {728729req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' }).field;730req.url = '/something/else';731732Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {733734expect(err).to.exist();735expect(credentials).to.exist();736done();737});738});739});740741describe('client', function () {742743describe('#header', function () {744745it('returns a valid authorization header (sha1)', function (done) {746747var credentials = {748id: '123456',749key: '2983d45yun89q',750algorithm: 'sha1'751};752753var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;754expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');755done();756});757758it('returns a valid authorization header (sha256)', function (done) {759760var credentials = {761id: '123456',762key: '2983d45yun89q',763algorithm: 'sha256'764};765766var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;767expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');768done();769});770771it('returns a valid authorization header (empty payload)', function (done) {772773var credentials = {774id: '123456',775key: '2983d45yun89q',776algorithm: 'sha1'777};778779var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: '' }).field;780expect(header).to.equal('Hawk id=\"123456\", ts=\"1353809207\", nonce=\"Ygvqdz\", hash=\"404ghL7K+hfyhByKKejFBRGgTjU=\", ext=\"Bazinga!\", mac=\"Bh1sj1DOfFRWOdi3ww52nLCJdBE=\"');781done();782});783784it('returns a valid authorization header (no ext)', function (done) {785786var credentials = {787id: '123456',788key: '2983d45yun89q',789algorithm: 'sha256'790};791792var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;793expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');794done();795});796797it('returns a valid authorization header (null ext)', function (done) {798799var credentials = {800id: '123456',801key: '2983d45yun89q',802algorithm: 'sha256'803};804805var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain', ext: null }).field;806expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');807done();808});809810it('returns a valid authorization header (uri object)', function (done) {811812var credentials = {813id: '123456',814key: '2983d45yun89q',815algorithm: 'sha256'816};817818var uri = Browser.utils.parseUri('https://example.net/somewhere/over/the/rainbow');819var header = Browser.client.header(uri, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;820expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');821done();822});823824it('errors on missing options', function (done) {825826var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST');827expect(header.field).to.equal('');828expect(header.err).to.equal('Invalid argument type');829done();830});831832it('errors on empty uri', function (done) {833834var credentials = {835id: '123456',836key: '2983d45yun89q',837algorithm: 'sha256'838};839840var header = Browser.client.header('', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });841expect(header.field).to.equal('');842expect(header.err).to.equal('Invalid argument type');843done();844});845846it('errors on invalid uri', function (done) {847848var credentials = {849id: '123456',850key: '2983d45yun89q',851algorithm: 'sha256'852};853854var header = Browser.client.header(4, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });855expect(header.field).to.equal('');856expect(header.err).to.equal('Invalid argument type');857done();858});859860it('errors on missing method', function (done) {861862var credentials = {863id: '123456',864key: '2983d45yun89q',865algorithm: 'sha256'866};867868var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', '', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });869expect(header.field).to.equal('');870expect(header.err).to.equal('Invalid argument type');871done();872});873874it('errors on invalid method', function (done) {875876var credentials = {877id: '123456',878key: '2983d45yun89q',879algorithm: 'sha256'880};881882var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 5, { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });883expect(header.field).to.equal('');884expect(header.err).to.equal('Invalid argument type');885done();886});887888it('errors on missing credentials', function (done) {889890var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { ext: 'Bazinga!', timestamp: 1353809207 });891expect(header.field).to.equal('');892expect(header.err).to.equal('Invalid credentials object');893done();894});895896it('errors on invalid credentials (id)', function (done) {897898var credentials = {899key: '2983d45yun89q',900algorithm: 'sha256'901};902903var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });904expect(header.field).to.equal('');905expect(header.err).to.equal('Invalid credentials object');906done();907});908909it('errors on invalid credentials (key)', function (done) {910911var credentials = {912id: '123456',913algorithm: 'sha256'914};915916var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });917expect(header.field).to.equal('');918expect(header.err).to.equal('Invalid credentials object');919done();920});921922it('errors on invalid algorithm', function (done) {923924var credentials = {925id: '123456',926key: '2983d45yun89q',927algorithm: 'hmac-sha-0'928};929930var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 });931expect(header.field).to.equal('');932expect(header.err).to.equal('Unknown algorithm');933done();934});935936it('uses a pre-calculated payload hash', function (done) {937938var credentials = {939id: '123456',940key: '2983d45yun89q',941algorithm: 'sha256'942};943944var options = { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' };945options.hash = Browser.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType);946var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', options).field;947expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');948done();949});950});951952describe('#authenticate', function () {953954it('skips tsm validation when missing ts', function (done) {955956var res = {957headers: {958'www-authenticate': 'Hawk error="Stale timestamp"'959},960getResponseHeader: function (header) {961962return res.headers[header.toLowerCase()];963}964};965966var credentials = {967id: '123456',968key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',969algorithm: 'sha256',970user: 'steve'971};972973var artifacts = {974ts: 1402135580,975nonce: 'iBRB6t',976method: 'GET',977resource: '/resource/4?filter=a',978host: 'example.com',979port: '8080',980ext: 'some-app-data'981};982983expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);984done();985});986987it('returns false on invalid header', function (done) {988989var res = {990headers: {991'server-authorization': 'Hawk mac="abc", bad="xyz"'992},993getResponseHeader: function (header) {994995return res.headers[header.toLowerCase()];996}997};998999expect(Browser.client.authenticate(res, {})).to.equal(false);1000done();1001});10021003it('returns false on invalid mac', function (done) {10041005var res = {1006headers: {1007'content-type': 'text/plain',1008'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'1009},1010getResponseHeader: function (header) {10111012return res.headers[header.toLowerCase()];1013}1014};10151016var artifacts = {1017method: 'POST',1018host: 'example.com',1019port: '8080',1020resource: '/resource/4?filter=a',1021ts: '1362336900',1022nonce: 'eb5S_L',1023hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',1024ext: 'some-app-data',1025app: undefined,1026dlg: undefined,1027mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',1028id: '123456'1029};10301031var credentials = {1032id: '123456',1033key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',1034algorithm: 'sha256',1035user: 'steve'1036};10371038expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(false);1039done();1040});10411042it('returns true on ignoring hash', function (done) {10431044var res = {1045headers: {1046'content-type': 'text/plain',1047'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'1048},1049getResponseHeader: function (header) {10501051return res.headers[header.toLowerCase()];1052}1053};10541055var artifacts = {1056method: 'POST',1057host: 'example.com',1058port: '8080',1059resource: '/resource/4?filter=a',1060ts: '1362336900',1061nonce: 'eb5S_L',1062hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',1063ext: 'some-app-data',1064app: undefined,1065dlg: undefined,1066mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',1067id: '123456'1068};10691070var credentials = {1071id: '123456',1072key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',1073algorithm: 'sha256',1074user: 'steve'1075};10761077expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);1078done();1079});10801081it('errors on invalid WWW-Authenticate header format', function (done) {10821083var res = {1084headers: {1085'www-authenticate': 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"'1086},1087getResponseHeader: function (header) {10881089return res.headers[header.toLowerCase()];1090}1091};10921093expect(Browser.client.authenticate(res, {})).to.equal(false);1094done();1095});10961097it('errors on invalid WWW-Authenticate header format', function (done) {10981099var credentials = {1100id: '123456',1101key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',1102algorithm: 'sha256',1103user: 'steve'1104};11051106var res = {1107headers: {1108'www-authenticate': 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"'1109},1110getResponseHeader: function (header) {11111112return res.headers[header.toLowerCase()];1113}1114};11151116expect(Browser.client.authenticate(res, credentials)).to.equal(false);1117done();1118});1119});11201121describe('#message', function () {11221123it('generates an authorization then successfully parse it', function (done) {11241125credentialsFunc('123456', function (err, credentials) {11261127var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials });1128expect(auth).to.exist();11291130Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials) {11311132expect(err).to.not.exist();1133expect(credentials.user).to.equal('steve');1134done();1135});1136});1137});11381139it('generates an authorization using custom nonce/timestamp', function (done) {11401141credentialsFunc('123456', function (err, credentials) {11421143var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials, nonce: 'abc123', timestamp: 1398536270957 });1144expect(auth).to.exist();1145expect(auth.nonce).to.equal('abc123');1146expect(auth.ts).to.equal(1398536270957);1147done();1148});1149});11501151it('errors on missing host', function (done) {11521153credentialsFunc('123456', function (err, credentials) {11541155var auth = Browser.client.message(null, 8080, 'some message', { credentials: credentials });1156expect(auth).to.not.exist();1157done();1158});1159});11601161it('errors on invalid host', function (done) {11621163credentialsFunc('123456', function (err, credentials) {11641165var auth = Browser.client.message(5, 8080, 'some message', { credentials: credentials });1166expect(auth).to.not.exist();1167done();1168});1169});11701171it('errors on missing port', function (done) {11721173credentialsFunc('123456', function (err, credentials) {11741175var auth = Browser.client.message('example.com', 0, 'some message', { credentials: credentials });1176expect(auth).to.not.exist();1177done();1178});1179});11801181it('errors on invalid port', function (done) {11821183credentialsFunc('123456', function (err, credentials) {11841185var auth = Browser.client.message('example.com', 'a', 'some message', { credentials: credentials });1186expect(auth).to.not.exist();1187done();1188});1189});11901191it('errors on missing message', function (done) {11921193credentialsFunc('123456', function (err, credentials) {11941195var auth = Browser.client.message('example.com', 8080, undefined, { credentials: credentials });1196expect(auth).to.not.exist();1197done();1198});1199});12001201it('errors on null message', function (done) {12021203credentialsFunc('123456', function (err, credentials) {12041205var auth = Browser.client.message('example.com', 8080, null, { credentials: credentials });1206expect(auth).to.not.exist();1207done();1208});1209});12101211it('errors on invalid message', function (done) {12121213credentialsFunc('123456', function (err, credentials) {12141215var auth = Browser.client.message('example.com', 8080, 5, { credentials: credentials });1216expect(auth).to.not.exist();1217done();1218});1219});12201221it('errors on missing credentials', function (done) {12221223var auth = Browser.client.message('example.com', 8080, 'some message', {});1224expect(auth).to.not.exist();1225done();1226});12271228it('errors on missing options', function (done) {12291230var auth = Browser.client.message('example.com', 8080, 'some message');1231expect(auth).to.not.exist();1232done();1233});12341235it('errors on invalid credentials (id)', function (done) {12361237credentialsFunc('123456', function (err, credentials) {12381239var creds = Hoek.clone(credentials);1240delete creds.id;1241var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });1242expect(auth).to.not.exist();1243done();1244});1245});12461247it('errors on invalid credentials (key)', function (done) {12481249credentialsFunc('123456', function (err, credentials) {12501251var creds = Hoek.clone(credentials);1252delete creds.key;1253var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });1254expect(auth).to.not.exist();1255done();1256});1257});12581259it('errors on invalid algorithm', function (done) {12601261credentialsFunc('123456', function (err, credentials) {12621263var creds = Hoek.clone(credentials);1264creds.algorithm = 'blah';1265var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });1266expect(auth).to.not.exist();1267done();1268});1269});1270});12711272describe('#authenticateTimestamp', function (done) {12731274it('validates a timestamp', function (done) {12751276credentialsFunc('123456', function (err, credentials) {12771278var tsm = Hawk.crypto.timestampMessage(credentials);1279expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(true);1280done();1281});1282});12831284it('validates a timestamp without updating local time', function (done) {12851286credentialsFunc('123456', function (err, credentials) {12871288var offset = Browser.utils.getNtpOffset();1289var tsm = Hawk.crypto.timestampMessage(credentials, 10000);1290expect(Browser.client.authenticateTimestamp(tsm, credentials, false)).to.equal(true);1291expect(offset).to.equal(Browser.utils.getNtpOffset());1292done();1293});1294});12951296it('detects a bad timestamp', function (done) {12971298credentialsFunc('123456', function (err, credentials) {12991300var tsm = Hawk.crypto.timestampMessage(credentials);1301tsm.ts = 4;1302expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(false);1303done();1304});1305});1306});1307});13081309describe('internals', function () {13101311describe('LocalStorage', function () {13121313it('goes through the full lifecycle', function (done) {13141315var storage = new Browser.internals.LocalStorage();1316expect(storage.length).to.equal(0);1317expect(storage.getItem('a')).to.equal(null);1318storage.setItem('a', 5);1319expect(storage.length).to.equal(1);1320expect(storage.key()).to.equal('a');1321expect(storage.key(0)).to.equal('a');1322expect(storage.getItem('a')).to.equal('5');1323storage.setItem('b', 'test');1324expect(storage.key()).to.equal('a');1325expect(storage.key(0)).to.equal('a');1326expect(storage.key(1)).to.equal('b');1327expect(storage.length).to.equal(2);1328expect(storage.getItem('b')).to.equal('test');1329storage.removeItem('a');1330expect(storage.length).to.equal(1);1331expect(storage.getItem('a')).to.equal(null);1332expect(storage.getItem('b')).to.equal('test');1333storage.clear();1334expect(storage.length).to.equal(0);1335expect(storage.getItem('a')).to.equal(null);1336expect(storage.getItem('b')).to.equal(null);1337done();1338});1339});1340});13411342describe('utils', function () {13431344describe('#setStorage', function () {13451346it('sets storage for the first time', function (done) {13471348Browser.utils.storage = new Browser.internals.LocalStorage(); // Reset state13491350expect(Browser.utils.storage.getItem('hawk_ntp_offset')).to.not.exist();1351Browser.utils.storage.setItem('test', '1');1352Browser.utils.setStorage(new Browser.internals.LocalStorage());1353expect(Browser.utils.storage.getItem('test')).to.not.exist();1354Browser.utils.storage.setItem('test', '2');1355expect(Browser.utils.storage.getItem('test')).to.equal('2');1356done();1357});1358});13591360describe('#setNtpOffset', function (done) {13611362it('catches localStorage errors', function (done) {13631364var orig = Browser.utils.storage.setItem;1365var error = console.error;1366var count = 0;1367console.error = function () { if (count++ === 2) { console.error = error; } };1368Browser.utils.storage.setItem = function () {13691370Browser.utils.storage.setItem = orig;1371throw new Error()1372};13731374expect(function () {1375Browser.utils.setNtpOffset(100);1376}).not.to.throw();13771378done();1379});1380});13811382describe('#parseAuthorizationHeader', function (done) {13831384it('returns null on missing header', function (done) {13851386expect(Browser.utils.parseAuthorizationHeader()).to.equal(null);1387done();1388});13891390it('returns null on bad header syntax (structure)', function (done) {13911392expect(Browser.utils.parseAuthorizationHeader('Hawk')).to.equal(null);1393done();1394});13951396it('returns null on bad header syntax (parts)', function (done) {13971398expect(Browser.utils.parseAuthorizationHeader(' ')).to.equal(null);1399done();1400});14011402it('returns null on bad scheme name', function (done) {14031404expect(Browser.utils.parseAuthorizationHeader('Basic asdasd')).to.equal(null);1405done();1406});14071408it('returns null on bad attribute value', function (done) {14091410expect(Browser.utils.parseAuthorizationHeader('Hawk test="\t"', ['test'])).to.equal(null);1411done();1412});14131414it('returns null on duplicated attribute', function (done) {14151416expect(Browser.utils.parseAuthorizationHeader('Hawk test="a", test="b"', ['test'])).to.equal(null);1417done();1418});1419});14201421describe('#parseUri', function () {14221423it('returns empty port when unknown scheme', function (done) {14241425var uri = Browser.utils.parseUri('ftp://domain');1426expect(uri.port).to.equal('');1427done();1428});14291430it('returns default port when missing', function (done) {14311432var uri = Browser.utils.parseUri('http://');1433expect(uri.port).to.equal('80');1434done();1435});1436});14371438var str = "https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=url";1439var base64str = "aHR0cHM6Ly93d3cuZ29vZ2xlLmNhL3dlYmhwP3NvdXJjZWlkPWNocm9tZS1pbnN0YW50Jmlvbj0xJmVzcHY9MiZpZT1VVEYtOCNxPXVybA";14401441describe('#base64urlEncode', function () {14421443it('should base64 URL-safe decode a string', function (done) {14441445expect(Browser.utils.base64urlEncode(str)).to.equal(base64str);1446done();1447});14481449});14501451});1452});145314541455