hawk - npm Package Compare versions
Comparing version 7.0.4 to 7.0.5
@@ -130,12 +130,1 @@ 'use strict'; | ||
| }; | ||
| exports.fixedTimeComparison = function (a, b) { | ||
| try { | ||
| return Crypto.timingSafeEqual(new Buffer(a), new Buffer(b)); | ||
| } | ||
| catch (err) { | ||
| return false; | ||
| } | ||
| }; |
@@ -6,2 +6,3 @@ 'use strict'; | ||
| const Boom = require('boom'); | ||
| const Cryptiles = require('cryptiles'); | ||
| const Hoek = require('hoek'); | ||
@@ -162,3 +163,3 @@ | ||
| const mac = Crypto.calculateMac('header', credentials, artifacts); | ||
| if (!Crypto.fixedTimeComparison(mac, attributes.mac)) { | ||
| if (!Cryptiles.fixedTimeComparison(mac, attributes.mac)) { | ||
| throw Object.assign(Utils.unauthorized('Bad mac'), result); | ||
@@ -177,3 +178,3 @@ } | ||
| const hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, request.contentType); | ||
| if (!Crypto.fixedTimeComparison(hash, attributes.hash)) { | ||
| if (!Cryptiles.fixedTimeComparison(hash, attributes.hash)) { | ||
| throw Object.assign(Utils.unauthorized('Bad payload hash'), result); | ||
@@ -221,3 +222,3 @@ } | ||
| const calculatedHash = Crypto.calculatePayloadHash(payload, credentials.algorithm, contentType); | ||
| if (!Crypto.fixedTimeComparison(calculatedHash, artifacts.hash)) { | ||
| if (!Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash)) { | ||
| throw Object.assign(Utils.unauthorized('Bad payload hash'), { credentials, artifacts }); | ||
@@ -239,3 +240,3 @@ } | ||
| if (!Crypto.fixedTimeComparison(calculatedHash, artifacts.hash)) { | ||
| if (!Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash)) { | ||
| throw Object.assign(Utils.unauthorized('Bad payload hash'), { artifacts }); | ||
@@ -449,3 +450,3 @@ } | ||
| if (!Crypto.fixedTimeComparison(mac, bewit.mac)) { | ||
| if (!Cryptiles.fixedTimeComparison(mac, bewit.mac)) { | ||
| throw Object.assign(Utils.unauthorized('Bad mac'), result); | ||
@@ -520,3 +521,3 @@ } | ||
| const mac = Crypto.calculateMac('message', credentials, artifacts); | ||
| if (!Crypto.fixedTimeComparison(mac, authorization.mac)) { | ||
| if (!Cryptiles.fixedTimeComparison(mac, authorization.mac)) { | ||
| throw Object.assign(Utils.unauthorized('Bad mac'), result); | ||
@@ -528,3 +529,3 @@ } | ||
| const hash = Crypto.calculatePayloadHash(message, credentials.algorithm); | ||
| if (!Crypto.fixedTimeComparison(hash, authorization.hash)) { | ||
| if (!Cryptiles.fixedTimeComparison(hash, authorization.hash)) { | ||
| throw Object.assign(Utils.unauthorized('Bad message hash'), result); | ||
@@ -531,0 +532,0 @@ } |
| { | ||
| "name": "hawk", | ||
| "description": "HTTP Hawk Authentication Scheme", | ||
| "version": "7.0.4", | ||
| "version": "7.0.5", | ||
| "author": "Eran Hammer <eran@hammer.io> (http://hueniverse.com)", | ||
@@ -6,0 +6,0 @@ "repository": "git://github.com/hueniverse/hawk", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-0.11%
111332
- Lines of code
- decreased by-0.5%
1406
No dependency changes