Skip to content

Commit 7fc21a6

Browse files
author
Yuan Xie
committed
LEX-88 Updating code per latest proxy update.
1 parent d9c328c commit 7fc21a6

File tree

3 files changed

+27
-15
lines changed

3 files changed

+27
-15
lines changed

example/get.example.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ request.setRequestHeader('Content-Type', content_type);
2828
// The first two headers are the signed headers.
2929
request.setRequestHeader('Special-Header-1', 'special_header_1_value');
3030
request.setRequestHeader('Special-Header-2', 'special_header_2_value');
31-
request.setRequestHeader('Special-Header-3', 'special_header_2_value');
31+
request.setRequestHeader('Special-Header-3', 'special_header_3_value');
3232

3333
// Sign the request using AcquiaHttpHmac.sign().
3434
HMAC.sign(request, method, path, signed_headers, content_type);
@@ -41,7 +41,7 @@ function state_change() {
4141
if (request.readyState == 4) {
4242
// Check if the response status is 200 ok.
4343
if (request.status !== 200) {
44-
throw new Error('Problem retrieving XML data.', request);
44+
throw new Error('Problem retrieving data.', request);
4545
return;
4646
}
4747

example/post.example.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ request.setRequestHeader('Content-Type', content_type);
2929
// The first two headers are the signed headers.
3030
request.setRequestHeader('Special-Header-1', 'special_header_1_value');
3131
request.setRequestHeader('Special-Header-2', 'special_header_2_value');
32-
request.setRequestHeader('Special-Header-3', 'special_header_2_value');
32+
request.setRequestHeader('Special-Header-3', 'special_header_3_value');
3333

3434
// Sign the request using AcquiaHttpHmac.sign().
3535
HMAC.sign(request, method, path, signed_headers, content_type, body);
@@ -42,7 +42,7 @@ function state_change() {
4242
if (request.readyState == 4) {
4343
// Check if the response status is 200 ok.
4444
if (request.status !== 200) {
45-
throw new Error('Problem retrieving XML data.', request);
45+
throw new Error('Problem retrieving data.', request);
4646
return;
4747
}
4848

src/hmac.js

Lines changed: 23 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ class AcquiaHttpHmac {
3434

3535
this.config = {};
3636
this.config['public_key'] = config['public_key'] || this.DEFAULT_CONFIG['public_key'];
37-
this.config['secret_key'] = config['secret_key'] || this.DEFAULT_CONFIG['secret_key'];
37+
this.config['secret_key'] = CryptoJS.enc.Base64.parse(config['secret_key']) || this.DEFAULT_CONFIG['secret_key'];
3838
this.config['realm'] = config['realm'] || this.DEFAULT_CONFIG['realm'];
3939
this.config['version'] = config['version'] || this.DEFAULT_CONFIG['version'];
4040
this.config['default_content_type'] = config['default_content_type'] || this.DEFAULT_CONFIG['default_content_type'];
@@ -116,6 +116,22 @@ class AcquiaHttpHmac {
116116
});
117117
};
118118

119+
/**
120+
* Determine if this request sends body content (or skips silently).
121+
*
122+
* Note: modern browsers always skip body at send(), when the request method is "GET" or "HEAD".
123+
*
124+
* @param body
125+
* Body content.
126+
* @param method
127+
* The request's method.
128+
* @returns {boolean}
129+
*/
130+
let willSendBody = function(body, method) {
131+
let bodyless_request_types = ['GET', 'HEAD'];
132+
return body.length !== 0 && bodyless_request_types.indexOf(method) < 0;
133+
};
134+
119135
// Compute the authorization headers.
120136
let nonce = generateNonce(),
121137
parser = document.createElement('a'),
@@ -126,27 +142,23 @@ class AcquiaHttpHmac {
126142
version: this.config.version
127143
},
128144
x_authorization_timestamp = Math.floor(Date.now() / 1000).toString(),
129-
x_authorization_content_sha256 = '';
145+
x_authorization_content_sha256 = willSendBody(body, method) ? CryptoJS.SHA256(body).toString(CryptoJS.enc.Base64) : '',
146+
signature_base_string_content_suffix = willSendBody(body, method) ? '\n' + content_type + '\n' + x_authorization_content_sha256 : '';
130147

131148
parser.href = path;
132-
if (method !== 'GET' && body.length !== 0) {
133-
x_authorization_content_sha256 = CryptoJS.SHA256(body, this.config.secret_key).toString(CryptoJS.enc.Base64);
134-
}
135149

136150
let signature_base_string =
137151
method + '\n' +
138152
parser.hostname + (parser.port ? ':' + parser.port : '') + '\n' +
139153
parser.pathname + '\n' +
140154
parser.search.substring(1) + '\n' +
141155
parametersToString(authorization_parameters) + '\n' +
142-
parametersToString(signed_headers, ':') + '\n' +
143-
x_authorization_timestamp + '\n' +
144-
content_type + '\n' +
145-
x_authorization_content_sha256,
156+
x_authorization_timestamp +
157+
signature_base_string_content_suffix,
146158
authorization_string = parametersToString(authorization_parameters, '="', '"', ','),
147-
signed_headers_string = Object.keys(signed_headers).join(),
159+
authorization_signed_header_postfix = Object.keys(signed_headers).length === 0 ? '' : ',headers="' + Object.keys(signed_headers).join() + '"',
148160
signature = CryptoJS.HmacSHA256(signature_base_string, this.config.secret_key).toString(CryptoJS.enc.Base64),
149-
authorization = 'acquia-http-hmac ' + authorization_string + ',headers="' + signed_headers_string + '",signature="' + signature + '"';
161+
authorization = 'acquia-http-hmac ' + authorization_string + ',signature="' + signature + '"' + authorization_signed_header_postfix;
150162

151163
// Set the authorizations headers.
152164
request.acquiaHttpHmac = {};

0 commit comments

Comments
 (0)