From 12ab99ff105a0ffaf6df4a347a5d5af6655291c6 Mon Sep 17 00:00:00 2001 From: Jacob Parker Date: Fri, 18 Apr 2014 10:59:01 -0400 Subject: [PATCH 1/2] (fix) Don't include query params in signatures --- lib/valence.js | 6 +++++- spec/createAuthenticatedUrl_spec.js | 28 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 spec/createAuthenticatedUrl_spec.js diff --git a/lib/valence.js b/lib/valence.js index 14c3eac..546e349 100755 --- a/lib/valence.js +++ b/lib/valence.js @@ -350,9 +350,13 @@ D2L.UserContext = */ D2L.UserContext.prototype.createAuthenticatedUrl = function (path, method) { + function stripQuery(url) { + return url.split('?')[0]; + } + var params = {}, timestamp = this.skew + D2L.Util.getTimestamp(), - signatureData = method.toUpperCase() + '&' + decodeURI(path).toLowerCase() + '&' + timestamp; + signatureData = method.toUpperCase() + '&' + stripQuery(decodeURI(path).toLowerCase()) + '&' + timestamp; params[D2L.Auth.TIMESTAMP_PARAM] = timestamp; params[D2L.Auth.APP_ID_PARAM] = this.appId; diff --git a/spec/createAuthenticatedUrl_spec.js b/spec/createAuthenticatedUrl_spec.js new file mode 100644 index 0000000..0902846 --- /dev/null +++ b/spec/createAuthenticatedUrl_spec.js @@ -0,0 +1,28 @@ +'use strict'; + +var expect = require('chai').expect, + url = require('url'); + +var D2L = require('../'); + +describe('D2L.UserContext.createAuthenticatedUrl', function () { + var appContext; + var userContext; + + before(function (done) { + appContext = new D2L.ApplicationContext('foo', 'bar'); + userContext = appContext.createUserContextWithValues('http://somelms.edu', 80, 'baz', 'quux', 0); + done(); + }); + + it('should not include query params in signature', function (done) { + var urlWith = url.parse(userContext.createAuthenticatedUrl('/d2l/api/foo?bar=baz', 'GET'), true); + var urlWithout = url.parse(userContext.createAuthenticatedUrl('/d2l/api/foo', 'GET'), true); + + expect(urlWith.query['x_c']).to.equal(urlWithout.query['x_c']); + expect(urlWith.query['x_d']).to.equal(urlWithout.query['x_d']); + + done(); + }); +}); + From 35e02fd9184eeb6dfe5651f3ba0672eef8773209 Mon Sep 17 00:00:00 2001 From: Jacob Parker Date: Fri, 18 Apr 2014 11:33:12 -0400 Subject: [PATCH 2/2] (chore) fix whitespace in tests --- spec/createAuthenticatedUrl_spec.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/spec/createAuthenticatedUrl_spec.js b/spec/createAuthenticatedUrl_spec.js index 0902846..3300b4d 100644 --- a/spec/createAuthenticatedUrl_spec.js +++ b/spec/createAuthenticatedUrl_spec.js @@ -7,22 +7,22 @@ var D2L = require('../'); describe('D2L.UserContext.createAuthenticatedUrl', function () { var appContext; - var userContext; + var userContext; before(function (done) { appContext = new D2L.ApplicationContext('foo', 'bar'); userContext = appContext.createUserContextWithValues('http://somelms.edu', 80, 'baz', 'quux', 0); - done(); + done(); }); it('should not include query params in signature', function (done) { - var urlWith = url.parse(userContext.createAuthenticatedUrl('/d2l/api/foo?bar=baz', 'GET'), true); - var urlWithout = url.parse(userContext.createAuthenticatedUrl('/d2l/api/foo', 'GET'), true); + var urlWith = url.parse(userContext.createAuthenticatedUrl('/d2l/api/foo?bar=baz', 'GET'), true); + var urlWithout = url.parse(userContext.createAuthenticatedUrl('/d2l/api/foo', 'GET'), true); - expect(urlWith.query['x_c']).to.equal(urlWithout.query['x_c']); - expect(urlWith.query['x_d']).to.equal(urlWithout.query['x_d']); + expect(urlWith.query['x_c']).to.equal(urlWithout.query['x_c']); + expect(urlWith.query['x_d']).to.equal(urlWithout.query['x_d']); - done(); + done(); }); });