diff --git a/lib/authorizer/digest.js b/lib/authorizer/digest.js index 46ccc431d..b4f975511 100644 --- a/lib/authorizer/digest.js +++ b/lib/authorizer/digest.js @@ -3,6 +3,7 @@ var _ = require('lodash'), urlEncoder = require('postman-url-encoder'), RequestBody = require('postman-collection').RequestBody, bodyBuilder = require('../requester/core-body-builder'), + AuthUtils = require('./util'), EMPTY = '', ONE = '00000001', @@ -17,8 +18,6 @@ var _ = require('lodash'), AUTH_INT = 'auth-int', AUTHORIZATION = 'Authorization', MD5_SESS = 'MD5-sess', - ASCII_SOURCE = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', - ASCII_SOURCE_LENGTH = ASCII_SOURCE.length, USERNAME_EQUALS_QUOTE = 'username="', REALM_EQUALS_QUOTE = 'realm="', NONCE_EQUALS_QUOTE = 'nonce="', @@ -98,26 +97,6 @@ if (!_.includes(crypto.getHashes(), 'sha512-256')) { }); } -/** - * Generates a random string of given length - * - * @todo Move this to util.js. After moving use that for hawk auth too - * @param {Number} length - */ -function randomString (length) { - length = length || 6; - - var result = [], - i; - - for (i = 0; i < length; i++) { - result[i] = ASCII_SOURCE[(Math.random() * ASCII_SOURCE_LENGTH) | 0]; - } - - return result.join(EMPTY); -} - - /** * Extracts a Digest Auth field from a WWW-Authenticate header value using a given regexp. * @@ -321,7 +300,7 @@ module.exports = { qop && (authParams.qop = qop); if (authParams.qop || auth.get(QOP)) { - authParams.clientNonce = randomString(8); + authParams.clientNonce = AuthUtils.randomString(8); authParams.nonceCount = ONE; } diff --git a/lib/authorizer/hawk.js b/lib/authorizer/hawk.js index 0bb684672..325ffb3c8 100644 --- a/lib/authorizer/hawk.js +++ b/lib/authorizer/hawk.js @@ -5,29 +5,9 @@ var url = require('url'), RequestBody = require('postman-collection').RequestBody, bodyBuilder = require('../requester/core-body-builder'), urlEncoder = require('postman-url-encoder'), + AuthUtils = require('./util'), - ASCII_SOURCE = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', - ASCII_SOURCE_LENGTH = ASCII_SOURCE.length, - AUTHORIZATION = 'Authorization', - EMPTY = ''; - -/** - * Generates a random string of given length (useful for nonce generation, etc). - * - * @param {Number} length - */ -function randomString (length) { - length = length || 6; - - var result = [], - i; - - for (i = 0; i < length; i++) { - result[i] = ASCII_SOURCE[(Math.random() * ASCII_SOURCE_LENGTH) | 0]; - } - - return result.join(EMPTY); -} + AUTHORIZATION = 'Authorization'; /** * Calculates body hash with given algorithm and digestEncoding. @@ -151,7 +131,7 @@ module.exports = { * @param {AuthHandlerInterface~authPreHookCallback} done */ pre: function (auth, done) { - !auth.get('nonce') && auth.set('nonce', randomString(6)); + !auth.get('nonce') && auth.set('nonce', AuthUtils.randomString(6)); !_.parseInt(auth.get('timestamp')) && auth.set('timestamp', Math.floor(Date.now() / 1e3)); done(null, true); }, diff --git a/lib/authorizer/util.js b/lib/authorizer/util.js new file mode 100644 index 000000000..2d7502afe --- /dev/null +++ b/lib/authorizer/util.js @@ -0,0 +1,26 @@ +var ASCII_SOURCE = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', + ASCII_SOURCE_LENGTH = ASCII_SOURCE.length, + EMPTY = ''; + +module.exports = { + + /** + * Generates a random string of given length + * + * @param {Number} length + * @returns {String} + */ + randomString: function (length) { + length = length || 6; + + var result = [], + i; + + for (i = 0; i < length; i++) { + result[i] = ASCII_SOURCE[(Math.random() * ASCII_SOURCE_LENGTH) | 0]; + } + + return result.join(EMPTY); + } + +};