Merge pull request #173 from strongloop/feature/fix-accesstoken-id

Use hex encoding for application ids/keys

lib/models/application.js

@@ -98,12 +98,13 @@ var crypto = require('crypto');
 
 function generateKey(hmacKey, algorithm, encoding) {
   hmacKey = hmacKey || 'loopback';
-  algorithm = algorithm || 'sha256';
-  encoding = encoding || 'base64';
+  algorithm = algorithm || 'sha1';
+  encoding = encoding || 'hex';
   var hmac = crypto.createHmac(algorithm, hmacKey);
-  var buf = crypto.randomBytes(64);
+  var buf = crypto.randomBytes(32);
   hmac.update(buf);
-  return hmac.digest('base64');
+  var key = hmac.digest(encoding);
+  return key;
 }
 
 /**
@@ -121,7 +122,7 @@ var Application = loopback.createModel('Application', ApplicationSchema);
 Application.beforeCreate = function (next) {
   var app = this;
   app.created = app.modified = new Date();
-  app.id = generateKey('id', 'sha1');
+  app.id = generateKey('id', 'md5');
   app.clientKey = generateKey('client');
   app.javaScriptKey = generateKey('javaScript');
   app.restApiKey = generateKey('restApi');
@@ -208,13 +209,18 @@ Application.authenticate = function (appId, key, cb) {
       cb && cb(err, null);
       return;
     }
-    var matched = null;
-    ['clientKey', 'javaScriptKey', 'restApiKey', 'windowsKey', 'masterKey'].forEach(function (k) {
-      if (app[k] === key) {
-        matched = k;
+    var result = null;
+    var keyNames = ['clientKey', 'javaScriptKey', 'restApiKey', 'windowsKey', 'masterKey'];
+    for (var i = 0; i < keyNames.length; i++) {
+      if (app[keyNames[i]] === key) {
+        result = {
+          application: app,
+          keyType: keyNames[i]
+        };
+        break;
       }
-    });
-    cb && cb(null, matched);
+    }
+    cb && cb(null, result);
   });
 };
 

test/model.application.test.js

@@ -121,7 +121,8 @@ describe('Application', function () {
   it('Authenticate with application id & clientKey', function (done) {
     Application.authenticate(registeredApp.id, registeredApp.clientKey,
       function (err, result) {
-        assert.equal(result, 'clientKey');
+        assert.equal(result.application.id, registeredApp.id);
+        assert.equal(result.keyType, 'clientKey');
         done(err, result);
       });
   });
@@ -129,7 +130,8 @@ describe('Application', function () {
   it('Authenticate with application id & javaScriptKey', function (done) {
     Application.authenticate(registeredApp.id, registeredApp.javaScriptKey,
       function (err, result) {
-        assert.equal(result, 'javaScriptKey');
+        assert.equal(result.application.id, registeredApp.id);
+        assert.equal(result.keyType, 'javaScriptKey');
         done(err, result);
       });
   });
@@ -137,7 +139,8 @@ describe('Application', function () {
   it('Authenticate with application id & restApiKey', function (done) {
     Application.authenticate(registeredApp.id, registeredApp.restApiKey,
       function (err, result) {
-        assert.equal(result, 'restApiKey');
+        assert.equal(result.application.id, registeredApp.id);
+        assert.equal(result.keyType, 'restApiKey');
         done(err, result);
       });
   });
@@ -145,7 +148,8 @@ describe('Application', function () {
   it('Authenticate with application id & masterKey', function (done) {
     Application.authenticate(registeredApp.id, registeredApp.masterKey,
       function (err, result) {
-        assert.equal(result, 'masterKey');
+        assert.equal(result.application.id, registeredApp.id);
+        assert.equal(result.keyType, 'masterKey');
         done(err, result);
       });
   });
@@ -153,7 +157,8 @@ describe('Application', function () {
   it('Authenticate with application id & windowsKey', function (done) {
     Application.authenticate(registeredApp.id, registeredApp.windowsKey,
       function (err, result) {
-        assert.equal(result, 'windowsKey');
+        assert.equal(result.application.id, registeredApp.id);
+        assert.equal(result.keyType, 'windowsKey');
         done(err, result);
       });
   });
@@ -170,13 +175,14 @@ describe('Application', function () {
 describe('Application subclass', function () {
   it('should use subclass model name', function (done) {
     var MyApp = Application.extend('MyApp');
-    MyApp.attachTo(loopback.createDataSource({connector: loopback.Memory}));
-    MyApp.register('rfeng', 'MyApp2',
-      {description: 'My second mobile application'}, function (err, result) {
+    var ds = loopback.createDataSource({connector: loopback.Memory});
+    MyApp.attachTo(ds);
+    MyApp.register('rfeng', 'MyApp123',
+      {description: 'My 123 mobile application'}, function (err, result) {
         var app = result;
         assert.equal(app.owner, 'rfeng');
-        assert.equal(app.name, 'MyApp2');
-        assert.equal(app.description, 'My second mobile application');
+        assert.equal(app.name, 'MyApp123');
+        assert.equal(app.description, 'My 123 mobile application');
         assert(app.clientKey);
         assert(app.javaScriptKey);
         assert(app.restApiKey);
@@ -184,14 +190,17 @@ describe('Application subclass', function () {
         assert(app.masterKey);
         assert(app.created);
         assert(app.modified);
-        MyApp.findById(app.id, function (err, myApp) {
-          assert(!err);
-          assert(myApp);
-
-          Application.findById(app.id, function (err, myApp) {
+        // Remove all instances from Application model to avoid left-over data
+        Application.destroyAll(function () {
+          MyApp.findById(app.id, function (err, myApp) {
             assert(!err);
-            assert(myApp === null);
-            done(err, myApp);
+            assert(myApp);
+
+            Application.findById(app.id, function (err, myApp) {
+              assert(!err);
+              assert(myApp === null);
+              done(err, myApp);
+            });
           });
         });
       });