a zip code crypto-currency system good for red ONLY

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493
  1. // Load modules
  2. var Url = require('url');
  3. var Code = require('code');
  4. var Hawk = require('../lib');
  5. var Hoek = require('hoek');
  6. var Lab = require('lab');
  7. var Browser = require('../lib/browser');
  8. // Declare internals
  9. var internals = {};
  10. // Test shortcuts
  11. var lab = exports.lab = Lab.script();
  12. var describe = lab.experiment;
  13. var it = lab.test;
  14. var expect = Code.expect;
  15. describe('Browser', function () {
  16. var credentialsFunc = function (id, callback) {
  17. var credentials = {
  18. id: id,
  19. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  20. algorithm: (id === '1' ? 'sha1' : 'sha256'),
  21. user: 'steve'
  22. };
  23. return callback(null, credentials);
  24. };
  25. it('should generate a bewit then successfully authenticate it', function (done) {
  26. var req = {
  27. method: 'GET',
  28. url: '/resource/4?a=1&b=2',
  29. host: 'example.com',
  30. port: 80
  31. };
  32. credentialsFunc('123456', function (err, credentials1) {
  33. var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100, ext: 'some-app-data' });
  34. req.url += '&bewit=' + bewit;
  35. Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) {
  36. expect(err).to.not.exist();
  37. expect(credentials2.user).to.equal('steve');
  38. expect(attributes.ext).to.equal('some-app-data');
  39. done();
  40. });
  41. });
  42. });
  43. it('should generate a bewit then successfully authenticate it (no ext)', function (done) {
  44. var req = {
  45. method: 'GET',
  46. url: '/resource/4?a=1&b=2',
  47. host: 'example.com',
  48. port: 80
  49. };
  50. credentialsFunc('123456', function (err, credentials1) {
  51. var bewit = Browser.client.bewit('http://example.com/resource/4?a=1&b=2', { credentials: credentials1, ttlSec: 60 * 60 * 24 * 365 * 100 });
  52. req.url += '&bewit=' + bewit;
  53. Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials2, attributes) {
  54. expect(err).to.not.exist();
  55. expect(credentials2.user).to.equal('steve');
  56. done();
  57. });
  58. });
  59. });
  60. describe('bewit()', function () {
  61. it('returns a valid bewit value', function (done) {
  62. var credentials = {
  63. id: '123456',
  64. key: '2983d45yun89q',
  65. algorithm: 'sha256'
  66. };
  67. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  68. expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6');
  69. done();
  70. });
  71. it('returns a valid bewit value (explicit HTTP port)', function (done) {
  72. var credentials = {
  73. id: '123456',
  74. key: '2983d45yun89q',
  75. algorithm: 'sha256'
  76. };
  77. var bewit = Browser.client.bewit('http://example.com:8080/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  78. expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcaFpiSjNQMmNLRW80a3kwQzhqa1pBa1J5Q1p1ZWc0V1NOYnhWN3ZxM3hIVT1ceGFuZHlhbmR6');
  79. done();
  80. });
  81. it('returns a valid bewit value (explicit HTTPS port)', function (done) {
  82. var credentials = {
  83. id: '123456',
  84. key: '2983d45yun89q',
  85. algorithm: 'sha256'
  86. };
  87. var bewit = Browser.client.bewit('https://example.com:8043/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  88. expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcL2t4UjhwK0xSaTdvQTRnUXc3cWlxa3BiVHRKYkR4OEtRMC9HRUwvVytTUT1ceGFuZHlhbmR6');
  89. done();
  90. });
  91. it('returns a valid bewit value (null ext)', function (done) {
  92. var credentials = {
  93. id: '123456',
  94. key: '2983d45yun89q',
  95. algorithm: 'sha256'
  96. };
  97. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: null });
  98. expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdcSUdZbUxnSXFMckNlOEN4dktQczRKbFdJQStValdKSm91d2dBUmlWaENBZz1c');
  99. done();
  100. });
  101. it('errors on invalid options', function (done) {
  102. var credentials = {
  103. id: '123456',
  104. key: '2983d45yun89q',
  105. algorithm: 'sha256'
  106. };
  107. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', 4);
  108. expect(bewit).to.equal('');
  109. done();
  110. });
  111. it('errors on missing uri', function (done) {
  112. var credentials = {
  113. id: '123456',
  114. key: '2983d45yun89q',
  115. algorithm: 'sha256'
  116. };
  117. var bewit = Browser.client.bewit('', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  118. expect(bewit).to.equal('');
  119. done();
  120. });
  121. it('errors on invalid uri', function (done) {
  122. var credentials = {
  123. id: '123456',
  124. key: '2983d45yun89q',
  125. algorithm: 'sha256'
  126. };
  127. var bewit = Browser.client.bewit(5, { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
  128. expect(bewit).to.equal('');
  129. done();
  130. });
  131. it('errors on invalid credentials (id)', function (done) {
  132. var credentials = {
  133. key: '2983d45yun89q',
  134. algorithm: 'sha256'
  135. };
  136. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });
  137. expect(bewit).to.equal('');
  138. done();
  139. });
  140. it('errors on missing credentials', function (done) {
  141. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { ttlSec: 3000, ext: 'xandyandz' });
  142. expect(bewit).to.equal('');
  143. done();
  144. });
  145. it('errors on invalid credentials (key)', function (done) {
  146. var credentials = {
  147. id: '123456',
  148. algorithm: 'sha256'
  149. };
  150. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });
  151. expect(bewit).to.equal('');
  152. done();
  153. });
  154. it('errors on invalid algorithm', function (done) {
  155. var credentials = {
  156. id: '123456',
  157. key: '2983d45yun89q',
  158. algorithm: 'hmac-sha-0'
  159. };
  160. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, ext: 'xandyandz' });
  161. expect(bewit).to.equal('');
  162. done();
  163. });
  164. it('errors on missing options', function (done) {
  165. var credentials = {
  166. id: '123456',
  167. key: '2983d45yun89q',
  168. algorithm: 'hmac-sha-0'
  169. };
  170. var bewit = Browser.client.bewit('https://example.com/somewhere/over/the/rainbow');
  171. expect(bewit).to.equal('');
  172. done();
  173. });
  174. });
  175. it('generates a header then successfully parse it (configuration)', function (done) {
  176. var req = {
  177. method: 'GET',
  178. url: '/resource/4?filter=a',
  179. host: 'example.com',
  180. port: 8080
  181. };
  182. credentialsFunc('123456', function (err, credentials1) {
  183. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field;
  184. expect(req.authorization).to.exist();
  185. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  186. expect(err).to.not.exist();
  187. expect(credentials2.user).to.equal('steve');
  188. expect(artifacts.ext).to.equal('some-app-data');
  189. done();
  190. });
  191. });
  192. });
  193. it('generates a header then successfully parse it (node request)', function (done) {
  194. var req = {
  195. method: 'POST',
  196. url: '/resource/4?filter=a',
  197. headers: {
  198. host: 'example.com:8080',
  199. 'content-type': 'text/plain;x=y'
  200. }
  201. };
  202. var payload = 'some not so random text';
  203. credentialsFunc('123456', function (err, credentials1) {
  204. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  205. req.headers.authorization = reqHeader.field;
  206. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  207. expect(err).to.not.exist();
  208. expect(credentials2.user).to.equal('steve');
  209. expect(artifacts.ext).to.equal('some-app-data');
  210. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  211. var res = {
  212. headers: {
  213. 'content-type': 'text/plain'
  214. },
  215. getResponseHeader: function (header) {
  216. return res.headers[header.toLowerCase()];
  217. }
  218. };
  219. res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });
  220. expect(res.headers['server-authorization']).to.exist();
  221. expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true);
  222. done();
  223. });
  224. });
  225. });
  226. it('generates a header then successfully parse it (browserify)', function (done) {
  227. var req = {
  228. method: 'POST',
  229. url: '/resource/4?filter=a',
  230. headers: {
  231. host: 'example.com:8080',
  232. 'content-type': 'text/plain;x=y'
  233. }
  234. };
  235. var payload = 'some not so random text';
  236. credentialsFunc('123456', function (err, credentials1) {
  237. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  238. req.headers.authorization = reqHeader.field;
  239. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  240. expect(err).to.not.exist();
  241. expect(credentials2.user).to.equal('steve');
  242. expect(artifacts.ext).to.equal('some-app-data');
  243. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  244. var res = {
  245. headers: {
  246. 'content-type': 'text/plain'
  247. },
  248. getHeader: function (header) {
  249. return res.headers[header.toLowerCase()];
  250. }
  251. };
  252. res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' });
  253. expect(res.headers['server-authorization']).to.exist();
  254. expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(true);
  255. done();
  256. });
  257. });
  258. });
  259. it('generates a header then successfully parse it (time offset)', function (done) {
  260. var req = {
  261. method: 'GET',
  262. url: '/resource/4?filter=a',
  263. host: 'example.com',
  264. port: 8080
  265. };
  266. credentialsFunc('123456', function (err, credentials1) {
  267. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', localtimeOffsetMsec: 100000 }).field;
  268. expect(req.authorization).to.exist();
  269. Hawk.server.authenticate(req, credentialsFunc, { localtimeOffsetMsec: 100000 }, function (err, credentials2, artifacts) {
  270. expect(err).to.not.exist();
  271. expect(credentials2.user).to.equal('steve');
  272. expect(artifacts.ext).to.equal('some-app-data');
  273. done();
  274. });
  275. });
  276. });
  277. it('generates a header then successfully parse it (no server header options)', function (done) {
  278. var req = {
  279. method: 'POST',
  280. url: '/resource/4?filter=a',
  281. headers: {
  282. host: 'example.com:8080',
  283. 'content-type': 'text/plain;x=y'
  284. }
  285. };
  286. var payload = 'some not so random text';
  287. credentialsFunc('123456', function (err, credentials1) {
  288. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  289. req.headers.authorization = reqHeader.field;
  290. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  291. expect(err).to.not.exist();
  292. expect(credentials2.user).to.equal('steve');
  293. expect(artifacts.ext).to.equal('some-app-data');
  294. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  295. var res = {
  296. headers: {
  297. 'content-type': 'text/plain'
  298. },
  299. getResponseHeader: function (header) {
  300. return res.headers[header.toLowerCase()];
  301. }
  302. };
  303. res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts);
  304. expect(res.headers['server-authorization']).to.exist();
  305. expect(Browser.client.authenticate(res, credentials2, artifacts)).to.equal(true);
  306. done();
  307. });
  308. });
  309. });
  310. it('generates a header then successfully parse it (no server header)', function (done) {
  311. var req = {
  312. method: 'POST',
  313. url: '/resource/4?filter=a',
  314. headers: {
  315. host: 'example.com:8080',
  316. 'content-type': 'text/plain;x=y'
  317. }
  318. };
  319. var payload = 'some not so random text';
  320. credentialsFunc('123456', function (err, credentials1) {
  321. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  322. req.headers.authorization = reqHeader.field;
  323. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  324. expect(err).to.not.exist();
  325. expect(credentials2.user).to.equal('steve');
  326. expect(artifacts.ext).to.equal('some-app-data');
  327. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  328. var res = {
  329. headers: {
  330. 'content-type': 'text/plain'
  331. },
  332. getResponseHeader: function (header) {
  333. return res.headers[header.toLowerCase()];
  334. }
  335. };
  336. expect(Browser.client.authenticate(res, credentials2, artifacts)).to.equal(true);
  337. done();
  338. });
  339. });
  340. });
  341. it('generates a header with stale ts and successfully authenticate on second call', function (done) {
  342. var req = {
  343. method: 'GET',
  344. url: '/resource/4?filter=a',
  345. host: 'example.com',
  346. port: 8080
  347. };
  348. credentialsFunc('123456', function (err, credentials1) {
  349. Browser.utils.setNtpOffset(60 * 60 * 1000);
  350. var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' });
  351. req.authorization = header.field;
  352. expect(req.authorization).to.exist();
  353. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts2) {
  354. expect(err).to.exist();
  355. expect(err.message).to.equal('Stale timestamp');
  356. var res = {
  357. headers: {
  358. 'www-authenticate': err.output.headers['WWW-Authenticate']
  359. },
  360. getResponseHeader: function (lookup) {
  361. return res.headers[lookup.toLowerCase()];
  362. }
  363. };
  364. expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);
  365. expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true);
  366. expect(Browser.utils.getNtpOffset()).to.equal(0);
  367. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field;
  368. expect(req.authorization).to.exist();
  369. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials3, artifacts3) {
  370. expect(err).to.not.exist();
  371. expect(credentials3.user).to.equal('steve');
  372. expect(artifacts3.ext).to.equal('some-app-data');
  373. done();
  374. });
  375. });
  376. });
  377. });
  378. it('generates a header with stale ts and successfully authenticate on second call (manual localStorage)', function (done) {
  379. var req = {
  380. method: 'GET',
  381. url: '/resource/4?filter=a',
  382. host: 'example.com',
  383. port: 8080
  384. };
  385. credentialsFunc('123456', function (err, credentials1) {
  386. var localStorage = new Browser.internals.LocalStorage();
  387. Browser.utils.setStorage(localStorage);
  388. Browser.utils.setNtpOffset(60 * 60 * 1000);
  389. var header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' });
  390. req.authorization = header.field;
  391. expect(req.authorization).to.exist();
  392. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts2) {
  393. expect(err).to.exist();
  394. expect(err.message).to.equal('Stale timestamp');
  395. var res = {
  396. headers: {
  397. 'www-authenticate': err.output.headers['WWW-Authenticate']
  398. },
  399. getResponseHeader: function (lookup) {
  400. return res.headers[lookup.toLowerCase()];
  401. }
  402. };
  403. expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(60 * 60 * 1000);
  404. expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);
  405. expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true);
  406. expect(Browser.utils.getNtpOffset()).to.equal(0);
  407. expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(0);
  408. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field;
  409. expect(req.authorization).to.exist();
  410. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials3, artifacts3) {
  411. expect(err).to.not.exist();
  412. expect(credentials3.user).to.equal('steve');
  413. expect(artifacts3.ext).to.equal('some-app-data');
  414. done();
  415. });
  416. });
  417. });
  418. });
  419. it('generates a header then fails to parse it (missing server header hash)', function (done) {
  420. var req = {
  421. method: 'POST',
  422. url: '/resource/4?filter=a',
  423. headers: {
  424. host: 'example.com:8080',
  425. 'content-type': 'text/plain;x=y'
  426. }
  427. };
  428. var payload = 'some not so random text';
  429. credentialsFunc('123456', function (err, credentials1) {
  430. var reqHeader = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', payload: payload, contentType: req.headers['content-type'] });
  431. req.headers.authorization = reqHeader.field;
  432. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  433. expect(err).to.not.exist();
  434. expect(credentials2.user).to.equal('steve');
  435. expect(artifacts.ext).to.equal('some-app-data');
  436. expect(Hawk.server.authenticatePayload(payload, credentials2, artifacts, req.headers['content-type'])).to.equal(true);
  437. var res = {
  438. headers: {
  439. 'content-type': 'text/plain'
  440. },
  441. getResponseHeader: function (header) {
  442. return res.headers[header.toLowerCase()];
  443. }
  444. };
  445. res.headers['server-authorization'] = Hawk.server.header(credentials2, artifacts);
  446. expect(res.headers['server-authorization']).to.exist();
  447. expect(Browser.client.authenticate(res, credentials2, artifacts, { payload: 'some reply' })).to.equal(false);
  448. done();
  449. });
  450. });
  451. });
  452. it('generates a header then successfully parse it (with hash)', function (done) {
  453. var req = {
  454. method: 'GET',
  455. url: '/resource/4?filter=a',
  456. host: 'example.com',
  457. port: 8080
  458. };
  459. credentialsFunc('123456', function (err, credentials1) {
  460. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;
  461. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  462. expect(err).to.not.exist();
  463. expect(credentials2.user).to.equal('steve');
  464. expect(artifacts.ext).to.equal('some-app-data');
  465. done();
  466. });
  467. });
  468. });
  469. it('generates a header then successfully parse it then validate payload', function (done) {
  470. var req = {
  471. method: 'GET',
  472. url: '/resource/4?filter=a',
  473. host: 'example.com',
  474. port: 8080
  475. };
  476. credentialsFunc('123456', function (err, credentials1) {
  477. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;
  478. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  479. expect(err).to.not.exist();
  480. expect(credentials2.user).to.equal('steve');
  481. expect(artifacts.ext).to.equal('some-app-data');
  482. expect(Hawk.server.authenticatePayload('hola!', credentials2, artifacts)).to.be.true();
  483. expect(Hawk.server.authenticatePayload('hello!', credentials2, artifacts)).to.be.false();
  484. done();
  485. });
  486. });
  487. });
  488. it('generates a header then successfully parse it (app)', function (done) {
  489. var req = {
  490. method: 'GET',
  491. url: '/resource/4?filter=a',
  492. host: 'example.com',
  493. port: 8080
  494. };
  495. credentialsFunc('123456', function (err, credentials1) {
  496. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased' }).field;
  497. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  498. expect(err).to.not.exist();
  499. expect(credentials2.user).to.equal('steve');
  500. expect(artifacts.ext).to.equal('some-app-data');
  501. expect(artifacts.app).to.equal('asd23ased');
  502. done();
  503. });
  504. });
  505. });
  506. it('generates a header then successfully parse it (app, dlg)', function (done) {
  507. var req = {
  508. method: 'GET',
  509. url: '/resource/4?filter=a',
  510. host: 'example.com',
  511. port: 8080
  512. };
  513. credentialsFunc('123456', function (err, credentials1) {
  514. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' }).field;
  515. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  516. expect(err).to.not.exist();
  517. expect(credentials2.user).to.equal('steve');
  518. expect(artifacts.ext).to.equal('some-app-data');
  519. expect(artifacts.app).to.equal('asd23ased');
  520. expect(artifacts.dlg).to.equal('23434szr3q4d');
  521. done();
  522. });
  523. });
  524. });
  525. it('generates a header then fail authentication due to bad hash', function (done) {
  526. var req = {
  527. method: 'GET',
  528. url: '/resource/4?filter=a',
  529. host: 'example.com',
  530. port: 8080
  531. };
  532. credentialsFunc('123456', function (err, credentials1) {
  533. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, payload: 'hola!', ext: 'some-app-data' }).field;
  534. Hawk.server.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials2, artifacts) {
  535. expect(err).to.exist();
  536. expect(err.output.payload.message).to.equal('Bad payload hash');
  537. done();
  538. });
  539. });
  540. });
  541. it('generates a header for one resource then fail to authenticate another', function (done) {
  542. var req = {
  543. method: 'GET',
  544. url: '/resource/4?filter=a',
  545. host: 'example.com',
  546. port: 8080
  547. };
  548. credentialsFunc('123456', function (err, credentials1) {
  549. req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' }).field;
  550. req.url = '/something/else';
  551. Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials2, artifacts) {
  552. expect(err).to.exist();
  553. expect(credentials2).to.exist();
  554. done();
  555. });
  556. });
  557. });
  558. describe('client', function () {
  559. describe('header()', function () {
  560. it('returns a valid authorization header (sha1)', function (done) {
  561. var credentials = {
  562. id: '123456',
  563. key: '2983d45yun89q',
  564. algorithm: 'sha1'
  565. };
  566. var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;
  567. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');
  568. done();
  569. });
  570. it('returns a valid authorization header (sha256)', function (done) {
  571. var credentials = {
  572. id: '123456',
  573. key: '2983d45yun89q',
  574. algorithm: 'sha256'
  575. };
  576. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
  577. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
  578. done();
  579. });
  580. it('returns a valid authorization header (empty payload)', function (done) {
  581. var credentials = {
  582. id: '123456',
  583. key: '2983d45yun89q',
  584. algorithm: 'sha1'
  585. };
  586. var header = Browser.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: '' }).field;
  587. expect(header).to.equal('Hawk id=\"123456\", ts=\"1353809207\", nonce=\"Ygvqdz\", hash=\"404ghL7K+hfyhByKKejFBRGgTjU=\", ext=\"Bazinga!\", mac=\"Bh1sj1DOfFRWOdi3ww52nLCJdBE=\"');
  588. done();
  589. });
  590. it('returns a valid authorization header (no ext)', function (done) {
  591. var credentials = {
  592. id: '123456',
  593. key: '2983d45yun89q',
  594. algorithm: 'sha256'
  595. };
  596. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
  597. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
  598. done();
  599. });
  600. it('returns a valid authorization header (null ext)', function (done) {
  601. var credentials = {
  602. id: '123456',
  603. key: '2983d45yun89q',
  604. algorithm: 'sha256'
  605. };
  606. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain', ext: null }).field;
  607. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
  608. done();
  609. });
  610. it('returns a valid authorization header (uri object)', function (done) {
  611. var credentials = {
  612. id: '123456',
  613. key: '2983d45yun89q',
  614. algorithm: 'sha256'
  615. };
  616. var uri = Browser.utils.parseUri('https://example.net/somewhere/over/the/rainbow');
  617. var header = Browser.client.header(uri, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
  618. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
  619. done();
  620. });
  621. it('errors on missing options', function (done) {
  622. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST');
  623. expect(header.field).to.equal('');
  624. expect(header.err).to.equal('Invalid argument type');
  625. done();
  626. });
  627. it('errors on empty uri', function (done) {
  628. var credentials = {
  629. id: '123456',
  630. key: '2983d45yun89q',
  631. algorithm: 'sha256'
  632. };
  633. var header = Browser.client.header('', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });
  634. expect(header.field).to.equal('');
  635. expect(header.err).to.equal('Invalid argument type');
  636. done();
  637. });
  638. it('errors on invalid uri', function (done) {
  639. var credentials = {
  640. id: '123456',
  641. key: '2983d45yun89q',
  642. algorithm: 'sha256'
  643. };
  644. var header = Browser.client.header(4, 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });
  645. expect(header.field).to.equal('');
  646. expect(header.err).to.equal('Invalid argument type');
  647. done();
  648. });
  649. it('errors on missing method', function (done) {
  650. var credentials = {
  651. id: '123456',
  652. key: '2983d45yun89q',
  653. algorithm: 'sha256'
  654. };
  655. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', '', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });
  656. expect(header.field).to.equal('');
  657. expect(header.err).to.equal('Invalid argument type');
  658. done();
  659. });
  660. it('errors on invalid method', function (done) {
  661. var credentials = {
  662. id: '123456',
  663. key: '2983d45yun89q',
  664. algorithm: 'sha256'
  665. };
  666. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 5, { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' });
  667. expect(header.field).to.equal('');
  668. expect(header.err).to.equal('Invalid argument type');
  669. done();
  670. });
  671. it('errors on missing credentials', function (done) {
  672. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { ext: 'Bazinga!', timestamp: 1353809207 });
  673. expect(header.field).to.equal('');
  674. expect(header.err).to.equal('Invalid credentials object');
  675. done();
  676. });
  677. it('errors on invalid credentials (id)', function (done) {
  678. var credentials = {
  679. key: '2983d45yun89q',
  680. algorithm: 'sha256'
  681. };
  682. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
  683. expect(header.field).to.equal('');
  684. expect(header.err).to.equal('Invalid credentials object');
  685. done();
  686. });
  687. it('errors on invalid credentials (key)', function (done) {
  688. var credentials = {
  689. id: '123456',
  690. algorithm: 'sha256'
  691. };
  692. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
  693. expect(header.field).to.equal('');
  694. expect(header.err).to.equal('Invalid credentials object');
  695. done();
  696. });
  697. it('errors on invalid algorithm', function (done) {
  698. var credentials = {
  699. id: '123456',
  700. key: '2983d45yun89q',
  701. algorithm: 'hmac-sha-0'
  702. };
  703. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 });
  704. expect(header.field).to.equal('');
  705. expect(header.err).to.equal('Unknown algorithm');
  706. done();
  707. });
  708. it('uses a pre-calculated payload hash', function (done) {
  709. var credentials = {
  710. id: '123456',
  711. key: '2983d45yun89q',
  712. algorithm: 'sha256'
  713. };
  714. var options = { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' };
  715. options.hash = Browser.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType);
  716. var header = Browser.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', options).field;
  717. expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
  718. done();
  719. });
  720. });
  721. describe('authenticate()', function () {
  722. it('skips tsm validation when missing ts', function (done) {
  723. var res = {
  724. headers: {
  725. 'www-authenticate': 'Hawk error="Stale timestamp"'
  726. },
  727. getResponseHeader: function (header) {
  728. return res.headers[header.toLowerCase()];
  729. }
  730. };
  731. var credentials = {
  732. id: '123456',
  733. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  734. algorithm: 'sha256',
  735. user: 'steve'
  736. };
  737. var artifacts = {
  738. ts: 1402135580,
  739. nonce: 'iBRB6t',
  740. method: 'GET',
  741. resource: '/resource/4?filter=a',
  742. host: 'example.com',
  743. port: '8080',
  744. ext: 'some-app-data'
  745. };
  746. expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);
  747. done();
  748. });
  749. it('returns false on invalid header', function (done) {
  750. var res = {
  751. headers: {
  752. 'server-authorization': 'Hawk mac="abc", bad="xyz"'
  753. },
  754. getResponseHeader: function (header) {
  755. return res.headers[header.toLowerCase()];
  756. }
  757. };
  758. expect(Browser.client.authenticate(res, {})).to.equal(false);
  759. done();
  760. });
  761. it('returns false on invalid mac', function (done) {
  762. var res = {
  763. headers: {
  764. 'content-type': 'text/plain',
  765. 'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
  766. },
  767. getResponseHeader: function (header) {
  768. return res.headers[header.toLowerCase()];
  769. }
  770. };
  771. var artifacts = {
  772. method: 'POST',
  773. host: 'example.com',
  774. port: '8080',
  775. resource: '/resource/4?filter=a',
  776. ts: '1362336900',
  777. nonce: 'eb5S_L',
  778. hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
  779. ext: 'some-app-data',
  780. app: undefined,
  781. dlg: undefined,
  782. mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
  783. id: '123456'
  784. };
  785. var credentials = {
  786. id: '123456',
  787. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  788. algorithm: 'sha256',
  789. user: 'steve'
  790. };
  791. expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(false);
  792. done();
  793. });
  794. it('returns true on ignoring hash', function (done) {
  795. var res = {
  796. headers: {
  797. 'content-type': 'text/plain',
  798. 'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
  799. },
  800. getResponseHeader: function (header) {
  801. return res.headers[header.toLowerCase()];
  802. }
  803. };
  804. var artifacts = {
  805. method: 'POST',
  806. host: 'example.com',
  807. port: '8080',
  808. resource: '/resource/4?filter=a',
  809. ts: '1362336900',
  810. nonce: 'eb5S_L',
  811. hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
  812. ext: 'some-app-data',
  813. app: undefined,
  814. dlg: undefined,
  815. mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
  816. id: '123456'
  817. };
  818. var credentials = {
  819. id: '123456',
  820. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  821. algorithm: 'sha256',
  822. user: 'steve'
  823. };
  824. expect(Browser.client.authenticate(res, credentials, artifacts)).to.equal(true);
  825. done();
  826. });
  827. it('errors on invalid WWW-Authenticate header format', function (done) {
  828. var res = {
  829. headers: {
  830. 'www-authenticate': 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"'
  831. },
  832. getResponseHeader: function (header) {
  833. return res.headers[header.toLowerCase()];
  834. }
  835. };
  836. expect(Browser.client.authenticate(res, {})).to.equal(false);
  837. done();
  838. });
  839. it('errors on invalid WWW-Authenticate header format', function (done) {
  840. var credentials = {
  841. id: '123456',
  842. key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
  843. algorithm: 'sha256',
  844. user: 'steve'
  845. };
  846. var res = {
  847. headers: {
  848. 'www-authenticate': 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"'
  849. },
  850. getResponseHeader: function (header) {
  851. return res.headers[header.toLowerCase()];
  852. }
  853. };
  854. expect(Browser.client.authenticate(res, credentials)).to.equal(false);
  855. done();
  856. });
  857. });
  858. describe('message()', function () {
  859. it('generates an authorization then successfully parse it', function (done) {
  860. credentialsFunc('123456', function (err, credentials1) {
  861. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials1 });
  862. expect(auth).to.exist();
  863. Hawk.server.authenticateMessage('example.com', 8080, 'some message', auth, credentialsFunc, {}, function (err, credentials2) {
  864. expect(err).to.not.exist();
  865. expect(credentials2.user).to.equal('steve');
  866. done();
  867. });
  868. });
  869. });
  870. it('generates an authorization using custom nonce/timestamp', function (done) {
  871. credentialsFunc('123456', function (err, credentials) {
  872. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: credentials, nonce: 'abc123', timestamp: 1398536270957 });
  873. expect(auth).to.exist();
  874. expect(auth.nonce).to.equal('abc123');
  875. expect(auth.ts).to.equal(1398536270957);
  876. done();
  877. });
  878. });
  879. it('errors on missing host', function (done) {
  880. credentialsFunc('123456', function (err, credentials) {
  881. var auth = Browser.client.message(null, 8080, 'some message', { credentials: credentials });
  882. expect(auth).to.not.exist();
  883. done();
  884. });
  885. });
  886. it('errors on invalid host', function (done) {
  887. credentialsFunc('123456', function (err, credentials) {
  888. var auth = Browser.client.message(5, 8080, 'some message', { credentials: credentials });
  889. expect(auth).to.not.exist();
  890. done();
  891. });
  892. });
  893. it('errors on missing port', function (done) {
  894. credentialsFunc('123456', function (err, credentials) {
  895. var auth = Browser.client.message('example.com', 0, 'some message', { credentials: credentials });
  896. expect(auth).to.not.exist();
  897. done();
  898. });
  899. });
  900. it('errors on invalid port', function (done) {
  901. credentialsFunc('123456', function (err, credentials) {
  902. var auth = Browser.client.message('example.com', 'a', 'some message', { credentials: credentials });
  903. expect(auth).to.not.exist();
  904. done();
  905. });
  906. });
  907. it('errors on missing message', function (done) {
  908. credentialsFunc('123456', function (err, credentials) {
  909. var auth = Browser.client.message('example.com', 8080, undefined, { credentials: credentials });
  910. expect(auth).to.not.exist();
  911. done();
  912. });
  913. });
  914. it('errors on null message', function (done) {
  915. credentialsFunc('123456', function (err, credentials) {
  916. var auth = Browser.client.message('example.com', 8080, null, { credentials: credentials });
  917. expect(auth).to.not.exist();
  918. done();
  919. });
  920. });
  921. it('errors on invalid message', function (done) {
  922. credentialsFunc('123456', function (err, credentials) {
  923. var auth = Browser.client.message('example.com', 8080, 5, { credentials: credentials });
  924. expect(auth).to.not.exist();
  925. done();
  926. });
  927. });
  928. it('errors on missing credentials', function (done) {
  929. var auth = Browser.client.message('example.com', 8080, 'some message', {});
  930. expect(auth).to.not.exist();
  931. done();
  932. });
  933. it('errors on missing options', function (done) {
  934. var auth = Browser.client.message('example.com', 8080, 'some message');
  935. expect(auth).to.not.exist();
  936. done();
  937. });
  938. it('errors on invalid credentials (id)', function (done) {
  939. credentialsFunc('123456', function (err, credentials) {
  940. var creds = Hoek.clone(credentials);
  941. delete creds.id;
  942. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });
  943. expect(auth).to.not.exist();
  944. done();
  945. });
  946. });
  947. it('errors on invalid credentials (key)', function (done) {
  948. credentialsFunc('123456', function (err, credentials) {
  949. var creds = Hoek.clone(credentials);
  950. delete creds.key;
  951. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });
  952. expect(auth).to.not.exist();
  953. done();
  954. });
  955. });
  956. it('errors on invalid algorithm', function (done) {
  957. credentialsFunc('123456', function (err, credentials) {
  958. var creds = Hoek.clone(credentials);
  959. creds.algorithm = 'blah';
  960. var auth = Browser.client.message('example.com', 8080, 'some message', { credentials: creds });
  961. expect(auth).to.not.exist();
  962. done();
  963. });
  964. });
  965. });
  966. describe('authenticateTimestamp()', function (done) {
  967. it('validates a timestamp', function (done) {
  968. credentialsFunc('123456', function (err, credentials) {
  969. var tsm = Hawk.crypto.timestampMessage(credentials);
  970. expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(true);
  971. done();
  972. });
  973. });
  974. it('validates a timestamp without updating local time', function (done) {
  975. credentialsFunc('123456', function (err, credentials) {
  976. var offset = Browser.utils.getNtpOffset();
  977. var tsm = Hawk.crypto.timestampMessage(credentials, 10000);
  978. expect(Browser.client.authenticateTimestamp(tsm, credentials, false)).to.equal(true);
  979. expect(offset).to.equal(Browser.utils.getNtpOffset());
  980. done();
  981. });
  982. });
  983. it('detects a bad timestamp', function (done) {
  984. credentialsFunc('123456', function (err, credentials) {
  985. var tsm = Hawk.crypto.timestampMessage(credentials);
  986. tsm.ts = 4;
  987. expect(Browser.client.authenticateTimestamp(tsm, credentials)).to.equal(false);
  988. done();
  989. });
  990. });
  991. });
  992. });
  993. describe('internals', function () {
  994. describe('LocalStorage', function () {
  995. it('goes through the full lifecycle', function (done) {
  996. var storage = new Browser.internals.LocalStorage();
  997. expect(storage.length).to.equal(0);
  998. expect(storage.getItem('a')).to.equal(null);
  999. storage.setItem('a', 5);
  1000. expect(storage.length).to.equal(1);
  1001. expect(storage.key()).to.equal('a');
  1002. expect(storage.key(0)).to.equal('a');
  1003. expect(storage.getItem('a')).to.equal('5');
  1004. storage.setItem('b', 'test');
  1005. expect(storage.key()).to.equal('a');
  1006. expect(storage.key(0)).to.equal('a');
  1007. expect(storage.key(1)).to.equal('b');
  1008. expect(storage.length).to.equal(2);
  1009. expect(storage.getItem('b')).to.equal('test');
  1010. storage.removeItem('a');
  1011. expect(storage.length).to.equal(1);
  1012. expect(storage.getItem('a')).to.equal(null);
  1013. expect(storage.getItem('b')).to.equal('test');
  1014. storage.clear();
  1015. expect(storage.length).to.equal(0);
  1016. expect(storage.getItem('a')).to.equal(null);
  1017. expect(storage.getItem('b')).to.equal(null);
  1018. done();
  1019. });
  1020. });
  1021. });
  1022. describe('utils', function () {
  1023. describe('setStorage()', function () {
  1024. it('sets storage for the first time', function (done) {
  1025. Browser.utils.storage = new Browser.internals.LocalStorage(); // Reset state
  1026. expect(Browser.utils.storage.getItem('hawk_ntp_offset')).to.not.exist();
  1027. Browser.utils.storage.setItem('test', '1');
  1028. Browser.utils.setStorage(new Browser.internals.LocalStorage());
  1029. expect(Browser.utils.storage.getItem('test')).to.not.exist();
  1030. Browser.utils.storage.setItem('test', '2');
  1031. expect(Browser.utils.storage.getItem('test')).to.equal('2');
  1032. done();
  1033. });
  1034. });
  1035. describe('setNtpOffset()', function (done) {
  1036. it('catches localStorage errors', { parallel: false }, function (done) {
  1037. var orig = Browser.utils.storage.setItem;
  1038. var consoleOrig = console.error;
  1039. var count = 0;
  1040. console.error = function () {
  1041. if (count++ === 2) {
  1042. console.error = consoleOrig;
  1043. }
  1044. };
  1045. Browser.utils.storage.setItem = function () {
  1046. Browser.utils.storage.setItem = orig;
  1047. throw new Error();
  1048. };
  1049. expect(function () {
  1050. Browser.utils.setNtpOffset(100);
  1051. }).not.to.throw();
  1052. done();
  1053. });
  1054. });
  1055. describe('parseAuthorizationHeader()', function (done) {
  1056. it('returns null on missing header', function (done) {
  1057. expect(Browser.utils.parseAuthorizationHeader()).to.equal(null);
  1058. done();
  1059. });
  1060. it('returns null on bad header syntax (structure)', function (done) {
  1061. expect(Browser.utils.parseAuthorizationHeader('Hawk')).to.equal(null);
  1062. done();
  1063. });
  1064. it('returns null on bad header syntax (parts)', function (done) {
  1065. expect(Browser.utils.parseAuthorizationHeader(' ')).to.equal(null);
  1066. done();
  1067. });
  1068. it('returns null on bad scheme name', function (done) {
  1069. expect(Browser.utils.parseAuthorizationHeader('Basic asdasd')).to.equal(null);
  1070. done();
  1071. });
  1072. it('returns null on bad attribute value', function (done) {
  1073. expect(Browser.utils.parseAuthorizationHeader('Hawk test="\t"', ['test'])).to.equal(null);
  1074. done();
  1075. });
  1076. it('returns null on duplicated attribute', function (done) {
  1077. expect(Browser.utils.parseAuthorizationHeader('Hawk test="a", test="b"', ['test'])).to.equal(null);
  1078. done();
  1079. });
  1080. });
  1081. describe('parseUri()', function () {
  1082. it('returns empty object on invalid', function (done) {
  1083. var uri = Browser.utils.parseUri('ftp');
  1084. expect(uri).to.deep.equal({ host: '', port: '', resource: '' });
  1085. done();
  1086. });
  1087. it('returns empty port when unknown scheme', function (done) {
  1088. var uri = Browser.utils.parseUri('ftp://example.com');
  1089. expect(uri.port).to.equal('');
  1090. done();
  1091. });
  1092. it('returns default port when missing', function (done) {
  1093. var uri = Browser.utils.parseUri('http://example.com');
  1094. expect(uri.port).to.equal('80');
  1095. done();
  1096. });
  1097. it('handles unusual characters correctly', function (done) {
  1098. var parts = {
  1099. protocol: 'http+vnd.my-extension',
  1100. user: 'user!$&\'()*+,;=%40my-domain.com',
  1101. password: 'pass!$&\'()*+,;=%40:word',
  1102. hostname: 'foo-bar.com',
  1103. port: '99',
  1104. pathname: '/path/%40/!$&\'()*+,;=:@/',
  1105. query: 'query%40/!$&\'()*+,;=:@/?',
  1106. fragment: 'fragm%40/!$&\'()*+,;=:@/?'
  1107. };
  1108. parts.userInfo = parts.user + ':' + parts.password;
  1109. parts.authority = parts.userInfo + '@' + parts.hostname + ':' + parts.port;
  1110. parts.relative = parts.pathname + '?' + parts.query;
  1111. parts.resource = parts.relative + '#' + parts.fragment;
  1112. parts.source = parts.protocol + '://' + parts.authority + parts.resource;
  1113. var uri = Browser.utils.parseUri(parts.source);
  1114. expect(uri.host).to.equal('foo-bar.com');
  1115. expect(uri.port).to.equal('99');
  1116. expect(uri.resource).to.equal(parts.pathname + '?' + parts.query);
  1117. done();
  1118. });
  1119. });
  1120. var str = 'https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=url';
  1121. var base64str = 'aHR0cHM6Ly93d3cuZ29vZ2xlLmNhL3dlYmhwP3NvdXJjZWlkPWNocm9tZS1pbnN0YW50Jmlvbj0xJmVzcHY9MiZpZT1VVEYtOCNxPXVybA';
  1122. describe('base64urlEncode()', function () {
  1123. it('should base64 URL-safe decode a string', function (done) {
  1124. expect(Browser.utils.base64urlEncode(str)).to.equal(base64str);
  1125. done();
  1126. });
  1127. });
  1128. });
  1129. });