Comparing version 0.1.3 to 0.2.0
@@ -25,3 +25,3 @@ // Load modules | ||
key: 'crumb', // query or payload key | ||
source: 'payload' // Crunm key source: 'payload', 'query' | ||
source: 'payload' // Crumb key source: 'payload', 'query' | ||
}; | ||
@@ -36,8 +36,15 @@ | ||
pack.ext('onPreHandler', function (request, next) { | ||
pack.ext('onPostAuth', function (request, next) { | ||
// Validate incoming crumb | ||
if (!request.route.plugins._crumb) { | ||
request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb); | ||
if (typeof request.route.plugins._crumb === 'undefined') { | ||
if (request.route.plugins.crumb || | ||
!request.route.plugins.hasOwnProperty('crumb')) { | ||
request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb || {}); | ||
} | ||
else { | ||
request.route.plugins._crumb = false; | ||
} | ||
} | ||
@@ -55,28 +62,37 @@ | ||
if (request.route.plugins._crumb) { | ||
var crumb = request[request.route.plugins._crumb.source][request.route.plugins._crumb.key]; | ||
if (crumb !== request.plugins.crumb) { | ||
return next(Boom.forbidden()); | ||
} | ||
if (request.method !== 'post' || | ||
!request.route.plugins._crumb) { | ||
// Remove crumb | ||
return next(); | ||
} | ||
delete request[request.route.plugins._crumb.source][request.route.plugins._crumb.key]; | ||
var content = request[request.route.plugins._crumb.source]; | ||
if (!content) { | ||
return next(Boom.forbidden()); | ||
} | ||
if (content[request.route.plugins._crumb.key] !== request.plugins.crumb) { | ||
return next(Boom.forbidden()); | ||
} | ||
// Remove crumb | ||
delete request[request.route.plugins._crumb.source][request.route.plugins._crumb.key]; | ||
return next(); | ||
}); | ||
pack.ext('onPostHandler', function (request, next) { | ||
pack.ext('onPreResponse', function (request, next) { | ||
// Add to view context | ||
var response = request.response(); | ||
if (settings.addToViewContext && | ||
request.plugins.crumb && | ||
request.response && | ||
!request.response.isBoom && | ||
request.response.varieties.view) { | ||
!response.isBoom && | ||
response.varieties.view) { | ||
request.response.view.context = request.response.view.context || {}; | ||
request.response.view.context.crumb = request.plugins.crumb; | ||
response.view.context = response.view.context || {}; | ||
response.view.context.crumb = request.plugins.crumb; | ||
} | ||
@@ -83,0 +99,0 @@ |
{ | ||
"name": "crumb", | ||
"description": "CSRF crumb generation plugin", | ||
"version": "0.1.3", | ||
"version": "0.2.0", | ||
"author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)", | ||
@@ -21,20 +21,16 @@ "contributors": [], | ||
"boom": "0.3.x", | ||
"hoek": "0.6.x", | ||
"hoek": "0.7.x", | ||
"cryptiles": "0.1.x" | ||
}, | ||
"peerDependencies": { | ||
"hapi": "0.15.x" | ||
"hapi": "0.16.x" | ||
}, | ||
"devDependencies": { | ||
"hapi": "0.15.x", | ||
"mocha": "1.x.x", | ||
"chai": "1.x.x", | ||
"hapi": "0.16.x", | ||
"handlebars": "1.0.x", | ||
"blanket": "1.0.x", | ||
"travis-cov": "0.2.x" | ||
"lab": "0.0.x", | ||
"complexity-report": "0.x.x" | ||
}, | ||
"scripts": { | ||
"test": "make test && make test-cov", | ||
"blanket": { "pattern": "//^((?!\/node_modules\/)(?!\/test\/).)*$/ig", "onlyCwd": true, "data-cover-flags": { "branchTracking": true } }, | ||
"travis-cov": { "threshold": 100 } | ||
"test": "make test-cov" | ||
}, | ||
@@ -41,0 +37,0 @@ "licenses": [ |
// Load modules | ||
var Chai = require('chai'); | ||
var Lab = require('lab'); | ||
var Hapi = require('hapi'); | ||
var Crumb = require('../lib'); | ||
var Crumb = require('../'); | ||
@@ -15,3 +15,7 @@ | ||
var expect = Chai.expect; | ||
var expect = Lab.expect; | ||
var before = Lab.before; | ||
var after = Lab.after; | ||
var describe = Lab.experiment; | ||
var it = Lab.test; | ||
@@ -36,3 +40,3 @@ | ||
{ | ||
method: 'GET', path: '/1', handler: function () { | ||
method: 'GET', path: '/1', config: { plugins: { crumb: false } }, handler: function () { | ||
@@ -49,3 +53,3 @@ expect(this.plugins.crumb).to.exist; | ||
{ | ||
method: 'POST', path: '/2', config: { plugins: { crumb: true } }, handler: function () { | ||
method: 'POST', path: '/2', handler: function () { | ||
@@ -55,2 +59,8 @@ expect(this.payload).to.deep.equal({ key: 'value' }); | ||
} | ||
}, | ||
{ | ||
method: 'POST', path: '/3', config: { payload: 'stream' }, handler: function () { | ||
return this.reply('never'); | ||
} | ||
} | ||
@@ -64,3 +74,3 @@ ]); | ||
var header = res.headers['Set-Cookie']; | ||
var header = res.headers['set-cookie']; | ||
expect(header.length).to.equal(1); | ||
@@ -79,3 +89,8 @@ expect(header[0]).to.contain('Secure'); | ||
expect(res.statusCode).to.equal(403); | ||
done(); | ||
server.inject({ method: 'POST', url: '/3', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
expect(res.statusCode).to.equal(403); | ||
done(); | ||
}); | ||
}); | ||
@@ -82,0 +97,0 @@ }); |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
72474
4
146
+ Addedcatbox@0.4.0(transitive)
+ Addedhapi@0.16.0(transitive)
+ Addedhawk@0.11.1(transitive)
- Removedcatbox@0.2.1(transitive)
- Removedhapi@0.15.9(transitive)
Updatedhoek@0.7.x