Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
www-authenticate
Advanced tools
Provides the functionality needed for a client to use HTTP Basic or Digest authentication. Also provides primitives for parsing WWW-Authenticate and Authentication_Info headers.
Provides the functionality needed for a client to use HTTP Basic or Digest authentication. Also provides primitives for parsing WWW-Authenticate and Authentication_Info headers.
Parses the content of a WWW-Authenticate header sent by a server. Interpret the authentication challenge posed. Then generate the credentials for Authorization headers for subsequent requests from the server.
Install the module with: npm install www-authenticate
See examples below.
Use the high level interface:
var www_authenticate = require('www-authenticate');
var authenticator= www_authenticate.authenticator(username,password);
// Whenever you receive a response, send it to the authenticator.
// The authenticator will parse and record any challenge it contains.
authenticator.get_challenge(response);
//... now, whenever you make a request the authenticator will add an
// authorization header if a challenge has been received...
var options= {
method: "GET",
path: "/dir/index.html"
}
authenticator.authenticate_request_options(options);
if (authenticator.err) throw err; // or do something similarly drastic
http.request(options);
Use the low level interface:
var www_authenticate = require('www-authenticate');
var on_www_authenticate= www_authenticate(username,password);
// now wait for HTTP/1.1 401 Unauthorized and then parse the WWW_Authenticate header
var authenticator= on_www_authenticate(response.headers['www-authenticate']);
if (authenticator.err) throw err; // or do something similarly drastic
//... now, whenever you make a request, add an Authorization header:
response.setHeader('authorization', authenticator.authorize('GET',url));
Parse www-authenticate or authentication-info headers:
var parsers = require('www-authenticate').parsers;
var parsed= new parsers.WWW_Authenticate(request.headers['www-authenticate']);
console.log(parsed.scheme);
console.log(parsed.parms.nonce);
var parsed= new parsers.Authentication_Info(request.headers['authentication-info']);
console.log(parsed.parms.nonce);
This module exports a user_credentials
function. When called, it returns a user_credentials
object that uses the username and password to generate components of an Authentication header without exposing the password. A user_credentials
object may be used in place of the username
and password
arguments.
Without user credentials:
var www_authenticate = require('www-authenticate');
var authenticator= www_authenticate.authenticator(username,password);
With user credentials:
```javascript
var www_authenticate = require('www-authenticate');
var my_credentials= www_authenticate.user_credentials("Me","My Password");
var authenticator= www_authenticate.authenticator(my_credentials);
In the above example, my_credentials
might actually be generated in a separate module and passed around instead of the plain text username and password, making accidental pasword disclosure less likely.
In the above examples, an option object may be passed in addition to the username and password (or user credentials). The following options are supported:
This module exports the parser that is used internally to parse a WWW-Authenticate header. Please see the tests for usage examples.
In lieu of a formal styleguide, take care to maintain the existing coding style. Add unit tests for any new or changed functionality. Lint and test your code using Grunt.
Copyright (c) 2013 Randy McLaughlin Licensed under the MIT license.
FAQs
Provides the functionality needed for a client to use HTTP Basic or Digest authentication. Also provides primitives for parsing WWW-Authenticate and Authentication_Info headers.
The npm package www-authenticate receives a total of 1,883 weekly downloads. As such, www-authenticate popularity was classified as popular.
We found that www-authenticate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.