How to use the hawk.utils function in hawk

To help you get started, we’ve selected a few hawk examples, based on popular ways it is used in public projects.

github outmoded / oz / lib / endpoints.js View on Github external
if (!ticket.grant) {
        return reissue();
    }

    // User ticket

    const { grant, ext } = await options.loadGrantFunc(ticket.grant);

    if (!grant ||
        (grant.app !== ticket.app && grant.app !== ticket.dlg) ||
        grant.user !== ticket.user ||
        !grant.exp ||
        grant.exp <= Hawk.utils.now()) {

        throw Hawk.utils.unauthorized('Invalid grant');
    }

    return reissue(grant, ext);
};
github taskcluster / taskcluster / services / auth / src / signaturevalidator.js View on Github external
}, async (clientId) => {
          let ext = undefined;

          // Parse authorization header for ext
          let attrs = hawk.utils.parseAuthorizationHeader(
            req.authorization
          );
          // Extra ext
          if (!(attrs instanceof Error)) {
            ext = attrs.ext;
          }

          // Get credentials with ext
          return loadCredentials(clientId, ext);
        }, {
          // Not sure if JSON stringify is not deterministic by specification.
github postmanlabs / postman-collection / lib / collection / request-auth / hawk.js View on Github external
authorize: function (request) {
        var params = this,
            result;

        if (!params || !params.authId || !params.authKey) {
            return request; // Nothing to do if no parameters are present.
        }

        params.nonce = params.nonce || _.randomString(6);
        params.timestamp = _.parseInt(params.timestamp) ||
            // Hawk has this function in their Node distribution, but not in the browsers :/
            (_.isFunction(Hawk.utils.nowSecs) ? Hawk.utils.nowSecs() : Hawk.utils.now());

        request.removeHeader('Authorization', { ignoreCase: true });
        result = this.sign({
            credentials: {
                id: params.authId,
                key: params.authKey,
                algorithm: params.algorithm
            },
            nonce: params.nonce,
            timestamp: params.timestamp,
            ext: params.extraData,
            app: params.app,
            dlg: params.delegation,
            user: params.user,
            url: request.url.toString(true), // force toString to add a protocol to the URL.
            method: request.method
github outmoded / oz / lib / endpoints.js View on Github external
exports.reissue = async function (req, payload, options) {

    payload = payload || {};

    await internals.validate('reissue', payload);

    const { ticket } = await Server._authenticate(req, options.encryptionPassword, false, options);

    // Load ticket

    const app = await options.loadAppFunc(ticket.app);
    if (!app) {
        throw Hawk.utils.unauthorized('Invalid application');
    }

    if (payload.issueTo &&
        !app.delegate) {

        throw Boom.forbidden('Application has no delegation rights');
    }


    const reissue = (grant, ext) => {

        const ticketOptions = Object.assign({}, options.ticket);        // Shallow cloned

        if (ext) {
            ticketOptions.ext = ext;
        }
github outmoded / oz / lib / server.js View on Github external
const credentialsFunc = async function (id) {

        // Parse ticket id

        const ticket = await Ticket.parse(id, encryptionPassword, options.ticket);

        // Check expiration

        if (checkExpiration &&
            ticket.exp <= Hawk.utils.now()) {

            const error = Hawk.utils.unauthorized('Expired ticket');
            error.output.payload.expired = true;
            throw error;
        }

        return ticket;
    };
github outmoded / oz / lib / server.js View on Github external
const error = Hawk.utils.unauthorized('Expired ticket');
            error.output.payload.expired = true;
            throw error;
        }

        return ticket;
    };

    // Hawk authentication

    const { credentials, artifacts } = await Hawk.server.authenticate(req, credentialsFunc, options.hawk);

    // Check application

    if (credentials.app !== artifacts.app) {
        throw Hawk.utils.unauthorized('Mismatching application id');
    }

    if ((credentials.dlg || artifacts.dlg) &&
        credentials.dlg !== artifacts.dlg) {

        throw Hawk.utils.unauthorized('Mismatching delegated application id');
    }

    // Return result

    return { ticket: credentials, artifacts };
};
github outmoded / oz / lib / ticket.js View on Github external
if (grant && (!grant.id || !grant.user || !grant.exp)) {
        throw Boom.internal('Invalid grant object');
    }

    if (grant || parentTicket.grant) {
        if (!grant ||
            !parentTicket.grant ||
            parentTicket.grant !== grant.id) {

            throw Boom.internal('Parent ticket grant does not match options.grant');
        }
    }

    // Construct ticket

    let exp = (Hawk.utils.now() + (options.ttl || internals.defaults.ticketTTL));
    if (grant) {
        exp = Math.min(exp, grant.exp);
    }

    const ticket = {
        exp,
        app: options.issueTo || parentTicket.app,
        scope: options.scope || parentTicket.scope
    };

    if (!options.ext &&
        parentTicket.ext) {

        options = Object.assign({}, options);           // Shallow cloned
        options.ext = parentTicket.ext;
    }
github taskcluster / taskcluster / libraries / api / src / middleware / auth.js View on Github external
'and \'authorization\' header',
      };
    }

    // If no authentication is provided, we just return valid with zero scopes
    if ((!req.query || !req.query.bewit) &&
        (!req.headers || !req.headers.authorization)) {
      return {
        status: 'no-auth',
        scheme: 'none',
        scopes: [],
      };
    }

    // Parse host header
    const host = hawk.utils.parseHost(req);
    // Find port, overwrite if forwarded by reverse proxy
    let port = host.port;
    if (req.headers['x-forwarded-port'] !== undefined) {
      port = parseInt(req.headers['x-forwarded-port'], 10);
    } else if (req.headers['x-forwarded-proto'] !== undefined) {
      port = req.headers['x-forwarded-proto'] === 'https' ? 443 : port;
    }

    // Send input to signatureValidator (auth server or local validator)
    let result = await Promise.resolve(signatureValidator({
      method: req.method.toLowerCase(),
      resource: req.originalUrl,
      host: host.name,
      port: parseInt(port, 10),
      authorization: req.headers.authorization,
      sourceIp: req.ip,

hawk

HTTP Hawk Authentication Scheme

BSD-3-Clause
Latest version published 5 months ago

Package Health Score

87 / 100
Full package analysis

Similar packages