Socket
Socket
Sign inDemoInstall

hawk

Package Overview
Dependencies
Maintainers
1
Versions
85
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

hawk - npm Package Compare versions

Comparing version 0.5.1 to 0.5.2

40

lib/index.js
// Load modules
var Boom = require('boom');
var Crypto = require('./crypto');
var Err = require('./error');
var Utils = require('./utils');

@@ -17,3 +17,3 @@ var Uri = require('./uri');

exports.crypto = Crypto;
exports.error = exports.Error = Err;
exports.error = exports.Error = Boom;
exports.uri = Uri;

@@ -102,3 +102,3 @@ exports.utils = Utils;

// Application time
var now = Date.now() + (options.localtimeOffsetMsec || 0);

@@ -110,3 +110,3 @@

if (request instanceof Error) {
return callback(Err.badRequest(request.message));
return callback(Boom.badRequest(request.message));
}

@@ -117,3 +117,3 @@

if (!request.authorization) {
return callback(Err.unauthorizedWithTs('', now, options.ntp));
return callback(Boom.unauthorized('', 'Hawk', { ts: now, ntp: options.ntp }));
}

@@ -123,3 +123,3 @@

if (!headerParts) {
return callback(Err.badRequest('Invalid header syntax'));
return callback(Boom.badRequest('Invalid header syntax'));
}

@@ -129,3 +129,3 @@

if (scheme.toLowerCase() !== 'hawk') {
return callback(Err.unauthorizedWithTs('', now, options.ntp));
return callback(Boom.unauthorized('', 'Hawk', { ts: now, ntp: options.ntp }));
}

@@ -135,3 +135,3 @@

if (!attributesString) {
return callback(Err.badRequest('Invalid header syntax'));
return callback(Boom.badRequest('Invalid header syntax'));
}

@@ -169,3 +169,3 @@

if (verify !== '') {
return callback(Err.badRequest(errorMessage || 'Bad header format'));
return callback(Boom.badRequest(errorMessage || 'Bad header format'));
}

@@ -180,9 +180,9 @@

return callback(Err.badRequest('Missing attributes'), null, attributes);
return callback(Boom.badRequest('Missing attributes'), null, attributes);
}
// Check timestamp staleness
if (Math.abs((attributes.ts * 1000) - now) > (options.timestampSkewSec * 1000)) {
return callback(Err.unauthorizedWithTs('Stale timestamp', now, options.ntp), null, attributes);
return callback(Boom.unauthorized('Stale timestamp', 'Hawk', { ts: now, ntp: options.ntp }), null, attributes);
}

@@ -199,3 +199,3 @@

if (!credentials) {
return callback(Err.unauthorized('Unknown credentials'), null, attributes);
return callback(Boom.unauthorized('Unknown credentials', 'Hawk'), null, attributes);
}

@@ -206,7 +206,7 @@

return callback(Err.internal('Invalid credentials'), credentials, attributes);
return callback(Boom.internal('Invalid credentials'), credentials, attributes);
}
if (Crypto.algorithms.indexOf(credentials.algorithm) === -1) {
return callback(Err.internal('Unknown algorithm'), credentials, attributes);
return callback(Boom.internal('Unknown algorithm'), credentials, attributes);
}

@@ -231,3 +231,3 @@

if (!Utils.fixedTimeComparison(mac, attributes.mac)) {
return callback(Err.unauthorized('Bad mac'), credentials, attributes);
return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials, attributes);
}

@@ -241,3 +241,3 @@

if (!attributes.hash) {
return callback(Err.unauthorized('Missing required payload hash'), credentials, attributes);
return callback(Boom.unauthorized('Missing required payload hash', 'Hawk'), credentials, attributes);
}

@@ -247,3 +247,3 @@

if (!Utils.fixedTimeComparison(hash, attributes.hash)) {
return callback(Err.unauthorized('Bad payload hash'), credentials, attributes);
return callback(Boom.unauthorized('Bad payload hash', 'Hawk'), credentials, attributes);
}

@@ -257,3 +257,3 @@ }

if (err) {
return callback(Err.unauthorized('Invalid nonce'), credentials, attributes);
return callback(Boom.unauthorized('Invalid nonce', 'Hawk'), credentials, attributes);
}

@@ -260,0 +260,0 @@

24

lib/uri.js
// Load modules
var Url = require('url');
var Boom = require('boom');
var Crypto = require('./crypto');
var Err = require('./error');
var Utils = require('./utils');

@@ -31,3 +31,3 @@

if (request instanceof Error) {
return callback(Err.badRequest(request.message));
return callback(Boom.badRequest(request.message));
}

@@ -40,3 +40,3 @@

return callback(Err.unauthorized('Invalid method'));
return callback(Boom.unauthorized('Invalid method', 'Hawk'));
}

@@ -49,3 +49,3 @@

if (!resource) {
return callback(Err.unauthorized('Missing bewit'));
return callback(Boom.unauthorized('Missing bewit', 'Hawk'));
}

@@ -57,3 +57,3 @@

if (bewitString instanceof Error) {
return callback(Err.badRequest('Invalid bewit encoding'));
return callback(Boom.badRequest('Invalid bewit encoding'));
}

@@ -67,3 +67,3 @@

return callback(Err.badRequest('Invalid bewit structure'));
return callback(Boom.badRequest('Invalid bewit structure'));
}

@@ -82,3 +82,3 @@

return callback(Err.badRequest('Missing bewit attributes'));
return callback(Boom.badRequest('Missing bewit attributes'));
}

@@ -96,3 +96,3 @@

if (bewit.exp * 1000 <= now) {
return callback(Err.unauthorized('Access expired'), null, bewit);
return callback(Boom.unauthorized('Access expired', 'Hawk'), null, bewit);
}

@@ -109,3 +109,3 @@

if (!credentials) {
return callback(Err.unauthorized('Unknown credentials'), null, bewit);
return callback(Boom.unauthorized('Unknown credentials', 'Hawk'), null, bewit);
}

@@ -116,7 +116,7 @@

return callback(Err.internal('Invalid credentials'), credentials, bewit);
return callback(Boom.internal('Invalid credentials'), credentials, bewit);
}
if (Crypto.algorithms.indexOf(credentials.algorithm) === -1) {
return callback(Err.internal('Unknown algorithm'), credentials, bewit);
return callback(Boom.internal('Unknown algorithm'), credentials, bewit);
}

@@ -140,3 +140,3 @@

if (!Utils.fixedTimeComparison(mac, bewit.mac)) {
return callback(Err.unauthorized('Bad mac'), credentials, bewit);
return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials, bewit);
}

@@ -143,0 +143,0 @@

5

package.json
{
"name": "hawk",
"description": "HTTP Hawk Authentication Scheme",
"version": "0.5.1",
"version": "0.5.2",
"author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)",

@@ -19,3 +19,4 @@ "contributors": [],

"dependencies": {
"hoek": "0.0.x"
"hoek": "0.0.x",
"boom": "0.0.x"
},

@@ -22,0 +23,0 @@ "devDependencies": {

2

README.md

@@ -6,3 +6,3 @@ ![hawk Logo](https://raw.github.com/hueniverse/hawk/master/images/hawk.png)

Current version: **0.5.1**
Current version: **0.5.2**

@@ -9,0 +9,0 @@ [![Build Status](https://secure.travis-ci.org/hueniverse/hawk.png)](http://travis-ci.org/hueniverse/hawk)

5

test/index.js
// Load modules
var Http = require('http');
var Chai = require('chai');

@@ -255,3 +254,3 @@ var Hawk = process.env.TEST_COV ? require('../lib-cov') : require('../lib');

expect(err.toResponse().payload.message).to.equal('Stale timestamp');
var header = err.headers['WWW-Authenticate'];
var header = err.toResponse().headers['WWW-Authenticate'];
var ts = header.match(/^Hawk ts\=\"(\d+)\"\, ntp\=\"pool.ntp.org\"\, error=\"Stale timestamp\"$/);

@@ -350,3 +349,3 @@ var now = Date.now();

expect(err).to.exist;
var header = err.headers['WWW-Authenticate'];
var header = err.toResponse().headers['WWW-Authenticate'];
var ts = header.match(/^Hawk ts\=\"(\d+)\"\, ntp\=\"pool.ntp.org\"$/);

@@ -353,0 +352,0 @@ var now = Date.now();

lib/error.js
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc