Permalink
Browse files

joyent/node-http-signature#23 Fix bug where valid mixed case headers …

  • Loading branch information...
mwindle authored and arekinath committed Jan 23, 2014
1 parent 011fa33 commit aaf66f5b38ecdcf2305bbc47a7755f7330199851
Showing with 30 additions and 1 deletion.
  1. +1 −1 lib/parser.js
  2. +29 −0 test/parser.test.js
View
@@ -305,7 +305,7 @@ module.exports = {
options.headers.forEach(function (hdr) {
// Remember that we already checked any headers in the params
// were in the request, so if this passes we're good.
if (parsed.params.headers.indexOf(hdr) < 0)
if (parsed.params.headers.indexOf(hdr.toLowerCase()) < 0)
throw new MissingHeaderError(hdr + ' was not a signed header');
});
View
@@ -554,6 +554,35 @@ test('missing required header', function(t) {
});
test('valid mixed case headers', function(t) {
server.tester = function(req, res) {
var options = {
clockSkew: 1,
headers: ['Date', 'Content-MD5']
};
try {
httpSignature.parseRequest(req, options);
} catch (e) {
t.fail(e.stack);
}
res.writeHead(200);
res.end();
};
options.headers.Authorization =
'Signature keyId="f,oo",algorithm="RSA-sha256",' +
'headers="dAtE cOntEnt-MD5",signature="digitalSignature"';
options.headers.Date = jsprim.rfc1123(new Date());
options.headers['content-md5'] = uuid();
http.get(options, function(res) {
t.equal(res.statusCode, 200);
t.end();
});
});
test('not whitelisted algorithm', function(t) {
server.tester = function(req, res) {
var options = {

0 comments on commit aaf66f5

Please sign in to comment.