Home Explore Help
Register Sign In
furao
/
test
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6850b1a535
Branches Tags
test
/
public
/
themes
/
simple
/
_grunt
/
node_modules
/
request
/
lib
/
auth.js

auth.js 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 
  1. 'use strict'
    2. 

  2. 

  3. var caseless = require('caseless')
    4. 

  4.   , uuid = require('node-uuid')
    5. 

  5.   , helpers = require('./helpers')
    6. 

  6. 

  7. var md5 = helpers.md5
    8. 

  8.   , toBase64 = helpers.toBase64
    9. 

  9. 

  10. 

  11. function Auth (request) {
    12. 

  12.   // define all public properties here
    13. 

  13.   this.request = request
    14. 

  14.   this.hasAuth = false
    15. 

  15.   this.sentAuth = false
    16. 

  16.   this.bearerToken = null
    17. 

  17.   this.user = null
    18. 

  18.   this.pass = null
    19. 

  19. }
    20. 

  20. 

  21. Auth.prototype.basic = function (user, pass, sendImmediately) {
    22. 

  22.   var self = this
    23. 

  23.   if (typeof user !== 'string' || (pass !== undefined && typeof pass !== 'string')) {
    24. 

  24.     self.request.emit('error', new Error('auth() received invalid user or password'))
    25. 

  25.   }
    26. 

  26.   self.user = user
    27. 

  27.   self.pass = pass
    28. 

  28.   self.hasAuth = true
    29. 

  29.   var header = user + ':' + (pass || '')
    30. 

  30.   if (sendImmediately || typeof sendImmediately === 'undefined') {
    31. 

  31.     var authHeader = 'Basic ' + toBase64(header)
    32. 

  32.     self.sentAuth = true
    33. 

  33.     return authHeader
    34. 

  34.   }
    35. 

  35. }
    36. 

  36. 

  37. Auth.prototype.bearer = function (bearer, sendImmediately) {
    38. 

  38.   var self = this
    39. 

  39.   self.bearerToken = bearer
    40. 

  40.   self.hasAuth = true
    41. 

  41.   if (sendImmediately || typeof sendImmediately === 'undefined') {
    42. 

  42.     if (typeof bearer === 'function') {
    43. 

  43.       bearer = bearer()
    44. 

  44.     }
    45. 

  45.     var authHeader = 'Bearer ' + (bearer || '')
    46. 

  46.     self.sentAuth = true
    47. 

  47.     return authHeader
    48. 

  48.   }
    49. 

  49. }
    50. 

  50. 

  51. Auth.prototype.digest = function (method, path, authHeader) {
    52. 

  52.   // TODO: More complete implementation of RFC 2617.
    53. 

  53.   //   - check challenge.algorithm
    54. 

  54.   //   - support algorithm="MD5-sess"
    55. 

  55.   //   - handle challenge.domain
    56. 

  56.   //   - support qop="auth-int" only
    57. 

  57.   //   - handle Authentication-Info (not necessarily?)
    58. 

  58.   //   - check challenge.stale (not necessarily?)
    59. 

  59.   //   - increase nc (not necessarily?)
    60. 

  60.   // For reference:
    61. 

  61.   // http://tools.ietf.org/html/rfc2617#section-3
    62. 

  62.   // https://github.com/bagder/curl/blob/master/lib/http_digest.c
    63. 

  63. 

  64.   var self = this
    65. 

  65. 

  66.   var challenge = {}
    67. 

  67.   var re = /([a-z0-9_-]+)=(?:"([^"]+)"|([a-z0-9_-]+))/gi
    68. 

  68.   for (;;) {
    69. 

  69.     var match = re.exec(authHeader)
    70. 

  70.     if (!match) {
    71. 

  71.       break
    72. 

  72.     }
    73. 

  73.     challenge[match[1]] = match[2] || match[3]
    74. 

  74.   }
    75. 

  75. 

  76.   var ha1 = md5(self.user + ':' + challenge.realm + ':' + self.pass)
    77. 

  77.   var ha2 = md5(method + ':' + path)
    78. 

  78.   var qop = /(^|,)\s*auth\s*($|,)/.test(challenge.qop) && 'auth'
    79. 

  79.   var nc = qop && '00000001'
    80. 

  80.   var cnonce = qop && uuid().replace(/-/g, '')
    81. 

  81.   var digestResponse = qop
    82. 

  82.     ? md5(ha1 + ':' + challenge.nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2)
    83. 

  83.     : md5(ha1 + ':' + challenge.nonce + ':' + ha2)
    84. 

  84.   var authValues = {
    85. 

  85.     username: self.user,
    86. 

  86.     realm: challenge.realm,
    87. 

  87.     nonce: challenge.nonce,
    88. 

  88.     uri: path,
    89. 

  89.     qop: qop,
    90. 

  90.     response: digestResponse,
    91. 

  91.     nc: nc,
    92. 

  92.     cnonce: cnonce,
    93. 

  93.     algorithm: challenge.algorithm,
    94. 

  94.     opaque: challenge.opaque
    95. 

  95.   }
    96. 

  96. 

  97.   authHeader = []
    98. 

  98.   for (var k in authValues) {
    99. 

  99.     if (authValues[k]) {
    100. 

  100.       if (k === 'qop' || k === 'nc' || k === 'algorithm') {
    101. 

  101.         authHeader.push(k + '=' + authValues[k])
    102. 

  102.       } else {
    103. 

  103.         authHeader.push(k + '="' + authValues[k] + '"')
    104. 

  104.       }
    105. 

  105.     }
    106. 

  106.   }
    107. 

  107.   authHeader = 'Digest ' + authHeader.join(', ')
    108. 

  108.   self.sentAuth = true
    109. 

  109.   return authHeader
    110. 

  110. }
    111. 

  111. 

  112. Auth.prototype.onRequest = function (user, pass, sendImmediately, bearer) {
    113. 

  113.   var self = this
    114. 

  114.     , request = self.request
    115. 

  115. 

  116.   var authHeader
    117. 

  117.   if (bearer === undefined && user === undefined) {
    118. 

  118.     self.request.emit('error', new Error('no auth mechanism defined'))
    119. 

  119.   } else if (bearer !== undefined) {
    120. 

  120.     authHeader = self.bearer(bearer, sendImmediately)
    121. 

  121.   } else {
    122. 

  122.     authHeader = self.basic(user, pass, sendImmediately)
    123. 

  123.   }
    124. 

  124.   if (authHeader) {
    125. 

  125.     request.setHeader('authorization', authHeader)
    126. 

  126.   }
    127. 

  127. }
    128. 

  128. 

  129. Auth.prototype.onResponse = function (response) {
    130. 

  130.   var self = this
    131. 

  131.     , request = self.request
    132. 

  132. 

  133.   if (!self.hasAuth || self.sentAuth) { return null }
    134. 

  134. 

  135.   var c = caseless(response.headers)
    136. 

  136. 

  137.   var authHeader = c.get('www-authenticate')
    138. 

  138.   var authVerb = authHeader && authHeader.split(' ')[0].toLowerCase()
    139. 

  139.   request.debug('reauth', authVerb)
    140. 

  140. 

  141.   switch (authVerb) {
    142. 

  142.     case 'basic':
    143. 

  143.       return self.basic(self.user, self.pass, true)
    144. 

  144. 

  145.     case 'bearer':
    146. 

  146.       return self.bearer(self.bearerToken, true)
    147. 

  147. 

  148.     case 'digest':
    149. 

  149.       return self.digest(request.method, request.path, authHeader)
    150. 

  150.   }
    151. 

  151. }
    152. 

  152. 

  153. exports.Auth = Auth
    154.