embarklabs
/
embark
mirror of https://github.com/embarklabs/embark.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(modules/authenticator): ensure request hash doesn't include query params 

The authenticators request hash algorithm produced different hashes than
on the client, because client-side hash-request don't include the query
parameters of a URL.

This causes authentication issues when sending any requests with query
parameters. This commit ensures we ignore them on the server as well.
This commit is contained in:
Pascal Precht 2018-10-18 18:34:18 +02:00
parent 479b79eeaf
commit b654fdecd8
No known key found for this signature in database
GPG Key ID: 0EE28D8D6FD85D7D
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/modules/authenticator/index.js
View File

@ -18,10 +18,14 @@ class Authenticator {
generateRequestHash(req) { generateRequestHash(req) {
let cnonce = req.headers['x-embark-cnonce']; let cnonce = req.headers['x-embark-cnonce'];
let hash = new keccak(); let hash = new keccak();
let url = req.url;
let queryParamIndex = url.indexOf('?');
url = url.substring(0, queryParamIndex !== -1 ? queryParamIndex : url.length)
hash.update(cnonce); hash.update(cnonce);
hash.update(this.authToken); hash.update(this.authToken);
hash.update(req.method); hash.update(req.method);
hash.update(req.url); hash.update(url);
return hash.digest('hex'); return hash.digest('hex');
} }