Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
crumb - npm Package Compare versions
Comparing version 1.1.2 to 2.0.0
| // Load modules | ||
| var Hoek = require('hoek'); | ||
| var Stream = require('stream'); | ||
@@ -32,3 +33,3 @@ var Cryptiles = require('cryptiles'); | ||
| var settings = plugin.hapi.utils.applyToDefaults(internals.defaults, options || {}); | ||
| var settings = Hoek.applyToDefaults(internals.defaults, options); | ||
| // copy the key and restful settings from internals.defaults to internals.routeDefaults for consistency | ||
@@ -46,5 +47,5 @@ internals.routeDefaults.key = settings.key; | ||
| if (request.route.plugins.crumb || | ||
| !request.route.plugins.hasOwnProperty('crumb')) { | ||
| !request.route.plugins.hasOwnProperty('crumb') && settings.autoGenerate) { | ||
| request.route.plugins._crumb = plugin.hapi.utils.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb || {}); | ||
| request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb || {}); | ||
| } | ||
@@ -76,4 +77,3 @@ else { | ||
| var content = request[request.route.plugins._crumb.source]; | ||
| if (!content || | ||
| content instanceof Stream) { | ||
| if (content instanceof Stream) { | ||
@@ -147,6 +147,2 @@ return reply(plugin.hapi.error.forbidden()); | ||
| return next(); | ||
| }; | ||
| }; |
| { | ||
| "name": "crumb", | ||
| "description": "CSRF crumb generation and validation plugin", | ||
| "version": "1.1.2", | ||
| "version": "2.0.0", | ||
| "author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)", | ||
@@ -26,3 +26,4 @@ "contributors": [ | ||
| "dependencies": { | ||
| "cryptiles": "2.x.x" | ||
| "cryptiles": "2.x.x", | ||
| "hoek": "2.x.x" | ||
| }, | ||
@@ -33,5 +34,5 @@ "peerDependencies": { | ||
| "devDependencies": { | ||
| "hapi": "3.x.x", | ||
| "hapi": "4.x.x", | ||
| "handlebars": "1.3.x", | ||
| "lab": "1.x.x" | ||
| "lab": "3.x.x" | ||
| }, | ||
@@ -38,0 +39,0 @@ "scripts": { |
@@ -6,2 +6,4 @@ // Load modules | ||
| var Crumb = require('../'); | ||
| var Stream = require('stream'); | ||
| var Hoek = require('hoek'); | ||
@@ -25,16 +27,15 @@ | ||
| it('returns view with crumb', function (done) { | ||
| var options = { | ||
| views: { | ||
| path: __dirname + '/templates', | ||
| engines: { | ||
| html: 'handlebars' | ||
| } | ||
| var options = { | ||
| views: { | ||
| path: __dirname + '/templates', | ||
| engines: { | ||
| html: 'handlebars' | ||
| } | ||
| }; | ||
| } | ||
| }; | ||
| var server = new Hapi.Server(options); | ||
| it('returns view with crumb', function (done) { | ||
| server.route([ | ||
| var server1 = new Hapi.Server(options); | ||
| server1.route([ | ||
| { | ||
@@ -73,9 +74,21 @@ method: 'GET', path: '/1', handler: function (request, reply) { | ||
| } | ||
| }, | ||
| { | ||
| method: 'POST', path: '/5', config: { payload: { output: 'stream' } }, handler: function (request, reply) { | ||
| return reply('yo'); | ||
| } | ||
| }, | ||
| { | ||
| method: 'GET', path: '/6', handler: function (request, reply) { | ||
| return reply.view('index'); | ||
| } | ||
| } | ||
| ]); | ||
| server.pack.require('../', { cookieOptions: { isSecure: true } }, function (err) { | ||
| server1.pack.require('../', { cookieOptions: { isSecure: true } }, function (err) { | ||
| expect(err).to.not.exist; | ||
| server.inject({ method: 'GET', url: '/1' }, function (res) { | ||
| server1.inject({ method: 'GET', url: '/1' }, function (res) { | ||
@@ -89,19 +102,55 @@ var header = res.headers['set-cookie']; | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value", "crumb": "' + cookie[1] + '" }', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| server1.inject({ method: 'POST', url: '/2', payload: '{ "key": "value", "crumb": "' + cookie[1] + '" }', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| expect(res.result).to.equal('valid'); | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value", "crumb": "x' + cookie[1] + '" }', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| server1.inject({ method: 'POST', url: '/2', payload: '{ "key": "value", "crumb": "x' + cookie[1] + '" }', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| expect(res.statusCode).to.equal(403); | ||
| server.inject({ method: 'POST', url: '/3', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| server1.inject({ method: 'POST', url: '/3', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| expect(res.statusCode).to.equal(403); | ||
| server.inject({ method: 'GET', url: '/4' }, function (res) { | ||
| server1.inject({ method: 'GET', url: '/4' }, function (res) { | ||
| expect(res.result).to.equal('<!DOCTYPE html><html><head><title>test</title></head><body><div><h1>hi</h1><h2></h2></div></body></html>'); | ||
| done(); | ||
| var TestStream = function (opt) { | ||
| Stream.Readable.call(this, opt); | ||
| this._max = 2; | ||
| this._index = 1; | ||
| }; | ||
| Hoek.inherits(TestStream, Stream.Readable); | ||
| TestStream.prototype._read = function() { | ||
| var i = this._index++; | ||
| if (i > this._max) | ||
| this.push(null); | ||
| else { | ||
| var str = '' + i; | ||
| var buf = new Buffer(str, 'ascii'); | ||
| this.push(buf); | ||
| } | ||
| }; | ||
| server1.inject({ method: 'POST', url: '/5', payload: new TestStream(), headers: { 'content-type': 'application/octet-stream', 'content-disposition': 'attachment; filename="test.txt"' }, simulate: { end: true } }, function (res) { | ||
| expect(res.statusCode).to.equal(403); | ||
| server1.inject({method: 'GET', url: '/6'}, function(res) { | ||
| var header = res.headers['set-cookie']; | ||
| expect(header.length).to.equal(1); | ||
| expect(header[0]).to.contain('Secure'); | ||
| var cookie = header[0].match(/crumb=([^\x00-\x20\"\,\;\\\x7F]*)/); | ||
| expect(res.result).to.equal('<!DOCTYPE html><html><head><title></title></head><body><div><h1></h1><h2>' + cookie[1] + '</h2></div></body></html>'); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
@@ -114,4 +163,104 @@ }); | ||
| }); | ||
| }); | ||
| it('Does not add crumb to view context when "addToViewContext" option set to false', function(done) { | ||
| var server2 = new Hapi.Server(options); | ||
| server2.route({ | ||
| method: 'GET', path: '/1', handler: function (request, reply) { | ||
| expect(request.plugins.crumb).to.exist; | ||
| expect(request.server.plugins.crumb.generate).to.exist; | ||
| return reply.view('index', { | ||
| title: 'test', | ||
| message: 'hi' | ||
| }); | ||
| } | ||
| }); | ||
| server2.pack.require('../', { cookieOptions: { isSecure: true }, addToViewContext: false }, function (err) { | ||
| expect(err).to.not.exist; | ||
| server2.inject({ method: 'GET', url: '/1' }, function (res) { | ||
| expect(res.result).to.equal('<!DOCTYPE html><html><head><title>test</title></head><body><div><h1>hi</h1><h2></h2></div></body></html>'); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| it('Works without specifying plugin options', function(done) { | ||
| var server3 = new Hapi.Server(options); | ||
| server3.route({ | ||
| method: 'GET', path: '/1', handler: function (request, reply) { | ||
| expect(request.plugins.crumb).to.exist; | ||
| expect(request.server.plugins.crumb.generate).to.exist; | ||
| return reply.view('index', { | ||
| title: 'test', | ||
| message: 'hi' | ||
| }); | ||
| } | ||
| }); | ||
| server3.pack.require('../', null, function (err) { | ||
| expect(err).to.not.exist; | ||
| server3.inject({ method: 'GET', url: '/1' }, function (res) { | ||
| var header = res.headers['set-cookie']; | ||
| expect(header.length).to.equal(1); | ||
| var cookie = header[0].match(/crumb=([^\x00-\x20\"\,\;\\\x7F]*)/); | ||
| expect(res.result).to.equal('<!DOCTYPE html><html><head><title>test</title></head><body><div><h1>hi</h1><h2>' + cookie[1] + '</h2></div></body></html>'); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| it('route uses crumb when route.config.plugins.crumb set to true and autoGenerate set to false', function(done) { | ||
| var server3 = new Hapi.Server(options); | ||
| server3.route([ | ||
| { | ||
| method: 'GET', path: '/1', handler: function (request, reply) { | ||
| var crumb = request.plugins.crumb; | ||
| expect(crumb).to.be.undefined; | ||
| return reply('bonjour'); | ||
| } | ||
| }, | ||
| { | ||
| method: 'GET', path: '/2', config: { plugins: { crumb: true } }, handler: function(request, reply) { | ||
| var crumb = request.plugins.crumb; | ||
| return reply('hola'); | ||
| } | ||
| } | ||
| ]); | ||
| server3.pack.require('../', { autoGenerate: false }, function (err) { | ||
| expect(err).to.not.exist; | ||
| server3.inject({ method: 'GET', url: '/1' }, function (res) { | ||
| server3.inject({ method: 'GET', url: '/2'}, function (res) { | ||
| var header = res.headers['set-cookie']; | ||
| expect(header.length).to.equal(1); | ||
| var cookie = header[0].match(/crumb=([^\x00-\x20\"\,\;\\\x7F]*)/); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
| }); |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by6.78%
91005
- Lines of code
- increased by29.51%
474
Worsened metrics
- Dependency count
- increased by50%
3
Dependency changes
+ Addedhoek@2.x.x