hawk - npm Package Compare versions

0

bower.json

@@ -0,0 +0,0 @@ {

0

client.js

		'use strict';

		module.exports = require('./dist/browser');

0

component.json

@@ -0,0 +0,0 @@ {

41

dist/browser.js

		@@ -5,3 +5,3 @@ 'use strict';
		HTTP Hawk Authentication Scheme
		Copyright (c) 2012-2014, Eran Hammer <eran@hammer.io>
		Copyright (c) 2012-2016, Eran Hammer <eran@hammer.io>
		BSD Licensed
		@@ -26,4 +26,4 @@ */
		options: {
		// Required
		credentials: {
		// Required
		credentials: {
		id: 'dh37fgj492je',
		@@ -33,4 +33,4 @@ key: 'aoijedoaijsdlaksjdl',
		},
		// Optional
		ext: 'application-specific', // Application specific data sent via the ext attribute
		// Optional
		ext: 'application-specific', // Application specific data sent via the ext attribute
		timestamp: Date.now() / 1000, // A pre-calculated timestamp in seconds
		@@ -64,3 +64,3 @@ nonce: '2334f34f', // A pre-generated nonce

		var timestamp = options.timestamp \|\| hawk.utils.now(options.localtimeOffsetMsec);
		var timestamp = options.timestamp \|\| hawk.utils.nowSec(options.localtimeOffsetMsec);

		@@ -132,4 +132,4 @@ // Validate credentials
		options: {
		// Required
		credentials: {
		// Required
		credentials: {
		id: 'dh37fgj492je',
		@@ -140,4 +140,4 @@ key: 'aoijedoaijsdlaksjdl',
		ttlSec: 60 * 60, // TTL in seconds
		// Optional
		ext: 'application-specific', // Application specific data sent via the ext attribute
		// Optional
		ext: 'application-specific', // Application specific data sent via the ext attribute
		localtimeOffsetMsec: 400 // Time offset to sync with server time
		@@ -160,3 +160,3 @@ };

		var now = hawk.utils.now(options.localtimeOffsetMsec);
		var now = hawk.utils.nowSec(options.localtimeOffsetMsec);

		@@ -234,3 +234,3 @@ // Validate credentials

		hawk.utils.setNtpOffset(wwwAttributes.ts - Math.floor(new Date().getTime() / 1000)); // Keep offset at 1 second precision
		hawk.utils.setNtpSecOffset(wwwAttributes.ts - Math.floor(Date.now() / 1000)); // Keep offset at 1 second precision
		}
		@@ -294,3 +294,3 @@ }

		var timestamp = options.timestamp \|\| hawk.utils.now(options.localtimeOffsetMsec);
		var timestamp = options.timestamp \|\| hawk.utils.nowSec(options.localtimeOffsetMsec);

		@@ -342,3 +342,3 @@ // Validate credentials
		if (updateClock !== false) {
		hawk.utils.setNtpOffset(message.ts - Math.floor(new Date().getTime() / 1000)); // Keep offset at 1 second precision
		hawk.utils.setNtpSecOffset(message.ts - Math.floor(Date.now() / 1000)); // Keep offset at 1 second precision
		}
		@@ -443,7 +443,7 @@
		if (ntpOffset) {
		hawk.utils.setNtpOffset(ntpOffset);
		hawk.utils.setNtpSecOffset(ntpOffset);
		}
		},

		setNtpOffset: function setNtpOffset(offset) {
		setNtpSecOffset: function setNtpSecOffset(offset) {

		@@ -458,3 +458,3 @@ try {

		getNtpOffset: function getNtpOffset() {
		getNtpSecOffset: function getNtpSecOffset() {

		@@ -471,5 +471,10 @@ var offset = hawk.utils.storage.getItem('hawk_ntp_offset');

		return Math.floor((new Date().getTime() + (localtimeOffsetMsec \|\| 0)) / 1000) + hawk.utils.getNtpOffset();
		return Date.now() + (localtimeOffsetMsec \|\| 0) + hawk.utils.getNtpSecOffset() * 1000;
		},

		nowSec: function nowSec(localtimeOffsetMsec) {

		return Math.floor(hawk.utils.now(localtimeOffsetMsec) / 1000);
		},

		escapeHeaderAttribute: function escapeHeaderAttribute(attribute) {
		@@ -476,0 +481,0 @@

0

example/usage.js

@@ -0,0 +0,0 @@ 'use strict';

27

lib/browser.js

		@@ -5,3 +5,3 @@ 'use strict';
		HTTP Hawk Authentication Scheme
		Copyright (c) 2012-2014, Eran Hammer <eran@hammer.io>
		Copyright (c) 2012-2016, Eran Hammer <eran@hammer.io>
		BSD Licensed
		@@ -68,3 +68,3 @@ */

		const timestamp = options.timestamp \|\| hawk.utils.now(options.localtimeOffsetMsec);
		const timestamp = options.timestamp \|\| hawk.utils.nowSec(options.localtimeOffsetMsec);

		@@ -180,3 +180,3 @@ // Validate credentials

		const now = hawk.utils.now(options.localtimeOffsetMsec);
		const now = hawk.utils.nowSec(options.localtimeOffsetMsec);

		@@ -257,3 +257,3 @@ // Validate credentials

		hawk.utils.setNtpOffset(wwwAttributes.ts - Math.floor((new Date()).getTime() / 1000)); // Keep offset at 1 second precision
		hawk.utils.setNtpSecOffset(wwwAttributes.ts - Math.floor(Date.now() / 1000)); // Keep offset at 1 second precision
		}
		@@ -322,3 +322,3 @@ }

		const timestamp = options.timestamp \|\| hawk.utils.now(options.localtimeOffsetMsec);
		const timestamp = options.timestamp \|\| hawk.utils.nowSec(options.localtimeOffsetMsec);

		@@ -364,3 +364,3 @@ // Validate credentials

		authenticateTimestamp: function (message, credentials, updateClock) { // updateClock defaults to true
		authenticateTimestamp: function (message, credentials, updateClock) { // updateClock defaults to true

		@@ -373,3 +373,3 @@ const tsm = hawk.crypto.calculateTsMac(message.ts, credentials);
		if (updateClock !== false) {
		hawk.utils.setNtpOffset(message.ts - Math.floor((new Date()).getTime() / 1000)); // Keep offset at 1 second precision
		hawk.utils.setNtpSecOffset(message.ts - Math.floor(Date.now() / 1000)); // Keep offset at 1 second precision
		}
		@@ -485,7 +485,7 @@
		if (ntpOffset) {
		hawk.utils.setNtpOffset(ntpOffset);
		hawk.utils.setNtpSecOffset(ntpOffset);
		}
		},

		setNtpOffset: function (offset) {
		setNtpSecOffset: function (offset) {

		@@ -501,3 +501,3 @@ try {

		getNtpOffset: function () {
		getNtpSecOffset: function () {

		@@ -514,5 +514,10 @@ const offset = hawk.utils.storage.getItem('hawk_ntp_offset');

		return Math.floor(((new Date()).getTime() + (localtimeOffsetMsec \|\| 0)) / 1000) + hawk.utils.getNtpOffset();
		return Date.now() + (localtimeOffsetMsec \|\| 0) + (hawk.utils.getNtpSecOffset() * 1000);
		},

		nowSec: function (localtimeOffsetMsec) {

		return Math.floor(hawk.utils.now(localtimeOffsetMsec) / 1000);
		},

		escapeHeaderAttribute: function (attribute) {
		@@ -519,0 +524,0 @@

4

lib/client.js

		@@ -35,3 +35,3 @@ 'use strict';
		ext: 'application-specific', // Application specific data sent via the ext attribute
		timestamp: Date.now(), // A pre-calculated timestamp
		timestamp: Date.now() / 1000, // A pre-calculated timestamp in seconds
		nonce: '2334f34f', // A pre-generated nonce
		@@ -333,3 +333,3 @@ localtimeOffsetMsec: 400, // Time offset to sync with server time (ignored if timestamp provided)

		timestamp: Date.now(), // A pre-calculated timestamp
		timestamp: Date.now() / 1000, // A pre-calculated timestamp in seconds
		nonce: '2334f34f', // A pre-generated nonce
		@@ -336,0 +336,0 @@ localtimeOffsetMsec: 400, // Time offset to sync with server time (ignored if timestamp provided)

0

lib/crypto.js

@@ -0,0 +0,0 @@ 'use strict';

0

lib/index.js

@@ -0,0 +0,0 @@ 'use strict';

0

lib/server.js

@@ -0,0 +0,0 @@ 'use strict';

0

lib/utils.js

@@ -0,0 +0,0 @@ 'use strict';

8

package.json

		{
		"name": "hawk",
		"description": "HTTP Hawk Authentication Scheme",
		"version": "4.1.2",
		"version": "5.0.0",
		"author": "Eran Hammer <eran@hammer.io> (http://hueniverse.com)",
		@@ -19,3 +19,3 @@ "repository": "git://github.com/hueniverse/hawk",
		"dependencies": {
		"hoek": "3.x.x",
		"hoek": "4.x.x",
		"boom": "3.x.x",
		@@ -28,4 +28,4 @@ "cryptiles": "3.x.x",
		"babel-preset-es2015": "^6.1.2",
		"code": "2.x.x",
		"lab": "8.x.x"
		"code": "3.x.x",
		"lab": "10.x.x"
		},
		@@ -32,0 +32,0 @@ "babel": {

13

README.md

		@@ -6,5 +6,5 @@ ![hawk Logo](https://raw.github.com/hueniverse/hawk/master/images/hawk.png)

		Current version: 4.x
		Current version: 5.x

		Note: 4.x, 3.x, and 2.x are the same exact protocol as 1.1. The version increments reflect changes in the node API.
		Note: 5.x, 4.x, 3.x, and 2.x are the same exact protocol as 1.1. The version increments reflect changes in the node API.

		@@ -22,6 +22,4 @@ [![Build Status](https://travis-ci.org/hueniverse/hawk.svg?branch=master)](https://travis-ci.org/hueniverse/hawk)
		- [Browser Support and Considerations](#browser-support-and-considerations)
		<p></p>
		- [Single URI Authorization](#single-uri-authorization)
		- [Usage Example](#bewit-usage-example)
		<p></p>
		- [Security Considerations](#security-considerations)
		@@ -38,5 +36,3 @@ - [MAC Keys Transmission](#mac-keys-transmission)
		- [Host Header Forgery](#host-header-forgery)
		<p></p>
		- [Frequently Asked Questions](#frequently-asked-questions)
		<p></p>
		- [Implementations](#implementations)
		@@ -88,3 +84,3 @@ - [Acknowledgements](#acknowledgements)

		The timestamp enables the server to restrict the validity period of the credentials where requests occuring afterwards
		The timestamp enables the server to restrict the validity period of the credentials where requests occurring afterwards
		are rejected. It also removes the need for the server to retain an unbounded number of nonce values for future checks.
		@@ -200,3 +196,3 @@ By default, Hawk uses a time window of 1 minute to allow for time skew between the client and server (which in
		Hawk utilized the [SNTP](https://github.com/hueniverse/sntp) module for time sync management. By default, the local
		machine time is used. To automatically retrieve and synchronice the clock within the application, use the SNTP 'start()' method.
		machine time is used. To automatically retrieve and synchronize the clock within the application, use the SNTP 'start()' method.

		@@ -631,2 +627,3 @@ ```javascript
		- [Kumar's Mohawk in Python](https://github.com/kumar303/mohawk/)
		- [Hiyosi in Go](https://github.com/hiyosi/hawk)

		@@ -633,0 +630,0 @@ # Acknowledgements

22

test/browser.js

		@@ -475,3 +475,3 @@ 'use strict';

		Browser.utils.setNtpOffset(60 * 60 * 1000);
		Browser.utils.setNtpSecOffset(60 * 60 * 1000);
		const header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' });
		@@ -496,5 +496,5 @@ req.authorization = header.field;

		expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);
		expect(Browser.utils.getNtpSecOffset()).to.equal(60 * 60 * 1000);
		expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true);
		expect(Browser.utils.getNtpOffset()).to.equal(0);
		expect(Browser.utils.getNtpSecOffset()).to.equal(0);

		@@ -532,3 +532,3 @@ req.authorization = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials2, ext: 'some-app-data' }).field;

		Browser.utils.setNtpOffset(60 * 60 * 1000);
		Browser.utils.setNtpSecOffset(60 * 60 * 1000);
		const header = Browser.client.header('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials1, ext: 'some-app-data' });
		@@ -554,5 +554,5 @@ req.authorization = header.field;
		expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(60 * 60 * 1000);
		expect(Browser.utils.getNtpOffset()).to.equal(60 * 60 * 1000);
		expect(Browser.utils.getNtpSecOffset()).to.equal(60 * 60 * 1000);
		expect(Browser.client.authenticate(res, credentials2, header.artifacts)).to.equal(true);
		expect(Browser.utils.getNtpOffset()).to.equal(0);
		expect(Browser.utils.getNtpSecOffset()).to.equal(0);
		expect(parseInt(localStorage.getItem('hawk_ntp_offset'))).to.equal(0);
		@@ -1344,6 +1344,6 @@

		const offset = Browser.utils.getNtpOffset();
		const offset = Browser.utils.getNtpSecOffset();
		const tsm = Hawk.crypto.timestampMessage(credentials, 10000);
		expect(Browser.client.authenticateTimestamp(tsm, credentials, false)).to.equal(true);
		expect(offset).to.equal(Browser.utils.getNtpOffset());
		expect(offset).to.equal(Browser.utils.getNtpSecOffset());
		done();
		@@ -1419,3 +1419,3 @@ });

		describe('setNtpOffset()', (done) => {
		describe('setNtpSecOffset()', (done) => {

		@@ -1443,3 +1443,3 @@ it('catches localStorage errors', { parallel: false }, (done) => {

		Browser.utils.setNtpOffset(100);
		Browser.utils.setNtpSecOffset(100);
		}).not.to.throw();
		@@ -1495,3 +1495,3 @@
		const uri = Browser.utils.parseUri('ftp');
		expect(uri).to.deep.equal({ host: '', port: '', resource: '' });
		expect(uri).to.equal({ host: '', port: '', resource: '' });
		done();
		@@ -1498,0 +1498,0 @@ });

2

test/client.js

		@@ -369,3 +369,3 @@ 'use strict';
		expect(err).to.not.exist();
		expect(headers).to.deep.equal({
		expect(headers).to.equal({
		'www-authenticate': null,
		@@ -372,0 +372,0 @@ 'server-authorization': {

0

test/crypto.js

@@ -0,0 +0,0 @@ 'use strict';

0

test/index.js

@@ -0,0 +0,0 @@ 'use strict';

0

test/readme.js

@@ -0,0 +0,0 @@ 'use strict';

0

test/server.js

@@ -0,0 +0,0 @@ 'use strict';

0

test/uri.js

@@ -0,0 +0,0 @@ 'use strict';

0

test/utils.js

@@ -0,0 +0,0 @@ 'use strict';

.travis.yml

Sorry, the diff of this file is not supported yet

LICENSE

Sorry, the diff of this file is not supported yet

hawk - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes