LEX-89 1) Fix auth string's header entry. 2) Up version to 0.1.9.

Author: Yuan Xie

demo/ajax.app.js

@@ -334,9 +334,9 @@ var AcquiaHttpHmac = function () {
           signature_base_signed_headers_string = signed_headers_string === '' ? '' : signed_headers_string + '\n',
           signature_base_string = method + '\n' + site_name_and_port + '\n' + parser.pathname + '\n' + url_query_string + '\n' + parametersToString(authorization_parameters) + '\n' + signature_base_signed_headers_string + x_authorization_timestamp + signature_base_string_content_suffix,
           authorization_string = parametersToString(authorization_parameters, '="', '"', ','),
-          authorization_signed_headers_string = Object.keys(signed_headers).length === 0 ? '' : ',headers="' + encodeURI(Object.keys(signed_headers).join('|||||').toLowerCase().split('|||||').sort().join(';')) + '"',
+          authorization_signed_headers_string = encodeURI(Object.keys(signed_headers).join('|||||').toLowerCase().split('|||||').sort().join(';')),
           signature = encodeURI(CryptoJS.HmacSHA256(signature_base_string, this.config.parsed_secret_key).toString(CryptoJS.enc.Base64)),
-          authorization = 'acquia-http-hmac ' + authorization_string + authorization_signed_headers_string + ',signature="' + signature + '"';
+          authorization = 'acquia-http-hmac ' + authorization_string + ',headers="' + authorization_signed_headers_string + '",signature="' + signature + '"';
 
       if (this.isXMLHttpRequest(request) && request.readyState === 0) {
         request.open(method, path, true);

demo/get.app.js

@@ -296,9 +296,9 @@ class AcquiaHttpHmac {
         signature_base_signed_headers_string = signed_headers_string === '' ? '' : `${signed_headers_string}\n`,
         signature_base_string = `${method}\n${site_name_and_port}\n${parser.pathname}\n${url_query_string}\n${parametersToString(authorization_parameters)}\n${signature_base_signed_headers_string}${x_authorization_timestamp}${signature_base_string_content_suffix}`,
         authorization_string = parametersToString(authorization_parameters, '="', '"', ','),
-        authorization_signed_headers_string = Object.keys(signed_headers).length === 0 ? '' : `,headers="${encodeURI(Object.keys(signed_headers).join('|||||').toLowerCase().split('|||||').sort().join(';'))}"`,
+        authorization_signed_headers_string = encodeURI(Object.keys(signed_headers).join('|||||').toLowerCase().split('|||||').sort().join(';')),
         signature = encodeURI(CryptoJS.HmacSHA256(signature_base_string, this.config.parsed_secret_key).toString(CryptoJS.enc.Base64)),
-        authorization = `acquia-http-hmac ${authorization_string}${authorization_signed_headers_string},signature="${signature}"`;
+        authorization = `acquia-http-hmac ${authorization_string},headers="${authorization_signed_headers_string}",signature="${signature}"`;
 
     if (this.isXMLHttpRequest(request) && request.readyState === 0) {
       request.open(method, path, true);

demo/post.app.js

@@ -1,6 +1,6 @@
 {
   "name": "http-hmac-javascript",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "HTTP HMAC JavaScript Library",
   "main": "./lib/es5/hmac.js",
   "dependencies": {

lib/es5/hmac.js

@@ -54,7 +54,7 @@ QUnit.test('Test sign(), asserts GET pass.', function(assert) {
   request.send();
   request.receive(200, responseText);
 
-  var authorization = 'acquia-http-hmac id="ABCD-1234",nonce="11bdbac4-1111-4111-9111-111111111111",realm="dice%5E",version="2.0",signature="aeOVMGoyBcWZPyyzdjrzFkGAF8gAGaeqbfA324L5q8Y="';
+  var authorization = 'acquia-http-hmac id="ABCD-1234",nonce="11bdbac4-1111-4111-9111-111111111111",realm="dice%5E",version="2.0",headers="",signature="aeOVMGoyBcWZPyyzdjrzFkGAF8gAGaeqbfA324L5q8Y="';
   assert.equal(request.acquiaHttpHmac.nonce, '11bdbac4-1111-4111-9111-111111111111', 'sign() records a nonce to the XHR object.');
   assert.equal(request.acquiaHttpHmac.timestamp, 1000000, 'sign() records a timestamp to the XHR object.');
   assert.equal(request.getRequestHeader('X-Authorization-Timestamp'), 1000000, 'sign() sets "X-Authorization-Timestamp" request header to the XHR object.');
@@ -128,7 +128,7 @@ QUnit.test('Test sign(), asserts GET pass with a promise-based request object.',
   };
   HMAC.sign(sign_parameters);
 
-  var authorization = 'acquia-http-hmac id="ABCD-1234",nonce="11bdbac4-1111-4111-9111-111111111111",realm="dice%5E",version="2.0",signature="aeOVMGoyBcWZPyyzdjrzFkGAF8gAGaeqbfA324L5q8Y="';
+  var authorization = 'acquia-http-hmac id="ABCD-1234",nonce="11bdbac4-1111-4111-9111-111111111111",realm="dice%5E",version="2.0",headers="",signature="aeOVMGoyBcWZPyyzdjrzFkGAF8gAGaeqbfA324L5q8Y="';
   assert.equal(request.acquiaHttpHmac.nonce, '11bdbac4-1111-4111-9111-111111111111', 'sign() records a nonce to the jqXHR object.');
   assert.equal(request.acquiaHttpHmac.timestamp, 1000000, 'sign() records a timestamp to the jqXHR object.');
   assert.deepEqual(request.headers, { Authorization: authorization, 'X-Authorization-Timestamp': '1000000' }, 'sign() sets "X-Authorization-Timestamp" and "Authorization" request header to the jqXHR object.');
@@ -160,7 +160,7 @@ QUnit.test('Test sign(), asserts POST pass.', function(assert) {
   request.send(body);
   request.receive(200, responseText);
 
-  var authorization = 'acquia-http-hmac id="ABCD-1234",nonce="11bdbac4-1111-4111-9111-111111111111",realm="dice%5E",version="2.0",signature="pNUQl+h18e+F6Lzd2lDGe53uaWCDbqQ5eqGnxrC433M="';
+  var authorization = 'acquia-http-hmac id="ABCD-1234",nonce="11bdbac4-1111-4111-9111-111111111111",realm="dice%5E",version="2.0",headers="",signature="pNUQl+h18e+F6Lzd2lDGe53uaWCDbqQ5eqGnxrC433M="';
   assert.equal(request.acquiaHttpHmac.nonce, '11bdbac4-1111-4111-9111-111111111111', 'sign() records a nonce to the XHR object.');
   assert.equal(request.acquiaHttpHmac.timestamp, 1000000, 'sign() records a timestamp to the XHR object.');
   assert.equal(request.getRequestHeader('X-Authorization-Timestamp'), 1000000, 'sign() sets "X-Authorization-Timestamp" request header to the XHR object.');

lib/es5/hmac.min.js

@@ -296,9 +296,9 @@ class AcquiaHttpHmac {
         signature_base_signed_headers_string = signed_headers_string === '' ? '' : `${signed_headers_string}\n`,
         signature_base_string = `${method}\n${site_name_and_port}\n${parser.pathname}\n${url_query_string}\n${parametersToString(authorization_parameters)}\n${signature_base_signed_headers_string}${x_authorization_timestamp}${signature_base_string_content_suffix}`,
         authorization_string = parametersToString(authorization_parameters, '="', '"', ','),
-        authorization_signed_headers_string = Object.keys(signed_headers).length === 0 ? '' : `,headers="${encodeURI(Object.keys(signed_headers).join('|||||').toLowerCase().split('|||||').sort().join(';'))}"`,
+        authorization_signed_headers_string = encodeURI(Object.keys(signed_headers).join('|||||').toLowerCase().split('|||||').sort().join(';')),
         signature = encodeURI(CryptoJS.HmacSHA256(signature_base_string, this.config.parsed_secret_key).toString(CryptoJS.enc.Base64)),
-        authorization = `acquia-http-hmac ${authorization_string}${authorization_signed_headers_string},signature="${signature}"`;
+        authorization = `acquia-http-hmac ${authorization_string},headers="${authorization_signed_headers_string}",signature="${signature}"`;
 
     if (this.isXMLHttpRequest(request) && request.readyState === 0) {
       request.open(method, path, true);