use crypto.timingSafeEqual in hmac and ownerToken authentication

This commit is contained in:
Danny Coates 2019-03-14 21:33:18 -07:00
parent 67b55d1477
commit ebbb1d05d2
No known key found for this signature in database
GPG key ID: 4C442633C62E00CB
3 changed files with 201 additions and 25 deletions

View file

@ -32,7 +32,7 @@ describe('Owner Middleware', function() {
const next = sinon.stub();
storage.metadata.returns(Promise.resolve(null));
const res = response();
await ownerMiddleware(request('x', 'y'), res);
await ownerMiddleware(request('a', 'y'), res, next);
sinon.assert.notCalled(next);
sinon.assert.calledWith(res.sendStatus, 404);
});
@ -42,7 +42,7 @@ describe('Owner Middleware', function() {
const meta = { owner: 'y' };
storage.metadata.returns(Promise.resolve(meta));
const res = response();
await ownerMiddleware(request('x', null), res);
await ownerMiddleware(request('b', null), res, next);
sinon.assert.notCalled(next);
sinon.assert.calledWith(res.sendStatus, 401);
});
@ -52,7 +52,7 @@ describe('Owner Middleware', function() {
const meta = { owner: 'y' };
storage.metadata.returns(Promise.resolve(meta));
const res = response();
await ownerMiddleware(request('x', 'z'), res);
await ownerMiddleware(request('c', 'z'), res, next);
sinon.assert.notCalled(next);
sinon.assert.calledWith(res.sendStatus, 401);
});
@ -61,7 +61,7 @@ describe('Owner Middleware', function() {
const next = sinon.stub();
storage.metadata.returns(Promise.reject(new Error()));
const res = response();
await ownerMiddleware(request('x', 'y'), res);
await ownerMiddleware(request('d', 'y'), res, next);
sinon.assert.notCalled(next);
sinon.assert.calledWith(res.sendStatus, 401);
});
@ -70,7 +70,7 @@ describe('Owner Middleware', function() {
const next = sinon.stub();
const meta = { owner: 'y' };
storage.metadata.returns(Promise.resolve(meta));
const req = request('x', 'y');
const req = request('e', 'y');
const res = response();
await ownerMiddleware(req, res, next);
assert.equal(req.meta, meta);