Home Explore Help
Register Sign In
StephanFuchs
/
glife
forked from Kevin_Smarts/glife
4
1
Fork 3
Files Pull Requests 0
Tree: b2a65b2676
Branches Tags
glife
/
node_modules
/
needle
/
test
/
auth_digest_spec.js

auth_digest_spec.js 7.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231 
  1. var needle = require('../'),
    2. 

  2.   auth = require('../lib/auth'),
    3. 

  3.   sinon = require('sinon'),
    4. 

  4.   should = require('should'),
    5. 

  5.   http = require('http'),
    6. 

  6.   helpers = require('./helpers');
    7. 

  7. 

  8. var createHash = require('crypto').createHash;
    9. 

  9. 

  10. function md5(string) {
    11. 

  11.   return createHash('md5').update(string).digest('hex');
    12. 

  12. }
    13. 

  13. 

  14. function parse_header(header) {
    15. 

  15.   var challenge = {},
    16. 

  16.       matches   = header.match(/([a-z0-9_-]+)="?([a-z0-9=\/\.@\s-\+]+)"?/gi);
    17. 

  17. 

  18.   for (var i = 0, l = matches.length; i < l; i++) {
    19. 

  19.     var parts = matches[i].split('='),
    20. 

  20.         key = parts.shift(),
    21. 

  21.         val = parts.join('=').replace(/^"/, '').replace(/"$/, '');
    22. 

  22. 

  23.     challenge[key] = val;
    24. 

  24.   }
    25. 

  25. 

  26.   return challenge;
    27. 

  27. }
    28. 

  28. 

  29. describe('auth_digest', function() {
    30. 

  30.   describe('With qop (RFC 2617)', function() {
    31. 

  31.     it('should generate a proper header', function() {
    32. 

  32.       // from https://tools.ietf.org/html/rfc2617
    33. 

  33.       var performDigest = function() {
    34. 

  34.         var header = 'Digest realm="[email protected]", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"';
    35. 

  35.         var user = 'Mufasa';
    36. 

  36.         var pass = 'Circle Of Life';
    37. 

  37.         var method = 'get';
    38. 

  38.         var path = '/dir/index.html';
    39. 

  39. 

  40.         var updatedHeader = auth.digest(header, user, pass, method, path);
    41. 

  41.         var parsedUpdatedHeader = parse_header(updatedHeader);
    42. 

  42. 

  43.         var ha1 = md5(user + ':' + parsedUpdatedHeader.realm + ':' + pass);
    44. 

  44.         var ha2 = md5(method.toUpperCase() + ':' + path);
    45. 

  45.         var expectedResponse = md5([
    46. 

  46.           ha1,
    47. 

  47.           parsedUpdatedHeader.nonce,
    48. 

  48.           parsedUpdatedHeader.nc,
    49. 

  49.           parsedUpdatedHeader.cnonce,
    50. 

  50.           parsedUpdatedHeader.qop,
    51. 

  51.           ha2
    52. 

  52.         ].join(':'));
    53. 

  53. 

  54.         return {
    55. 

  55.           header: updatedHeader,
    56. 

  56.           parsed: parsedUpdatedHeader,
    57. 

  57.           expectedResponse: expectedResponse,
    58. 

  58.         }
    59. 

  59.       }
    60. 

  60. 

  61.       const result = performDigest();
    62. 

  62. 

  63.       (result.header).should
    64. 

  64.         .match(/qop="auth"/)
    65. 

  65.         .match(/uri="\/dir\/index.html"/)
    66. 

  66.         .match(/opaque="5ccc069c403ebaf9f0171e9517f40e41"/)
    67. 

  67.         .match(/realm="testrealm@host\.com"/)
    68. 

  68.         .match(/response=/)
    69. 

  69.         .match(/nc=/)
    70. 

  70.         .match(/nonce=/)
    71. 

  71.         .match(/cnonce=/);
    72. 

  72. 

  73.       (result.parsed.response).should.be.eql(result.expectedResponse);
    74. 

  74.     });
    75. 

  75.   });
    76. 

  76. 

  77.   describe('With plus character in nonce header', function() {
    78. 

  78.     it('should generate a proper header', function() {
    79. 

  79.       // from https://tools.ietf.org/html/rfc2617
    80. 

  80.       var performDigest = function() {
    81. 

  81.         var header = 'Digest realm="[email protected]", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f6+00bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"';
    82. 

  82.         var user = 'Mufasa';
    83. 

  83.         var pass = 'Circle Of Life';
    84. 

  84.         var method = 'get';
    85. 

  85.         var path = '/dir/index.html';
    86. 

  86. 

  87.         var updatedHeader = auth.digest(header, user, pass, method, path);
    88. 

  88.         var parsedUpdatedHeader = parse_header(updatedHeader);
    89. 

  89. 

  90.         var ha1 = md5(user + ':' + parsedUpdatedHeader.realm + ':' + pass);
    91. 

  91.         var ha2 = md5(method.toUpperCase() + ':' + path);
    92. 

  92.         var expectedResponse = md5([
    93. 

  93.           ha1,
    94. 

  94.           parsedUpdatedHeader.nonce,
    95. 

  95.           parsedUpdatedHeader.nc,
    96. 

  96.           parsedUpdatedHeader.cnonce,
    97. 

  97.           parsedUpdatedHeader.qop,
    98. 

  98.           ha2
    99. 

  99.         ].join(':'));
    100. 

  100. 

  101.         return {
    102. 

  102.           header: updatedHeader,
    103. 

  103.           parsed: parsedUpdatedHeader,
    104. 

  104.           expectedResponse: expectedResponse,
    105. 

  105.         }
    106. 

  106.       }
    107. 

  107. 

  108.       const result = performDigest();
    109. 

  109. 

  110.       (result.header).should
    111. 

  111.         .match(/nonce="dcd98b7102dd2f0e8b11d0f6\+00bfb0c093"/)
    112. 

  112.     });
    113. 

  113.   });
    114. 

  114. 

  115.   describe('With colon character in nonce header', function() {
    116. 

  116.     it('should generate a proper header', function() {
    117. 

  117.       // from https://tools.ietf.org/html/rfc2617
    118. 

  118.       var performDigest = function() {
    119. 

  119.         var header = 'Digest realm="IP Camera", charset="UTF-8", algorithm="MD5", nonce="636144c2:2970b5fdd41b5ac6b669848f43d2d22b", qop="auth"';
    120. 

  120.         var user = 'Mufasa';
    121. 

  121.         var pass = 'Circle Of Life';
    122. 

  122.         var method = 'get';
    123. 

  123.         var path = '/dir/index.html';
    124. 

  124. 

  125.         var updatedHeader = auth.digest(header, user, pass, method, path);
    126. 

  126.         var parsedUpdatedHeader = parse_header(updatedHeader);
    127. 

  127. 

  128.         var ha1 = md5(user + ':' + parsedUpdatedHeader.realm + ':' + pass);
    129. 

  129.         var ha2 = md5(method.toUpperCase() + ':' + path);
    130. 

  130.         var expectedResponse = md5([
    131. 

  131.           ha1,
    132. 

  132.           parsedUpdatedHeader.nonce,
    133. 

  133.           parsedUpdatedHeader.nc,
    134. 

  134.           parsedUpdatedHeader.cnonce,
    135. 

  135.           parsedUpdatedHeader.qop,
    136. 

  136.           ha2
    137. 

  137.         ].join(':'));
    138. 

  138. 

  139.         return {
    140. 

  140.           header: updatedHeader,
    141. 

  141.           parsed: parsedUpdatedHeader,
    142. 

  142.           expectedResponse: expectedResponse,
    143. 

  143.         }
    144. 

  144.       }
    145. 

  145. 

  146.       const result = performDigest();
    147. 

  147. 

  148.       (result.header).should
    149. 

  149.         .match(/nonce="636144c2:2970b5fdd41b5ac6b669848f43d2d22b"/)
    150. 

  150.     });
    151. 

  151.   });
    152. 

  152. 

  153. 

  154.   describe('With brackets in realm header', function() {
    155. 

  155.     it('should generate a proper header', function() {
    156. 

  156.       // from https://tools.ietf.org/html/rfc2617
    157. 

  157.       var performDigest = function() {
    158. 

  158.         var header = 'Digest qop="auth", realm="IP Camera(76475)", nonce="4e4449794d575269597a706b5a575935595441324d673d3d", stale="FALSE", Basic realm="IP Camera(76475)"';
    159. 

  159.         var user = 'Mufasa';
    160. 

  160.         var pass = 'Circle Of Life';
    161. 

  161.         var method = 'get';
    162. 

  162.         var path = '/dir/index.html';
    163. 

  163. 

  164.         var updatedHeader = auth.digest(header, user, pass, method, path);
    165. 

  165.         var parsedUpdatedHeader = parse_header(updatedHeader);
    166. 

  166. 

  167.         var ha1 = md5(user + ':' + parsedUpdatedHeader.realm + ':' + pass);
    168. 

  168.         var ha2 = md5(method.toUpperCase() + ':' + path);
    169. 

  169.         var expectedResponse = md5([
    170. 

  170.           ha1,
    171. 

  171.           parsedUpdatedHeader.nonce,
    172. 

  172.           parsedUpdatedHeader.nc,
    173. 

  173.           parsedUpdatedHeader.cnonce,
    174. 

  174.           parsedUpdatedHeader.qop,
    175. 

  175.           ha2
    176. 

  176.         ].join(':'));
    177. 

  177. 

  178.         return {
    179. 

  179.           header: updatedHeader,
    180. 

  180.           parsed: parsedUpdatedHeader,
    181. 

  181.           expectedResponse: expectedResponse,
    182. 

  182.         }
    183. 

  183.       }
    184. 

  184. 

  185.       const result = performDigest();
    186. 

  186. 

  187.       (result.header).should
    188. 

  188.         .match(/realm="IP Camera\(76475\)"/)
    189. 

  189.     });
    190. 

  190.   });
    191. 

  191. 

  192.   describe('Without qop (RFC 2617)', function() {
    193. 

  193.     it('should generate a proper header', function() {
    194. 

  194.       // from https://tools.ietf.org/html/rfc2069
    195. 

  195.       var performDigest = function() {
    196. 

  196.         var header = 'Digest realm="[email protected]", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"';
    197. 

  197.         var user = 'Mufasa';
    198. 

  198.         var pass = 'Circle Of Life';
    199. 

  199.         var method = 'get';
    200. 

  200.         var path = '/dir/index.html';
    201. 

  201. 

  202.         var updatedHeader = auth.digest(header, user, pass, method, path);
    203. 

  203.         var parsedUpdatedHeader = parse_header(updatedHeader);
    204. 

  204. 

  205.         var ha1 = md5(user + ':' + parsedUpdatedHeader.realm + ':' + pass);
    206. 

  206.         var ha2 = md5(method.toUpperCase() + ':' + path);
    207. 

  207.         var expectedResponse = md5([ha1, parsedUpdatedHeader.nonce, ha2].join(':'));
    208. 

  208. 

  209.         return {
    210. 

  210.           header: updatedHeader,
    211. 

  211.           parsed: parsedUpdatedHeader,
    212. 

  212.           expectedResponse: expectedResponse,
    213. 

  213.         }
    214. 

  214.       }
    215. 

  215. 

  216.       const result = performDigest();
    217. 

  217. 

  218.       (result.header).should
    219. 

  219.         .not.match(/qop=/)
    220. 

  220.         .match(/uri="\/dir\/index.html"/)
    221. 

  221.         .match(/opaque="5ccc069c403ebaf9f0171e9517f40e41"/)
    222. 

  222.         .match(/realm="testrealm@host\.com"/)
    223. 

  223.         .match(/response=/)
    224. 

  224.         .not.match(/nc=/)
    225. 

  225.         .match(/nonce=/)
    226. 

  226.         .not.match(/cnonce=/);
    227. 

  227. 

  228.       (result.parsed.response).should.be.eql(result.expectedResponse);
    229. 

  229.     });
    230. 

  230.   });
    231. 

  231. })
    232.