3 var Url = require('url');
\r
4 var Code = require('code');
\r
5 var Hawk = require('../lib');
\r
6 var Lab = require('lab');
\r
16 var lab = exports.lab = Lab.script();
\r
17 var describe = lab.experiment;
\r
19 var expect = Code.expect;
\r
22 describe('Client', function () {
\r
24 describe('header()', function () {
\r
26 it('returns a valid authorization header (sha1)', function (done) {
\r
30 key: '2983d45yun89q',
\r
34 var header = Hawk.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;
\r
35 expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');
\r
39 it('returns a valid authorization header (sha256)', function (done) {
\r
43 key: '2983d45yun89q',
\r
47 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
\r
48 expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
\r
52 it('returns a valid authorization header (no ext)', function (done) {
\r
56 key: '2983d45yun89q',
\r
60 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
\r
61 expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
\r
65 it('returns a valid authorization header (null ext)', function (done) {
\r
69 key: '2983d45yun89q',
\r
73 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain', ext: null }).field;
\r
74 expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
\r
78 it('returns a valid authorization header (empty payload)', function (done) {
\r
82 key: '2983d45yun89q',
\r
86 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: '', contentType: 'text/plain' }).field;
\r
87 expect(header).to.equal('Hawk id=\"123456\", ts=\"1353809207\", nonce=\"Ygvqdz\", hash=\"q/t+NNAkQZNlq/aAD6PlexImwQTxwgT2MahfTa9XRLA=\", mac=\"U5k16YEzn3UnBHKeBzsDXn067Gu3R4YaY6xOt9PYRZM=\"');
\r
91 it('returns a valid authorization header (pre hashed payload)', function (done) {
\r
95 key: '2983d45yun89q',
\r
99 var options = { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' };
\r
100 options.hash = Hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType);
\r
101 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', options).field;
\r
102 expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
\r
106 it('errors on missing uri', function (done) {
\r
108 var header = Hawk.client.header('', 'POST');
\r
109 expect(header.field).to.equal('');
\r
110 expect(header.err).to.equal('Invalid argument type');
\r
114 it('errors on invalid uri', function (done) {
\r
116 var header = Hawk.client.header(4, 'POST');
\r
117 expect(header.field).to.equal('');
\r
118 expect(header.err).to.equal('Invalid argument type');
\r
122 it('errors on missing method', function (done) {
\r
124 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', '');
\r
125 expect(header.field).to.equal('');
\r
126 expect(header.err).to.equal('Invalid argument type');
\r
130 it('errors on invalid method', function (done) {
\r
132 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 5);
\r
133 expect(header.field).to.equal('');
\r
134 expect(header.err).to.equal('Invalid argument type');
\r
138 it('errors on missing options', function (done) {
\r
140 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST');
\r
141 expect(header.field).to.equal('');
\r
142 expect(header.err).to.equal('Invalid argument type');
\r
146 it('errors on invalid credentials (id)', function (done) {
\r
148 var credentials = {
\r
149 key: '2983d45yun89q',
\r
150 algorithm: 'sha256'
\r
153 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
\r
154 expect(header.field).to.equal('');
\r
155 expect(header.err).to.equal('Invalid credential object');
\r
159 it('errors on missing credentials', function (done) {
\r
161 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { ext: 'Bazinga!', timestamp: 1353809207 });
\r
162 expect(header.field).to.equal('');
\r
163 expect(header.err).to.equal('Invalid credential object');
\r
167 it('errors on invalid credentials', function (done) {
\r
169 var credentials = {
\r
171 algorithm: 'sha256'
\r
174 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
\r
175 expect(header.field).to.equal('');
\r
176 expect(header.err).to.equal('Invalid credential object');
\r
180 it('errors on invalid algorithm', function (done) {
\r
182 var credentials = {
\r
184 key: '2983d45yun89q',
\r
185 algorithm: 'hmac-sha-0'
\r
188 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 });
\r
189 expect(header.field).to.equal('');
\r
190 expect(header.err).to.equal('Unknown algorithm');
\r
195 describe('authenticate()', function () {
\r
197 it('returns false on invalid header', function (done) {
\r
201 'server-authorization': 'Hawk mac="abc", bad="xyz"'
\r
205 expect(Hawk.client.authenticate(res, {})).to.equal(false);
\r
209 it('returns false on invalid mac', function (done) {
\r
213 'content-type': 'text/plain',
\r
214 'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
\r
220 host: 'example.com',
\r
222 resource: '/resource/4?filter=a',
\r
225 hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
\r
226 ext: 'some-app-data',
\r
229 mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
\r
233 var credentials = {
\r
235 key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
\r
236 algorithm: 'sha256',
\r
240 expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(false);
\r
244 it('returns true on ignoring hash', function (done) {
\r
248 'content-type': 'text/plain',
\r
249 'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
\r
255 host: 'example.com',
\r
257 resource: '/resource/4?filter=a',
\r
260 hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
\r
261 ext: 'some-app-data',
\r
264 mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
\r
268 var credentials = {
\r
270 key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
\r
271 algorithm: 'sha256',
\r
275 expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(true);
\r
279 it('fails on invalid WWW-Authenticate header format', function (done) {
\r
281 var header = 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"';
\r
282 expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, {})).to.equal(false);
\r
286 it('fails on invalid WWW-Authenticate header format', function (done) {
\r
288 var credentials = {
\r
290 key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
\r
291 algorithm: 'sha256',
\r
295 var header = 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"';
\r
296 expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, credentials)).to.equal(false);
\r
300 it('skips tsm validation when missing ts', function (done) {
\r
302 var header = 'Hawk error="Stale timestamp"';
\r
303 expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, {})).to.equal(true);
\r
308 describe('message()', function () {
\r
310 it('generates authorization', function (done) {
\r
312 var credentials = {
\r
314 key: '2983d45yun89q',
\r
318 var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
319 expect(auth).to.exist();
\r
320 expect(auth.ts).to.equal(1353809207);
\r
321 expect(auth.nonce).to.equal('abc123');
\r
325 it('errors on invalid host', function (done) {
\r
327 var credentials = {
\r
329 key: '2983d45yun89q',
\r
333 var auth = Hawk.client.message(5, 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
334 expect(auth).to.not.exist();
\r
338 it('errors on invalid port', function (done) {
\r
340 var credentials = {
\r
342 key: '2983d45yun89q',
\r
346 var auth = Hawk.client.message('example.com', '80', 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
347 expect(auth).to.not.exist();
\r
351 it('errors on missing host', function (done) {
\r
353 var credentials = {
\r
355 key: '2983d45yun89q',
\r
359 var auth = Hawk.client.message('example.com', 0, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
360 expect(auth).to.not.exist();
\r
364 it('errors on null message', function (done) {
\r
366 var credentials = {
\r
368 key: '2983d45yun89q',
\r
372 var auth = Hawk.client.message('example.com', 80, null, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
373 expect(auth).to.not.exist();
\r
377 it('errors on missing message', function (done) {
\r
379 var credentials = {
\r
381 key: '2983d45yun89q',
\r
385 var auth = Hawk.client.message('example.com', 80, undefined, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
386 expect(auth).to.not.exist();
\r
390 it('errors on invalid message', function (done) {
\r
392 var credentials = {
\r
394 key: '2983d45yun89q',
\r
398 var auth = Hawk.client.message('example.com', 80, 5, { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
399 expect(auth).to.not.exist();
\r
403 it('errors on missing options', function (done) {
\r
405 var credentials = {
\r
407 key: '2983d45yun89q',
\r
411 var auth = Hawk.client.message('example.com', 80, 'I am the boodyman');
\r
412 expect(auth).to.not.exist();
\r
416 it('errors on invalid credentials (id)', function (done) {
\r
418 var credentials = {
\r
419 key: '2983d45yun89q',
\r
423 var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
424 expect(auth).to.not.exist();
\r
428 it('errors on invalid credentials (key)', function (done) {
\r
430 var credentials = {
\r
435 var auth = Hawk.client.message('example.com', 80, 'I am the boodyman', { credentials: credentials, timestamp: 1353809207, nonce: 'abc123' });
\r
436 expect(auth).to.not.exist();
\r