Comparing version 7.0.4 to 7.0.5
@@ -130,12 +130,1 @@ 'use strict'; | ||
}; | ||
exports.fixedTimeComparison = function (a, b) { | ||
try { | ||
return Crypto.timingSafeEqual(new Buffer(a), new Buffer(b)); | ||
} | ||
catch (err) { | ||
return false; | ||
} | ||
}; |
@@ -6,2 +6,3 @@ 'use strict'; | ||
const Boom = require('boom'); | ||
const Cryptiles = require('cryptiles'); | ||
const Hoek = require('hoek'); | ||
@@ -162,3 +163,3 @@ | ||
const mac = Crypto.calculateMac('header', credentials, artifacts); | ||
if (!Crypto.fixedTimeComparison(mac, attributes.mac)) { | ||
if (!Cryptiles.fixedTimeComparison(mac, attributes.mac)) { | ||
throw Object.assign(Utils.unauthorized('Bad mac'), result); | ||
@@ -177,3 +178,3 @@ } | ||
const hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, request.contentType); | ||
if (!Crypto.fixedTimeComparison(hash, attributes.hash)) { | ||
if (!Cryptiles.fixedTimeComparison(hash, attributes.hash)) { | ||
throw Object.assign(Utils.unauthorized('Bad payload hash'), result); | ||
@@ -221,3 +222,3 @@ } | ||
const calculatedHash = Crypto.calculatePayloadHash(payload, credentials.algorithm, contentType); | ||
if (!Crypto.fixedTimeComparison(calculatedHash, artifacts.hash)) { | ||
if (!Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash)) { | ||
throw Object.assign(Utils.unauthorized('Bad payload hash'), { credentials, artifacts }); | ||
@@ -239,3 +240,3 @@ } | ||
if (!Crypto.fixedTimeComparison(calculatedHash, artifacts.hash)) { | ||
if (!Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash)) { | ||
throw Object.assign(Utils.unauthorized('Bad payload hash'), { artifacts }); | ||
@@ -449,3 +450,3 @@ } | ||
if (!Crypto.fixedTimeComparison(mac, bewit.mac)) { | ||
if (!Cryptiles.fixedTimeComparison(mac, bewit.mac)) { | ||
throw Object.assign(Utils.unauthorized('Bad mac'), result); | ||
@@ -520,3 +521,3 @@ } | ||
const mac = Crypto.calculateMac('message', credentials, artifacts); | ||
if (!Crypto.fixedTimeComparison(mac, authorization.mac)) { | ||
if (!Cryptiles.fixedTimeComparison(mac, authorization.mac)) { | ||
throw Object.assign(Utils.unauthorized('Bad mac'), result); | ||
@@ -528,3 +529,3 @@ } | ||
const hash = Crypto.calculatePayloadHash(message, credentials.algorithm); | ||
if (!Crypto.fixedTimeComparison(hash, authorization.hash)) { | ||
if (!Cryptiles.fixedTimeComparison(hash, authorization.hash)) { | ||
throw Object.assign(Utils.unauthorized('Bad message hash'), result); | ||
@@ -531,0 +532,0 @@ } |
{ | ||
"name": "hawk", | ||
"description": "HTTP Hawk Authentication Scheme", | ||
"version": "7.0.4", | ||
"version": "7.0.5", | ||
"author": "Eran Hammer <eran@hammer.io> (http://hueniverse.com)", | ||
@@ -6,0 +6,0 @@ "repository": "git://github.com/hueniverse/hawk", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
111332
1406