From b654fdecd8c6a618f0dca0f7f1cd89073a0978bb Mon Sep 17 00:00:00 2001
From: Pascal Precht <pascal.precht@gmail.com>
Date: Thu, 18 Oct 2018 18:34:18 +0200
Subject: [PATCH] fix(modules/authenticator): ensure request hash doesn't
 include query params

The authenticators request hash algorithm produced different hashes than
on the client, because client-side hash-request don't include the query
parameters of a URL.

This causes authentication issues when sending any requests with query
parameters. This commit ensures we ignore them on the server as well.
---
 lib/modules/authenticator/index.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/modules/authenticator/index.js b/lib/modules/authenticator/index.js
index c3dfe594d..2dc83b36a 100644
--- a/lib/modules/authenticator/index.js
+++ b/lib/modules/authenticator/index.js
@@ -18,10 +18,14 @@ class Authenticator {
   generateRequestHash(req) {
     let cnonce = req.headers['x-embark-cnonce'];
     let hash = new keccak();
+    let url = req.url;
+    let queryParamIndex = url.indexOf('?');
+    url = url.substring(0, queryParamIndex !== -1 ? queryParamIndex : url.length)
+
     hash.update(cnonce);
     hash.update(this.authToken);
     hash.update(req.method);
-    hash.update(req.url);
+    hash.update(url);
     return hash.digest('hex');
   }