From aaf66f5b38ecdcf2305bbc47a7755f7330199851 Mon Sep 17 00:00:00 2001
From: mwindle <marc.windle@gmail.com>
Date: Wed, 22 Jan 2014 20:09:45 -0800
Subject: [PATCH] joyent/node-http-signature#23 Fix bug where valid mixed case
 headers fails parse

---
 lib/parser.js       |  2 +-
 test/parser.test.js | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/lib/parser.js b/lib/parser.js
index d2bd7e8..815b1fd 100644
--- a/lib/parser.js
+++ b/lib/parser.js
@@ -305,7 +305,7 @@ module.exports = {
     options.headers.forEach(function (hdr) {
       // Remember that we already checked any headers in the params
       // were in the request, so if this passes we're good.
-      if (parsed.params.headers.indexOf(hdr) < 0)
+      if (parsed.params.headers.indexOf(hdr.toLowerCase()) < 0)
         throw new MissingHeaderError(hdr + ' was not a signed header');
     });
 
diff --git a/test/parser.test.js b/test/parser.test.js
index caac58f..9b6e35d 100644
--- a/test/parser.test.js
+++ b/test/parser.test.js
@@ -554,6 +554,35 @@ test('missing required header', function(t) {
 });
 
 
+test('valid mixed case headers', function(t) {
+  server.tester = function(req, res) {
+    var options = {
+      clockSkew: 1,
+      headers: ['Date', 'Content-MD5']
+    };
+
+    try {
+      httpSignature.parseRequest(req, options);
+    } catch (e) {
+      t.fail(e.stack);
+    }
+
+    res.writeHead(200);
+    res.end();
+  };
+
+  options.headers.Authorization =
+    'Signature keyId="f,oo",algorithm="RSA-sha256",' +
+    'headers="dAtE cOntEnt-MD5",signature="digitalSignature"';
+  options.headers.Date = jsprim.rfc1123(new Date());
+  options.headers['content-md5'] = uuid();
+  http.get(options, function(res) {
+    t.equal(res.statusCode, 200);
+    t.end();
+  });
+});
+
+
 test('not whitelisted algorithm', function(t) {
   server.tester = function(req, res) {
     var options = {