Merge pull request #173 from strongloop/feature/fix-accesstoken-id
Use hex encoding for application ids/keys
This commit is contained in:
Raymond Feng
commit
fe851fde4c
|
|
@ -98,12 +98,13 @@ var crypto = require('crypto');
|
|||
|
||||
function generateKey(hmacKey, algorithm, encoding) {
|
||||
hmacKey = hmacKey || 'loopback';
|
||||
algorithm = algorithm || 'sha256';
|
||||
encoding = encoding || 'base64';
|
||||
algorithm = algorithm || 'sha1';
|
||||
encoding = encoding || 'hex';
|
||||
var hmac = crypto.createHmac(algorithm, hmacKey);
|
||||
var buf = crypto.randomBytes(64);
|
||||
var buf = crypto.randomBytes(32);
|
||||
hmac.update(buf);
|
||||
return hmac.digest('base64');
|
||||
var key = hmac.digest(encoding);
|
||||
return key;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -121,7 +122,7 @@ var Application = loopback.createModel('Application', ApplicationSchema);
|
|||
Application.beforeCreate = function (next) {
|
||||
var app = this;
|
||||
app.created = app.modified = new Date();
|
||||
app.id = generateKey('id', 'sha1');
|
||||
app.id = generateKey('id', 'md5');
|
||||
app.clientKey = generateKey('client');
|
||||
app.javaScriptKey = generateKey('javaScript');
|
||||
app.restApiKey = generateKey('restApi');
|
||||
|
|
@ -208,13 +209,18 @@ Application.authenticate = function (appId, key, cb) {
|
|||
cb && cb(err, null);
|
||||
return;
|
||||
}
|
||||
var matched = null;
|
||||
['clientKey', 'javaScriptKey', 'restApiKey', 'windowsKey', 'masterKey'].forEach(function (k) {
|
||||
if (app[k] === key) {
|
||||
matched = k;
|
||||
var result = null;
|
||||
var keyNames = ['clientKey', 'javaScriptKey', 'restApiKey', 'windowsKey', 'masterKey'];
|
||||
for (var i = 0; i < keyNames.length; i++) {
|
||||
if (app[keyNames[i]] === key) {
|
||||
result = {
|
||||
application: app,
|
||||
keyType: keyNames[i]
|
||||
};
|
||||
break;
|
||||
}
|
||||
});
|
||||
cb && cb(null, matched);
|
||||
}
|
||||
cb && cb(null, result);
|
||||
});
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -121,7 +121,8 @@ describe('Application', function () {
|
|||
it('Authenticate with application id & clientKey', function (done) {
|
||||
Application.authenticate(registeredApp.id, registeredApp.clientKey,
|
||||
function (err, result) {
|
||||
assert.equal(result, 'clientKey');
|
||||
assert.equal(result.application.id, registeredApp.id);
|
||||
assert.equal(result.keyType, 'clientKey');
|
||||
done(err, result);
|
||||
});
|
||||
});
|
||||
|
|
@ -129,7 +130,8 @@ describe('Application', function () {
|
|||
it('Authenticate with application id & javaScriptKey', function (done) {
|
||||
Application.authenticate(registeredApp.id, registeredApp.javaScriptKey,
|
||||
function (err, result) {
|
||||
assert.equal(result, 'javaScriptKey');
|
||||
assert.equal(result.application.id, registeredApp.id);
|
||||
assert.equal(result.keyType, 'javaScriptKey');
|
||||
done(err, result);
|
||||
});
|
||||
});
|
||||
|
|
@ -137,7 +139,8 @@ describe('Application', function () {
|
|||
it('Authenticate with application id & restApiKey', function (done) {
|
||||
Application.authenticate(registeredApp.id, registeredApp.restApiKey,
|
||||
function (err, result) {
|
||||
assert.equal(result, 'restApiKey');
|
||||
assert.equal(result.application.id, registeredApp.id);
|
||||
assert.equal(result.keyType, 'restApiKey');
|
||||
done(err, result);
|
||||
});
|
||||
});
|
||||
|
|
@ -145,7 +148,8 @@ describe('Application', function () {
|
|||
it('Authenticate with application id & masterKey', function (done) {
|
||||
Application.authenticate(registeredApp.id, registeredApp.masterKey,
|
||||
function (err, result) {
|
||||
assert.equal(result, 'masterKey');
|
||||
assert.equal(result.application.id, registeredApp.id);
|
||||
assert.equal(result.keyType, 'masterKey');
|
||||
done(err, result);
|
||||
});
|
||||
});
|
||||
|
|
@ -153,7 +157,8 @@ describe('Application', function () {
|
|||
it('Authenticate with application id & windowsKey', function (done) {
|
||||
Application.authenticate(registeredApp.id, registeredApp.windowsKey,
|
||||
function (err, result) {
|
||||
assert.equal(result, 'windowsKey');
|
||||
assert.equal(result.application.id, registeredApp.id);
|
||||
assert.equal(result.keyType, 'windowsKey');
|
||||
done(err, result);
|
||||
});
|
||||
});
|
||||
|
|
@ -170,13 +175,14 @@ describe('Application', function () {
|
|||
describe('Application subclass', function () {
|
||||
it('should use subclass model name', function (done) {
|
||||
var MyApp = Application.extend('MyApp');
|
||||
MyApp.attachTo(loopback.createDataSource({connector: loopback.Memory}));
|
||||
MyApp.register('rfeng', 'MyApp2',
|
||||
{description: 'My second mobile application'}, function (err, result) {
|
||||
var ds = loopback.createDataSource({connector: loopback.Memory});
|
||||
MyApp.attachTo(ds);
|
||||
MyApp.register('rfeng', 'MyApp123',
|
||||
{description: 'My 123 mobile application'}, function (err, result) {
|
||||
var app = result;
|
||||
assert.equal(app.owner, 'rfeng');
|
||||
assert.equal(app.name, 'MyApp2');
|
||||
assert.equal(app.description, 'My second mobile application');
|
||||
assert.equal(app.name, 'MyApp123');
|
||||
assert.equal(app.description, 'My 123 mobile application');
|
||||
assert(app.clientKey);
|
||||
assert(app.javaScriptKey);
|
||||
assert(app.restApiKey);
|
||||
|
|
@ -184,6 +190,8 @@ describe('Application subclass', function () {
|
|||
assert(app.masterKey);
|
||||
assert(app.created);
|
||||
assert(app.modified);
|
||||
// Remove all instances from Application model to avoid left-over data
|
||||
Application.destroyAll(function () {
|
||||
MyApp.findById(app.id, function (err, myApp) {
|
||||
assert(!err);
|
||||
assert(myApp);
|
||||
|
|
@ -196,5 +204,6 @@ describe('Application subclass', function () {
|
|||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue