hawk - npm Package Compare versions

Comparing version 0.0.3 to 0.0.4

lib/hawk.js

		@@ -43,3 +43,3 @@ // Load modules
		*
		* hostHeader - optional header field name, used to override the default 'Host' header when used
		* hostHeaderName - optional header field name, used to override the default 'Host' header when used
		* behind a cache of a proxy. Apache2 changes the value of the 'Host' header while preserving
		@@ -56,9 +56,9 @@ * the original (which is what the module must verify) in the 'x-forwarded-host' header field.

		var hostHeader = (options.hostHeader ? req.headers[options.hostHeader.toLowerCase()] : req.headers.host);
		var hostHeader = (options.hostHeaderName ? req.headers[options.hostHeaderName.toLowerCase()] : req.headers.host);
		if (!hostHeader) {
		return callback(new Error('Missing Host header'), false, null, null);
		return callback(new Error('Missing Host header'), null, null);
		}

		if (!req.headers.authorization) {
		return callback(new Error('Missing Authorization header'), false, null, null);
		return callback(new Error('Missing Authorization header'), null, null);
		}
		@@ -73,3 +73,3 @@
		if (attributes instanceof Error) {
		return callback(attributes, false, null, null);
		return callback(attributes, null, null);
		}
		@@ -83,3 +83,3 @@

		return callback(new Error('Missing attributes'), false, null, attributes.ext);
		return callback(new Error('Missing attributes'), null, attributes.ext);
		}
		@@ -96,3 +96,3 @@

		return callback(new Error('Bad Host header'), false, null, attributes.ext);
		return callback(new Error('Bad Host header'), null, attributes.ext);
		}
		@@ -108,7 +108,7 @@
		if (err) {
		return callback(err, false, credentials, attributes.ext);
		return callback(err, credentials \|\| null, attributes.ext);
		}

		if (!credentials) {
		return callback(new Error('Missing credentials'), false, null, attributes.ext);
		return callback(new Error('Missing credentials'), null, attributes.ext);
		}
		@@ -119,3 +119,3 @@

		return callback(new Error('Invalid credentials'), false, credentials, attributes.ext);
		return callback(new Error('Invalid credentials'), credentials, attributes.ext);
		}
		@@ -125,3 +125,3 @@

		return callback(new Error('Unknown algorithm'), false, credentials, attributes.ext);
		return callback(new Error('Unknown algorithm'), credentials, attributes.ext);
		}
		@@ -133,3 +133,3 @@
		if (mac !== attributes.mac) {
		return callback(new Error('Bad mac'), false, credentials, attributes.ext);
		return callback(new Error('Bad mac'), credentials, attributes.ext);
		}
		@@ -139,3 +139,3 @@

		return callback(null, true, credentials, attributes.ext);
		return callback(null, credentials, attributes.ext);
		});
		@@ -142,0 +142,0 @@ };

package.json

		{
		"name": "hawk",
		"description": "HTTP Hawk Authentication Scheme",
		"version": "0.0.3",
		"version": "0.0.4",
		"author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)",
		@@ -6,0 +6,0 @@ "contributors": [],

README.md

		![hawk Logo](https://raw.github.com/hueniverse/hawk/master/images/hawk.png)

		Hawk is HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial
		<img align="right" src="https://raw.github.com/hueniverse/hawk/master/images/logo.png" /> Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial
		HTTP request cryptographic verification. For more complex use cases such as access delegation, see [Oz](/hueniverse/oz).
		@@ -10,3 +10,2 @@


		# Table of Content
		@@ -21,4 +20,5 @@
		- [Frequently Asked Questions](#frequently-asked-questions)
		<p></p>
		- [Acknowledgements](#acknowledgements)


		# Introduction
		@@ -148,3 +148,2 @@
		1353832234
		dh37fgj492je
		GET
		@@ -243,2 +242,7 @@ /resource/1?b=1&a=2

		### Is it done?

		Far from it. Until this module reaches version 1.0.0 it is considered experimental and is likely to change. This also
		means your feedback and contribution are very welcome. Feel free to open issues with questions and suggestions.

		### Does Hawk have anything to do with OAuth?
		@@ -260,1 +264,31 @@

		### Why isn't the algorithm part of the challenge or dynamically negotiated?

		The algorithm used is closely related to the key issued as different algorithms require different key sizes (and other
		requirements). While some keys can be used for multiple algorithm, the protocol is designed to closely bind the key and algorithm together as part of the issued credentials.

		### Why is Host the only header covered by the request MAC?

		It is really had to include other headers. Headers can be changed by proxies and other intermediaries and there is no
		well-established way to normalize them. The only straight-forward solution is to include the headers in some blob (say,
		bas64 encoded JSON) and include that with the request, an approach taken by JWT and other such formats. However, that
		design violates the HTTP header boundaries, repeats information, and introduces other security issues because firewalls
		will not be aware of these “hidden” headers. In addition, any information repeated must be compared to the duplicated
		information in the header and therefore only moves the problem elsewhere.

		### Why not just use HTTP Digest?

		Digest requires pre-negotiation to establish a nonce. This means you can't just make a request - you must first send
		a protocol handshake to the server. This pattern has become unacceptable for most web services, especially mobile
		where extra round-trip are costly. While Hawk includes support for sending a challenge when a request lacks
		authentication, it does not require it.


		# Acknowledgements

		Hawk is a derivative work of the [HTTP MAC Authentication Scheme](http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05) proposal
		Co-authored by Ben Adida, Adam Barth, and Eran Hammer, which in turn was based on the OAuth 1.0 community specification.

		Special thanks to Ben Laurie for his always insightful feedback and advice.

		The Hawk logo was created by [Chris Carrasco](http://chriscarrasco.com).

test/hawk.js

		@@ -36,3 +36,3 @@ // Load modules

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -62,6 +62,6 @@ should.not.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		should.exist(err);
		isAuthenticated.should.equal(false);
		should.exist(credentials);
		done();
		@@ -85,3 +85,3 @@ });

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -105,3 +105,3 @@ should.not.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -125,3 +125,3 @@ should.not.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -144,3 +144,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -163,3 +163,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -183,3 +183,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -203,3 +203,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -223,3 +223,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -243,3 +243,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -268,3 +268,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -293,3 +293,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -323,3 +323,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -354,3 +354,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -385,3 +385,3 @@ should.exist(err);

		Hawk.authenticate(req, credentialsFunc, {}, function (err, isAuthenticated, credentials, ext) {
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, ext) {

		@@ -388,0 +388,0 @@ should.exist(err);

hawk - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics