node package manager

http-auth-utils

http-auth-utils

This library provide several utils to parse and build WWW-Authenticate and Authorization headers as described per the HTTP RFC.

NPM version Build Status Dependency Status devDependency Status Coverage Status Code Climate Dependency Status

This library is intended to be framework agnostic and could be used either on the server and the client side.

Since this library is in an early development stage, please don't use it until you really not care of API changes.

Development

Running tests:

npm test

Generating docs:

cat src/index.js src/mecanisms/basic.js src/mecanisms/digest.js | npm run cli -- jsdoc2md > API.md

Contributing

To contribute to this project, you must accept to publish it under the MIT Licence.

Modules

http-auth-utils
http-auth-utils/mecanisms/basic
http-auth-utils/mecanisms/digest
## http-auth-utils

### http-auth-utils.mecanisms : Array Natively supported authentication mecanisms.

Kind: static constant of http-auth-utils ### http-auth-utils.parseWWWAuthenticateHeader ⇒ Object Parse HTTP WWW-Authenticate header contents.

Kind: static constant of http-auth-utils Returns: Object - Result of the contents parse. Api: public

Param Type Default Description
header string The WWW-Authenticate header contents
[authMecanisms] Array [BASIC, DIGEST] Allow providing custom authentication mecanisms.

Example

assert.equal(
  parseWWWAuthenticateHeader('Basic realm="test"'), {
    type: 'Basic',
    data: {
      realm: 'test'
    }
  }
);

### http-auth-utils.parseAuthorizationHeader ⇒ Object Parse HTTP Authorization header contents.

Kind: static constant of http-auth-utils Returns: Object - Result of the contents parse. Api: public

Param Type Default Description
header string The Authorization header contents
[authMecanisms] Array [BASIC, DIGEST] Allow providing custom authentication mecanisms.

Example

assert.equal(
  parseAuthorizationHeader('Basic QWxpIEJhYmE6b3BlbiBzZXNhbWU='), {
    type: 'Basic',
    data: {
      hash: 'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
    }
  }
);

## http-auth-utils/mecanisms/basic

### http-auth-utils/mecanisms/basic~BASIC : Object Basic authentication mecanism.

Kind: inner constant of http-auth-utils/mecanisms/basic See: http://tools.ietf.org/html/rfc2617#section-2

#### BASIC.type : String The Basic auth mecanism prefix.

Kind: static property of BASIC #### BASIC.parseWWWAuthenticateRest(rest) ⇒ Object Parse the WWW Authenticate header rest.

Kind: static method of BASIC Returns: Object - Object representing the result of the parse operation. Api: public

Param Type Description
rest String The header rest (string got after removing the authentication mecanism prefix).

Example

assert.deepEqual(
  BASIC.parseWWWAuthenticateRest('realm="perlinpinpin"'), {
    realm: 'perlinpinpin'
  }
);

#### BASIC.buildWWWAuthenticateRest(content) ⇒ String Build the WWW Authenticate header rest.

Kind: static method of BASIC Returns: String - The built rest. Api: public

Param Type Description
content Object The content from wich to build the rest.

Example

assert.equal(
  BASIC.buildWWWAuthenticateRest({
    realm: 'perlinpinpin'
  }),
  'realm="perlinpinpin"'
);

#### BASIC.parseAuthorizationRest(rest) ⇒ Object Parse the Authorization header rest.

Kind: static method of BASIC Returns: Object - Object representing the result of the parse operation {hash}. Api: public

Param Type Description
rest String The header rest (string got after removing the authentication mecanism prefix).)

Example

assert.deepEqual(
  BASIC.parseAuthorizationRest('QWxpIEJhYmE6b3BlbiBzZXNhbWU='), {
    hash: 'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
  }
);

#### BASIC.buildAuthorizationRest(content) ⇒ String Build the Authorization header rest.

Kind: static method of BASIC Returns: String - The rest built. Api: public

Param Type Description
content Object The content from wich to build the rest.

Example

assert.equal(
  BASIC.buildAuthorizationRest({
    hash: 'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
  }),
  'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
);

#### BASIC.computeHash(credentials) ⇒ String Compute the Basic authentication hash from the given credentials.

Kind: static method of BASIC Returns: String - The hash representing the credentials. Api: public

Param Type Description
credentials Object The credentials to encode {username, password}.

Example

assert.equal(
  BASIC.computeHash({
    username: 'Ali Baba',
    password: 'open sesame'
  }),
  'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
);

#### BASIC.decodeHash(hash) ⇒ Object Decode the Basic hash and return the corresponding credentials.

Kind: static method of BASIC Returns: Object - Object representing the credentials {username, password}. Api: public

Param Type Description
hash String The hash.

Example

assert.deepEqual(
  BASIC.decodeHash('QWxpIEJhYmE6b3BlbiBzZXNhbWU='), {
    username: 'Ali Baba',
    password: 'open sesame'
  }
);

## http-auth-utils/mecanisms/digest

### http-auth-utils/mecanisms/digest~DIGEST : Object Digest authentication mecanism.

Kind: inner constant of http-auth-utils/mecanisms/digest See

#### DIGEST.type : String The Digest auth mecanism prefix.

Kind: static property of DIGEST #### DIGEST.parseWWWAuthenticateRest(rest) ⇒ Object Parse the WWW Authenticate header rest.

Kind: static method of DIGEST Returns: Object - Object representing the result of the parse operation. Api: public

Param Type Description
rest String The header rest (string got after removing the authentication mecanism prefix).

Example

assert.deepEqual(
  DIGEST.parseWWWAuthenticateRest(
    'realm="testrealm@host.com", ' +
    'qop="auth, auth-int", ' +
    'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
    'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
  ), {
    realm: 'testrealm@host.com',
    qop: 'auth, auth-int',
    nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
    opaque: '5ccc069c403ebaf9f0171e9517f40e41'
  }
);

#### DIGEST.buildWWWAuthenticateRest(content) ⇒ String Build the WWW Authenticate header rest.

Kind: static method of DIGEST Returns: String - The built rest. Api: public

Param Type Description
content Object The content from wich to build the rest.

Example

assert.equal(
  DIGEST.buildWWWAuthenticateRest({
    realm: 'testrealm@host.com',
    qop: 'auth, auth-int',
    nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
    opaque: '5ccc069c403ebaf9f0171e9517f40e41'
  }),
  'realm="testrealm@host.com", ' +
  'qop="auth, auth-int", ' +
  'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
  'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
);

#### DIGEST.parseAuthorizationRest(rest) ⇒ Object Parse the Authorization header rest.

Kind: static method of DIGEST Returns: Object - Object representing the result of the parse operation {hash}. Api: public

Param Type Description
rest String The header rest (string got after removing the authentication mecanism prefix).)

Example

assert.deepEqual(
  DIGEST.parseAuthorizationRest(
    'username="Mufasa",' +
    'realm="testrealm@host.com",' +
    'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",' +
    'uri="/dir/index.html",' +
    'qop="auth",' +
    'nc="00000001",' +
    'cnonce="0a4f113b",' +
    'response="6629fae49393a05397450978507c4ef1",' +
    'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
  ), {
    username: "Mufasa",
    realm: 'testrealm@host.com',
    nonce: "dcd98b7102dd2f0e8b11d0f600bfb0c093",
    uri: "/dir/index.html",
    qop: 'auth',
    nc: '00000001',
    cnonce: "0a4f113b",
    response: "6629fae49393a05397450978507c4ef1",
    opaque: "5ccc069c403ebaf9f0171e9517f40e41"
  }
);

#### DIGEST.buildAuthorizationRest(content) ⇒ String Build the Authorization header rest.

Kind: static method of DIGEST Returns: String - The rest built. Api: public

Param Type Description
content Object The content from wich to build the rest.

Example

assert.equal(
  DIGEST.buildAuthorizationRest({
    username: "Mufasa",
    realm: 'testrealm@host.com',
    nonce: "dcd98b7102dd2f0e8b11d0f600bfb0c093",
    uri: "/dir/index.html",
    qop: 'auth',
    nc: '00000001',
    cnonce: "0a4f113b",
    response: "6629fae49393a05397450978507c4ef1",
    opaque: "5ccc069c403ebaf9f0171e9517f40e41"
  }),
  'username="Mufasa", ' +
  'realm="testrealm@host.com", ' +
  'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
  'uri="/dir/index.html", ' +
  'response="6629fae49393a05397450978507c4ef1", ' +
  'cnonce="0a4f113b", ' +
  'opaque="5ccc069c403ebaf9f0171e9517f40e41", ' +
  'qop="auth", ' +
  'nc="00000001"'
);

#### DIGEST.computeHash(credentials) ⇒ String Compute the Digest authentication hash from the given credentials.

Kind: static method of DIGEST Returns: String - The hash representing the credentials. Api: public

Param Type Description
credentials Object The credentials to encode and other encoding details.

Example

assert.equal(
  DIGEST.computeHash({
    username: 'Mufasa',
    realm: 'testrealm@host.com',
    password: 'Circle Of Life',
    method: 'GET',
    uri: '/dir/index.html',
    nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
    nc: '00000001',
    cnonce: '0a4f113b',
    qop: 'auth',
    algorithm: 'md5'
  }),
  '6629fae49393a05397450978507c4ef1'
);