#23 Fix bug where valid mixed case headers fails parse

TritonDataCenter · Aug 25, 2017 · aaf66f5 · aaf66f5
1 parent 011fa33
commit aaf66f5
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/lib/parser.js b/lib/parser.js
@@ -305,7 +305,7 @@ module.exports = {
     options.headers.forEach(function (hdr) {
       // Remember that we already checked any headers in the params
       // were in the request, so if this passes we're good.
-      if (parsed.params.headers.indexOf(hdr) < 0)
+      if (parsed.params.headers.indexOf(hdr.toLowerCase()) < 0)
         throw new MissingHeaderError(hdr + ' was not a signed header');
     });
 

diff --git a/test/parser.test.js b/test/parser.test.js
@@ -554,6 +554,35 @@ test('missing required header', function(t) {
 });
 
 
+test('valid mixed case headers', function(t) {
+  server.tester = function(req, res) {
+    var options = {
+      clockSkew: 1,
+      headers: ['Date', 'Content-MD5']
+    };
+
+    try {
+      httpSignature.parseRequest(req, options);
+    } catch (e) {
+      t.fail(e.stack);
+    }
+
+    res.writeHead(200);
+    res.end();
+  };
+
+  options.headers.Authorization =
+    'Signature keyId="f,oo",algorithm="RSA-sha256",' +
+    'headers="dAtE cOntEnt-MD5",signature="digitalSignature"';
+  options.headers.Date = jsprim.rfc1123(new Date());
+  options.headers['content-md5'] = uuid();
+  http.get(options, function(res) {
+    t.equal(res.statusCode, 200);
+    t.end();
+  });
+});
+
+
 test('not whitelisted algorithm', function(t) {
   server.tester = function(req, res) {
     var options = {