From fc58d475dd5195050c1c45dd8ff26b4dbb4e8f58 Mon Sep 17 00:00:00 2001 From: Eran Hammer Date: Thu, 26 Oct 2017 14:41:50 -0700 Subject: [PATCH] Prevent changes to options. Closes #218 --- lib/browser.js | 6 +++--- lib/client.js | 6 +++--- lib/server.js | 11 ++++------- package.json | 2 +- test/server.js | 15 +++++---------- 5 files changed, 16 insertions(+), 24 deletions(-) diff --git a/lib/browser.js b/lib/browser.js index 0d00347..9aeb951 100755 --- a/lib/browser.js +++ b/lib/browser.js @@ -159,7 +159,7 @@ hawk.client = { throw new Error('Invalid inputs'); } - options.ext = (options.ext === null || options.ext === undefined ? '' : options.ext); // Zero is valid value + const ext = (options.ext === null || options.ext === undefined ? '' : options.ext); // Zero is valid value // Application time @@ -194,12 +194,12 @@ hawk.client = { resource: uri.resource, // Maintain trailing '?' and query params host: uri.host, port: uri.port, - ext: options.ext + ext }); // Construct bewit: id\exp\mac\ext - const bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext; + const bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + ext; return hawk.utils.base64urlEncode(bewit); }, diff --git a/lib/client.js b/lib/client.js index 304b740..6703d46 100755 --- a/lib/client.js +++ b/lib/client.js @@ -244,7 +244,7 @@ exports.getBewit = function (uri, options) { throw new Error('Invalid inputs'); } - options.ext = (options.ext === null || options.ext === undefined ? '' : options.ext); // Zero is valid value + const ext = (options.ext === null || options.ext === undefined ? '' : options.ext); // Zero is valid value // Application time @@ -281,12 +281,12 @@ exports.getBewit = function (uri, options) { resource: uri.pathname + (uri.search || ''), // Maintain trailing '?' host: uri.hostname, port: uri.port || (uri.protocol === 'http:' ? 80 : 443), - ext: options.ext + ext }); // Construct bewit: id\exp\mac\ext - const bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext; + const bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + ext; return Hoek.base64urlEncode(bewit); }; diff --git a/lib/server.js b/lib/server.js index 3f563aa..c28f47d 100755 --- a/lib/server.js +++ b/lib/server.js @@ -249,17 +249,15 @@ exports.authenticatePayloadHash = function (calculatedHash, artifacts) { } */ -exports.header = function (credentials, artifacts, options) { +exports.header = function (credentials, artifacts, options = {}) { // Prepare inputs - options = options || {}; - if (!artifacts || typeof artifacts !== 'object' || typeof options !== 'object') { - return ''; + throw new Error('Invalid inputs'); } artifacts = Hoek.clone(artifacts); @@ -273,12 +271,11 @@ exports.header = function (credentials, artifacts, options) { !credentials.key || !credentials.algorithm) { - // Invalid credential object - return ''; + throw new Error('Invalid credentials'); } if (Crypto.algorithms.indexOf(credentials.algorithm) === -1) { - return ''; + throw new Error('Unknown algorithm'); } // Calculate payload hash diff --git a/package.json b/package.json index 989075a..5993251 100755 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "hawk", "description": "HTTP Hawk Authentication Scheme", - "version": "7.0.0", + "version": "7.0.1", "author": "Eran Hammer (http://hueniverse.com)", "repository": "git://github.com/hueniverse/hawk", "main": "lib/index.js", diff --git a/test/server.js b/test/server.js index f06e245..5ee94a2 100755 --- a/test/server.js +++ b/test/server.js @@ -703,8 +703,7 @@ describe('Server', () => { user: 'steve' }; - const header = Hawk.server.header(credentials, null, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); + expect(() => Hawk.server.header(credentials, null, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' })).to.throw('Invalid inputs'); }); it('errors on invalid artifacts', () => { @@ -716,8 +715,7 @@ describe('Server', () => { user: 'steve' }; - const header = Hawk.server.header(credentials, 5, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); + expect(() => Hawk.server.header(credentials, 5, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' })).to.throw('Invalid inputs'); }); it('errors on missing credentials', () => { @@ -735,8 +733,7 @@ describe('Server', () => { id: '123456' }; - const header = Hawk.server.header(null, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); + expect(() => Hawk.server.header(null, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' })).to.throw('Invalid credentials'); }); it('errors on invalid credentials (key)', () => { @@ -760,8 +757,7 @@ describe('Server', () => { id: '123456' }; - const header = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); + expect(() => Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' })).to.throw('Invalid credentials'); }); it('errors on invalid algorithm', () => { @@ -786,8 +782,7 @@ describe('Server', () => { id: '123456' }; - const header = Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' }); - expect(header).to.equal(''); + expect(() => Hawk.server.header(credentials, artifacts, { payload: 'some reply', contentType: 'text/plain', ext: 'response-specific' })).to.throw('Unknown algorithm'); }); });