ホーム エクスプローラ ヘルプ
登録 サインイン
shanpin
/
chat-server
Watch 3
Star 0
Fork 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: bf846a7082
ブランチ タグ
chat-server
/
qq-imsvr
/
node_modules
/
hawk
/
test
/
client.js

client.js 8.0 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207 
  1. // Load modules
    2. 

  2. 

  3. var Url = require('url');
    4. 

  4. var Lab = require('lab');
    5. 

  5. var Hawk = require('../lib');
    6. 

  6. 

  7. 

  8. // Declare internals
    9. 

  9. 

  10. var internals = {};
    11. 

  11. 

  12. 

  13. // Test shortcuts
    14. 

  14. 

  15. var expect = Lab.expect;
    16. 

  16. var before = Lab.before;
    17. 

  17. var after = Lab.after;
    18. 

  18. var describe = Lab.experiment;
    19. 

  19. var it = Lab.test;
    20. 

  20. 

  21. 

  22. describe('Hawk', function () {
    23. 

  23. 

  24.     describe('client', function () {
    25. 

  25. 

  26.         describe('#header', function () {
    27. 

  27. 

  28.             it('should return a valid authorization header (sha1)', function (done) {
    29. 

  29. 

  30.                 var credentials = {
    31. 

  31.                     id: '123456',
    32. 

  32.                     key: '2983d45yun89q',
    33. 

  33.                     algorithm: 'sha1'
    34. 

  34.                 };
    35. 

  35. 

  36.                 var header = Hawk.client.header('http://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' }).field;
    37. 

  37.                 expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="bsvY3IfUllw6V5rvk4tStEvpBhE=", ext="Bazinga!", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="');
    38. 

  38.                 done();
    39. 

  39.             });
    40. 

  40. 

  41.             it('should return a valid authorization header (sha256)', function (done) {
    42. 

  42. 

  43.                 var credentials = {
    44. 

  44.                     id: '123456',
    45. 

  45.                     key: '2983d45yun89q',
    46. 

  46.                     algorithm: 'sha256'
    47. 

  47.                 };
    48. 

  48. 

  49.                 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
    50. 

  50.                 expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", ext="Bazinga!", mac="q1CwFoSHzPZSkbIvl0oYlD+91rBUEvFk763nMjMndj8="');
    51. 

  51.                 done();
    52. 

  52.             });
    53. 

  53. 

  54.             it('should return a valid authorization header (no ext)', function (done) {
    55. 

  55. 

  56.                 var credentials = {
    57. 

  57.                     id: '123456',
    58. 

  58.                     key: '2983d45yun89q',
    59. 

  59.                     algorithm: 'sha256'
    60. 

  60.                 };
    61. 

  61. 

  62.                 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about', contentType: 'text/plain' }).field;
    63. 

  63.                 expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="2QfCt3GuY9HQnHWyWD3wX68ZOKbynqlfYmuO2ZBRqtY=", mac="HTgtd0jPI6E4izx8e4OHdO36q00xFCU0FolNq3RiCYs="');
    64. 

  64.                 done();
    65. 

  65.             });
    66. 

  66. 

  67.             it('should return an empty authorization header on missing options', function (done) {
    68. 

  68. 

  69.                 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST').field;
    70. 

  70.                 expect(header).to.equal('');
    71. 

  71.                 done();
    72. 

  72.             });
    73. 

  73. 

  74.             it('should return an empty authorization header on invalid credentials', function (done) {
    75. 

  75. 

  76.                 var credentials = {
    77. 

  77.                     key: '2983d45yun89q',
    78. 

  78.                     algorithm: 'sha256'
    79. 

  79.                 };
    80. 

  80. 

  81.                 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 }).field;
    82. 

  82.                 expect(header).to.equal('');
    83. 

  83.                 done();
    84. 

  84.             });
    85. 

  85. 

  86.             it('should return an empty authorization header on invalid algorithm', function (done) {
    87. 

  87. 

  88.                 var credentials = {
    89. 

  89.                     id: '123456',
    90. 

  90.                     key: '2983d45yun89q',
    91. 

  91.                     algorithm: 'hmac-sha-0'
    92. 

  92.                 };
    93. 

  93. 

  94.                 var header = Hawk.client.header('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 }).field;
    95. 

  95.                 expect(header).to.equal('');
    96. 

  96.                 done();
    97. 

  97.             });
    98. 

  98.         });
    99. 

  99. 

  100.         describe('#authenticate', function () {
    101. 

  101. 

  102.             it('should return false on invalid header', function (done) {
    103. 

  103. 

  104.                 var res = {
    105. 

  105.                     headers: {
    106. 

  106.                         'server-authorization': 'Hawk mac="abc", bad="xyz"'
    107. 

  107.                     }
    108. 

  108.                 };
    109. 

  109. 

  110.                 expect(Hawk.client.authenticate(res, {})).to.equal(false);
    111. 

  111.                 done();
    112. 

  112.             });
    113. 

  113. 

  114.             it('should return false on invalid mac', function (done) {
    115. 

  115. 

  116.                 var res = {
    117. 

  117.                     headers: {
    118. 

  118.                         'content-type': 'text/plain',
    119. 

  119.                         'server-authorization': 'Hawk mac="_IJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
    120. 

  120.                     }
    121. 

  121.                 };
    122. 

  122. 

  123.                 var artifacts = {
    124. 

  124.                     method: 'POST',
    125. 

  125.                     host: 'example.com',
    126. 

  126.                     port: '8080',
    127. 

  127.                     resource: '/resource/4?filter=a',
    128. 

  128.                     ts: '1362336900',
    129. 

  129.                     nonce: 'eb5S_L',
    130. 

  130.                     hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
    131. 

  131.                     ext: 'some-app-data',
    132. 

  132.                     app: undefined,
    133. 

  133.                     dlg: undefined,
    134. 

  134.                     mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
    135. 

  135.                     id: '123456'
    136. 

  136.                 };
    137. 

  137. 

  138.                 var credentials = {
    139. 

  139.                     id: '123456',
    140. 

  140.                     key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
    141. 

  141.                     algorithm: 'sha256',
    142. 

  142.                     user: 'steve'
    143. 

  143.                 };
    144. 

  144. 

  145.                 expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(false);
    146. 

  146.                 done();
    147. 

  147.             });
    148. 

  148. 

  149.             it('should return true on ignoring hash', function (done) {
    150. 

  150. 

  151.                 var res = {
    152. 

  152.                     headers: {
    153. 

  153.                         'content-type': 'text/plain',
    154. 

  154.                         'server-authorization': 'Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific"'
    155. 

  155.                     }
    156. 

  156.                 };
    157. 

  157. 

  158.                 var artifacts = {
    159. 

  159.                     method: 'POST',
    160. 

  160.                     host: 'example.com',
    161. 

  161.                     port: '8080',
    162. 

  162.                     resource: '/resource/4?filter=a',
    163. 

  163.                     ts: '1362336900',
    164. 

  164.                     nonce: 'eb5S_L',
    165. 

  165.                     hash: 'nJjkVtBE5Y/Bk38Aiokwn0jiJxt/0S2WRSUwWLCf5xk=',
    166. 

  166.                     ext: 'some-app-data',
    167. 

  167.                     app: undefined,
    168. 

  168.                     dlg: undefined,
    169. 

  169.                     mac: 'BlmSe8K+pbKIb6YsZCnt4E1GrYvY1AaYayNR82dGpIk=',
    170. 

  170.                     id: '123456'
    171. 

  171.                 };
    172. 

  172. 

  173.                 var credentials = {
    174. 

  174.                     id: '123456',
    175. 

  175.                     key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
    176. 

  176.                     algorithm: 'sha256',
    177. 

  177.                     user: 'steve'
    178. 

  178.                 };
    179. 

  179. 

  180.                 expect(Hawk.client.authenticate(res, credentials, artifacts)).to.equal(true);
    181. 

  181.                 done();
    182. 

  182.             });
    183. 

  183. 

  184.             it('should fail on invalid WWW-Authenticate header format', function (done) {
    185. 

  185. 

  186.                 var header = 'Hawk ts="1362346425875", tsm="PhwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", x="Stale timestamp"';
    187. 

  187.                 expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, {})).to.equal(false);
    188. 

  188.                 done();
    189. 

  189.             });
    190. 

  190. 

  191.             it('should fail on invalid WWW-Authenticate header format', function (done) {
    192. 

  192. 

  193.                 var credentials = {
    194. 

  194.                     id: '123456',
    195. 

  195.                     key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
    196. 

  196.                     algorithm: 'sha256',
    197. 

  197.                     user: 'steve'
    198. 

  198.                 };
    199. 

  199. 

  200.                 var header = 'Hawk ts="1362346425875", tsm="hwayS28vtnn3qbv0mqRBYSXebN/zggEtucfeZ620Zo=", error="Stale timestamp"';
    201. 

  201.                 expect(Hawk.client.authenticate({ headers: { 'www-authenticate': header } }, credentials)).to.equal(false);
    202. 

  202.                 done();
    203. 

  203.             });
    204. 

  204.         });
    205. 

  205.     });
    206. 

  206. });
    207. 

  207.