From 618b563c6ed9e1f4dabbd364e4c4d3594e7e47f0 Mon Sep 17 00:00:00 2001 From: Raymond Feng Date: Fri, 7 Feb 2014 11:14:01 -0800 Subject: [PATCH] Use hex encoding for application ids/keys base64 encoded ids/keys are not friendly for urls --- lib/models/application.js | 28 +++++++++++++--------- test/model.application.test.js | 43 ++++++++++++++++++++-------------- 2 files changed, 43 insertions(+), 28 deletions(-) diff --git a/lib/models/application.js b/lib/models/application.js index fe2f370c..2841a6e5 100644 --- a/lib/models/application.js +++ b/lib/models/application.js @@ -98,12 +98,13 @@ var crypto = require('crypto'); function generateKey(hmacKey, algorithm, encoding) { hmacKey = hmacKey || 'loopback'; - algorithm = algorithm || 'sha256'; - encoding = encoding || 'base64'; + algorithm = algorithm || 'sha1'; + encoding = encoding || 'hex'; var hmac = crypto.createHmac(algorithm, hmacKey); - var buf = crypto.randomBytes(64); + var buf = crypto.randomBytes(32); hmac.update(buf); - return hmac.digest('base64'); + var key = hmac.digest(encoding); + return key; } /** @@ -121,7 +122,7 @@ var Application = loopback.createModel('Application', ApplicationSchema); Application.beforeCreate = function (next) { var app = this; app.created = app.modified = new Date(); - app.id = generateKey('id', 'sha1'); + app.id = generateKey('id', 'md5'); app.clientKey = generateKey('client'); app.javaScriptKey = generateKey('javaScript'); app.restApiKey = generateKey('restApi'); @@ -208,13 +209,18 @@ Application.authenticate = function (appId, key, cb) { cb && cb(err, null); return; } - var matched = null; - ['clientKey', 'javaScriptKey', 'restApiKey', 'windowsKey', 'masterKey'].forEach(function (k) { - if (app[k] === key) { - matched = k; + var result = null; + var keyNames = ['clientKey', 'javaScriptKey', 'restApiKey', 'windowsKey', 'masterKey']; + for (var i = 0; i < keyNames.length; i++) { + if (app[keyNames[i]] === key) { + result = { + application: app, + keyType: keyNames[i] + }; + break; } - }); - cb && cb(null, matched); + } + cb && cb(null, result); }); }; diff --git a/test/model.application.test.js b/test/model.application.test.js index d27a4750..d7f24df1 100644 --- a/test/model.application.test.js +++ b/test/model.application.test.js @@ -121,7 +121,8 @@ describe('Application', function () { it('Authenticate with application id & clientKey', function (done) { Application.authenticate(registeredApp.id, registeredApp.clientKey, function (err, result) { - assert.equal(result, 'clientKey'); + assert.equal(result.application.id, registeredApp.id); + assert.equal(result.keyType, 'clientKey'); done(err, result); }); }); @@ -129,7 +130,8 @@ describe('Application', function () { it('Authenticate with application id & javaScriptKey', function (done) { Application.authenticate(registeredApp.id, registeredApp.javaScriptKey, function (err, result) { - assert.equal(result, 'javaScriptKey'); + assert.equal(result.application.id, registeredApp.id); + assert.equal(result.keyType, 'javaScriptKey'); done(err, result); }); }); @@ -137,7 +139,8 @@ describe('Application', function () { it('Authenticate with application id & restApiKey', function (done) { Application.authenticate(registeredApp.id, registeredApp.restApiKey, function (err, result) { - assert.equal(result, 'restApiKey'); + assert.equal(result.application.id, registeredApp.id); + assert.equal(result.keyType, 'restApiKey'); done(err, result); }); }); @@ -145,7 +148,8 @@ describe('Application', function () { it('Authenticate with application id & masterKey', function (done) { Application.authenticate(registeredApp.id, registeredApp.masterKey, function (err, result) { - assert.equal(result, 'masterKey'); + assert.equal(result.application.id, registeredApp.id); + assert.equal(result.keyType, 'masterKey'); done(err, result); }); }); @@ -153,7 +157,8 @@ describe('Application', function () { it('Authenticate with application id & windowsKey', function (done) { Application.authenticate(registeredApp.id, registeredApp.windowsKey, function (err, result) { - assert.equal(result, 'windowsKey'); + assert.equal(result.application.id, registeredApp.id); + assert.equal(result.keyType, 'windowsKey'); done(err, result); }); }); @@ -170,13 +175,14 @@ describe('Application', function () { describe('Application subclass', function () { it('should use subclass model name', function (done) { var MyApp = Application.extend('MyApp'); - MyApp.attachTo(loopback.createDataSource({connector: loopback.Memory})); - MyApp.register('rfeng', 'MyApp2', - {description: 'My second mobile application'}, function (err, result) { + var ds = loopback.createDataSource({connector: loopback.Memory}); + MyApp.attachTo(ds); + MyApp.register('rfeng', 'MyApp123', + {description: 'My 123 mobile application'}, function (err, result) { var app = result; assert.equal(app.owner, 'rfeng'); - assert.equal(app.name, 'MyApp2'); - assert.equal(app.description, 'My second mobile application'); + assert.equal(app.name, 'MyApp123'); + assert.equal(app.description, 'My 123 mobile application'); assert(app.clientKey); assert(app.javaScriptKey); assert(app.restApiKey); @@ -184,14 +190,17 @@ describe('Application subclass', function () { assert(app.masterKey); assert(app.created); assert(app.modified); - MyApp.findById(app.id, function (err, myApp) { - assert(!err); - assert(myApp); - - Application.findById(app.id, function (err, myApp) { + // Remove all instances from Application model to avoid left-over data + Application.destroyAll(function () { + MyApp.findById(app.id, function (err, myApp) { assert(!err); - assert(myApp === null); - done(err, myApp); + assert(myApp); + + Application.findById(app.id, function (err, myApp) { + assert(!err); + assert(myApp === null); + done(err, myApp); + }); }); }); });