Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/README.md =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/README.md (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/README.md (working copy) @@ -1,21 +1,22 @@ # is-my-json-valid -A [JSONSchema](http://json-schema.org/) validator that uses code generation -to be extremely fast - -``` -npm install is-my-json-valid -``` +A [JSONSchema](https://json-schema.org/) validator that uses code generation to be extremely fast. It passes the entire JSONSchema v4 test suite except for `remoteRefs` and `maxLength`/`minLength` when using unicode surrogate pairs. -[![build status](http://img.shields.io/travis/mafintosh/is-my-json-valid.svg?style=flat)](http://travis-ci.org/mafintosh/is-my-json-valid) +[![build status](https://img.shields.io/travis/mafintosh/is-my-json-valid.svg?style=flat)](https://travis-ci.org/mafintosh/is-my-json-valid) + +## Installation + +```sh +npm install --save is-my-json-valid +``` ## Usage Simply pass a schema to compile it -``` js +```js var validator = require('is-my-json-valid') var validate = validator({ @@ -39,13 +40,13 @@ You can also pass the schema as a string -``` js +```js var validate = validator('{"type": ... }') ``` Optionally you can use the require submodule to load a schema from `__dirname` -``` js +```js var validator = require('is-my-json-valid/require') var validate = validator('my-schema.json') ``` @@ -55,7 +56,7 @@ is-my-json-valid supports the formats specified in JSON schema v4 (such as date-time). If you want to add your own custom formats pass them as the formats options to the validator -``` js +```js var validate = validator({ type: 'string', required: true, @@ -74,7 +75,7 @@ You can pass in external schemas that you reference using the `$ref` attribute as the `schemas` option -``` js +```js var ext = { required: true, type: 'string' @@ -95,7 +96,7 @@ is-my-json-valid supports filtering away properties not in the schema -``` js +```js var filter = validator.filter({ required: true, type: 'object', @@ -109,12 +110,15 @@ console.log(filter(doc)) // {hello: 'world'} ``` -## Verbose mode outputs the value on errors +## Verbose mode shows more information about the source of the error -is-my-json-valid outputs the value causing an error when verbose is set to true +When the `verbose` options is set to `true`, `is-my-json-valid` also outputs: -``` js -var validate = validator({ +- `value`: The data value that caused the error +- `schemaPath`: an array of keys indicating which sub-schema failed + +```js +var schema = { required: true, type: 'object', properties: { @@ -123,12 +127,34 @@ type: 'string' } } -}, { +} +var validate = validator(schema, { verbose: true }) validate({hello: 100}); -console.log(validate.errors) // {field: 'data.hello', message: 'is the wrong type', value: 100, type: 'string'} +console.log(validate.errors) +// [ { field: 'data.hello', +// message: 'is the wrong type', +// value: 100, +// type: 'string', +// schemaPath: [ 'properties', 'hello' ] } ] +``` + +Many popular libraries make it easy to retrieve the failing rule with the `schemaPath`: + +```js +var schemaPath = validate.errors[0].schemaPath +var R = require('ramda') + +console.log( 'All evaluate to the same thing: ', R.equals( + schema.properties.hello, + { required: true, type: 'string' }, + R.path(schemaPath, schema), + require('lodash').get(schema, schemaPath), + require('jsonpointer').get(schema, [""].concat(schemaPath)) +)) +// All evaluate to the same thing: true ``` ## Greedy mode tries to validate as much as possible @@ -136,7 +162,7 @@ By default is-my-json-valid bails on first validation error but when greedy is set to true it tries to validate as much as possible: -``` js +```js var validate = validator({ type: 'object', properties: { @@ -154,20 +180,84 @@ // {field: 'data.x', message: 'is the wrong type'}] ``` +## Error messages + +Here is a list of possible `message` values for errors: + +- `is required` +- `is the wrong type` +- `has additional items` +- `must be FORMAT format` (FORMAT is the `format` property from the schema) +- `must be unique` +- `must be an enum value` +- `dependencies not set` +- `has additional properties` +- `referenced schema does not match` +- `negative schema matches` +- `pattern mismatch` +- `no schemas match` +- `no (or more than one) schemas match` +- `has a remainder` +- `has more properties than allowed` +- `has less properties than allowed` +- `has more items than allowed` +- `has less items than allowed` +- `has longer length than allowed` +- `has less length than allowed` +- `is less than minimum` +- `is more than maximum` + ## Performance is-my-json-valid uses code generation to turn your JSON schema into basic javascript code that is easily optimizeable by v8. -At the time of writing, is-my-json-valid is the __fastest validator__ when running +At the time of writing, is-my-json-valid is the **fastest validator** when running -* [json-schema-benchmark](https://github.com/Muscula/json-schema-benchmark) -* [cosmicreals.com benchmark](http://cosmicrealms.com/blog/2014/08/29/benchmark-of-node-dot-js-json-validation-modules-part-3/) -* [jsck benchmark](https://github.com/pandastrike/jsck/issues/72#issuecomment-70992684) -* [themis benchmark](https://cdn.rawgit.com/playlyfe/themis/master/benchmark/results.html) -* [z-schema benchmark](https://rawgit.com/zaggino/z-schema/master/benchmark/results.html) +- [json-schema-benchmark](https://github.com/Muscula/json-schema-benchmark) +- [cosmicreals.com benchmark](http://cosmicrealms.com/blog/2014/08/29/benchmark-of-node-dot-js-json-validation-modules-part-3/) +- [jsck benchmark](https://github.com/pandastrike/jsck/issues/72#issuecomment-70992684) +- [themis benchmark](https://cdn.rawgit.com/playlyfe/themis/master/benchmark/results.html) +- [z-schema benchmark](https://rawgit.com/zaggino/z-schema/master/benchmark/results.html) If you know any other relevant benchmarks open a PR and I'll add them. +## TypeScript support + +This library ships with TypeScript typings. They are still early on and not perfect at the moment, but should hopefully handle the most common cases. If you find anything that doesn't work, please open an issue and we'll try to solve it. + +The typings are using `unknown` and thus require TypeScript 3.0 or later. + +Here is a quick sample of usage together with express: + +```typescript +import createError = require('http-errors') +import createValidator = require('is-my-json-valid') +import { Request, Response, NextFunction } from 'express' + +const personValidator = createValidator({ + type: 'object', + properties: { + name: { type: 'string' }, + age: { type: 'number' }, + }, + required: [ + 'name' + ] +}) + +export function post (req: Request, res: Response, next: NextFunction) { + // Here req.body is typed as: any + + if (!personValidator(req.body)) { + throw createError(400, { errors: personValidator.errors }) + } + + // Here req.body is typed as: { name: string, age: number | undefined } +} +``` + +As you can see, the typings for is-my-json-valid will contruct an interface from the schema passed in. This allows you to work with your incoming json body in a type safe way. + ## License MIT Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/formats.js =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/formats.js (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/formats.js (working copy) @@ -1,14 +1,40 @@ -exports['date-time'] = /^\d{4}-(?:0[0-9]{1}|1[0-2]{1})-[0-9]{2}[tT ]\d{2}:\d{2}:\d{2}(\.\d+)?([zZ]|[+-]\d{2}:\d{2})$/ +var createIpValidator = require('is-my-ip-valid') + +var reEmailWhitespace = /\s/ +var reHostnameFirstPass = /^[a-zA-Z0-9.-]+$/ +var reHostnamePart = /^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9])$/ +var rePhoneFirstPass = /^\+[0-9][0-9 ]{5,27}[0-9]$/ +var rePhoneDoubleSpace = / {2}/ +var rePhoneGlobalSpace = / /g + +exports['date-time'] = /^\d{4}-(?:0[0-9]{1}|1[0-2]{1})-[0-9]{2}[tT ]\d{2}:\d{2}:\d{2}(?:\.\d+|)([zZ]|[+-]\d{2}:\d{2})$/ exports['date'] = /^\d{4}-(?:0[0-9]{1}|1[0-2]{1})-[0-9]{2}$/ exports['time'] = /^\d{2}:\d{2}:\d{2}$/ -exports['email'] = /^\S+@\S+$/ -exports['ip-address'] = exports['ipv4'] = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/ -exports['ipv6'] = /^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/ -exports['uri'] = /^[a-zA-Z][a-zA-Z0-9+-.]*:[^\s]*$/ +exports['email'] = function (input) { return (input.indexOf('@') !== -1) && (!reEmailWhitespace.test(input)) } +exports['ip-address'] = exports['ipv4'] = createIpValidator({ version: 4 }) +exports['ipv6'] = createIpValidator({ version: 6 }) +exports['uri'] = /^[a-zA-Z][a-zA-Z0-9+\-.]*:[^\s]*$/ exports['color'] = /(#?([0-9A-Fa-f]{3,6})\b)|(aqua)|(black)|(blue)|(fuchsia)|(gray)|(green)|(lime)|(maroon)|(navy)|(olive)|(orange)|(purple)|(red)|(silver)|(teal)|(white)|(yellow)|(rgb\(\s*\b([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\b\s*,\s*\b([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\b\s*,\s*\b([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\b\s*\))|(rgb\(\s*(\d?\d%|100%)+\s*,\s*(\d?\d%|100%)+\s*,\s*(\d?\d%|100%)+\s*\))/ -exports['hostname'] = /^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$/ +exports['hostname'] = function (input) { + if (!(reHostnameFirstPass.test(input))) return false + + var parts = input.split('.') + + for (var i = 0; i < parts.length; i++) { + if (!(reHostnamePart.test(parts[i]))) return false + } + + return true +} exports['alpha'] = /^[a-zA-Z]+$/ exports['alphanumeric'] = /^[a-zA-Z0-9]+$/ -exports['style'] = /\s*(.+?):\s*([^;]+);?/g -exports['phone'] = /^\+(?:[0-9] ?){6,14}[0-9]$/ +exports['style'] = /.:\s*[^;]/g +exports['phone'] = function (input) { + if (!(rePhoneFirstPass.test(input))) return false + if (rePhoneDoubleSpace.test(input)) return false + + var digits = input.substring(1).replace(rePhoneGlobalSpace, '').length + + return (digits >= 7 && digits <= 15) +} exports['utc-millisec'] = /^[0-9]{1,15}\.?[0-9]{0,15}$/ Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/index.js =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/index.js (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/index.js (working copy) @@ -45,13 +45,6 @@ } } -var formatName = function(field) { - field = JSON.stringify(field) - var pattern = /\[([^\[\]"]+)\]/ - while (pattern.test(field)) field = field.replace(pattern, '."+$1+"') - return field -} - var types = {} types.any = function() { @@ -75,7 +68,7 @@ } types.number = function(name) { - return 'typeof '+name+' === "number"' + return 'typeof '+name+' === "number" && isFinite('+name+')' } types.integer = function(name) { @@ -86,9 +79,10 @@ return 'typeof '+name+' === "string"' } -var unique = function(array) { +var unique = function(array, len) { + len = Math.min(len === -1 ? array.length : len, array.length) var list = [] - for (var i = 0; i < array.length; i++) { + for (var i = 0; i < len; i++) { list.push(typeof array[i] === 'object' ? JSON.stringify(array[i]) : array[i]) } for (var i = 1; i < list.length; i++) { @@ -109,20 +103,40 @@ return !res; } -var toType = function(node) { - return node.type +var testLimitedRegex = function (r, s, maxLength) { + if (maxLength > -1 && s.length > maxLength) return true + return r.test(s) } var compile = function(schema, cache, root, reporter, opts) { var fmts = opts ? xtend(formats, opts.formats) : formats - var scope = {unique:unique, formats:fmts, isMultipleOf:isMultipleOf} + var scope = {unique:unique, formats:fmts, isMultipleOf:isMultipleOf, testLimitedRegex:testLimitedRegex} var verbose = opts ? !!opts.verbose : false; var greedy = opts && opts.greedy !== undefined ? opts.greedy : false; var syms = {} + var allocated = [] var gensym = function(name) { - return name+(syms[name] = (syms[name] || 0)+1) + var res = name+(syms[name] = (syms[name] || 0)+1) + allocated.push(res) + return res + } + + var formatName = function(field) { + var s = JSON.stringify(field) + try { + var pattern = /\[([^\[\]"]+)\]/ + while (pattern.test(s)) s = s.replace(pattern, replacer) + return s + } catch (_) { + return JSON.stringify(field) + } + + function replacer (match, v) { + if (allocated.indexOf(v) === -1) throw new Error('Unreplaceable') + return '." + ' + v + ' + "' + } } var reversePatterns = {} @@ -138,10 +152,11 @@ var genloop = function() { var v = vars.shift() vars.push(v+v[0]) + allocated.push(v) return v } - var visit = function(name, node, reporter, filter) { + var visit = function(name, node, reporter, filter, schemaPath) { var properties = node.properties var type = node.type var tuple = false @@ -161,7 +176,14 @@ if (reporter === true) { validate('if (validate.errors === null) validate.errors = []') if (verbose) { - validate('validate.errors.push({field:%s,message:%s,value:%s,type:%s})', formatName(prop || name), JSON.stringify(msg), value || name, JSON.stringify(type)) + validate( + 'validate.errors.push({field:%s,message:%s,value:%s,type:%s,schemaPath:%s})', + formatName(prop || name), + JSON.stringify(msg), + value || name, + JSON.stringify(type), + JSON.stringify(schemaPath) + ) } else { validate('validate.errors.push({field:%s,message:%s})', formatName(prop || name), JSON.stringify(msg)) } @@ -180,6 +202,10 @@ var valid = [].concat(type) .map(function(t) { + if (t && !types.hasOwnProperty(t)) { + throw new Error('Unknown type: ' + t) + } + return types[t || 'any'](name) }) .join(' || ') || 'true' @@ -199,7 +225,7 @@ } else if (node.additionalItems) { var i = genloop() validate('for (var %s = %d; %s < %s.length; %s++) {', i, node.items.length, i, name, i) - visit(name+'['+i+']', node.additionalItems, reporter, filter) + visit(name+'['+i+']', node.additionalItems, reporter, filter, schemaPath.concat('additionalItems')) validate('}') } } @@ -210,37 +236,34 @@ scope[n] = fmts[node.format] if (typeof scope[n] === 'function') validate('if (!%s(%s)) {', n, name) - else validate('if (!%s.test(%s)) {', n, name) + else validate('if (!testLimitedRegex(%s, %s, %d)) {', n, name, typeof node.maxLength === 'undefined' ? -1 : node.maxLength) error('must be '+node.format+' format') validate('}') if (type !== 'string' && formats[node.format]) validate('}') } if (Array.isArray(node.required)) { - var isUndefined = function(req) { - return genobj(name, req) + ' === undefined' - } - + var n = gensym('missing') + validate('var %s = 0', n) var checkRequired = function (req) { var prop = genobj(name, req); validate('if (%s === undefined) {', prop) error('is required', prop) - validate('missing++') + validate('%s++', n) validate('}') } validate('if ((%s)) {', type !== 'object' ? types.object(name) : 'true') - validate('var missing = 0') node.required.map(checkRequired) validate('}'); if (!greedy) { - validate('if (missing === 0) {') + validate('if (%s === 0) {', n) indent++ } } if (node.uniqueItems) { if (type !== 'array') validate('if (%s) {', types.array(name)) - validate('if (!(unique(%s))) {', name) + validate('if (!(unique(%s, %d))) {', name, node.maxItems || -1) error('must be unique') validate('}') if (type !== 'array') validate('}') @@ -282,7 +305,7 @@ } if (typeof deps === 'object') { validate('if (%s !== undefined) {', genobj(name, key)) - visit(name, deps, reporter, filter) + visit(name, deps, reporter, filter, schemaPath.concat(['dependencies', key])) validate('}') } }) @@ -316,7 +339,7 @@ if (filter) validate('delete %s', name+'['+keys+'['+i+']]') error('has additional properties', null, JSON.stringify(name+'.') + ' + ' + keys + '['+i+']') } else { - visit(name+'['+keys+'['+i+']]', node.additionalProperties, reporter, filter) + visit(name+'['+keys+'['+i+']]', node.additionalProperties, reporter, filter, schemaPath.concat(['additionalProperties'])) } validate @@ -347,7 +370,7 @@ if (node.not) { var prev = gensym('prev') validate('var %s = errors', prev) - visit(name, node.not, false, filter) + visit(name, node.not, false, filter, schemaPath.concat('not')) validate('if (%s === errors) {', prev) error('negative schema matches') validate('} else {') @@ -360,7 +383,7 @@ var i = genloop() validate('for (var %s = 0; %s < %s.length; %s++) {', i, i, name, i) - visit(name+'['+i+']', node.items, reporter, filter) + visit(name+'['+i+']', node.items, reporter, filter, schemaPath.concat('items')) validate('}') if (type !== 'array') validate('}') @@ -377,7 +400,7 @@ Object.keys(node.patternProperties).forEach(function(key) { var p = patterns(key) validate('if (%s.test(%s)) {', p, keys+'['+i+']') - visit(name+'['+keys+'['+i+']]', node.patternProperties[key], reporter, filter) + visit(name+'['+keys+'['+i+']]', node.patternProperties[key], reporter, filter, schemaPath.concat(['patternProperties', key])) validate('}') }) @@ -388,15 +411,15 @@ if (node.pattern) { var p = patterns(node.pattern) if (type !== 'string') validate('if (%s) {', types.string(name)) - validate('if (!(%s.test(%s))) {', p, name) + validate('if (!(testLimitedRegex(%s, %s, %d))) {', p, name, typeof node.maxLength === 'undefined' ? -1 : node.maxLength) error('pattern mismatch') validate('}') if (type !== 'string') validate('}') } if (node.allOf) { - node.allOf.forEach(function(sch) { - visit(name, sch, reporter, filter) + node.allOf.forEach(function(sch, key) { + visit(name, sch, reporter, filter, schemaPath.concat(['allOf', key])) }) } @@ -410,7 +433,7 @@ validate('if (errors !== %s) {', prev) ('errors = %s', prev) } - visit(name, sch, false, false) + visit(name, sch, false, false, schemaPath) }) node.anyOf.forEach(function(sch, i) { if (i) validate('}') @@ -429,7 +452,7 @@ ('var %s = 0', passes) node.oneOf.forEach(function(sch, i) { - visit(name, sch, false, false) + visit(name, sch, false, false, schemaPath) validate('if (%s === errors) {', prev) ('%s++', passes) ('} else {') @@ -537,7 +560,13 @@ Object.keys(properties).forEach(function(p) { if (Array.isArray(type) && type.indexOf('null') !== -1) validate('if (%s !== null) {', name) - visit(genobj(name, p), properties[p], reporter, filter) + visit( + genobj(name, p), + properties[p], + reporter, + filter, + schemaPath.concat(tuple ? p : ['properties', p]) + ) if (Array.isArray(type) && type.indexOf('null') !== -1) validate('}') }) @@ -553,7 +582,7 @@ ('validate.errors = null') ('var errors = 0') - visit('data', schema, reporter, opts && opts.filter) + visit('data', schema, reporter, opts && opts.filter, []) validate ('return errors === 0') Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/README.md =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/README.md (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/README.md (working copy) @@ -1,6 +1,10 @@ -# JSON Pointer for nodejs +# JSON Pointer for Node.js -This is an implementation of [JSON Pointer](http://tools.ietf.org/html/draft-ietf-appsawg-json-pointer-08). +This is an implementation of [JSON Pointer](https://tools.ietf.org/html/rfc6901). + +## CLI + +Looking to filter JSON from the command line? Check out [jsonpointer-cli](https://github.com/joeyespo/jsonpointer-cli). ## Usage ```javascript @@ -12,7 +16,7 @@ jsonpointer.get(obj, '/qux/0'); // returns 3 jsonpointer.get(obj, '/qux/1'); // returns 4 jsonpointer.get(obj, '/qux/2'); // returns 5 -jsonpointer.get(obj, '/quo'); // returns null +jsonpointer.get(obj, '/quo'); // returns undefined jsonpointer.set(obj, '/foo', 6); // sets obj.foo = 6; jsonpointer.set(obj, '/qux/-', 6) // sets obj.qux = [3, 4, 5, 6] @@ -24,15 +28,17 @@ ## Testing - $ node test.js + $ npm test All tests pass. $ -[![Build Status](https://travis-ci.org/janl/node-jsonpointer.png?branch=master)](https://travis-ci.org/janl/node-jsonpointer) +[![Node.js CI](https://github.com/janl/node-jsonpointer/actions/workflows/node.js.yml/badge.svg)](https://github.com/janl/node-jsonpointer/actions/workflows/node.js.yml) ## Author -(c) 2011-2015 Jan Lehnardt & Marc Bachmann +(c) 2011-2021 Jan Lehnardt & Marc Bachmann + +Thanks to all contributors. ## License Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/jsonpointer.js =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/jsonpointer.js (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/jsonpointer.js (working copy) @@ -18,6 +18,8 @@ var hasNextPart for (var p = 1, len = pointer.length; p < len;) { + if (pointer[p] === 'constructor' || pointer[p] === 'prototype' || pointer[p] === '__proto__') return obj + part = untilde(pointer[p++]) hasNextPart = len > p @@ -50,6 +52,11 @@ if (pointer[0] === '') return pointer throw new Error('Invalid JSON pointer.') } else if (Array.isArray(pointer)) { + for (const part of pointer) { + if (typeof part !== 'string' && typeof part !== 'number') { + throw new Error('Invalid JSON pointer. Must be of type string or number.') + } + } return pointer } @@ -65,7 +72,7 @@ for (var p = 1; p < len;) { obj = obj[untilde(pointer[p++])] if (len === p) return obj - if (typeof obj !== 'object') return undefined + if (typeof obj !== 'object' || obj === null) return undefined } } Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/package.json =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/package.json (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/package.json (working copy) @@ -7,24 +7,15 @@ "util", "utility" ], - "version": "4.0.0", - "author": { - "name": "Jan Lehnardt", - "email": "jan@apache.org" - }, + "version": "5.0.0", + "author": "Jan Lehnardt ", "contributors": [ - { - "name": "Joe Hildebrand", - "email": "joe-github@cursive.net" - }, - { - "name": "Marc Bachmann", - "email": "marc.brookman@gmail.com" - } + "Joe Hildebrand ", + "Marc Bachmann " ], "repository": { "type": "git", - "url": "http://github.com/janl/node-jsonpointer.git" + "url": "https://github.com/janl/node-jsonpointer.git" }, "bugs": { "url": "http://github.com/janl/node-jsonpointer/issues" @@ -33,19 +24,25 @@ "node": ">=0.10.0" }, "main": "./jsonpointer", + "typings": "jsonpointer.d.ts", + "files": [ + "jsonpointer.js", + "jsonpointer.d.ts" + ], "scripts": { - "test": "standard && node test.js" + "test": "npm run test:standard && npm run test:all", + "test:standard": "standard", + "test:all": "node test.js", + "semantic-release": "semantic-release pre && npm publish && semantic-release post" }, "license": "MIT", "devDependencies": { - "standard": "^5.3.1" - }, - "readme": "# JSON Pointer for nodejs\n\nThis is an implementation of [JSON Pointer](http://tools.ietf.org/html/draft-ietf-appsawg-json-pointer-08).\n\n## Usage\n```javascript\nvar jsonpointer = require('jsonpointer');\nvar obj = { foo: 1, bar: { baz: 2}, qux: [3, 4, 5]};\n\njsonpointer.get(obj, '/foo'); // returns 1\njsonpointer.get(obj, '/bar/baz'); // returns 2\njsonpointer.get(obj, '/qux/0'); // returns 3\njsonpointer.get(obj, '/qux/1'); // returns 4\njsonpointer.get(obj, '/qux/2'); // returns 5\njsonpointer.get(obj, '/quo'); // returns null\n\njsonpointer.set(obj, '/foo', 6); // sets obj.foo = 6;\njsonpointer.set(obj, '/qux/-', 6) // sets obj.qux = [3, 4, 5, 6]\n\nvar pointer = jsonpointer.compile('/foo')\npointer.get(obj) // returns 1\npointer.set(obj, 1) // sets obj.foo = 1\n```\n\n## Testing\n\n $ node test.js\n All tests pass.\n $\n\n[![Build Status](https://travis-ci.org/janl/node-jsonpointer.png?branch=master)](https://travis-ci.org/janl/node-jsonpointer)\n\n## Author\n\n(c) 2011-2015 Jan Lehnardt & Marc Bachmann \n\n## License\n\nMIT License.\n", - "readmeFilename": "README.md", - "_id": "jsonpointer@4.0.0", - "dist": { - "shasum": "55a52fc3e8dfb746b0db2716bc6d4af1b811dd95" + "semantic-release": "^18.0.0", + "standard": "^16.0.4" }, - "_from": "jsonpointer@^4.0.0", - "_resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-4.0.0.tgz" + "standard": { + "ignore": [ + "test.js" + ] + } } Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/test.js =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/test.js (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/test.js (working copy) @@ -8,45 +8,43 @@ }, d: { e: [{ a: 3 }, { b: 4 }, { c: 5 }] - } + }, + nullValue: null } -assert.equal(jsonpointer.get(obj, '/a'), 1) -assert.equal(jsonpointer.get(obj, '/b/c'), 2) -assert.equal(jsonpointer.get(obj, '/d/e/0/a'), 3) -assert.equal(jsonpointer.get(obj, '/d/e/1/b'), 4) -assert.equal(jsonpointer.get(obj, '/d/e/2/c'), 5) +assert.strictEqual(jsonpointer.get(obj, '/nullValue'), null) +assert.strictEqual(jsonpointer.get(obj, '/nullValue/e'), undefined) // set returns old value -assert.equal(jsonpointer.set(obj, '/a', 2), 1) -assert.equal(jsonpointer.set(obj, '/b/c', 3), 2) -assert.equal(jsonpointer.set(obj, '/d/e/0/a', 4), 3) -assert.equal(jsonpointer.set(obj, '/d/e/1/b', 5), 4) -assert.equal(jsonpointer.set(obj, '/d/e/2/c', 6), 5) +assert.strictEqual(jsonpointer.set(obj, '/a', 2), 1) +assert.strictEqual(jsonpointer.set(obj, '/b/c', 3), 2) +assert.strictEqual(jsonpointer.set(obj, '/d/e/0/a', 4), 3) +assert.strictEqual(jsonpointer.set(obj, '/d/e/1/b', 5), 4) +assert.strictEqual(jsonpointer.set(obj, '/d/e/2/c', 6), 5) // set nested properties -assert.equal(jsonpointer.set(obj, '/f/g/h/i', 6), undefined) -assert.equal(jsonpointer.get(obj, '/f/g/h/i'), 6) +assert.strictEqual(jsonpointer.set(obj, '/f/g/h/i', 6), undefined) +assert.strictEqual(jsonpointer.get(obj, '/f/g/h/i'), 6) // set an array -assert.equal(jsonpointer.set(obj, '/f/g/h/foo/-', 'test'), undefined) +assert.strictEqual(jsonpointer.set(obj, '/f/g/h/foo/-', 'test'), undefined) var arr = jsonpointer.get(obj, '/f/g/h/foo') assert(Array.isArray(arr), 'set /- creates an array.') -assert.equal(arr[0], 'test') +assert.strictEqual(arr[0], 'test') -assert.equal(jsonpointer.get(obj, '/a'), 2) -assert.equal(jsonpointer.get(obj, '/b/c'), 3) -assert.equal(jsonpointer.get(obj, '/d/e/0/a'), 4) -assert.equal(jsonpointer.get(obj, '/d/e/1/b'), 5) -assert.equal(jsonpointer.get(obj, '/d/e/2/c'), 6) +assert.strictEqual(jsonpointer.get(obj, '/a'), 2) +assert.strictEqual(jsonpointer.get(obj, '/b/c'), 3) +assert.strictEqual(jsonpointer.get(obj, '/d/e/0/a'), 4) +assert.strictEqual(jsonpointer.get(obj, '/d/e/1/b'), 5) +assert.strictEqual(jsonpointer.get(obj, '/d/e/2/c'), 6) // can set `null` as a value -assert.equal(jsonpointer.set(obj, '/f/g/h/foo/0', null), 'test') +assert.strictEqual(jsonpointer.set(obj, '/f/g/h/foo/0', null), 'test') assert.strictEqual(jsonpointer.get(obj, '/f/g/h/foo/0'), null) -assert.equal(jsonpointer.set(obj, '/b/c', null), 3) +assert.strictEqual(jsonpointer.set(obj, '/b/c', null), 3) assert.strictEqual(jsonpointer.get(obj, '/b/c'), null) -assert.equal(jsonpointer.get(obj, ''), obj) +assert.strictEqual(jsonpointer.get(obj, ''), obj) assert.throws(function () { jsonpointer.get(obj, 'a') }, validateError) assert.throws(function () { jsonpointer.get(obj, 'a/') }, validateError) @@ -76,23 +74,23 @@ '01': 4 } -assert.equal(jsonpointer.get(complexKeys, '/a~1b/c'), 1) -assert.equal(jsonpointer.get(complexKeys, '/d/e~1f'), 2) -assert.equal(jsonpointer.get(complexKeys, '/~01'), 3) -assert.equal(jsonpointer.get(complexKeys, '/01'), 4) -assert.equal(jsonpointer.get(complexKeys, '/a/b/c'), null) -assert.equal(jsonpointer.get(complexKeys, '/~1'), null) +assert.strictEqual(jsonpointer.get(complexKeys, '/a~1b/c'), 1) +assert.strictEqual(jsonpointer.get(complexKeys, '/d/e~1f'), 2) +assert.strictEqual(jsonpointer.get(complexKeys, '/~01'), 3) +assert.strictEqual(jsonpointer.get(complexKeys, '/01'), 4) +assert.strictEqual(jsonpointer.get(complexKeys, '/a/b/c'), undefined) +assert.strictEqual(jsonpointer.get(complexKeys, '/~1'), undefined) // draft-ietf-appsawg-json-pointer-08 has special array rules -var ary = [ 'zero', 'one', 'two' ] -assert.equal(jsonpointer.get(ary, '/01'), null) +var ary = ['zero', 'one', 'two'] +assert.strictEqual(jsonpointer.get(ary, '/01'), undefined) -assert.equal(jsonpointer.set(ary, '/-', 'three'), null) -assert.equal(ary[3], 'three') +assert.strictEqual(jsonpointer.set(ary, '/-', 'three'), undefined) +assert.strictEqual(ary[3], 'three') // Examples from the draft: var example = { - 'foo': ['bar', 'baz'], + foo: ['bar', 'baz'], '': 0, 'a/b': 1, 'c%d': 2, @@ -104,28 +102,64 @@ 'm~n': 8 } -assert.equal(jsonpointer.get(example, ''), example) +assert.strictEqual(jsonpointer.get(example, ''), example) var ans = jsonpointer.get(example, '/foo') -assert.equal(ans.length, 2) -assert.equal(ans[0], 'bar') -assert.equal(ans[1], 'baz') -assert.equal(jsonpointer.get(example, '/foo/0'), 'bar') -assert.equal(jsonpointer.get(example, '/'), 0) -assert.equal(jsonpointer.get(example, '/a~1b'), 1) -assert.equal(jsonpointer.get(example, '/c%d'), 2) -assert.equal(jsonpointer.get(example, '/e^f'), 3) -assert.equal(jsonpointer.get(example, '/g|h'), 4) -assert.equal(jsonpointer.get(example, '/i\\j'), 5) -assert.equal(jsonpointer.get(example, '/k\'l'), 6) -assert.equal(jsonpointer.get(example, '/ '), 7) -assert.equal(jsonpointer.get(example, '/m~0n'), 8) +assert.strictEqual(ans.length, 2) +assert.strictEqual(ans[0], 'bar') +assert.strictEqual(ans[1], 'baz') +assert.strictEqual(jsonpointer.get(example, '/foo/0'), 'bar') +assert.strictEqual(jsonpointer.get(example, '/'), 0) +assert.strictEqual(jsonpointer.get(example, '/a~1b'), 1) +assert.strictEqual(jsonpointer.get(example, '/c%d'), 2) +assert.strictEqual(jsonpointer.get(example, '/e^f'), 3) +assert.strictEqual(jsonpointer.get(example, '/g|h'), 4) +assert.strictEqual(jsonpointer.get(example, '/i\\j'), 5) +assert.strictEqual(jsonpointer.get(example, '/k\'l'), 6) +assert.strictEqual(jsonpointer.get(example, '/ '), 7) +assert.strictEqual(jsonpointer.get(example, '/m~0n'), 8) // jsonpointer.compile(path) -var a = {foo: 'bar'} +var a = { foo: 'bar', foo2: null } var pointer = jsonpointer.compile('/foo') -assert.equal(pointer.get(a), 'bar') -assert.equal(pointer.set(a, 'test'), 'bar') -assert.equal(pointer.get(a), 'test') -assert.deepEqual(a, {foo: 'test'}) +assert.strictEqual(pointer.get(a), 'bar') +assert.strictEqual(pointer.set(a, 'test'), 'bar') +assert.strictEqual(pointer.get(a), 'test') +assert.deepEqual(a, { foo: 'test', foo2: null }) + +// Read subproperty of null value +var pointerNullValue = jsonpointer.compile('/foo2/baz') +assert.strictEqual(pointerNullValue.get(a), undefined) + +var b = {} +jsonpointer.set({}, '/constructor/prototype/boo', 'polluted') +assert(!b.boo, 'should not boo') + +var c = {} +jsonpointer.set({}, '/__proto__/boo', 'polluted') +assert(!c.boo, 'should not boo') + +var d = {} +jsonpointer.set({}, '/foo/__proto__/boo', 'polluted') +assert(!d.boo, 'should not boo') + +jsonpointer.set({}, '/foo/__proto__/__proto__/boo', 'polluted') +assert(!d.boo, 'should not boo') + +var e = {} +jsonpointer.set({}, '/foo/constructor/prototype/boo', 'polluted') +assert(!e.boo, 'should not boo') + +jsonpointer.set({}, '/foo/constructor/constructor/prototype/boo', 'polluted') +assert(!e.boo, 'should not boo') + +assert.throws(function () { jsonpointer.set({}, [['__proto__'], 'boo'], 'polluted')}, validateError) +assert.throws(function () { jsonpointer.set({}, [[['__proto__']], 'boo'], 'polluted')}, validateError) +assert.throws(function () { jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')}, validateError) +assert.throws(function () { jsonpointer.set({}, [[['__proto__']], [['__proto__']], 'boo'], 'polluted')}, validateError) +assert.throws(function () { jsonpointer.set({}, [['__proto__'], ['__proto__'], ['__proto__'], 'boo'], 'polluted')}, validateError) +assert.throws(function () { jsonpointer.set({}, [['foo'], ['__proto__'], 'boo'], 'polluted')}, validateError) +assert.throws(function () { jsonpointer.set({}, [['foo'], ['__proto__'], ['__proto__'], 'boo'], 'polluted')}, validateError) +assert.throws(function () { jsonpointer.set({}, [['constructor'], ['prototype'], 'boo'], 'polluted')}, validateError) +assert.throws(function () { jsonpointer.set({}, [['constructor'], ['constructor'], ['prototype'], 'boo'], 'polluted')}, validateError) console.log('All tests pass.') Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/package.json =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/package.json (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/package.json (working copy) @@ -1,44 +1,33 @@ { "name": "is-my-json-valid", - "version": "2.15.0", - "description": "A JSONSchema validator that uses code generation to be extremely fast", - "main": "index.js", + "version": "2.20.6", + "license": "MIT", + "repository": "mafintosh/is-my-json-valid", + "files": [ + "formats.js", + "index.d.ts", + "index.js", + "require.js" + ], + "scripts": { + "test": "tape test/*.js && tsc" + }, "dependencies": { "generate-function": "^2.0.0", "generate-object-property": "^1.1.0", - "jsonpointer": "^4.0.0", + "is-my-ip-valid": "^1.0.0", + "jsonpointer": "^5.0.0", "xtend": "^4.0.0" }, "devDependencies": { - "tape": "^2.13.4" - }, - "scripts": { - "test": "tape test/*.js" - }, - "repository": { - "type": "git", - "url": "https://github.com/mafintosh/is-my-json-valid" + "safe-regex": "^1.1.0", + "tape": "^2.13.4", + "typescript": "^3.0.1" }, "keywords": [ "json", "schema", "orderly", "jsonschema" - ], - "author": { - "name": "Mathias Buus" - }, - "license": "MIT", - "bugs": { - "url": "https://github.com/mafintosh/is-my-json-valid/issues" - }, - "homepage": "https://github.com/mafintosh/is-my-json-valid", - "readme": "# is-my-json-valid\n\nA [JSONSchema](http://json-schema.org/) validator that uses code generation\nto be extremely fast\n\n```\nnpm install is-my-json-valid\n```\n\nIt passes the entire JSONSchema v4 test suite except for `remoteRefs` and `maxLength`/`minLength` when using unicode surrogate pairs.\n\n[![build status](http://img.shields.io/travis/mafintosh/is-my-json-valid.svg?style=flat)](http://travis-ci.org/mafintosh/is-my-json-valid)\n\n## Usage\n\nSimply pass a schema to compile it\n\n``` js\nvar validator = require('is-my-json-valid')\n\nvar validate = validator({\n required: true,\n type: 'object',\n properties: {\n hello: {\n required: true,\n type: 'string'\n }\n }\n})\n\nconsole.log('should be valid', validate({hello: 'world'}))\nconsole.log('should not be valid', validate({}))\n\n// get the last list of errors by checking validate.errors\n// the following will print [{field: 'data.hello', message: 'is required'}]\nconsole.log(validate.errors)\n```\n\nYou can also pass the schema as a string\n\n``` js\nvar validate = validator('{\"type\": ... }')\n```\n\nOptionally you can use the require submodule to load a schema from `__dirname`\n\n``` js\nvar validator = require('is-my-json-valid/require')\nvar validate = validator('my-schema.json')\n```\n\n## Custom formats\n\nis-my-json-valid supports the formats specified in JSON schema v4 (such as date-time).\nIf you want to add your own custom formats pass them as the formats options to the validator\n\n``` js\nvar validate = validator({\n type: 'string',\n required: true,\n format: 'only-a'\n}, {\n formats: {\n 'only-a': /^a+$/\n }\n})\n\nconsole.log(validate('aa')) // true\nconsole.log(validate('ab')) // false\n```\n\n## External schemas\n\nYou can pass in external schemas that you reference using the `$ref` attribute as the `schemas` option\n\n``` js\nvar ext = {\n required: true,\n type: 'string'\n}\n\nvar schema = {\n $ref: '#ext' // references another schema called ext\n}\n\n// pass the external schemas as an option\nvar validate = validator(schema, {schemas: {ext: ext}})\n\nvalidate('hello') // returns true\nvalidate(42) // return false\n```\n\n## Filtering away additional properties\n\nis-my-json-valid supports filtering away properties not in the schema\n\n``` js\nvar filter = validator.filter({\n required: true,\n type: 'object',\n properties: {\n hello: {type: 'string', required: true}\n },\n additionalProperties: false\n})\n\nvar doc = {hello: 'world', notInSchema: true}\nconsole.log(filter(doc)) // {hello: 'world'}\n```\n\n## Verbose mode outputs the value on errors\n\nis-my-json-valid outputs the value causing an error when verbose is set to true\n\n``` js\nvar validate = validator({\n required: true,\n type: 'object',\n properties: {\n hello: {\n required: true,\n type: 'string'\n }\n }\n}, {\n verbose: true\n})\n\nvalidate({hello: 100});\nconsole.log(validate.errors) // {field: 'data.hello', message: 'is the wrong type', value: 100, type: 'string'}\n```\n\n## Greedy mode tries to validate as much as possible\n\nBy default is-my-json-valid bails on first validation error but when greedy is\nset to true it tries to validate as much as possible:\n\n``` js\nvar validate = validator({\n type: 'object',\n properties: {\n x: {\n type: 'number'\n }\n },\n required: ['x', 'y']\n}, {\n greedy: true\n});\n\nvalidate({x: 'string'});\nconsole.log(validate.errors) // [{field: 'data.y', message: 'is required'},\n // {field: 'data.x', message: 'is the wrong type'}]\n```\n\n## Performance\n\nis-my-json-valid uses code generation to turn your JSON schema into basic javascript code that is easily optimizeable by v8.\n\nAt the time of writing, is-my-json-valid is the __fastest validator__ when running\n\n* [json-schema-benchmark](https://github.com/Muscula/json-schema-benchmark)\n* [cosmicreals.com benchmark](http://cosmicrealms.com/blog/2014/08/29/benchmark-of-node-dot-js-json-validation-modules-part-3/)\n* [jsck benchmark](https://github.com/pandastrike/jsck/issues/72#issuecomment-70992684)\n* [themis benchmark](https://cdn.rawgit.com/playlyfe/themis/master/benchmark/results.html)\n* [z-schema benchmark](https://rawgit.com/zaggino/z-schema/master/benchmark/results.html)\n\nIf you know any other relevant benchmarks open a PR and I'll add them.\n\n## License\n\nMIT\n", - "readmeFilename": "README.md", - "_id": "is-my-json-valid@2.15.0", - "dist": { - "shasum": "0a83b04f01947c448fa691a7cbb5d372c2db74d1" - }, - "_from": "is-my-json-valid@^2.12.4", - "_resolved": "https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.15.0.tgz" + ] } Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/README.md =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/README.md (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/README.md (working copy) @@ -1,634 +1,19 @@ -![hawk Logo](https://raw.github.com/hueniverse/hawk/master/images/hawk.png) - - **Hawk** is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial -HTTP request cryptographic verification. For more complex use cases such as access delegation, see [Oz](https://github.com/hueniverse/oz). - -Current version: **3.x** - -Note: 3.x and 2.x are the same exact protocol as 1.1. The version increments reflect changes in the node API. - -[![Build Status](https://secure.travis-ci.org/hueniverse/hawk.png)](http://travis-ci.org/hueniverse/hawk) - -# Table of Content - -- [**Introduction**](#introduction) - - [Replay Protection](#replay-protection) - - [Usage Example](#usage-example) - - [Protocol Example](#protocol-example) - - [Payload Validation](#payload-validation) - - [Response Payload Validation](#response-payload-validation) - - [Browser Support and Considerations](#browser-support-and-considerations) -

-- [**Single URI Authorization**](#single-uri-authorization) - - [Usage Example](#bewit-usage-example) -

-- [**Security Considerations**](#security-considerations) - - [MAC Keys Transmission](#mac-keys-transmission) - - [Confidentiality of Requests](#confidentiality-of-requests) - - [Spoofing by Counterfeit Servers](#spoofing-by-counterfeit-servers) - - [Plaintext Storage of Credentials](#plaintext-storage-of-credentials) - - [Entropy of Keys](#entropy-of-keys) - - [Coverage Limitations](#coverage-limitations) - - [Future Time Manipulation](#future-time-manipulation) - - [Client Clock Poisoning](#client-clock-poisoning) - - [Bewit Limitations](#bewit-limitations) - - [Host Header Forgery](#host-header-forgery) -

-- [**Frequently Asked Questions**](#frequently-asked-questions) -

-- [**Implementations**](#implementations) -- [**Acknowledgements**](#acknowledgements) - -# Introduction - -**Hawk** is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with -partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, -and optionally the request payload. - -Similar to the HTTP [Digest access authentication schemes](http://www.ietf.org/rfc/rfc2617.txt), **Hawk** uses a set of -client credentials which include an identifier (e.g. username) and key (e.g. password). Likewise, just as with the Digest scheme, -the key is never included in authenticated requests. Instead, it is used to calculate a request MAC value which is -included in its place. - -However, **Hawk** has several differences from Digest. In particular, while both use a nonce to limit the possibility of -replay attacks, in **Hawk** the client generates the nonce and uses it in combination with a timestamp, leading to less -"chattiness" (interaction with the server). - -Also unlike Digest, this scheme is not intended to protect the key itself (the password in Digest) because -the client and server must both have access to the key material in the clear. - -The primary design goals of this scheme are to: -* simplify and improve HTTP authentication for services that are unwilling or unable to deploy TLS for all resources, -* secure credentials against leakage (e.g., when the client uses some form of dynamic configuration to determine where - to send an authenticated request), and -* avoid the exposure of credentials sent to a malicious server over an unauthenticated secure channel due to client - failure to validate the server's identity as part of its TLS handshake. - -In addition, **Hawk** supports a method for granting third-parties temporary access to individual resources using -a query parameter called _bewit_ (in falconry, a leather strap used to attach a tracking device to the leg of a hawk). - -The **Hawk** scheme requires the establishment of a shared symmetric key between the client and the server, -which is beyond the scope of this module. Typically, the shared credentials are established via an initial -TLS-protected phase or derived from some other shared confidential information available to both the client -and the server. - - -## Replay Protection - -Without replay protection, an attacker can use a compromised (but otherwise valid and authenticated) request more -than once, gaining access to a protected resource. To mitigate this, clients include both a nonce and a timestamp when -making requests. This gives the server enough information to prevent replay attacks. - -The nonce is generated by the client, and is a string unique across all requests with the same timestamp and -key identifier combination. - -The timestamp enables the server to restrict the validity period of the credentials where requests occuring afterwards -are rejected. It also removes the need for the server to retain an unbounded number of nonce values for future checks. -By default, **Hawk** uses a time window of 1 minute to allow for time skew between the client and server (which in -practice translates to a maximum of 2 minutes as the skew can be positive or negative). - -Using a timestamp requires the client's clock to be in sync with the server's clock. **Hawk** requires both the client -clock and the server clock to use NTP to ensure synchronization. However, given the limitations of some client types -(e.g. browsers) to deploy NTP, the server provides the client with its current time (in seconds precision) in response -to a bad timestamp. - -There is no expectation that the client will adjust its system clock to match the server (in fact, this would be a -potential attack vector). Instead, the client only uses the server's time to calculate an offset used only -for communications with that particular server. The protocol rewards clients with synchronized clocks by reducing -the number of round trips required to authenticate the first request. - - -## Usage Example - -Server code: - -```javascript -var Http = require('http'); -var Hawk = require('hawk'); - - -// Credentials lookup function - -var credentialsFunc = function (id, callback) { - - var credentials = { - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256', - user: 'Steve' - }; - - return callback(null, credentials); -}; - -// Create HTTP server - -var handler = function (req, res) { - - // Authenticate incoming request - - Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) { - - // Prepare response - - var payload = (!err ? 'Hello ' + credentials.user + ' ' + artifacts.ext : 'Shoosh!'); - var headers = { 'Content-Type': 'text/plain' }; - - // Generate Server-Authorization response header - - var header = Hawk.server.header(credentials, artifacts, { payload: payload, contentType: headers['Content-Type'] }); - headers['Server-Authorization'] = header; - - // Send the response back - - res.writeHead(!err ? 200 : 401, headers); - res.end(payload); - }); -}; - -// Start server - -Http.createServer(handler).listen(8000, 'example.com'); -``` - -Client code: - -```javascript -var Request = require('request'); -var Hawk = require('hawk'); - - -// Client credentials - -var credentials = { - id: 'dh37fgj492je', - key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', - algorithm: 'sha256' -} - -// Request options - -var requestOptions = { - uri: 'http://example.com:8000/resource/1?b=1&a=2', - method: 'GET', - headers: {} -}; - -// Generate Authorization request header - -var header = Hawk.client.header('http://example.com:8000/resource/1?b=1&a=2', 'GET', { credentials: credentials, ext: 'some-app-data' }); -requestOptions.headers.Authorization = header.field; - -// Send authenticated request - -Request(requestOptions, function (error, response, body) { - - // Authenticate the server's response - - var isValid = Hawk.client.authenticate(response, credentials, header.artifacts, { payload: body }); - - // Output results - - console.log(response.statusCode + ': ' + body + (isValid ? ' (valid)' : ' (invalid)')); -}); -``` - -**Hawk** utilized the [**SNTP**](https://github.com/hueniverse/sntp) module for time sync management. By default, the local -machine time is used. To automatically retrieve and synchronice the clock within the application, use the SNTP 'start()' method. - -```javascript -Hawk.sntp.start(); -``` - - -## Protocol Example - -The client attempts to access a protected resource without authentication, sending the following HTTP request to -the resource server: - -``` -GET /resource/1?b=1&a=2 HTTP/1.1 -Host: example.com:8000 -``` - -The resource server returns an authentication challenge. - -``` -HTTP/1.1 401 Unauthorized -WWW-Authenticate: Hawk -``` - -The client has previously obtained a set of **Hawk** credentials for accessing resources on the "http://example.com/" -server. The **Hawk** credentials issued to the client include the following attributes: - -* Key identifier: dh37fgj492je -* Key: werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn -* Algorithm: sha256 - -The client generates the authentication header by calculating a timestamp (e.g. the number of seconds since January 1, -1970 00:00:00 GMT), generating a nonce, and constructing the normalized request string (each value followed by a newline -character): - -``` -hawk.1.header -1353832234 -j4h3g2 -GET -/resource/1?b=1&a=2 -example.com -8000 - -some-app-ext-data - -``` - -The request MAC is calculated using HMAC with the specified hash algorithm "sha256" and the key over the normalized request string. -The result is base64-encoded to produce the request MAC: - -``` -6R4rV5iE+NPoym+WwjeHzjAGXUtLNIxmo1vpMofpLAE= -``` - -The client includes the **Hawk** key identifier, timestamp, nonce, application specific data, and request MAC with the request using -the HTTP `Authorization` request header field: - -``` -GET /resource/1?b=1&a=2 HTTP/1.1 -Host: example.com:8000 -Authorization: Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", ext="some-app-ext-data", mac="6R4rV5iE+NPoym+WwjeHzjAGXUtLNIxmo1vpMofpLAE=" -``` - -The server validates the request by calculating the request MAC again based on the request received and verifies the validity -and scope of the **Hawk** credentials. If valid, the server responds with the requested resource. - - -### Payload Validation - -**Hawk** provides optional payload validation. When generating the authentication header, the client calculates a payload hash -using the specified hash algorithm. The hash is calculated over the concatenated value of (each followed by a newline character): -* `hawk.1.payload` -* the content-type in lowercase, without any parameters (e.g. `application/json`) -* the request payload prior to any content encoding (the exact representation requirements should be specified by the server for payloads other than simple single-part ascii to ensure interoperability) - -For example: - -* Payload: `Thank you for flying Hawk` -* Content Type: `text/plain` -* Hash (sha256): `Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=` - -Results in the following input to the payload hash function (newline terminated values): - -``` -hawk.1.payload -text/plain -Thank you for flying Hawk - -``` - -Which produces the following hash value: - -``` -Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY= -``` - -The client constructs the normalized request string (newline terminated values): - -``` -hawk.1.header -1353832234 -j4h3g2 -POST -/resource/1?a=1&b=2 -example.com -8000 -Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY= -some-app-ext-data - -``` - -Then calculates the request MAC and includes the **Hawk** key identifier, timestamp, nonce, payload hash, application specific data, -and request MAC, with the request using the HTTP `Authorization` request header field: - -``` -POST /resource/1?a=1&b=2 HTTP/1.1 -Host: example.com:8000 -Authorization: Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", hash="Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=", ext="some-app-ext-data", mac="aSe1DERmZuRl3pI36/9BdZmnErTw3sNzOOAUlfeKjVw=" -``` - -It is up to the server if and when it validates the payload for any given request, based solely on it's security policy -and the nature of the data included. - -If the payload is available at the time of authentication, the server uses the hash value provided by the client to construct -the normalized string and validates the MAC. If the MAC is valid, the server calculates the payload hash and compares the value -with the provided payload hash in the header. In many cases, checking the MAC first is faster than calculating the payload hash. - -However, if the payload is not available at authentication time (e.g. too large to fit in memory, streamed elsewhere, or processed -at a different stage in the application), the server may choose to defer payload validation for later by retaining the hash value -provided by the client after validating the MAC. - -It is important to note that MAC validation does not mean the hash value provided by the client is valid, only that the value -included in the header was not modified. Without calculating the payload hash on the server and comparing it to the value provided -by the client, the payload may be modified by an attacker. - - -## Response Payload Validation - -**Hawk** provides partial response payload validation. The server includes the `Server-Authorization` response header which enables the -client to authenticate the response and ensure it is talking to the right server. **Hawk** defines the HTTP `Server-Authorization` header -as a response header using the exact same syntax as the `Authorization` request header field. - -The header is contructed using the same process as the client's request header. The server uses the same credentials and other -artifacts provided by the client to constructs the normalized request string. The `ext` and `hash` values are replaced with -new values based on the server response. The rest as identical to those used by the client. - -The result MAC digest is included with the optional `hash` and `ext` values: - -``` -Server-Authorization: Hawk mac="XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=", hash="f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=", ext="response-specific" -``` - - -## Browser Support and Considerations - -A browser script is provided for including using a `'); + expect(encoded).to.equal('<script>alert(1)</script>'); + }); - it('encodes / characters', function (done) { + it('encodes < and > as named characters', () => { - var encoded = Hoek.escapeJavaScript(''); - expect(encoded).to.equal('\\x3cscript\\x3ealert\\x281\\x29\\x3c\\x2fscript\\x3e'); - done(); + const encoded = Hoek.escapeHtml(''); - expect(encoded).to.equal('<script>alert(1)</script>'); - done(); + const encoded = Hoek.escapeJson(''); + expect(encoded).to.equal('\\u003cscript\\u003ealert(1)\\u003c/script\\u003e'); }); }); Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/index.js =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/index.js (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/index.js (working copy) @@ -1,26 +1,20 @@ -// Load modules +'use strict'; -var Fs = require('fs'); -var Path = require('path'); -var Code = require('code'); -var Hoek = require('../lib'); -var Lab = require('lab'); +const Util = require('util'); +const Code = require('@hapi/code'); +const Hoek = require('..'); +const Lab = require('@hapi/lab'); -// Declare internals -var internals = {}; +const internals = {}; -// Test shortcuts +const { describe, it } = exports.lab = Lab.script(); +const expect = Code.expect; -var lab = exports.lab = Lab.script(); -var describe = lab.experiment; -var it = lab.test; -var expect = Code.expect; - -var nestedObj = { +const nestedObj = { v: [7, 8, 9], w: /^something$/igm, x: { @@ -34,388 +28,84 @@ z: new Date(1378775452757) }; -var dupsArray = [nestedObj, { z: 'z' }, nestedObj]; -var reducedDupsArray = [nestedObj, { z: 'z' }]; - -describe('clone()', function () { - - it('clones a nested object', function (done) { - - var a = nestedObj; - var b = Hoek.clone(a); - - expect(a).to.deep.equal(b); - expect(a.z.getTime()).to.equal(b.z.getTime()); - done(); - }); - - it('clones a null object', function (done) { - - var b = Hoek.clone(null); - - expect(b).to.equal(null); - done(); - }); - - it('should not convert undefined properties to null', function (done) { - - var obj = { something: undefined }; - var b = Hoek.clone(obj); - - expect(typeof b.something).to.equal('undefined'); - done(); - }); - - it('should not throw on circular reference', function (done) { - - var a = {}; - a.x = a; - - var test = function () { - - var b = Hoek.clone(a); - }; - - expect(test).to.not.throw(); - done(); - }); - - it('clones circular reference', function (done) { - - var x = { - 'z': new Date() - }; - x.y = x; - - var b = Hoek.clone(x); - expect(Object.keys(b.y)).to.deep.equal(Object.keys(x)); - expect(b.z).to.not.equal(x.z); - expect(b.y).to.not.equal(x.y); - expect(b.y.z).to.not.equal(x.y.z); - expect(b.y).to.equal(b); - expect(b.y.y.y.y).to.equal(b); - done(); - }); - - it('clones an object with a null prototype', function (done) { - - var obj = Object.create(null); - var b = Hoek.clone(obj); - - expect(b).to.deep.equal(obj); - done(); - }); - - it('clones deeply nested object', function (done) { - - var a = { - x: { - y: { - a: [1, 2, 3], - b: 123456, - c: new Date(), - d: /hi/igm, - e: /hello/ - } - } - }; - - var b = Hoek.clone(a); - - expect(a).to.deep.equal(b); - expect(a.x.y.c.getTime()).to.equal(b.x.y.c.getTime()); - done(); - }); - - it('clones arrays', function (done) { - - var a = [1, 2, 3]; - - var b = Hoek.clone(a); - - expect(a).to.deep.equal(b); - done(); - }); - - it('performs actual copy for shallow keys (no pass by reference)', function (done) { - - var x = Hoek.clone(nestedObj); - var y = Hoek.clone(nestedObj); - - // Date - expect(x.z).to.not.equal(nestedObj.z); - expect(x.z).to.not.equal(y.z); - - // Regex - expect(x.w).to.not.equal(nestedObj.w); - expect(x.w).to.not.equal(y.w); - - // Array - expect(x.v).to.not.equal(nestedObj.v); - expect(x.v).to.not.equal(y.v); - - // Immutable(s) - x.y = 5; - expect(x.y).to.not.equal(nestedObj.y); - expect(x.y).to.not.equal(y.y); - - done(); - }); - - it('performs actual copy for deep keys (no pass by reference)', function (done) { - - var x = Hoek.clone(nestedObj); - var y = Hoek.clone(nestedObj); - - expect(x.x.c).to.not.equal(nestedObj.x.c); - expect(x.x.c).to.not.equal(y.x.c); - - expect(x.x.c.getTime()).to.equal(nestedObj.x.c.getTime()); - expect(x.x.c.getTime()).to.equal(y.x.c.getTime()); - done(); - }); - - it('copies functions with properties', function (done) { - - var a = { - x: function () { - - return 1; - }, - y: {} - }; - a.x.z = 'string in function'; - a.x.v = function () { - - return 2; - }; - a.y.u = a.x; - - var b = Hoek.clone(a); - expect(b.x()).to.equal(1); - expect(b.x.v()).to.equal(2); - expect(b.y.u).to.equal(b.x); - expect(b.x.z).to.equal('string in function'); - done(); - }); - - it('should copy a buffer', function (done) { - - var tls = { - key: new Buffer([1, 2, 3, 4, 5]), - cert: new Buffer([1, 2, 3, 4, 5, 6, 10]) - }; - - var copiedTls = Hoek.clone(tls); - expect(Buffer.isBuffer(copiedTls.key)).to.equal(true); - expect(JSON.stringify(copiedTls.key)).to.equal(JSON.stringify(tls.key)); - expect(Buffer.isBuffer(copiedTls.cert)).to.equal(true); - expect(JSON.stringify(copiedTls.cert)).to.equal(JSON.stringify(tls.cert)); - done(); - }); - - it('clones an object with a prototype', function (done) { - - var Obj = function () { - - this.a = 5; - }; - - Obj.prototype.b = function () { - - return 'c'; - }; - - var a = new Obj(); - var b = Hoek.clone(a); - - expect(b.a).to.equal(5); - expect(b.b()).to.equal('c'); - expect(a).to.deep.equal(b); - done(); - }); - - it('reuses cloned Date object', function (done) { - - var obj = { - a: new Date() - }; - - obj.b = obj.a; - - var copy = Hoek.clone(obj); - expect(copy.a).to.equal(copy.b); - done(); - }); - - it('shallow copies an object with a prototype and isImmutable flag', function (done) { - - var Obj = function () { - - this.value = 5; - }; - - Obj.prototype.b = function () { - - return 'c'; - }; - - Obj.prototype.isImmutable = true; - - var obj = { - a: new Obj() - }; - var copy = Hoek.clone(obj); +describe('merge()', () => { - expect(obj.a.value).to.equal(5); - expect(copy.a.value).to.equal(5); - expect(copy.a.b()).to.equal('c'); - expect(obj.a).to.equal(copy.a); - done(); - }); + it('deep copies source items', () => { - it('clones an object with property getter without executing it', function (done) { + const sym1 = Symbol('1'); + const sym2 = Symbol('2'); + const sym3 = Symbol('3'); - var obj = {}; - var value = 1; - var execCount = 0; - - Object.defineProperty(obj, 'test', { - enumerable: true, - configurable: true, - get: function () { - - ++execCount; - return value; - } - }); - - var copy = Hoek.clone(obj); - expect(execCount).to.equal(0); - expect(copy.test).to.equal(1); - expect(execCount).to.equal(1); - done(); - }); - - it('clones an object with property getter and setter', function (done) { - - var obj = { - _test: 0 + const target = { + b: 3, + d: [], + [sym1]: true, + [sym3]: true }; - Object.defineProperty(obj, 'test', { - enumerable: true, - configurable: true, - get: function () { - - return this._test; + const source = { + c: { + d: 1 }, - set: function (value) { - - this._test = value - 1; - } - }); - - var copy = Hoek.clone(obj); - expect(copy.test).to.equal(0); - copy.test = 5; - expect(copy.test).to.equal(4); - done(); - }); - - it('clones an object with only property setter', function (done) { - - var obj = { - _test: 0 + d: [{ e: 1 }], + [sym2]: true, + [sym3]: false }; - Object.defineProperty(obj, 'test', { - enumerable: true, - configurable: true, - set: function (value) { - - this._test = value - 1; - } - }); - - var copy = Hoek.clone(obj); - expect(copy._test).to.equal(0); - copy.test = 5; - expect(copy._test).to.equal(4); - done(); - }); - - it('clones an object with non-enumerable properties', function (done) { - - var obj = { - _test: 0 - }; - - Object.defineProperty(obj, 'test', { - enumerable: false, - configurable: true, - set: function (value) { - - this._test = value - 1; - } - }); - - var copy = Hoek.clone(obj); - expect(copy._test).to.equal(0); - copy.test = 5; - expect(copy._test).to.equal(4); - done(); - }); - - it('clones an object where getOwnPropertyDescriptor returns undefined', function (done) { - - var oldGetOwnPropertyDescriptor = Object.getOwnPropertyDescriptor; - var obj = { a: 'b' }; - Object.getOwnPropertyDescriptor = function () { - - return undefined; - }; + Hoek.merge(target, source); + expect(target.c).to.not.shallow.equal(source.c); + expect(target.c).to.equal(source.c); + expect(target.d).to.not.shallow.equal(source.d); + expect(target.d[0]).to.not.shallow.equal(source.d[0]); + expect(target.d).to.equal(source.d); - var copy = Hoek.clone(obj); - Object.getOwnPropertyDescriptor = oldGetOwnPropertyDescriptor; - expect(copy).to.deep.equal(obj); - done(); + expect(target[sym1]).to.be.true(); + expect(target[sym2]).to.be.true(); + expect(target[sym3]).to.be.false(); }); -}); -describe('merge()', function () { + it('deep copies source items without symbols', () => { - it('deep copies source items', function (done) { + const sym1 = Symbol('1'); + const sym2 = Symbol('2'); + const sym3 = Symbol('3'); - var target = { + const target = { b: 3, - d: [] + d: [], + [sym1]: true, + [sym3]: true }; - var source = { + const source = { c: { d: 1 }, - d: [{ e: 1 }] + d: [{ e: 1 }], + [sym2]: true, + [sym3]: false }; - Hoek.merge(target, source); - expect(target.c).to.not.equal(source.c); - expect(target.c).to.deep.equal(source.c); - expect(target.d).to.not.equal(source.d); - expect(target.d[0]).to.not.equal(source.d[0]); - expect(target.d).to.deep.equal(source.d); - done(); + Hoek.merge(target, source, { symbols: false }); + expect(target.c).to.not.shallow.equal(source.c); + expect(target.c).to.equal(source.c); + expect(target.d).to.not.shallow.equal(source.d); + expect(target.d[0]).to.not.shallow.equal(source.d[0]); + expect(target.d).to.equal(source.d); + + expect(target[sym1]).to.be.true(); + expect(target[sym2]).to.not.exist(); + expect(target[sym3]).to.be.true(); }); - it('merges array over an object', function (done) { + it('merges array over an object', () => { - var a = { + const a = { x: ['n', 'm'] }; - var b = { + const b = { x: { n: '1', m: '2' @@ -425,16 +115,15 @@ Hoek.merge(b, a); expect(a.x[0]).to.equal('n'); expect(a.x.n).to.not.exist(); - done(); }); - it('merges object over an array', function (done) { + it('merges object over an array', () => { - var a = { + const a = { x: ['n', 'm'] }; - var b = { + const b = { x: { n: '1', m: '2' @@ -444,206 +133,298 @@ Hoek.merge(a, b); expect(a.x.n).to.equal('1'); expect(a.x[0]).to.not.exist(); - done(); }); - it('does not throw if source is null', function (done) { + it('merges from null prototype objects', () => { + + const a = {}; + + const b = Object.create(null); + b.x = true; + + Hoek.merge(a, b); + expect(a.x).to.be.true(); + }); + + it('skips non-enumerable properties', () => { + + const a = { x: 0 }; + + const b = {}; + Object.defineProperty(b, 'x', { + enumerable: false, + value: 1 + }); + + Hoek.merge(a, b); + expect(a.x).to.equal(0); + }); - var a = {}; - var b = null; - var c = null; + it('does not throw if source is null', () => { - expect(function () { + const a = {}; + const b = null; + let c = null; + + expect(() => { c = Hoek.merge(a, b); }).to.not.throw(); expect(c).to.equal(a); - done(); }); - it('does not throw if source is undefined', function (done) { + it('does not throw if source is undefined', () => { - var a = {}; - var b; - var c = null; + const a = {}; + const b = undefined; + let c = null; - expect(function () { + expect(() => { c = Hoek.merge(a, b); }).to.not.throw(); expect(c).to.equal(a); - done(); }); - it('throws if source is not an object', function (done) { + it('throws if source is not an object', () => { - expect(function () { + expect(() => { - var a = {}; - var b = 0; + const a = {}; + const b = 0; Hoek.merge(a, b); }).to.throw('Invalid source value: must be null, undefined, or an object'); - done(); }); - it('throws if target is not an object', function (done) { + it('throws if target is not an object', () => { - expect(function () { + expect(() => { - var a = 0; - var b = {}; + const a = 0; + const b = {}; Hoek.merge(a, b); }).to.throw('Invalid target value: must be an object'); - done(); }); - it('throws if target is not an array and source is', function (done) { + it('throws if target is not an array and source is', () => { - expect(function () { + expect(() => { - var a = {}; - var b = [1, 2]; + const a = {}; + const b = [1, 2]; Hoek.merge(a, b); }).to.throw('Cannot merge array onto an object'); - done(); }); - it('returns the same object when merging arrays', function (done) { + it('returns the same object when merging arrays', () => { - var a = []; - var b = [1, 2]; + const a = []; + const b = [1, 2]; expect(Hoek.merge(a, b)).to.equal(a); - done(); }); - it('combines an empty object with a non-empty object', function (done) { + it('combines an empty object with a non-empty object', () => { - var a = {}; - var b = nestedObj; + const a = {}; + const b = nestedObj; - var c = Hoek.merge(a, b); - expect(a).to.deep.equal(b); - expect(c).to.deep.equal(b); - done(); + const c = Hoek.merge(a, b); + expect(a).to.equal(b); + expect(c).to.equal(b); }); - it('overrides values in target', function (done) { + it('overrides values in target', () => { - var a = { x: 1, y: 2, z: 3, v: 5, t: 'test', m: 'abc' }; - var b = { x: null, z: 4, v: 0, t: { u: 6 }, m: '123' }; + const a = { x: 1, y: 2, z: 3, v: 5, t: 'test', s: 1, m: 'abc' }; + const b = { x: null, z: 4, v: 0, t: { u: 6 }, s: undefined, m: '123' }; - var c = Hoek.merge(a, b); + const c = Hoek.merge(a, b); expect(c.x).to.equal(null); expect(c.y).to.equal(2); expect(c.z).to.equal(4); expect(c.v).to.equal(0); expect(c.m).to.equal('123'); - expect(c.t).to.deep.equal({ u: 6 }); - done(); + expect(c.t).to.equal({ u: 6 }); + expect(c.s).to.equal(undefined); }); - it('overrides values in target (flip)', function (done) { + it('overrides values in target (flip)', () => { - var a = { x: 1, y: 2, z: 3, v: 5, t: 'test', m: 'abc' }; - var b = { x: null, z: 4, v: 0, t: { u: 6 }, m: '123' }; + const a = { x: 1, y: 2, z: 3, v: 5, t: 'test', s: 1, m: 'abc' }; + const b = { x: null, z: 4, v: 0, t: { u: 6 }, s: undefined, m: '123' }; - var d = Hoek.merge(b, a); + const d = Hoek.merge(b, a); expect(d.x).to.equal(1); expect(d.y).to.equal(2); expect(d.z).to.equal(3); expect(d.v).to.equal(5); expect(d.m).to.equal('abc'); - expect(d.t).to.deep.equal('test'); - done(); + expect(d.t).to.equal('test'); + expect(d.s).to.equal(1); }); - it('retains Date properties', function (done) { + it('retains Date properties', () => { - var a = { x: new Date(1378776452757) }; + const a = { x: new Date(1378776452757) }; - var b = Hoek.merge({}, a); + const b = Hoek.merge({}, a); expect(a.x.getTime()).to.equal(b.x.getTime()); - done(); }); - it('retains Date properties when merging keys', function (done) { + it('retains Date properties when merging keys', () => { - var a = { x: new Date(1378776452757) }; + const a = { x: new Date(1378776452757) }; - var b = Hoek.merge({ x: {} }, a); + const b = Hoek.merge({ x: {} }, a); expect(a.x.getTime()).to.equal(b.x.getTime()); - done(); }); - it('overrides Buffer', function (done) { + it('overrides Buffer', () => { - var a = { x: new Buffer('abc') }; + const a = { x: Buffer.from('abc') }; - var b = Hoek.merge({ x: {} }, a); + Hoek.merge({ x: {} }, a); expect(a.x.toString()).to.equal('abc'); - done(); }); -}); -describe('applyToDefaults()', function () { + it('overrides RegExp', () => { - var defaults = { - a: 1, - b: 2, - c: { - d: 3, - e: [5, 6] - }, - f: 6, - g: 'test' - }; + const a = { x: /test/ }; + + Hoek.merge({ x: {} }, a); + expect(a.x).to.equal(/test/); + }); + + it('overrides Symbol properties', () => { + + const sym = Symbol(); + const a = { [sym]: 1 }; + + Hoek.merge({ [sym]: {} }, a); + expect(a[sym]).to.equal(1); + }); + + it('skips __proto__', () => { + + const a = '{ "ok": "value", "__proto__": { "test": "value" } }'; - it('throws when target is null', function (done) { + const b = Hoek.merge({}, JSON.parse(a)); + expect(b).to.equal({ ok: 'value' }); + expect(b.test).to.equal(undefined); + }); +}); + +describe('applyToDefaults()', () => { - expect(function () { + it('throws when target is null', () => { + + expect(() => { Hoek.applyToDefaults(null, {}); }).to.throw('Invalid defaults value: must be an object'); - done(); }); - it('returns null if options is false', function (done) { + it('throws when options are invalid', () => { + + expect(() => { + + Hoek.applyToDefaults({}, {}, false); + }).to.throw('Invalid options: must be an object'); + + expect(() => { + + Hoek.applyToDefaults({}, {}, 123); + }).to.throw('Invalid options: must be an object'); + }); + + it('returns null if source is false', () => { - var result = Hoek.applyToDefaults(defaults, false); + const defaults = { + a: 1, + b: 2, + c: { + d: 3, + e: [5, 6] + }, + f: 6, + g: 'test' + }; + + const result = Hoek.applyToDefaults(defaults, false); expect(result).to.equal(null); - done(); }); - it('returns null if options is null', function (done) { + it('returns null if source is null', () => { - var result = Hoek.applyToDefaults(defaults, null); + const defaults = { + a: 1, + b: 2, + c: { + d: 3, + e: [5, 6] + }, + f: 6, + g: 'test' + }; + + const result = Hoek.applyToDefaults(defaults, null); expect(result).to.equal(null); - done(); }); - it('returns null if options is undefined', function (done) { + it('returns null if source is undefined', () => { - var result = Hoek.applyToDefaults(defaults, undefined); + const defaults = { + a: 1, + b: 2, + c: { + d: 3, + e: [5, 6] + }, + f: 6, + g: 'test' + }; + + const result = Hoek.applyToDefaults(defaults, undefined); expect(result).to.equal(null); - done(); }); - it('returns a copy of defaults if options is true', function (done) { + it('returns a copy of defaults if source is true', () => { - var result = Hoek.applyToDefaults(defaults, true); - expect(result).to.deep.equal(defaults); - done(); + const defaults = { + a: 1, + b: 2, + c: { + d: 3, + e: [5, 6] + }, + f: 6, + g: 'test' + }; + + const result = Hoek.applyToDefaults(defaults, true); + expect(result).to.equal(defaults); }); - it('applies object to defaults', function (done) { + it('applies object to defaults', () => { + + const defaults = { + a: 1, + b: 2, + c: { + d: 3, + e: [5, 6] + }, + f: 6, + g: 'test' + }; - var obj = { + const obj = { a: null, c: { e: [4] @@ -654,18 +435,28 @@ } }; - var result = Hoek.applyToDefaults(defaults, obj); - expect(result.c.e).to.deep.equal([4]); + const result = Hoek.applyToDefaults(defaults, obj); + expect(result.c.e).to.equal([4]); expect(result.a).to.equal(1); expect(result.b).to.equal(2); expect(result.f).to.equal(0); - expect(result.g).to.deep.equal({ h: 5 }); - done(); + expect(result.g).to.equal({ h: 5 }); }); - it('applies object to defaults with null', function (done) { + it('applies object to defaults with null', () => { + + const defaults = { + a: 1, + b: 2, + c: { + d: 3, + e: [5, 6] + }, + f: 6, + g: 'test' + }; - var obj = { + const obj = { a: null, c: { e: [4] @@ -676,80 +467,17 @@ } }; - var result = Hoek.applyToDefaults(defaults, obj, true); - expect(result.c.e).to.deep.equal([4]); + const result = Hoek.applyToDefaults(defaults, obj, { nullOverride: true }); + expect(result.c.e).to.equal([4]); expect(result.a).to.equal(null); expect(result.b).to.equal(2); expect(result.f).to.equal(0); - expect(result.g).to.deep.equal({ h: 5 }); - done(); - }); -}); - -describe('cloneWithShallow()', function () { - - it('deep clones except for listed keys', function (done) { - - var source = { - a: { - b: 5 - }, - c: { - d: 6 - } - }; - - var copy = Hoek.cloneWithShallow(source, ['c']); - expect(copy).to.deep.equal(source); - expect(copy).to.not.equal(source); - expect(copy.a).to.not.equal(source.a); - expect(copy.b).to.equal(source.b); - done(); - }); - - it('returns immutable value', function (done) { - - expect(Hoek.cloneWithShallow(5)).to.equal(5); - done(); + expect(result.g).to.equal({ h: 5 }); }); - it('returns null value', function (done) { + it('shallow copies the listed keys from source without merging', () => { - expect(Hoek.cloneWithShallow(null)).to.equal(null); - done(); - }); - - it('returns undefined value', function (done) { - - expect(Hoek.cloneWithShallow(undefined)).to.equal(undefined); - done(); - }); - - it('deep clones except for listed keys (including missing keys)', function (done) { - - var source = { - a: { - b: 5 - }, - c: { - d: 6 - } - }; - - var copy = Hoek.cloneWithShallow(source, ['c', 'v']); - expect(copy).to.deep.equal(source); - expect(copy).to.not.equal(source); - expect(copy.a).to.not.equal(source.a); - expect(copy.b).to.equal(source.b); - done(); - }); -}); - -describe('applyToDefaultsWithShallow()', function () { - - it('shallow copies the listed keys from options without merging', function (done) { - - var defaults = { + const defaults = { a: { b: 5, e: 3 @@ -760,7 +488,7 @@ } }; - var options = { + const source = { a: { b: 4 }, @@ -770,18 +498,17 @@ } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, options, ['a']); - expect(merged).to.deep.equal({ a: { b: 4 }, c: { d: 6, g: 1, f: 7 } }); - expect(merged.a).to.equal(options.a); + const merged = Hoek.applyToDefaults(defaults, source, { shallow: ['a'] }); + expect(merged).to.equal({ a: { b: 4 }, c: { d: 6, g: 1, f: 7 } }); + expect(merged.a).to.shallow.equal(source.a); expect(merged.a).to.not.equal(defaults.a); - expect(merged.c).to.not.equal(options.c); + expect(merged.c).to.not.equal(source.c); expect(merged.c).to.not.equal(defaults.c); - done(); }); - it('shallow copies the nested keys (override)', function (done) { + it('shallow copies the nested keys (override)', () => { - var defaults = { + const defaults = { a: { b: 5 }, @@ -791,7 +518,7 @@ } }; - var options = { + const source = { a: { b: 4 }, @@ -803,21 +530,20 @@ } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, options, ['c.g']); - expect(merged).to.deep.equal({ a: { b: 4 }, c: { d: 6, g: { h: 8 } } }); - expect(merged.c.g).to.equal(options.c.g); - done(); + const merged = Hoek.applyToDefaults(defaults, source, { shallow: ['c.g'] }); + expect(merged).to.equal({ a: { b: 4 }, c: { d: 6, g: { h: 8 } } }); + expect(merged.c.g).to.shallow.equal(source.c.g); }); - it('shallow copies the nested keys (missing)', function (done) { + it('shallow copies the nested keys (missing)', () => { - var defaults = { + const defaults = { a: { b: 5 } }; - var options = { + const source = { a: { b: 4 }, @@ -828,15 +554,14 @@ } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, options, ['c.g']); - expect(merged).to.deep.equal({ a: { b: 4 }, c: { g: { h: 8 } } }); - expect(merged.c.g).to.equal(options.c.g); - done(); + const merged = Hoek.applyToDefaults(defaults, source, { shallow: ['c.g'] }); + expect(merged).to.equal({ a: { b: 4 }, c: { g: { h: 8 } } }); + expect(merged.c.g).to.shallow.equal(source.c.g); }); - it('shallow copies the nested keys (override)', function (done) { + it('shallow copies the nested keys (override)', () => { - var defaults = { + const defaults = { a: { b: 5 }, @@ -847,7 +572,7 @@ } }; - var options = { + const source = { a: { b: 4 }, @@ -858,21 +583,20 @@ } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, options, ['c.g']); - expect(merged).to.deep.equal({ a: { b: 4 }, c: { g: { h: 8 } } }); - expect(merged.c.g).to.equal(options.c.g); - done(); + const merged = Hoek.applyToDefaults(defaults, source, { shallow: ['c.g'] }); + expect(merged).to.equal({ a: { b: 4 }, c: { g: { h: 8 } } }); + expect(merged.c.g).to.shallow.equal(source.c.g); }); - it('shallow copies the nested keys (deeper)', function (done) { + it('shallow copies the nested keys (deeper)', () => { - var defaults = { + const defaults = { a: { b: 5 } }; - var options = { + const source = { a: { b: 4 }, @@ -885,21 +609,20 @@ } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, options, ['c.g.r']); - expect(merged).to.deep.equal({ a: { b: 4 }, c: { g: { r: { h: 8 } } } }); - expect(merged.c.g.r).to.equal(options.c.g.r); - done(); + const merged = Hoek.applyToDefaults(defaults, source, { shallow: ['c.g.r'] }); + expect(merged).to.equal({ a: { b: 4 }, c: { g: { r: { h: 8 } } } }); + expect(merged.c.g.r).to.shallow.equal(source.c.g.r); }); - it('shallow copies the nested keys (not present)', function (done) { + it('shallow copies the nested keys (not present)', () => { - var defaults = { + const defaults = { a: { b: 5 } }; - var options = { + const source = { a: { b: 4 }, @@ -912,99 +635,238 @@ } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, options, ['x.y']); - expect(merged).to.deep.equal({ a: { b: 4 }, c: { g: { r: { h: 8 } } } }); - done(); + const merged = Hoek.applyToDefaults(defaults, source, { shallow: ['x.y'] }); + expect(merged).to.equal({ a: { b: 4 }, c: { g: { r: { h: 8 } } } }); }); - it('shallow copies the listed keys in the defaults', function (done) { + it('shallow copies the nested keys (non-object)', () => { - var defaults = { + const defaults = { + // All falsy values: + _undefined: { + a: 1 + }, + _null: { + a: 2 + }, + _false: { + a: 3 + }, + _emptyString: { + a: 4 + }, + _zero: { + a: 5 + }, + _NaN: { + a: 6 + }, + // Other non-object values: + _string: { + a: 7 + }, + _number: { + a: 8 + }, + _true: { + a: 9 + }, + _function: { + a: 10 + } + }; + + const source = { + _undefined: undefined, + _null: null, + _false: false, + _emptyString: '', + _zero: 0, + _NaN: NaN, + _string: 'foo', + _number: 42, + _true: true, + _function: () => {} + }; + + const merged = Hoek.applyToDefaults(defaults, source, { shallow: [ + '_undefined.a', + '_null.a', + '_false.a', + '_emptyString.a', + '_zero.a', + '_NaN.a', + '_string.a', + '_number.a', + '_true.a', + '_function.a' + ] }); + expect(merged).to.equal({ + _undefined: { a: 1 }, + _null: { a: 2 }, + _false: false, + _emptyString: '', + _zero: 0, + _NaN: NaN, + _string: 'foo', + _number: 42, + _true: true, + _function: source._function + }); + }); + + it('shallow copies the listed keys in the defaults', () => { + + const defaults = { a: { b: 1 } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, {}, ['a']); - expect(merged.a).to.equal(defaults.a); - done(); + const merged = Hoek.applyToDefaults(defaults, {}, { shallow: ['a'] }); + expect(merged.a).to.shallow.equal(defaults.a); }); - it('shallow copies the listed keys in the defaults (true)', function (done) { + it('shallow copies the listed keys in the defaults (true)', () => { - var defaults = { + const defaults = { a: { b: 1 } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, true, ['a']); - expect(merged.a).to.equal(defaults.a); - done(); + const merged = Hoek.applyToDefaults(defaults, true, { shallow: ['a'] }); + expect(merged.a).to.shallow.equal(defaults.a); }); - it('returns null on false', function (done) { + it('returns null on false', () => { - var defaults = { + const defaults = { a: { b: 1 } }; - var merged = Hoek.applyToDefaultsWithShallow(defaults, false, ['a']); + const merged = Hoek.applyToDefaults(defaults, false, { shallow: ['a'] }); expect(merged).to.equal(null); - done(); }); - it('throws on missing defaults', function (done) { + it('handles missing shallow key in defaults', () => { - expect(function () { + const defaults = { + a: { + b: 1 + } + }; - Hoek.applyToDefaultsWithShallow(null, {}, ['a']); - }).to.throw('Invalid defaults value: must be an object'); - done(); + const options = { + a: { + b: 4 + }, + c: { + d: 2 + } + }; + + const merged = Hoek.applyToDefaults(defaults, options, { shallow: ['c'] }); + expect(merged).to.equal({ a: { b: 4 }, c: { d: 2 } }); + expect(merged.c).to.shallow.equal(options.c); + + expect(Hoek.applyToDefaults(defaults, true, { shallow: ['c'] })).to.equal({ a: { b: 1 } }); }); - it('throws on invalid defaults', function (done) { + it('throws on missing defaults', () => { + + expect(() => Hoek.applyToDefaults(null, {}, { shallow: ['a'] })).to.throw('Invalid defaults value: must be an object'); + }); - expect(function () { + it('throws on invalid defaults', () => { - Hoek.applyToDefaultsWithShallow('abc', {}, ['a']); - }).to.throw('Invalid defaults value: must be an object'); - done(); + expect(() => Hoek.applyToDefaults('abc', {}, { shallow: ['a'] })).to.throw('Invalid defaults value: must be an object'); }); - it('throws on invalid options', function (done) { + it('throws on invalid source', () => { + + expect(() => Hoek.applyToDefaults({}, 'abc', { shallow: ['a'] })).to.throw('Invalid source value: must be true, falsy or an object'); + }); - expect(function () { + it('throws on missing keys', () => { - Hoek.applyToDefaultsWithShallow({}, 'abc', ['a']); - }).to.throw('Invalid options value: must be true, falsy or an object'); - done(); + expect(() => Hoek.applyToDefaults({}, true, { shallow: 123 })).to.throw('Invalid keys'); }); - it('throws on missing keys', function (done) { + it('handles array keys', () => { - expect(function () { + const sym = Symbol(); - Hoek.applyToDefaultsWithShallow({}, true); - }).to.throw('Invalid keys'); - done(); + const defaults = { + a: { + b: 5, + e: 3 + }, + c: { + d: 7, + [sym]: { + f: 9 + } + } + }; + + const options = { + a: { + b: 4 + }, + c: { + d: 6, + [sym]: { + g: 1 + } + } + }; + + const merged = Hoek.applyToDefaults(defaults, options, { shallow: [['c', sym]] }); + expect(merged).to.equal({ a: { b: 4, e: 3 }, c: { d: 6, [sym]: { g: 1 } } }); + expect(merged.c[sym]).to.shallow.equal(options.c[sym]); }); - it('throws on invalid keys', function (done) { + it('does not modify shallow entries in source', () => { - expect(function () { + const defaults = { + a: { + b: 5 + } + }; + + const source = {}; + + Object.defineProperty(source, 'a', { value: { b: 4 } }); + + const merged = Hoek.applyToDefaults(defaults, source, { shallow: ['a'] }); + expect(merged).to.equal({ a: { b: 4 } }); + expect(merged.a).to.shallow.equal(source.a); + expect(merged.a).to.not.equal(defaults.a); + }); + + it('should respect nullOverride when shallow is used', () => { + + const defaults = { host: 'localhost', port: 8000 }; + const source = { host: null, port: 8080 }; - Hoek.applyToDefaultsWithShallow({}, true, 'a'); - }).to.throw('Invalid keys'); - done(); + const result = Hoek.applyToDefaults(defaults, source, { nullOverride: true, shallow: [] }); + expect(result.host).to.equal(null); + expect(result.port).to.equal(8080); }); }); -describe('deepEqual()', function () { +describe('deepEqual()', () => { + + it('compares identical references', () => { + + const x = {}; + expect(Hoek.deepEqual(x, x)).to.be.true(); + }); - it('compares simple values', function (done) { + it('compares simple values', () => { expect(Hoek.deepEqual('x', 'x')).to.be.true(); expect(Hoek.deepEqual('x', 'y')).to.be.false(); @@ -1018,118 +880,550 @@ expect(Hoek.deepEqual(-1, 1)).to.be.false(); expect(Hoek.deepEqual(NaN, 0)).to.be.false(); expect(Hoek.deepEqual(NaN, NaN)).to.be.true(); - done(); }); - it('compares different types', function (done) { + it('compares different types', () => { - expect(Hoek.deepEqual([], 5)).to.be.false(); - expect(Hoek.deepEqual(5, [])).to.be.false(); - expect(Hoek.deepEqual({}, null)).to.be.false(); - expect(Hoek.deepEqual(null, {})).to.be.false(); - expect(Hoek.deepEqual('abc', {})).to.be.false(); - expect(Hoek.deepEqual({}, 'abc')).to.be.false(); - done(); + expect(Hoek.deepEqual([], 5, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(5, [], { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({}, null, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(null, {}, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual('abc', {}, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({}, 'abc', { prototype: false })).to.be.false(); }); - it('compares empty structures', function (done) { + it('compares empty structures', () => { expect(Hoek.deepEqual([], [])).to.be.true(); expect(Hoek.deepEqual({}, {})).to.be.true(); expect(Hoek.deepEqual([], {})).to.be.false(); - done(); + expect(Hoek.deepEqual([], {}, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({}, [], { prototype: false })).to.be.false(); }); - it('compares empty arguments object', function (done) { + it('compares empty arguments object', () => { - var compare = function () { + const compare = function () { - expect(Hoek.deepEqual([], arguments)).to.be.false(); + expect(Hoek.deepEqual([], arguments)).to.be.false(); // eslint-disable-line prefer-rest-params }; compare(); - done(); }); - it('compares empty arguments objects', function (done) { + it('compares empty arguments objects', () => { - var compare = function () { + const compare = function () { - var arg1 = arguments; + const arg1 = arguments; // eslint-disable-line prefer-rest-params - var inner = function () { + const inner = function () { - expect(Hoek.deepEqual(arg1, arguments)).to.be.false(); // callee is not the same + // callee is not supported in strict mode, was previously false becuse callee was different + expect(Hoek.deepEqual(arg1, arguments)).to.be.true(); // eslint-disable-line prefer-rest-params }; inner(); }; compare(); - done(); }); - it('compares dates', function (done) { + it('compares symbol object properties', () => { - expect(Hoek.deepEqual(new Date(2015, 1, 1), new Date(2015, 1, 1))).to.be.true(); + const sym = Symbol(); + + const ne = {}; + Object.defineProperty(ne, sym, { value: true }); + + expect(Hoek.deepEqual({ [sym]: { c: true } }, { [sym]: { c: true } })).to.be.true(); + expect(Hoek.deepEqual({ [sym]: { c: true } }, { [sym]: { c: false } })).to.be.false(); + expect(Hoek.deepEqual({ [sym]: { c: true } }, { [sym]: true })).to.be.false(); + expect(Hoek.deepEqual({ [sym]: undefined }, { [sym]: undefined })).to.be.true(); + expect(Hoek.deepEqual({ [sym]: undefined }, {})).to.be.false(); + expect(Hoek.deepEqual({}, { [sym]: undefined })).to.be.false(); + + expect(Hoek.deepEqual({}, ne)).to.be.true(); + expect(Hoek.deepEqual(ne, {})).to.be.true(); + expect(Hoek.deepEqual({ [sym]: true }, ne)).to.be.false(); + expect(Hoek.deepEqual(ne, { [sym]: true })).to.be.false(); + expect(Hoek.deepEqual(ne, { [Symbol()]: undefined })).to.be.false(); + + expect(Hoek.deepEqual({ [sym]: true }, { [sym]: true })).to.be.true(); + expect(Hoek.deepEqual({ [sym]: true }, {})).to.be.false(); + expect(Hoek.deepEqual({ [sym]: true }, {}, { symbols: false })).to.be.true(); + }); + + it('compares dates', () => { + + expect(Hoek.deepEqual(new Date(2015, 1, 1), new Date('2015/02/01'))).to.be.true(); expect(Hoek.deepEqual(new Date(100), new Date(101))).to.be.false(); expect(Hoek.deepEqual(new Date(), {})).to.be.false(); - done(); + expect(Hoek.deepEqual(new Date(2015, 1, 1), new Date('2015/02/01'), { prototype: false })).to.be.true(); + expect(Hoek.deepEqual(new Date(), {}, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({}, new Date(), { prototype: false })).to.be.false(); }); - it('compares regular expressions', function (done) { + it('compares regular expressions', () => { expect(Hoek.deepEqual(/\s/, new RegExp('\\\s'))).to.be.true(); expect(Hoek.deepEqual(/\s/g, /\s/g)).to.be.true(); - expect(Hoek.deepEqual(/a/, {})).to.be.false(); + expect(Hoek.deepEqual(/a/, {}, { prototype: false })).to.be.false(); expect(Hoek.deepEqual(/\s/g, /\s/i)).to.be.false(); expect(Hoek.deepEqual(/a/g, /b/g)).to.be.false(); - done(); }); - it('compares arrays', function (done) { + it('compares errors', () => { + + expect(Hoek.deepEqual(new Error('a'), new Error('a'))).to.be.true(); + expect(Hoek.deepEqual(new Error('a'), new Error('b'))).to.be.false(); + + expect(Hoek.deepEqual(new Error('a'), new TypeError('a'))).to.be.false(); + expect(Hoek.deepEqual(new Error('a'), new TypeError('a'), { prototype: false })).to.be.false(); + + expect(Hoek.deepEqual(new Error(), {})).to.be.false(); + expect(Hoek.deepEqual(new Error(), {}, { prototype: false })).to.be.false(); + + expect(Hoek.deepEqual({}, new Error())).to.be.false(); + expect(Hoek.deepEqual({}, new Error(), { prototype: false })).to.be.false(); + + const error = new Error('a'); + expect(Hoek.deepEqual(Hoek.clone(error), error)).to.be.true(); + expect(Hoek.deepEqual(Hoek.clone(error), error, { prototype: false })).to.be.true(); + }); + + it('compares arrays', () => { expect(Hoek.deepEqual([[1]], [[1]])).to.be.true(); expect(Hoek.deepEqual([1, 2, 3], [1, 2, 3])).to.be.true(); expect(Hoek.deepEqual([1, 2, 3], [1, 3, 2])).to.be.false(); expect(Hoek.deepEqual([1, 2, 3], [1, 2])).to.be.false(); expect(Hoek.deepEqual([1], [1])).to.be.true(); - done(); + const item1 = { key: 'value1' }; + const item2 = { key: 'value2' }; + expect(Hoek.deepEqual([item1, item1], [item1, item2])).to.be.false(); + }); + + it('compares sets', () => { + + expect(Hoek.deepEqual(new Set(), new Set())).to.be.true(); + expect(Hoek.deepEqual(new Set([1]), new Set([1]))).to.be.true(); + expect(Hoek.deepEqual(new Set([]), new Set([]))).to.be.true(); + expect(Hoek.deepEqual(new Set([1, 2, 3]), new Set([1, 2, 3]))).to.be.true(); + expect(Hoek.deepEqual(new Set([1, 2, 3]), new Set([3, 2, 1]))).to.be.true(); + expect(Hoek.deepEqual(new Set([1, 2, 3]), new Set([1, 2, 4]))).to.be.false(); + expect(Hoek.deepEqual(new Set([1, 2, 3]), new Set([1, 2]))).to.be.false(); + expect(Hoek.deepEqual(new Set([1, 2, 1]), new Set([1, 2]))).to.be.true(); + expect(Hoek.deepEqual(new Set([+0]), new Set([-0]))).to.be.true(); + expect(Hoek.deepEqual(new Set([NaN]), new Set([NaN]))).to.be.true(); + expect(Hoek.deepEqual(new Set([1, {}]), new Set([1, {}]))).to.be.true(); + expect(Hoek.deepEqual(new Set([1, {}]), new Set([{}, 1]))).to.be.true(); + expect(Hoek.deepEqual(new Set([1, {}, {}]), new Set([{}, 1, {}]))).to.be.true(); + expect(Hoek.deepEqual(new Set([1, { a: 1 }]), new Set([{ a: 0 }, 1]))).to.be.false(); + expect(Hoek.deepEqual(new WeakSet(), new WeakSet())).to.be.true(); + const obj = {}; + expect(Hoek.deepEqual(new WeakSet([obj]), new WeakSet())).to.be.true(); + expect(Hoek.deepEqual(new WeakSet(), new Set()), { prototype: false }).to.be.false(); + + const sets = [new Set(), new Set()].map((set) => { + + set.modified = true; + return set; + }); + expect(Hoek.deepEqual(sets[0], sets[1])).to.be.true(); + expect(Hoek.deepEqual(sets[0], new Set())).to.be.false(); + }); + + it('compares extended sets', () => { + + class PrivateSet extends Set { + + has() { + + throw new Error('not allowed'); + } + } + + const entries = ['a', undefined]; + expect(Hoek.deepEqual(new PrivateSet(), new PrivateSet())).to.be.true(); + expect(Hoek.deepEqual(new PrivateSet(entries), new PrivateSet(entries))).to.be.true(); + expect(Hoek.deepEqual(new PrivateSet(entries), new Set(entries), { prototype: false })).to.be.true(); + expect(Hoek.deepEqual(new PrivateSet(entries), new Set(entries), { prototype: true })).to.be.false(); + expect(Hoek.deepEqual(new PrivateSet(), new PrivateSet(entries))).to.be.false(); + expect(Hoek.deepEqual(new PrivateSet(entries), new PrivateSet())).to.be.false(); + + class LockableSet extends Set { + + constructor(values, locked = true) { + + super(values); + this.locked = locked; + } + + has() { + + if (this.locked) { + throw new Error('not allowed'); + } + } + } + + expect(Hoek.deepEqual(new LockableSet(), new LockableSet())).to.be.true(); + expect(Hoek.deepEqual(new LockableSet(entries), new LockableSet(entries))).to.be.true(); + expect(Hoek.deepEqual(new LockableSet(entries, false), new LockableSet(entries, false))).to.be.true(); + expect(Hoek.deepEqual(new LockableSet(entries, true), new LockableSet(entries, false))).to.be.false(); + expect(Hoek.deepEqual(new LockableSet(entries, false), new LockableSet(entries, true))).to.be.false(); + expect(Hoek.deepEqual(new LockableSet(entries), new Set(entries), { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(new LockableSet(entries), new PrivateSet(entries), { prototype: false })).to.be.false(); + }); + + it('compares maps', () => { + + const item1 = { key: 'value1' }; + const item2 = { key: 'value2' }; + expect(Hoek.deepEqual(new Map(), new Map())).to.be.true(); + expect(Hoek.deepEqual(new Map([[1, {}]]), new Map([[1, {}]]))).to.be.true(); + expect(Hoek.deepEqual(new Map([[1, item1]]), new Map([[1, item1]]))).to.be.true(); + expect(Hoek.deepEqual(new Map([[1, item1]]), new Map([[1, item2]]))).to.be.false(); + expect(Hoek.deepEqual(new Map([[1, undefined]]), new Map([[1, undefined]]))).to.be.true(); + expect(Hoek.deepEqual(new Map([[1, undefined]]), new Map([[2, undefined]]))).to.be.false(); + expect(Hoek.deepEqual(new Map([[1, {}]]), new Map([[1, {}], [2, {}]]))).to.be.false(); + expect(Hoek.deepEqual(new Map([[item1, 1]]), new Map([[item1, 1]]))).to.be.true(); + expect(Hoek.deepEqual(new Map([[{}, 1]]), new Map([[{}, 1]]))).to.be.false(); + expect(Hoek.deepEqual(new WeakMap(), new WeakMap())).to.be.true(); + expect(Hoek.deepEqual(new WeakMap([[item1, 1]]), new WeakMap())).to.be.true(); + expect(Hoek.deepEqual(new WeakMap(), new Map()), { prototype: false }).to.be.false(); + + const maps = [new Map(), new Map()].map((map) => { + + map.modified = true; + return map; + }); + expect(Hoek.deepEqual(maps[0], maps[1])).to.be.true(); + expect(Hoek.deepEqual(maps[0], new Map())).to.be.false(); + }); + + it('compares extended maps', () => { + + class PrivateMap extends Map { + + get() { + + throw new Error('not allowed'); + } + } + + const entries = [['a', 1], ['b', undefined]]; + expect(Hoek.deepEqual(new PrivateMap(), new PrivateMap())).to.be.true(); + expect(Hoek.deepEqual(new PrivateMap(entries), new PrivateMap(entries))).to.be.true(); + expect(Hoek.deepEqual(new PrivateMap(entries), new Map(entries), { prototype: false })).to.be.true(); + expect(Hoek.deepEqual(new PrivateMap(entries), new Map(entries), { prototype: true })).to.be.false(); + expect(Hoek.deepEqual(new PrivateMap(), new PrivateMap(entries))).to.be.false(); + expect(Hoek.deepEqual(new PrivateMap(entries), new PrivateMap())).to.be.false(); + + class LockableMap extends Map { + + constructor(kvs, locked = true) { + + super(kvs); + this.locked = locked; + } + + get() { + + if (this.locked) { + throw new Error('not allowed'); + } + } + } + + expect(Hoek.deepEqual(new LockableMap(), new LockableMap())).to.be.true(); + expect(Hoek.deepEqual(new LockableMap(entries), new LockableMap(entries))).to.be.true(); + expect(Hoek.deepEqual(new LockableMap(entries, false), new LockableMap(entries, false))).to.be.true(); + expect(Hoek.deepEqual(new LockableMap(entries, true), new LockableMap(entries, false))).to.be.false(); + expect(Hoek.deepEqual(new LockableMap(entries, false), new LockableMap(entries, true))).to.be.false(); + expect(Hoek.deepEqual(new LockableMap(entries), new Map(entries), { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(new LockableMap(entries), new PrivateMap(entries), { prototype: false })).to.be.false(); + }); + + it('compares promises', () => { + + const a = new Promise(() => { }); + + expect(Hoek.deepEqual(a, a)).to.be.true(); + expect(Hoek.deepEqual(a, new Promise(() => { }))).to.be.false(); + }); + + it('compares buffers', () => { + + expect(Hoek.deepEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 2, 3]))).to.be.true(); + expect(Hoek.deepEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 3, 2]))).to.be.false(); + expect(Hoek.deepEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 2]))).to.be.false(); + expect(Hoek.deepEqual(Buffer.from([1, 2, 3]), {})).to.be.false(); + expect(Hoek.deepEqual(Buffer.from([1, 2, 3]), [1, 2, 3])).to.be.false(); + }); + + it('compares string objects', () => { + + /* eslint-disable no-new-wrappers */ + expect(Hoek.deepEqual(new String('a'), new String('a'))).to.be.true(); + expect(Hoek.deepEqual(new String('a'), new String('b'))).to.be.false(); + expect(Hoek.deepEqual(new String(''), {}, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({}, new String(''), { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(new String('a'), 'a', { prototype: false })).to.be.false(); + expect(Hoek.deepEqual('a', new String('a'), { prototype: false })).to.be.false(); + /* eslint-enable no-new-wrappers */ + }); + + it('compares number objects', () => { + + /* eslint-disable no-new-wrappers */ + expect(Hoek.deepEqual(new Number(1), new Number(1))).to.be.true(); + expect(Hoek.deepEqual(new Number(1), new Number(2))).to.be.false(); + expect(Hoek.deepEqual(new Number(+0), new Number(-0))).to.be.false(); + expect(Hoek.deepEqual(new Number(NaN), new Number(NaN))).to.be.true(); + expect(Hoek.deepEqual(new Number(0), {}, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({}, new Number(0), { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(new Number(1), 1, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(1, new Number(1), { prototype: false })).to.be.false(); + /* eslint-enable no-new-wrappers */ }); - it('compares buffers', function (done) { + it('compares boolean objects', () => { - expect(Hoek.deepEqual(new Buffer([1, 2, 3]), new Buffer([1, 2, 3]))).to.be.true(); - expect(Hoek.deepEqual(new Buffer([1, 2, 3]), new Buffer([1, 3, 2]))).to.be.false(); - expect(Hoek.deepEqual(new Buffer([1, 2, 3]), new Buffer([1, 2]))).to.be.false(); - expect(Hoek.deepEqual(new Buffer([1, 2, 3]), {})).to.be.false(); - expect(Hoek.deepEqual(new Buffer([1, 2, 3]), [1, 2, 3])).to.be.false(); - done(); + /* eslint-disable no-new-wrappers */ + expect(Hoek.deepEqual(new Boolean(true), new Boolean(true))).to.be.true(); + expect(Hoek.deepEqual(new Boolean(true), new Boolean(false))).to.be.false(); + expect(Hoek.deepEqual(new Boolean(false), {}, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({}, new Boolean(false), { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(new Boolean(true), true, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual(true, new Boolean(true), { prototype: false })).to.be.false(); + /* eslint-enable no-new-wrappers */ }); - it('compares objects', function (done) { + it('compares objects', () => { expect(Hoek.deepEqual({ a: 1, b: 2, c: 3 }, { a: 1, b: 2, c: 3 })).to.be.true(); expect(Hoek.deepEqual({ foo: 'bar' }, { foo: 'baz' })).to.be.false(); expect(Hoek.deepEqual({ foo: { bar: 'foo' } }, { foo: { bar: 'baz' } })).to.be.false(); - done(); + expect(Hoek.deepEqual({ foo: undefined }, {})).to.be.false(); + expect(Hoek.deepEqual({}, { foo: undefined })).to.be.false(); + expect(Hoek.deepEqual({ foo: undefined }, { bar: undefined })).to.be.false(); + }); + + it('compares functions', () => { + + const f1 = () => 1; + const f2 = () => 2; + const f2a = () => 2; + + expect(Hoek.deepEqual({ f1 }, { f1 })).to.be.true(); + expect(Hoek.deepEqual({ f1 }, { f1: f2 })).to.be.false(); + expect(Hoek.deepEqual({ f2 }, { f2: f2a })).to.be.false(); + expect(Hoek.deepEqual({ f2 }, { f2: f2a }, { deepFunction: true })).to.be.true(); + expect(Hoek.deepEqual({ f2 }, { f2: f1 }, { deepFunction: true })).to.be.false(); + + const f3 = () => 3; + f3.x = 1; + + const f3a = () => 3; + f3a.x = 1; + + const f3b = () => 3; + f3b.x = 2; + + expect(Hoek.deepEqual({ f3 }, { f3: f3a }, { deepFunction: true })).to.be.true(); + expect(Hoek.deepEqual({ f3 }, { f3: f3b }, { deepFunction: true })).to.be.false(); + }); + + it('skips keys', () => { + + expect(Hoek.deepEqual({ a: 1, b: 2, c: 3 }, { a: 1, b: 2, c: 4 })).to.be.false(); + expect(Hoek.deepEqual({ a: 1, b: 2, c: 3 }, { a: 1, b: 2, c: 4 }, { skip: ['c'] })).to.be.true(); + + expect(Hoek.deepEqual({ a: 1, b: 2, c: 3 }, { a: 1, b: 2 })).to.be.false(); + expect(Hoek.deepEqual({ a: 1, b: 2, c: 3 }, { a: 1, b: 2 }, { skip: ['c'] })).to.be.true(); + + const sym = Symbol('test'); + expect(Hoek.deepEqual({ a: 1, b: 2, [sym]: 3 }, { a: 1, b: 2, [sym]: 4 })).to.be.false(); + expect(Hoek.deepEqual({ a: 1, b: 2, [sym]: 3 }, { a: 1, b: 2, [sym]: 4 }, { skip: [sym] })).to.be.true(); + + expect(Hoek.deepEqual({ a: 1, b: 2, [sym]: 3 }, { a: 1, b: 2 })).to.be.false(); + expect(Hoek.deepEqual({ a: 1, b: 2, [sym]: 3 }, { a: 1, b: 2 }, { skip: [sym] })).to.be.true(); + expect(Hoek.deepEqual({ a: 1, b: 2, [sym]: 3, [Symbol('other')]: true }, { a: 1, b: 2 }, { skip: [sym] })).to.be.false(); + + expect(Hoek.deepEqual({ a: 1, b: 2 }, { a: 1 }, { skip: ['a'] })).to.be.false(); + expect(Hoek.deepEqual({ a: 1 }, { a: 1, b: 2 }, { skip: ['a'] })).to.be.false(); + }); + + it('handles circular dependency', () => { + + const a = {}; + a.x = a; + + const b = Hoek.clone(a); + expect(Hoek.deepEqual(a, b)).to.be.true(); + }); + + it('handles obj only circular dependency', () => { + + const a = {}; + a.x = a; + + const b = { x: {} }; + expect(Hoek.deepEqual(a, b)).to.be.false(); + expect(Hoek.deepEqual(b, a)).to.be.false(); }); - it('handles circular dependency', function (done) { + it('handles irregular circular dependency', () => { - var a = {}; + const a = {}; a.x = a; - var b = Hoek.clone(a); + const b = { x: {} }; + b.x.x = b; + + const c = { x: { x: {} } }; + c.x.x.x = c; expect(Hoek.deepEqual(a, b)).to.be.true(); - done(); + expect(Hoek.deepEqual(b, a)).to.be.true(); + expect(Hoek.deepEqual(a, c)).to.be.true(); + expect(Hoek.deepEqual(b, c)).to.be.true(); + expect(Hoek.deepEqual(c, a)).to.be.true(); + expect(Hoek.deepEqual(c, b)).to.be.true(); + b.x.y = 1; + expect(Hoek.deepEqual(a, b)).to.be.false(); + expect(Hoek.deepEqual(b, a)).to.be.false(); + }); + + it('handles cross circular dependency', () => { + + const a = {}; + const b = { x: {}, y: a }; + b.x.x = b; + b.x.y = b.x; + a.x = b; + a.y = a; + expect(Hoek.deepEqual(b, a)).to.be.true(); + expect(Hoek.deepEqual(a, b)).to.be.true(); + b.x.y = 1; + expect(Hoek.deepEqual(b, a)).to.be.false(); + expect(Hoek.deepEqual(a, b)).to.be.false(); }); - it('compares an object with property getter without executing it', function (done) { + it('handles reuse of objects', () => { + + const date1 = { year: 2018, month: 1, day: 1 }; + const date2 = { year: 2000, month: 1, day: 1 }; + + expect(Hoek.deepEqual({ start: date1, end: date1 }, { start: date1, end: date2 })).to.be.false(); + }); + + it('handles valueOf() that throws', () => { + + const throwing = class { + + constructor(value) { + + this.value = value; + } - var obj = {}; - var value = 1; - var execCount = 0; + valueOf() { + + throw new Error('failed'); + } + }; + + expect(Hoek.deepEqual(new throwing('a'), new throwing('a'))).to.be.true(); + expect(Hoek.deepEqual(new throwing('a'), new throwing('b'))).to.be.false(); + expect(Hoek.deepEqual(new throwing('a'), { value: 'a' }, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({ value: 'a' }, new throwing('a'), { prototype: false })).to.be.false(); + }); + + it('handles valueOf() that returns similar value', () => { + + const identity = class { + + constructor(value) { + + this.value = value; + } + + valueOf() { + + return { value: this.value }; + } + }; + + expect(Hoek.deepEqual(new identity('a'), new identity('a'))).to.be.true(); + expect(Hoek.deepEqual(new identity('a'), new identity('b'))).to.be.false(); + expect(Hoek.deepEqual(new identity('a'), { value: 'a' }, { prototype: true })).to.be.false(); + expect(Hoek.deepEqual(new identity('a'), { value: 'a' }, { prototype: false })).to.be.true(); + expect(Hoek.deepEqual({ value: 'a' }, new identity('a'), { prototype: true })).to.be.false(); + expect(Hoek.deepEqual({ value: 'a' }, new identity('a'), { prototype: false })).to.be.true(); + }); + + it('skips enumerable properties on prototype chain', () => { + + const base = function (value, surprice) { + + this.value = value; + if (surprice) { + this.surprice = surprice; + } + }; + + Object.defineProperty(base.prototype, 'enum', { + enumerable: true, + configurable: true, + value: true + }); + + expect('enum' in new base('a')).to.be.true(); + expect(Hoek.deepEqual(new base('a'), new base('a'))).to.be.true(); + expect(Hoek.deepEqual(new base('a'), new base('b'))).to.be.false(); + expect(Hoek.deepEqual(new base('a'), { value: 'a' }, { prototype: false })).to.be.true(); + expect(Hoek.deepEqual({ value: 'a' }, new base('a'), { prototype: false })).to.be.true(); + expect(Hoek.deepEqual(new base('a', 1), { value: 'a', enum: true }, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({ value: 'a', enum: true }, new base('a', 1), { prototype: false })).to.be.false(); + }); + + it('skips non-enumerable properties', () => { + + const base = function Base(value, surprice) { + + this.value = value; + if (surprice) { + this.surprice = surprice; + } + }; + + const createObj = (...args) => { + + const obj = new base(...args); + + Object.defineProperty(obj, 'hidden', { + enumerable: false, + configurable: true, + value: true + }); + + return obj; + }; + + expect(Hoek.deepEqual(createObj('a'), createObj('a'))).to.be.true(); + expect(Hoek.deepEqual(createObj('a'), createObj('b'))).to.be.false(); + expect(Hoek.deepEqual(createObj('a'), { value: 'a' }, { prototype: false })).to.be.true(); + expect(Hoek.deepEqual({ value: 'a' }, createObj('a'), { prototype: false })).to.be.true(); + expect(Hoek.deepEqual(createObj('a', 1), { value: 'a', hidden: true }, { prototype: false })).to.be.false(); + expect(Hoek.deepEqual({ value: 'a', hidden: true }, createObj('a', 1), { prototype: false })).to.be.false(); + }); + + it('compares an object with property getter while executing it', () => { + + const obj = {}; + const value = 1; + let execCount = 0; Object.defineProperty(obj, 'test', { enumerable: true, @@ -1141,17 +1435,16 @@ } }); - var copy = Hoek.clone(obj); + const copy = Hoek.clone(obj); expect(Hoek.deepEqual(obj, copy)).to.be.true(); - expect(execCount).to.equal(0); + expect(execCount).to.equal(2); expect(copy.test).to.equal(1); - expect(execCount).to.equal(1); - done(); + expect(execCount).to.equal(3); }); - it('compares objects with property getters', function (done) { + it('compares objects with property getters', () => { - var obj = {}; + const obj = {}; Object.defineProperty(obj, 'test', { enumerable: true, configurable: true, @@ -1161,7 +1454,7 @@ } }); - var ref = {}; + const ref = {}; Object.defineProperty(ref, 'test', { enumerable: true, configurable: true, @@ -1172,12 +1465,11 @@ }); expect(Hoek.deepEqual(obj, ref)).to.be.false(); - done(); }); - it('compares object prototypes', function (done) { + it('compares object prototypes', () => { - var Obj = function () { + const Obj = function () { this.a = 5; }; @@ -1187,7 +1479,7 @@ return this.a; }; - var Ref = function () { + const Ref = function () { this.a = 5; }; @@ -1200,151 +1492,125 @@ expect(Hoek.deepEqual(new Obj(), new Ref())).to.be.false(); expect(Hoek.deepEqual(new Obj(), new Obj())).to.be.true(); expect(Hoek.deepEqual(new Ref(), new Ref())).to.be.true(); - done(); }); - it('compares plain objects', function (done) { + it('compares plain objects', () => { - var a = Object.create(null); - var b = Object.create(null); + const a = Object.create(null); + const b = Object.create(null); a.b = 'c'; b.b = 'c'; expect(Hoek.deepEqual(a, b)).to.be.true(); expect(Hoek.deepEqual(a, { b: 'c' })).to.be.false(); - done(); }); - it('compares an object with an empty object', function (done) { + it('compares an object with an empty object', () => { - var a = { a: 1, b: 2 }; + const a = { a: 1, b: 2 }; expect(Hoek.deepEqual({}, a)).to.be.false(); expect(Hoek.deepEqual(a, {})).to.be.false(); - done(); }); - it('compares an object ignoring the prototype', function (done) { + it('compares an object ignoring the prototype', () => { - var a = Object.create(null); - var b = {}; + const a = Object.create(null); + const b = {}; expect(Hoek.deepEqual(a, b, { prototype: false })).to.be.true(); - done(); }); - it('compares an object ignoring the prototype recursively', function (done) { + it('compares an object ignoring the prototype recursively', () => { - var a = [Object.create(null)]; - var b = [{}]; + const a = [Object.create(null)]; + const b = [{}]; expect(Hoek.deepEqual(a, b, { prototype: false })).to.be.true(); - done(); - }); -}); - -describe('unique()', function () { - - it('ensures uniqueness within array of objects based on subkey', function (done) { - - var a = Hoek.unique(dupsArray, 'x'); - expect(a).to.deep.equal(reducedDupsArray); - done(); - }); - - it('removes duplicated without key', function (done) { - - expect(Hoek.unique([1, 2, 3, 4, 2, 1, 5])).to.deep.equal([1, 2, 3, 4, 5]); - done(); }); }); -describe('mapToObject()', function () { +describe('intersect()', () => { - it('returns null on null array', function (done) { + it('returns the common objects of two arrays', () => { - var a = Hoek.mapToObject(null); - expect(a).to.equal(null); - done(); + const array1 = [1, 2, 3, 4, 4, 5, 5]; + const array2 = [5, 4, 5, 6, 7]; + const common = Hoek.intersect(array1, array2); + expect(common).to.equal([5, 4]); }); - it('converts basic array to existential object', function (done) { + it('returns the common objects of array and set', () => { - var keys = [1, 2, 3, 4]; - var a = Hoek.mapToObject(keys); - for (var i in keys) { - expect(a[keys[i]]).to.equal(true); - } - done(); + const array1 = new Set([1, 2, 3, 4, 4, 5, 5]); + const array2 = [5, 4, 5, 6, 7]; + const common = Hoek.intersect(array1, array2); + expect(common).to.equal([5, 4]); }); - it('converts array of objects to existential object', function (done) { + it('returns the common objects of set and array', () => { - var keys = [{ x: 1 }, { x: 2 }, { x: 3 }, { y: 4 }]; - var subkey = 'x'; - var a = Hoek.mapToObject(keys, subkey); - expect(a).to.deep.equal({ 1: true, 2: true, 3: true }); - done(); + const array1 = [1, 2, 3, 4, 4, 5, 5]; + const array2 = new Set([5, 4, 5, 6, 7]); + const common = Hoek.intersect(array1, array2); + expect(common).to.equal([5, 4]); }); -}); -describe('intersect()', function () { + it('returns the common objects of two sets', () => { - it('returns the common objects of two arrays', function (done) { - - var array1 = [1, 2, 3, 4, 4, 5, 5]; - var array2 = [5, 4, 5, 6, 7]; - var common = Hoek.intersect(array1, array2); - expect(common.length).to.equal(2); - done(); + const array1 = new Set([1, 2, 3, 4, 4, 5, 5]); + const array2 = new Set([5, 4, 5, 6, 7]); + const common = Hoek.intersect(array1, array2); + expect(common).to.equal([5, 4]); }); - it('returns just the first common object of two arrays', function (done) { + it('returns just the first common object of two arrays', () => { - var array1 = [1, 2, 3, 4, 4, 5, 5]; - var array2 = [5, 4, 5, 6, 7]; - var common = Hoek.intersect(array1, array2, true); + const array1 = [1, 2, 3, 4, 4, 5, 5]; + const array2 = [5, 4, 5, 6, 7]; + const common = Hoek.intersect(array1, array2, { first: true }); expect(common).to.equal(5); - done(); }); - it('returns null when no common and returning just the first common object of two arrays', function (done) { + it('returns null when no common and returning just the first common object of two arrays', () => { - var array1 = [1, 2, 3, 4, 4, 5, 5]; - var array2 = [6, 7]; - var common = Hoek.intersect(array1, array2, true); + const array1 = [1, 2, 3, 4, 4, 5, 5]; + const array2 = [6, 7]; + const common = Hoek.intersect(array1, array2, { first: true }); expect(common).to.equal(null); - done(); }); - it('returns an empty array if either input is null', function (done) { + it('returns an empty array if either input is null', () => { expect(Hoek.intersect([1], null).length).to.equal(0); expect(Hoek.intersect(null, [1]).length).to.equal(0); - done(); + expect(Hoek.intersect(null, [1], { first: true })).to.be.null(); }); - it('returns the common objects of object and array', function (done) { + it('returns the common objects of object and array', () => { - var array1 = [1, 2, 3, 4, 4, 5, 5]; - var array2 = [5, 4, 5, 6, 7]; - var common = Hoek.intersect(Hoek.mapToObject(array1), array2); + const array1 = { 1: true, 2: true, 3: true, 4: true, 5: true }; + const array2 = [5, 4, 5, 6, 7]; + const common = Hoek.intersect(array1, array2); expect(common.length).to.equal(2); - done(); }); }); -describe('contain()', function () { +describe('contain()', () => { - it('tests strings', function (done) { + it('tests strings', () => { expect(Hoek.contain('abc', 'ab')).to.be.true(); expect(Hoek.contain('abc', 'abc', { only: true })).to.be.true(); expect(Hoek.contain('aaa', 'a', { only: true })).to.be.true(); + expect(Hoek.contain('aaa', 'a', { only: true, once: true })).to.be.false(); expect(Hoek.contain('abc', 'b', { once: true })).to.be.true(); expect(Hoek.contain('abc', ['a', 'c'])).to.be.true(); expect(Hoek.contain('abc', ['a', 'd'], { part: true })).to.be.true(); + expect(Hoek.contain('aaa', ['a', 'a'], { only: true, once: true })).to.be.false(); + expect(Hoek.contain('aaa', ['a', 'a'], { only: true })).to.be.true(); + expect(Hoek.contain('aaa', ['a', 'a', 'a'], { only: true, once: true })).to.be.true(); expect(Hoek.contain('abc', 'ac')).to.be.false(); expect(Hoek.contain('abcd', 'abc', { only: true })).to.be.false(); @@ -1352,10 +1618,33 @@ expect(Hoek.contain('abb', 'b', { once: true })).to.be.false(); expect(Hoek.contain('abc', ['a', 'd'])).to.be.false(); expect(Hoek.contain('abc', ['ab', 'bc'])).to.be.false(); // Overlapping values not supported - done(); + + expect(Hoek.contain('', 'a')).to.be.false(); + expect(Hoek.contain('', 'a', { only: true })).to.be.false(); + + expect(Hoek.contain('', '')).to.be.true(); + expect(Hoek.contain('', ''), { only: true }).to.be.true(); + expect(Hoek.contain('', ''), { once: true }).to.be.true(); + expect(Hoek.contain('', ['', ''])).to.be.true(); + expect(Hoek.contain('', ['', ''], { only: true })).to.be.true(); + expect(Hoek.contain('', ['', ''], { once: true })).to.be.false(); + + expect(Hoek.contain('a', '')).to.be.true(); + expect(Hoek.contain('a', '', { only: true })).to.be.false(); + expect(Hoek.contain('a', '', { once: true })).to.be.false(); + expect(Hoek.contain('a', ['', ''])).to.be.true(); + expect(Hoek.contain('a', ['', ''], { only: true })).to.be.false(); + expect(Hoek.contain('a', ['', ''], { once: true })).to.be.false(); + + expect(Hoek.contain('ab', ['a', 'b', 'c'])).to.be.false(); + expect(Hoek.contain('ab', ['a', 'b', 'c'], { only: true })).to.be.false(); + expect(Hoek.contain('ab', ['a', 'b', 'c'], { only: true, once: true })).to.be.false(); + + expect(Hoek.contain('ab', ['c'], { part: true })).to.be.false(); + expect(Hoek.contain('ab', ['b'], { part: true })).to.be.true(); }); - it('tests arrays', function (done) { + it('tests arrays', () => { expect(Hoek.contain([1, 2, 3], 1)).to.be.true(); expect(Hoek.contain([{ a: 1 }], { a: 1 }, { deep: true })).to.be.true(); @@ -1364,22 +1653,49 @@ expect(Hoek.contain([1, 1, 2], [1, 2], { only: true })).to.be.true(); expect(Hoek.contain([1, 2], [1, 2], { once: true })).to.be.true(); expect(Hoek.contain([1, 2, 3], [1, 4], { part: true })).to.be.true(); + expect(Hoek.contain([null, 2, 3], [null, 4], { part: true })).to.be.true(); + expect(Hoek.contain([null], null, { deep: true })).to.be.true(); expect(Hoek.contain([[1], [2]], [[1]], { deep: true })).to.be.true(); + expect(Hoek.contain([[1], [2], 3], [[1]], { deep: true })).to.be.true(); + expect(Hoek.contain([[1, 2]], [[1]], { deep: true, part: true })).to.be.true(); + expect(Hoek.contain([[1, 2]], [[1], 2], { deep: true, part: true })).to.be.true(); + expect(Hoek.contain([1, 2, 1], [1, 1, 2], { only: true })).to.be.true(); + expect(Hoek.contain([1, 2, 1], [1, 1, 2], { only: true, once: true })).to.be.true(); + expect(Hoek.contain([1, 2, 1], [1, 2, 2], { only: true })).to.be.false(); + expect(Hoek.contain([1, 2, 1], [1, 2, 2], { only: true, part: true })).to.be.true(); + expect(Hoek.contain([1, 1, 1], [1, 1, 1, 1])).to.be.false(); + expect(Hoek.contain([1, 1, 1], [1, 1, 1, 1], { part: true })).to.be.true(); expect(Hoek.contain([1, 2, 3], 4)).to.be.false(); expect(Hoek.contain([{ a: 1 }], { a: 2 }, { deep: true })).to.be.false(); + expect(Hoek.contain([{ a: 1 }, { a: 1 }], [{ a: 1 }, { a: 1 }], { deep: true, once: true, only: true })).to.be.true(); + expect(Hoek.contain([{ a: 1 }, { a: 1 }], [{ a: 1 }, { a: 2 }], { deep: true, once: true, only: true })).to.be.false(); expect(Hoek.contain([{ a: 1 }], { a: 1 })).to.be.false(); expect(Hoek.contain([1, 2, 3], [4, 5])).to.be.false(); expect(Hoek.contain([[3], [2]], [[1]])).to.be.false(); expect(Hoek.contain([[1], [2]], [[1]])).to.be.false(); + expect(Hoek.contain([[1, 2]], [[1]], { deep: true })).to.be.false(); expect(Hoek.contain([{ a: 1 }], [{ a: 2 }], { deep: true })).to.be.false(); expect(Hoek.contain([1, 3, 2], [1, 2], { only: true })).to.be.false(); expect(Hoek.contain([1, 2, 2], [1, 2], { once: true })).to.be.false(); expect(Hoek.contain([0, 2, 3], [1, 4], { part: true })).to.be.false(); - done(); + expect(Hoek.contain([1, 2, 1], [1, 2, 2], { only: true, once: true })).to.be.false(); + expect(Hoek.contain([1, 2, 1], [1, 2], { only: true, once: true })).to.be.false(); + + expect(Hoek.contain([], 1)).to.be.false(); + expect(Hoek.contain([], 1, { only: true })).to.be.false(); + + expect(Hoek.contain(['a', 'b'], ['a', 'b', 'c'])).to.be.false(); + expect(Hoek.contain(['a', 'b'], ['a', 'b', 'c'], { only: true })).to.be.false(); + expect(Hoek.contain(['a', 'b'], ['a', 'b', 'c'], { only: true, once: true })).to.be.false(); + + expect(Hoek.contain(['a', 'b'], ['c'], { part: true })).to.be.false(); + expect(Hoek.contain(['a', 'b'], ['b'], { part: true })).to.be.true(); + + expect(Hoek.contain([{ a: 1 }], [1], { deep: true })).to.be.false(); }); - it('tests objects', function (done) { + it('tests objects', () => { expect(Hoek.contain({ a: 1, b: 2, c: 3 }, 'a')).to.be.true(); expect(Hoek.contain({ a: 1, b: 2, c: 3 }, ['a', 'c'])).to.be.true(); @@ -1389,11 +1705,12 @@ expect(Hoek.contain({ a: 1, b: 2, c: 3 }, { a: 1, d: 4 }, { part: true })).to.be.true(); expect(Hoek.contain({ a: 1, b: 2, c: 3 }, { a: 1, b: 2, c: 3 }, { only: true })).to.be.true(); expect(Hoek.contain({ a: [1], b: [2], c: [3] }, { a: [1], c: [3] }, { deep: true })).to.be.true(); - expect(Hoek.contain({ a: [{ b: 1 }, { c: 2 }, { d: 3, e: 4 }] }, { a: [{ b: 1 }, { d: 3 }] }, { deep: true })).to.be.true(); + expect(Hoek.contain({ a: [{ b: 1 }, { c: 2 }, { d: 3, e: 4 }] }, { a: [{ b: 1 }, { d: 3 }] }, { deep: true })).to.be.false(); expect(Hoek.contain({ a: [{ b: 1 }, { c: 2 }, { d: 3, e: 4 }] }, { a: [{ b: 1 }, { d: 3 }] }, { deep: true, part: true })).to.be.true(); expect(Hoek.contain({ a: [{ b: 1 }, { c: 2 }, { d: 3, e: 4 }] }, { a: [{ b: 1 }, { d: 3 }] }, { deep: true, part: false })).to.be.false(); expect(Hoek.contain({ a: [{ b: 1 }, { c: 2 }, { d: 3, e: 4 }] }, { a: [{ b: 1 }, { d: 3 }] }, { deep: true, only: true })).to.be.false(); expect(Hoek.contain({ a: [{ b: 1 }, { c: 2 }, { d: 3, e: 4 }] }, { a: [{ b: 1 }, { d: 3 }] }, { deep: true, only: false })).to.be.true(); + expect(Hoek.contain({ a: [1, 2, 3] }, { a: [2, 4, 6] }, { deep: true, part: true })).to.be.true(); expect(Hoek.contain({ a: 1, b: 2, c: 3 }, 'd')).to.be.false(); expect(Hoek.contain({ a: 1, b: 2, c: 3 }, ['a', 'd'])).to.be.false(); @@ -1405,51 +1722,143 @@ expect(Hoek.contain({ a: 1, b: 2, c: 3 }, { a: 1, b: 2 }, { only: true })).to.be.false(); expect(Hoek.contain({ a: [1], b: [2], c: [3] }, { a: [1], c: [3] })).to.be.false(); expect(Hoek.contain({ a: { b: { c: 1, d: 2 } } }, { a: { b: { c: 1 } } })).to.be.false(); - expect(Hoek.contain({ a: { b: { c: 1, d: 2 } } }, { a: { b: { c: 1 } } }, { deep: true })).to.be.true(); + expect(Hoek.contain({ a: { b: { c: 1, d: 2 } } }, { a: { b: { c: 1 } } }, { deep: true })).to.be.false(); expect(Hoek.contain({ a: { b: { c: 1, d: 2 } } }, { a: { b: { c: 1 } } }, { deep: true, only: true })).to.be.false(); expect(Hoek.contain({ a: { b: { c: 1, d: 2 } } }, { a: { b: { c: 1 } } }, { deep: true, only: false })).to.be.true(); expect(Hoek.contain({ a: { b: { c: 1, d: 2 } } }, { a: { b: { c: 1 } } }, { deep: true, part: true })).to.be.true(); expect(Hoek.contain({ a: { b: { c: 1, d: 2 } } }, { a: { b: { c: 1 } } }, { deep: true, part: false })).to.be.false(); + expect(Hoek.contain({ a: [1, 2, 3] }, { a: [4, 5, 6] }, { deep: true, part: true })).to.be.false(); + + expect(Hoek.contain({}, 'a')).to.be.false(); + expect(Hoek.contain({}, 'a', { only: true })).to.be.false(); + + expect(Hoek.contain({ a: 'foo', b: 'bar' }, ['a', 'b', 'c'])).to.be.false(); + expect(Hoek.contain({ a: 'foo', b: 'bar' }, ['a', 'b', 'c'], { only: true })).to.be.false(); + expect(Hoek.contain({ a: 'foo', b: 'bar' }, { a: 'foo', b: 'bar', c: 'x' })).to.be.false(); + expect(Hoek.contain({ a: 'foo', b: 'bar' }, { a: 'foo', b: 'bar', c: 'x' }, { only: true })).to.be.false(); + + expect(Hoek.contain({ a: 1, b: 2 }, ['c'], { part: true })).to.be.false(); + expect(Hoek.contain({ a: 1, b: 2 }, ['b'], { part: true })).to.be.true(); // Getter check - var Foo = function (bar) { - this.bar = bar; - }; + { + const Foo = function (bar) { - Object.defineProperty(Foo.prototype, 'baz', { - enumerable: true, - get: function () { + this.bar = bar; + }; + + const getBar = function () { return this.bar; - } - }); + }; + + const createFoo = (value) => { + + const foo = new Foo(value); + Object.defineProperty(foo, 'baz', { + enumerable: true, + get: getBar + }); + + return foo; + }; + + expect(Hoek.contain({ a: createFoo('b') }, { a: createFoo('b') }, { deep: true })).to.be.true(); + expect(Hoek.contain({ a: createFoo('b') }, { a: createFoo('b') }, { deep: true, part: true })).to.be.true(); + expect(Hoek.contain({ a: createFoo('b') }, { a: { bar: 'b', baz: 'b' } }, { deep: true })).to.be.true(); + expect(Hoek.contain({ a: createFoo('b') }, { a: { bar: 'b', baz: 'b' } }, { deep: true, only: true })).to.be.false(); + expect(Hoek.contain({ a: createFoo('b') }, { a: { baz: 'b' } }, { deep: true, part: false })).to.be.false(); + expect(Hoek.contain({ a: createFoo('b') }, { a: { baz: 'b' } }, { deep: true, part: true })).to.be.true(); + expect(Hoek.contain({ a: createFoo('b') }, { a: createFoo('b') }, { deep: true })).to.be.true(); + } + + // Properties on prototype not visible + + { + const Foo = function () { + + this.a = 1; + }; + + Object.defineProperty(Foo.prototype, 'b', { + enumerable: true, + value: 2 + }); + + const Bar = function () { + + Foo.call(this); + this.c = 3; + }; + + Util.inherits(Bar, Foo); + + expect((new Bar()).a).to.equal(1); + expect((new Bar()).b).to.equal(2); + expect((new Bar()).c).to.equal(3); + expect(Hoek.contain(new Bar(), { 'a': 1, 'c': 3 }, { only: true })).to.be.true(); + expect(Hoek.contain(new Bar(), 'b')).to.be.false(); + } + + // Non-Enumerable properties + + { + const foo = { a: 1, b: 2 }; + + Object.defineProperty(foo, 'c', { + enumerable: false, + value: 3 + }); + + expect(Hoek.contain(foo, 'c')).to.be.true(); + expect(Hoek.contain(foo, { 'c': 3 })).to.be.true(); + expect(Hoek.contain(foo, { 'a': 1, 'b': 2, 'c': 3 }, { only: true })).to.be.true(); + } + }); + + it('supports symbols', () => { + + const sym = Symbol(); - expect(Hoek.contain({ a: new Foo('b') }, { a: new Foo('b') }, { deep: true })).to.be.true(); - expect(Hoek.contain({ a: new Foo('b') }, { a: new Foo('b') }, { deep: true, part: true })).to.be.true(); - expect(Hoek.contain({ a: new Foo('b') }, { a: { baz: 'b' } }, { deep: true })).to.be.true(); - expect(Hoek.contain({ a: new Foo('b') }, { a: { baz: 'b' } }, { deep: true, only: true })).to.be.false(); - expect(Hoek.contain({ a: new Foo('b') }, { a: { baz: 'b' } }, { deep: true, part: false })).to.be.false(); - expect(Hoek.contain({ a: new Foo('b') }, { a: { baz: 'b' } }, { deep: true, part: true })).to.be.true(); + expect(Hoek.contain([sym], sym)).to.be.true(); + expect(Hoek.contain({ [sym]: 1 }, sym)).to.be.true(); + expect(Hoek.contain({ [sym]: 1, a: 2 }, { [sym]: 1 })).to.be.true(); - done(); + expect(Hoek.contain([sym], Symbol())).to.be.false(); + expect(Hoek.contain({ [sym]: 1 }, Symbol())).to.be.false(); + }); + + it('compares error keys', () => { + + const error = new Error('test'); + expect(Hoek.contain(error, { x: 1 })).to.be.false(); + expect(Hoek.contain(error, { x: 1 }, { part: true })).to.be.false(); + + error.x = 1; + + expect(Hoek.contain(error, { x: 1 })).to.be.true(); + expect(Hoek.contain(error, { x: 1 }, { part: true })).to.be.true(); + + expect(Hoek.contain(error, { x: 1, y: 2 })).to.be.false(); + expect(Hoek.contain(error, { x: 1, y: 2 }, { part: true })).to.be.true(); }); }); -describe('flatten()', function () { +describe('flatten()', () => { - it('returns a flat array', function (done) { + it('returns a flat array', () => { - var result = Hoek.flatten([1, 2, [3, 4, [5, 6], [7], 8], [9], [10, [11, 12]], 13]); + const result = Hoek.flatten([1, 2, [3, 4, [5, 6], [7], 8], [9], [10, [11, 12]], 13]); expect(result.length).to.equal(13); - expect(result).to.deep.equal([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]); - done(); + expect(result).to.equal([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]); }); }); -describe('reach()', function () { +describe('reach()', () => { - var obj = { + const sym = Symbol(); + const obj = { a: { b: { c: { @@ -1460,6 +1869,10 @@ }, g: { h: 3 + }, + '-2': true, + [sym]: { + v: true } }, i: function () { }, @@ -1469,124 +1882,159 @@ obj.i.x = 5; - it('returns object itself', function (done) { + it('returns object itself', () => { expect(Hoek.reach(obj, null)).to.equal(obj); expect(Hoek.reach(obj, false)).to.equal(obj); expect(Hoek.reach(obj)).to.equal(obj); - done(); + expect(Hoek.reach(obj, [])).to.equal(obj); }); - it('returns first value of array', function (done) { + it('returns values of array', () => { expect(Hoek.reach(obj, 'k.0')).to.equal(4); - done(); + expect(Hoek.reach(obj, 'k.1')).to.equal(8); }); - it('returns last value of array using negative index', function (done) { + it('returns last value of array using negative index', () => { + expect(Hoek.reach(obj, 'k.-1')).to.equal(1); expect(Hoek.reach(obj, 'k.-2')).to.equal(9); - done(); }); - it('returns a valid member', function (done) { + it('returns object property with negative index for non-array', () => { + + expect(Hoek.reach(obj, 'a.-2')).to.be.equal(true); + }); + + it('returns a valid member', () => { expect(Hoek.reach(obj, 'a.b.c.d')).to.equal(1); - done(); }); - it('returns a valid member with separator override', function (done) { + it('returns a valid member with separator override', () => { expect(Hoek.reach(obj, 'a/b/c/d', '/')).to.equal(1); - done(); }); - it('returns undefined on null object', function (done) { + it('returns undefined on null object', () => { expect(Hoek.reach(null, 'a.b.c.d')).to.equal(undefined); - done(); }); - it('returns undefined on missing object member', function (done) { + it('returns undefined on missing object member', () => { expect(Hoek.reach(obj, 'a.b.c.d.x')).to.equal(undefined); - done(); }); - it('returns undefined on missing function member', function (done) { + it('returns undefined on missing function member', () => { expect(Hoek.reach(obj, 'i.y', { functions: true })).to.equal(undefined); - done(); }); - it('throws on missing member in strict mode', function (done) { + it('throws on missing member in strict mode', () => { - expect(function () { + expect(() => { Hoek.reach(obj, 'a.b.c.o.x', { strict: true }); }).to.throw('Missing segment o in reach path a.b.c.o.x'); - done(); }); - it('returns undefined on invalid member', function (done) { + it('returns undefined on invalid member', () => { expect(Hoek.reach(obj, 'a.b.c.d-.x')).to.equal(undefined); - done(); + expect(Hoek.reach(obj, 'k.x')).to.equal(undefined); + expect(Hoek.reach(obj, 'k.1000')).to.equal(undefined); + expect(Hoek.reach(obj, 'k/0.5', '/')).to.equal(undefined); }); - it('returns function member', function (done) { + it('returns function member', () => { expect(typeof Hoek.reach(obj, 'i')).to.equal('function'); - done(); }); - it('returns function property', function (done) { + it('returns function property', () => { expect(Hoek.reach(obj, 'i.x')).to.equal(5); - done(); }); - it('returns null', function (done) { + it('returns null', () => { expect(Hoek.reach(obj, 'j')).to.equal(null); - done(); }); - it('throws on function property when functions not allowed', function (done) { + it('throws on function property when functions not allowed', () => { - expect(function () { + expect(() => { Hoek.reach(obj, 'i.x', { functions: false }); }).to.throw('Invalid segment x in reach path i.x'); - - done(); }); - it('will return a default value if property is not found', function (done) { + it('will return a default value if property is not found', () => { expect(Hoek.reach(obj, 'a.b.q', { default: 'defaultValue' })).to.equal('defaultValue'); - done(); }); - it('will return a default value if path is not found', function (done) { + it('will return a default value if path is not found', () => { expect(Hoek.reach(obj, 'q', { default: 'defaultValue' })).to.equal('defaultValue'); - done(); }); - it('allows a falsey value to be used as the default value', function (done) { + it('allows a falsey value to be used as the default value', () => { expect(Hoek.reach(obj, 'q', { default: '' })).to.equal(''); - done(); + }); + + it('allows array-based lookup', () => { + + expect(Hoek.reach(obj, ['a', 'b', 'c', 'd'])).to.equal(1); + expect(Hoek.reach(obj, ['k', '1'])).to.equal(8); + expect(Hoek.reach(obj, ['k', 1])).to.equal(8); + expect(Hoek.reach(obj, ['k', '-2'])).to.equal(9); + expect(Hoek.reach(obj, ['k', -2])).to.equal(9); + }); + + it('allows array-based lookup with symbols', () => { + + expect(Hoek.reach(obj, ['a', sym, 'v'])).to.equal(true); + expect(Hoek.reach(obj, ['a', Symbol(), 'v'])).to.equal(undefined); + }); + + it('returns character in string', () => { + + expect(Hoek.reach(['abc'], [0])).to.equal('abc'); + expect(Hoek.reach(['abc'], ['0'])).to.equal('abc'); + }); + + it('reaches sets and maps', () => { + + const value = { + a: { + b: new Set([ + { x: 1 }, + { x: 2 }, + { + y: new Map([ + ['v', 4], + ['w', 5] + ]) + } + ]) + } + }; + + expect(Hoek.reach(value, 'a.b.2.y.w')).to.not.exist(); + expect(Hoek.reach(value, 'a.b.2.y.w', { iterables: true })).to.equal(5); }); }); -describe('reachTemplate()', function () { +describe('reachTemplate()', () => { - it('applies object to template', function (done) { + it('applies object to template', () => { - var obj = { + const obj = { a: { b: { c: { @@ -1598,15 +2046,14 @@ k: [4, 8, 9, 1] }; - var template = '{k.0}:{k.-2}:{a.b.c.d}:{x.y}:{j}'; + const template = '{k.0}:{k.-2}:{a.b.c.d}:{x.y}:{j}'; expect(Hoek.reachTemplate(obj, template)).to.equal('4:9:1::'); - done(); }); - it('applies object to template (options)', function (done) { + it('applies object to template (options)', () => { - var obj = { + const obj = { a: { b: { c: { @@ -1618,479 +2065,218 @@ k: [4, 8, 9, 1] }; - var template = '{k/0}:{k/-2}:{a/b/c/d}:{x/y}:{j}'; + const template = '{k/0}:{k/-2}:{a/b/c/d}:{x/y}:{j}'; expect(Hoek.reachTemplate(obj, template, '/')).to.equal('4:9:1::'); - done(); - }); -}); - -describe('callStack()', function () { - - it('returns the full call stack', function (done) { - - var stack = Hoek.callStack(); - expect(stack[0][0]).to.contain('index.js'); - expect(stack[0][2]).to.equal(26); - done(); }); -}); - -describe('displayStack ()', function () { - - it('returns the full call stack for display', function (done) { - - var stack = Hoek.displayStack(); - expect(stack[0]).to.contain(Path.normalize('/test/index.js') + ':'); - done(); - }); - - it('includes constructor functions correctly', function (done) { - - var Something = function (next) { - - next(); - }; - - var something = new Something(function () { - - var stack = Hoek.displayStack(); - expect(stack[1]).to.contain('new Something'); - done(); - }); - }); -}); - -describe('abort()', function () { - - it('exits process when not in test mode', function (done) { - - var env = process.env.NODE_ENV; - var write = process.stdout.write; - var exit = process.exit; - - process.env.NODE_ENV = 'nottatest'; - process.stdout.write = function () { }; - process.exit = function (state) { - - process.exit = exit; - process.env.NODE_ENV = env; - process.stdout.write = write; - - expect(state).to.equal(1); - done(); - }; - - Hoek.abort('Boom'); - }); - - it('throws when not in test mode and abortThrow is true', function (done) { - - var env = process.env.NODE_ENV; - process.env.NODE_ENV = 'nottatest'; - Hoek.abortThrow = true; - - var fn = function () { - - Hoek.abort('my error message'); - }; - expect(fn).to.throw('my error message'); - Hoek.abortThrow = false; - process.env.NODE_ENV = env; + it('isn\'t prone to ReDoS given an adversarial template', () => { - done(); - }); - - it('respects hideStack argument', function (done) { - - var env = process.env.NODE_ENV; - var write = process.stdout.write; - var exit = process.exit; - var output = ''; - - process.exit = function () { }; - process.env.NODE_ENV = ''; - process.stdout.write = function (message) { - - output = message; - }; - - Hoek.abort('my error message', true); - - process.env.NODE_ENV = env; - process.stdout.write = write; - process.exit = exit; - - expect(output).to.equal('ABORT: my error message\n\t\n'); - - done(); - }); - - it('throws in test mode', function (done) { - - var env = process.env.NODE_ENV; - process.env.NODE_ENV = 'test'; - - expect(function () { - - Hoek.abort('my error message', true); - }).to.throw('my error message'); - - process.env.NODE_ENV = env; - done(); - }); - - it('throws in test mode with default message', function (done) { - - var env = process.env.NODE_ENV; - process.env.NODE_ENV = 'test'; - - expect(function () { - - Hoek.abort('', true); - }).to.throw('Unknown error'); - - process.env.NODE_ENV = env; - done(); - }); - - it('defaults to showing stack', function (done) { - - var env = process.env.NODE_ENV; - var write = process.stdout.write; - var exit = process.exit; - var output = ''; - - process.exit = function () { }; - process.env.NODE_ENV = ''; - process.stdout.write = function (message) { - - output = message; - }; + const sizes = [0, 1, 2, 3, 4]; // Should be evenly-spaced + const times = []; + const diffs = []; + + for (const size of sizes) { + const start = Date.now(); + Hoek.reachTemplate({}, '{'.repeat(size * 10000)); + times.push(Date.now() - start); + } - Hoek.abort('my error message'); + for (let i = 1; i < times.length; ++i) { + diffs.push(times[i] - times[i - 1]); + } - process.env.NODE_ENV = env; - process.stdout.write = write; - process.exit = exit; + // Under ReDoS, as the size of the input increases the timing accelerates upwards, + // i.e. each timing diff would be greater than the last. - expect(output).to.contain('index.js'); + const diffsMonotonic = diffs[0] < diffs[1] && diffs[1] < diffs[2] && diffs[2] < diffs[3]; - done(); + expect(diffsMonotonic, 'Timing diffs monotonic').to.be.false(); }); }); -describe('assert()', function () { +describe('assert()', () => { - it('throws an Error when using assert in a test', function (done) { + it('throws an Error when using assert in a test', () => { - var fn = function () { + expect(() => { Hoek.assert(false, 'my error message'); - }; - - expect(fn).to.throw('my error message'); - done(); + }).to.throw(Hoek.AssertError, 'my error message'); }); - it('throws an Error when using assert in a test with no message', function (done) { + it('throws an Error when using assert in a test with no message', () => { - var fn = function () { + expect(() => { Hoek.assert(false); - }; - - expect(fn).to.throw('Unknown error'); - done(); + }).to.throw(Hoek.AssertError, 'Unknown error'); }); - it('throws an Error when using assert in a test with multipart message', function (done) { + it('throws an Error when using assert in a test with multipart message', () => { - var fn = function () { + expect(() => { Hoek.assert(false, 'This', 'is', 'my message'); - }; - - expect(fn).to.throw('This is my message'); - done(); + }).to.throw(Hoek.AssertError, 'This is my message'); }); - it('throws an Error when using assert in a test with multipart message (empty)', function (done) { + it('throws an Error when using assert in a test with multipart message (empty)', () => { - var fn = function () { + expect(() => { Hoek.assert(false, 'This', 'is', '', 'my message'); - }; - - expect(fn).to.throw('This is my message'); - done(); + }).to.throw(Hoek.AssertError, 'This is my message'); }); - it('throws an Error when using assert in a test with object message', function (done) { + it('throws an Error when using assert in a test with object message', () => { - var fn = function () { + expect(() => { Hoek.assert(false, 'This', 'is', { spinal: 'tap' }); - }; - - expect(fn).to.throw('This is {"spinal":"tap"}'); - done(); + }).to.throw(Hoek.AssertError, 'This is {"spinal":"tap"}'); }); - it('throws an Error when using assert in a test with multipart string and error messages', function (done) { - - var fn = function () { + it('throws an Error when using assert in a test with multipart string and error messages', () => { - Hoek.assert(false, 'This', 'is', new Error('spinal'), new Error('tap')); - }; + expect(() => { - expect(fn).to.throw('This is spinal tap'); - done(); + Hoek.assert(false, new Error('This'), 'is', 'spinal', new Error('tap')); + }).to.throw(Hoek.AssertError, 'This is spinal tap'); }); - it('throws an Error when using assert in a test with error object message', function (done) { - - var fn = function () { - - Hoek.assert(false, new Error('This is spinal tap')); - }; + it('throws an Error when using assert in a test with error object message', () => { - expect(fn).to.throw('This is spinal tap'); - done(); + const err = new TypeError('This is spinal tap'); + const got = expect(() => Hoek.assert(false, err)).to.throw(TypeError, 'This is spinal tap'); + expect(got).to.shallow.equal(err); }); - it('throws the same Error that is passed to it if there is only one error passed', function (done) { + it('throws the same Error that is passed to it if there is only one error passed', () => { - var error = new Error('ruh roh'); - var error2 = new Error('ruh roh'); + const error = new Error('ruh roh'); + const error2 = new Error('ruh roh'); - var fn = function () { + const fn = function () { Hoek.assert(false, error); }; try { fn(); - } catch (err) { - expect(error).to.equal(error); // should be the same reference - expect(error).to.not.equal(error2); // error with the same message should not match } - - done(); + catch (err) { + expect(err).to.equal(error); // should be the same reference + expect(err).to.not.shallow.equal(error2); // error with the same message should not match + } }); }); -describe('Timer', function () { +describe('AssertError', () => { - it('returns time elapsed', function (done) { + it('takes an optional message', () => { - var timer = new Hoek.Timer(); - setTimeout(function () { - - expect(timer.elapsed()).to.be.above(9); - done(); - }, 12); + expect(new Hoek.AssertError().message).to.equal('Unknown error'); + expect(new Hoek.AssertError(null).message).to.equal('Unknown error'); + expect(new Hoek.AssertError('msg').message).to.equal('msg'); }); -}); -describe('Bench', function () { + it('has AssertError name property', () => { - it('returns time elapsed', function (done) { + expect(new Hoek.AssertError().name).to.equal('AssertError'); + expect(new Hoek.AssertError('msg').name).to.equal('AssertError'); + }); - var timer = new Hoek.Bench(); - setTimeout(function () { + it('uses ctor argument to hide stack', { skip: typeof Error.captureStackTrace !== 'function' }, () => { - expect(timer.elapsed()).to.be.above(9); - done(); - }, 12); - }); -}); + const parentFn = () => { -describe('escapeRegex()', function () { + throw new Hoek.AssertError('msg', parentFn); + }; - it('escapes all special regular expression characters', function (done) { + const err = expect(parentFn).to.throw(Hoek.AssertError); - var a = Hoek.escapeRegex('4^f$s.4*5+-_?%=#!:@|~\\/`"(>)[<]d{}s,'); - expect(a).to.equal('4\\^f\\$s\\.4\\*5\\+\\-_\\?%\\=#\\!\\:@\\|~\\\\\\/`"\\(>\\)\\[<\\]d\\{\\}s\\,'); - done(); + expect(err.stack).to.not.contain('parentFn'); }); }); -describe('Base64Url', function () { +describe('Bench', () => { - var base64str = 'AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0-P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn-AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq-wsbKztLW2t7i5uru8vb6_wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t_g4eLj5OXm5-jp6uvs7e7v8PHy8_T19vf4-fr7_P3-_w'; - var str = unescape('%00%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%20%21%22%23%24%25%26%27%28%29*+%2C-./0123456789%3A%3B%3C%3D%3E%3F@ABCDEFGHIJKLMNOPQRSTUVWXYZ%5B%5C%5D%5E_%60abcdefghijklmnopqrstuvwxyz%7B%7C%7D%7E%7F%80%81%82%83%84%85%86%87%88%89%8A%8B%8C%8D%8E%8F%90%91%92%93%94%95%96%97%98%99%9A%9B%9C%9D%9E%9F%A0%A1%A2%A3%A4%A5%A6%A7%A8%A9%AA%AB%AC%AD%AE%AF%B0%B1%B2%B3%B4%B5%B6%B7%B8%B9%BA%BB%BC%BD%BE%BF%C0%C1%C2%C3%C4%C5%C6%C7%C8%C9%CA%CB%CC%CD%CE%CF%D0%D1%D2%D3%D4%D5%D6%D7%D8%D9%DA%DB%DC%DD%DE%DF%E0%E1%E2%E3%E4%E5%E6%E7%E8%E9%EA%EB%EC%ED%EE%EF%F0%F1%F2%F3%F4%F5%F6%F7%F8%F9%FA%FB%FC%FD%FE%FF'); + it('returns time elapsed', async () => { - describe('base64urlEncode()', function () { - - it('should base64 URL-safe a string', function (done) { - - expect(Hoek.base64urlEncode(str)).to.equal(base64str); - done(); - }); - - it('encodes a buffer', function (done) { - - expect(Hoek.base64urlEncode(new Buffer(str, 'binary'))).to.equal(base64str); - done(); - }); - - it('should base64 URL-safe a hex string', function (done) { - - var buffer = new Buffer(str, 'binary'); - expect(Hoek.base64urlEncode(buffer.toString('hex'), 'hex')).to.equal(base64str); - done(); - }); - - it('works on larger input strings', function (done) { - - var input = Fs.readFileSync(Path.join(__dirname, 'index.js')).toString(); - var encoded = Hoek.base64urlEncode(input); - - expect(encoded).to.not.contain('+'); - expect(encoded).to.not.contain('/'); - - var decoded = Hoek.base64urlDecode(encoded); - - expect(decoded).to.equal(input); - done(); - }); + const timer = new Hoek.Bench(); + await Hoek.wait(12); + expect(timer.elapsed()).to.be.above(9); }); +}); - describe('base64urlDecode()', function () { - - it('should un-base64 URL-safe a string', function (done) { - - expect(Hoek.base64urlDecode(base64str)).to.equal(str); - done(); - }); - - it('should un-base64 URL-safe a string into hex', function (done) { - - expect(Hoek.base64urlDecode(base64str, 'hex')).to.equal(new Buffer(str, 'binary').toString('hex')); - done(); - }); - - it('should un-base64 URL-safe a string and return a buffer', function (done) { - - var buf = Hoek.base64urlDecode(base64str, 'buffer'); - expect(buf instanceof Buffer).to.equal(true); - expect(buf.toString('binary')).to.equal(str); - done(); - }); - - it('returns error on undefined input', function (done) { - - expect(Hoek.base64urlDecode().message).to.exist(); - done(); - }); +describe('escapeRegex()', () => { - it('returns error on invalid input', function (done) { + it('escapes all special regular expression characters', () => { - expect(Hoek.base64urlDecode('*').message).to.exist(); - done(); - }); + const a = Hoek.escapeRegex('4^f$s.4*5+-_?%=#!:@|~\\/`"(>)[<]d{}s,'); + expect(a).to.equal('4\\^f\\$s\\.4\\*5\\+\\-_\\?%\\=#\\!\\:@\\|~\\\\\\/`"\\(>\\)\\[<\\]d\\{\\}s\\,'); }); }); -describe('escapeHeaderAttribute()', function () { +describe('escapeHeaderAttribute()', () => { - it('should not alter ascii values', function (done) { + it('should not alter ascii values', () => { - var a = Hoek.escapeHeaderAttribute('My Value'); + const a = Hoek.escapeHeaderAttribute('My Value'); expect(a).to.equal('My Value'); - done(); }); - it('escapes all special HTTP header attribute characters', function (done) { + it('escapes all special HTTP header attribute characters', () => { - var a = Hoek.escapeHeaderAttribute('I said go!!!#"' + String.fromCharCode(92)); + const a = Hoek.escapeHeaderAttribute('I said go!!!#"' + String.fromCharCode(92)); expect(a).to.equal('I said go!!!#\\"\\\\'); - done(); }); - it('throws on large unicode characters', function (done) { + it('throws on large unicode characters', () => { - var fn = function () { + expect(() => { Hoek.escapeHeaderAttribute('this is a test' + String.fromCharCode(500) + String.fromCharCode(300)); - }; - - expect(fn).to.throw(Error); - done(); + }).to.throw(Error); }); - it('throws on CRLF to prevent response splitting', function (done) { + it('throws on CRLF to prevent response splitting', () => { - var fn = function () { + expect(() => { Hoek.escapeHeaderAttribute('this is a test\r\n'); - }; - - expect(fn).to.throw(Error); - done(); + }).to.throw(Error); }); }); -describe('escapeHtml()', function () { +describe('escapeHtml()', () => { - it('escapes all special HTML characters', function (done) { + it('escapes all special HTML characters', () => { - var a = Hoek.escapeHtml('&<>"\'`'); + const a = Hoek.escapeHtml('&<>"\'`'); expect(a).to.equal('&<>"'`'); - done(); }); - it('returns empty string on falsy input', function (done) { + it('returns empty string on falsy input', () => { - var a = Hoek.escapeHtml(''); + const a = Hoek.escapeHtml(''); expect(a).to.equal(''); - done(); }); - it('returns unchanged string on no reserved input', function (done) { + it('returns unchanged string on no reserved input', () => { - var a = Hoek.escapeHtml('abc'); + const a = Hoek.escapeHtml('abc'); expect(a).to.equal('abc'); - done(); }); }); -describe('nextTick()', function () { - - it('calls the provided callback on nextTick', function (done) { - - var a = 0; - - var inc = function (step, next) { - - a += step; - next(); - }; - - var ticked = Hoek.nextTick(inc); - - ticked(5, function () { +describe('once()', () => { - expect(a).to.equal(6); - done(); - }); + it('allows function to only execute once', () => { - expect(a).to.equal(0); - inc(1, function () { - - expect(a).to.equal(1); - }); - }); -}); - -describe('once()', function () { - - it('allows function to only execute once', function (done) { - - var gen = 0; - var add = function (x) { + let gen = 0; + let add = function (x) { gen += x; }; @@ -2102,412 +2288,227 @@ expect(gen).to.equal(10); add(5); expect(gen).to.equal(10); - done(); }); - it('double once wraps one time', function (done) { + it('double once wraps one time', () => { - var method = function () { }; + let method = function () { }; method = Hoek.once(method); method.x = 1; method = Hoek.once(method); expect(method.x).to.equal(1); - done(); }); }); -describe('isAbsoltePath()', function () { - - it('identifies if path is absolute on Unix without node support', { parallel: false }, function (done) { - - var orig = Path.isAbsolute; - Path.isAbsolute = undefined; - - expect(Hoek.isAbsolutePath('')).to.equal(false); - expect(Hoek.isAbsolutePath('a')).to.equal(false); - expect(Hoek.isAbsolutePath('./a')).to.equal(false); - expect(Hoek.isAbsolutePath('/a')).to.equal(true); - expect(Hoek.isAbsolutePath('/')).to.equal(true); +describe('ignore()', () => { - Path.isAbsolute = orig; - - done(); - }); - - it('identifies if path is absolute with fake node support', { parallel: false }, function (done) { - - var orig = Path.isAbsolute; - Path.isAbsolute = function (path) { - - return path[0] === '/'; - }; + it('exists', () => { - expect(Hoek.isAbsolutePath('', 'linux')).to.equal(false); - expect(Hoek.isAbsolutePath('a', 'linux')).to.equal(false); - expect(Hoek.isAbsolutePath('./a', 'linux')).to.equal(false); - expect(Hoek.isAbsolutePath('/a', 'linux')).to.equal(true); - expect(Hoek.isAbsolutePath('/', 'linux')).to.equal(true); - - Path.isAbsolute = orig; - - done(); - }); - - it('identifies if path is absolute on Windows without node support', { parallel: false }, function (done) { - - var orig = Path.isAbsolute; - Path.isAbsolute = undefined; - - expect(Hoek.isAbsolutePath('//server/file', 'win32')).to.equal(true); - expect(Hoek.isAbsolutePath('//server/file', 'win32')).to.equal(true); - expect(Hoek.isAbsolutePath('\\\\server\\file', 'win32')).to.equal(true); - expect(Hoek.isAbsolutePath('C:/Users/', 'win32')).to.equal(true); - expect(Hoek.isAbsolutePath('C:\\Users\\', 'win32')).to.equal(true); - expect(Hoek.isAbsolutePath('C:cwd/another', 'win32')).to.equal(false); - expect(Hoek.isAbsolutePath('C:cwd\\another', 'win32')).to.equal(false); - expect(Hoek.isAbsolutePath('directory/directory', 'win32')).to.equal(false); - expect(Hoek.isAbsolutePath('directory\\directory', 'win32')).to.equal(false); - - Path.isAbsolute = orig; - - done(); + expect(Hoek.ignore).to.exist(); + expect(typeof Hoek.ignore).to.equal('function'); }); }); -describe('isInteger()', function () { +describe('stringify()', () => { - it('validates integers', function (done) { + it('converts object to string', () => { - expect(Hoek.isInteger(0)).to.equal(true); - expect(Hoek.isInteger(1)).to.equal(true); - expect(Hoek.isInteger(1394035612500)).to.equal(true); - expect(Hoek.isInteger('0')).to.equal(false); - expect(Hoek.isInteger(1.0)).to.equal(true); - expect(Hoek.isInteger(1.1)).to.equal(false); - done(); + const obj = { a: 1 }; + expect(Hoek.stringify(obj)).to.equal('{"a":1}'); }); -}); -describe('ignore()', function () { + it('returns error in result string', () => { - it('exists', function (done) { - - expect(Hoek.ignore).to.exist(); - expect(typeof Hoek.ignore).to.equal('function'); - done(); + const obj = { a: 1 }; + obj.b = obj; + expect(Hoek.stringify(obj)).to.contain('Cannot display object'); }); }); -describe('inherits()', function () { - - it('exists', function (done) { - - expect(Hoek.inherits).to.exist(); - expect(typeof Hoek.inherits).to.equal('function'); - done(); - }); -}); +describe('isPromise()', () => { -describe('format()', function () { + it('determines if an object is a promise', async () => { - it('exists', function (done) { + expect(Hoek.isPromise({})).to.be.false(); + expect(Hoek.isPromise(null)).to.be.false(); + expect(Hoek.isPromise(false)).to.be.false(); + expect(Hoek.isPromise(0)).to.be.false(); + expect(Hoek.isPromise('')).to.be.false(); + expect(Hoek.isPromise({ then: 1 })).to.be.false(); + expect(Hoek.isPromise([])).to.be.false(); - expect(Hoek.format).to.exist(); - expect(typeof Hoek.format).to.equal('function'); - done(); - }); + const items = [ + Promise.resolve(), + Promise.reject() + ]; - it('is a reference to Util.format', function (done) { + expect(Hoek.isPromise(items[0])).to.be.true(); + expect(Hoek.isPromise(items[1])).to.be.true(); + expect(Hoek.isPromise(new Promise(Hoek.ignore))).to.be.true(); + expect(Hoek.isPromise({ then: Hoek.ignore })).to.be.true(); - expect(Hoek.format('hello %s', 'world')).to.equal('hello world'); - done(); + try { + await Promise.all(items); + } + catch (err) { } }); }); -describe('transform()', function () { +describe('wait()', () => { - var source = { - address: { - one: '123 main street', - two: 'PO Box 1234' - }, - zip: { - code: 3321232, - province: null - }, - title: 'Warehouse', - state: 'CA' - }; + it('delays for timeout ms', async () => { - var sourcesArray = [{ - address: { - one: '123 main street', - two: 'PO Box 1234' - }, - zip: { - code: 3321232, - province: null - }, - title: 'Warehouse', - state: 'CA' - }, { - address: { - one: '456 market street', - two: 'PO Box 5678' - }, - zip: { - code: 9876, - province: null - }, - title: 'Garage', - state: 'NY' - }]; - - it('transforms an object based on the input object', function (done) { - - var result = Hoek.transform(source, { - 'person.address.lineOne': 'address.one', - 'person.address.lineTwo': 'address.two', - 'title': 'title', - 'person.address.region': 'state', - 'person.address.zip': 'zip.code', - 'person.address.location': 'zip.province' - }); + const timeout = {}; + setTimeout(() => (timeout.before = true), 10); + const wait = Hoek.wait(10); + setTimeout(() => (timeout.after = true), 10); - expect(result).to.deep.equal({ - person: { - address: { - lineOne: '123 main street', - lineTwo: 'PO Box 1234', - region: 'CA', - zip: 3321232, - location: null - } - }, - title: 'Warehouse' - }); + await wait; - done(); + expect(timeout.before).to.be.true(); + expect(timeout.after).to.be.undefined(); }); - it('transforms an array of objects based on the input object', function (done) { - - var result = Hoek.transform(sourcesArray, { - 'person.address.lineOne': 'address.one', - 'person.address.lineTwo': 'address.two', - 'title': 'title', - 'person.address.region': 'state', - 'person.address.zip': 'zip.code', - 'person.address.location': 'zip.province' - }); - - expect(result).to.deep.equal([ - { - person: { - address: { - lineOne: '123 main street', - lineTwo: 'PO Box 1234', - region: 'CA', - zip: 3321232, - location: null - } - }, - title: 'Warehouse' - }, - { - person: { - address: { - lineOne: '456 market street', - lineTwo: 'PO Box 5678', - region: 'NY', - zip: 9876, - location: null - } - }, - title: 'Garage' - } - ]); - - done(); - }); + it('delays for timeout ms as bigint', async () => { - it('uses the reach options passed into it', function (done) { + const timeout = {}; + setTimeout(() => (timeout.before = true), 10); + const wait = Hoek.wait(10n); + setTimeout(() => (timeout.after = true), 10); - var schema = { - 'person.address.lineOne': 'address-one', - 'person.address.lineTwo': 'address-two', - 'title': 'title', - 'person.address.region': 'state', - 'person.prefix': 'person-title', - 'person.zip': 'zip-code' - }; - var options = { - separator: '-', - default: 'unknown' - }; - var result = Hoek.transform(source, schema, options); - - expect(result).to.deep.equal({ - person: { - address: { - lineOne: '123 main street', - lineTwo: 'PO Box 1234', - region: 'CA' - }, - prefix: 'unknown', - zip: 3321232 - }, - title: 'Warehouse' - }); + await wait; - done(); + expect(timeout.before).to.be.true(); + expect(timeout.after).to.be.undefined(); }); - it('works to create shallow objects', function (done) { + it('handles timeouts >= 2^31', async () => { - var result = Hoek.transform(source, { - lineOne: 'address.one', - lineTwo: 'address.two', - title: 'title', - region: 'state', - province: 'zip.province' - }); - - expect(result).to.deep.equal({ - lineOne: '123 main street', - lineTwo: 'PO Box 1234', - title: 'Warehouse', - region: 'CA', - province: null - }); + const flow = []; + let no = 0; - done(); - }); + const fakeTimeout = function (cb, time) { - it('only allows strings in the map', function (done) { + const timer = ++no; - expect(function () { + flow.push(`CALL(${timer}): ${time}`); + setImmediate(() => { - var result = Hoek.transform(source, { - lineOne: {} + flow.push(`PRE(${timer})`); + cb(); + flow.push(`POST(${timer})`); }); - }).to.throw('All mappings must be "." delineated strings'); + }; - done(); + await Hoek.wait(2 ** 31, null, { setTimeout: fakeTimeout }); + flow.push('DONE1'); + await Hoek.wait(2 ** 32 + 2 ** 30, null, { setTimeout: fakeTimeout }); + flow.push('DONE2'); + + expect(flow).to.equal([ + 'CALL(1): 2147483647', + 'PRE(1)', + 'CALL(2): 1', + 'POST(1)', + 'PRE(2)', + 'POST(2)', + 'DONE1', + 'CALL(3): 2147483647', + 'PRE(3)', + 'CALL(4): 2147483647', + 'POST(3)', + 'PRE(4)', + 'CALL(5): 1073741826', + 'POST(4)', + 'PRE(5)', + 'POST(5)', + 'DONE2' + ]); }); - it('throws an error on invalid arguments', function (done) { + it('returns never resolving promise when timeout >= Number.MAX_SAFE_INTEGER', async () => { - expect(function () { + let calls = 0; + const fakeTimeout = function (cb) { - var result = Hoek.transform(NaN, {}); - }).to.throw('Invalid source object: must be null, undefined, an object, or an array'); - - done(); - }); - - it('is safe to pass null', function (done) { - - var result = Hoek.transform(null, {}); - expect(result).to.deep.equal({}); + ++calls; + process.nextTick(cb); + }; - done(); - }); + await Hoek.wait(2 ** 31 - 1, null, { setTimeout: fakeTimeout }); + expect(calls).to.equal(1); - it('is safe to pass undefined', function (done) { + const waited = Symbol('waited'); - var result = Hoek.transform(undefined, {}); - expect(result).to.deep.equal({}); + const result = await Promise.race([ + Hoek.wait(1, waited), + Hoek.wait(Number.MAX_SAFE_INTEGER, null, { setTimeout: fakeTimeout }), + Hoek.wait(Infinity, null, { setTimeout: fakeTimeout }) + ]); - done(); + expect(result).to.be.equal(waited); + expect(calls).to.equal(1); }); -}); - -describe('uniqueFilename()', function () { - it('generates a random file path', function (done) { + it('handles a return value', async () => { - var result = Hoek.uniqueFilename('./test/modules'); + const uniqueValue = {}; + const timeout = {}; + setTimeout(() => (timeout.before = true), 10); + const wait = Hoek.wait(10, uniqueValue); + setTimeout(() => (timeout.after = true), 10); - expect(result).to.exist(); - expect(result).to.be.a.string(); - expect(result).to.contain('test/modules'); - done(); + expect(await wait).to.shallow.equal(uniqueValue); + expect(timeout.before).to.be.true(); + expect(timeout.after).to.be.undefined(); }); - it('is random enough to use in fast loops', function (done) { - - var results = []; - - for (var i = 0; i < 10; ++i) { - results[i] = Hoek.uniqueFilename('./test/modules'); - } - - var filter = results.filter(function (item, index, array) { - - return array.indexOf(item) === index; - }); + it('undefined timeout resolves immediately', async () => { - expect(filter.length).to.equal(10); - expect(results.length).to.equal(10); - done(); + const waited = Symbol('waited'); + const result = await Promise.race([ + Hoek.wait(undefined, waited), + Hoek.wait(0) + ]); + expect(result).to.equal(waited); }); - it('combines the random elements with a supplied character', function (done) { - - var result = Hoek.uniqueFilename('./test', 'txt'); + it('NaN timeout resolves immediately', async () => { - expect(result).to.contain('test/'); - expect(result).to.contain('.txt'); + const waited = Symbol('waited'); + const result = await Promise.race([ + Hoek.wait(Number.NaN, waited), + Hoek.wait(0) + ]); - done(); + expect(result).to.equal(waited); }); - it('accepts extensions with a "." in it', function (done) { + it('rejects on weird timeout values', async () => { - var result = Hoek.uniqueFilename('./test', '.mp3'); - - expect(result).to.contain('test/'); - expect(result).to.contain('.mp3'); - - done(); + await expect(() => Hoek.wait({})).to.throw(); + await expect(() => Hoek.wait(Symbol('hi'))).to.throw(); }); }); -describe('stringify()', function (done) { - - it('converts object to string', function (done) { - - var obj = { a: 1 }; - expect(Hoek.stringify(obj)).to.equal('{"a":1}'); - done(); - }); +describe('block()', () => { - it('returns error in result string', function (done) { + it('returns a promise', () => { - var obj = { a: 1 }; - obj.b = obj; - expect(Hoek.stringify(obj)).to.equal('[Cannot display object: Converting circular structure to JSON]'); - done(); + expect(Hoek.block()).to.be.instanceOf(Promise); }); -}); -describe('shallow()', function (done) { + it('does not immediately reject or resolve', async () => { - it('shallow copies an object', function (done) { + const promise = Hoek.block(); + const waited = Symbol('waited'); - var obj = { - a: 5, - b: { - c: 6 - } - }; + const result = await Promise.race([ + Hoek.wait(1, waited), + promise + ]); - var shallow = Hoek.shallow(obj); - expect(shallow).to.not.equal(obj); - expect(shallow).to.deep.equal(obj); - expect(shallow.b).to.equal(obj.b); - done(); + expect(result).to.be.equal(waited); }); }); Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test1.js =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test1.js (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test1.js (working copy) @@ -1 +1,3 @@ +'use strict'; + exports.x = 1; Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test2.js =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test2.js (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test2.js (working copy) @@ -1 +1,3 @@ +'use strict'; + exports.y = 2; Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test3.js =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test3.js (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/node_modules/hoek/test/modules/test3.js (working copy) @@ -1 +1,3 @@ +'use strict'; + exports.z = 3; Index: /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/package.json =================================================================== --- /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/package.json (revision 20239) +++ /branches/rel_ag_9_4_0_493_SBOM/restfulapi/proxy/media/node_modules/less/node_modules/request/node_modules/hawk/package.json (working copy) @@ -1,52 +1,31 @@ { "name": "hawk", "description": "HTTP Hawk Authentication Scheme", - "version": "3.1.3", - "author": { - "name": "Eran Hammer", - "email": "eran@hammer.io", - "url": "http://hueniverse.com" - }, - "contributors": [], - "repository": { - "type": "git", - "url": "git://github.com/hueniverse/hawk" - }, + "version": "9.0.1", + "repository": "git://github.com/mozilla/hawk", "main": "lib/index.js", + "files": [ + "lib" + ], "keywords": [ "http", "authentication", "scheme", "hawk" ], - "engines": { - "node": ">=0.10.32" - }, - "browser": "./lib/browser.js", "dependencies": { - "hoek": "2.x.x", - "boom": "2.x.x", - "cryptiles": "2.x.x", - "sntp": "1.x.x" + "@hapi/b64": "5.x.x", + "@hapi/boom": "9.x.x", + "@hapi/cryptiles": "5.x.x", + "@hapi/hoek": "9.x.x" }, "devDependencies": { - "code": "1.x.x", - "lab": "5.x.x" + "@hapi/code": "8.x.x", + "@hapi/lab": "22.x.x" }, "scripts": { - "test": "lab -a code -t 100 -L", - "test-cov-html": "lab -a code -r html -o coverage.html" - }, - "license": "BSD-3-Clause", - "readme": "![hawk Logo](https://raw.github.com/hueniverse/hawk/master/images/hawk.png)\r\n\r\n **Hawk** is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial\r\nHTTP request cryptographic verification. For more complex use cases such as access delegation, see [Oz](https://github.com/hueniverse/oz).\r\n\r\nCurrent version: **3.x**\r\n\r\nNote: 3.x and 2.x are the same exact protocol as 1.1. The version increments reflect changes in the node API.\r\n\r\n[![Build Status](https://secure.travis-ci.org/hueniverse/hawk.png)](http://travis-ci.org/hueniverse/hawk)\r\n\r\n# Table of Content\r\n\r\n- [**Introduction**](#introduction)\r\n - [Replay Protection](#replay-protection)\r\n - [Usage Example](#usage-example)\r\n - [Protocol Example](#protocol-example)\r\n - [Payload Validation](#payload-validation)\r\n - [Response Payload Validation](#response-payload-validation)\r\n - [Browser Support and Considerations](#browser-support-and-considerations)\r\n

\r\n- [**Single URI Authorization**](#single-uri-authorization)\r\n - [Usage Example](#bewit-usage-example)\r\n

\r\n- [**Security Considerations**](#security-considerations)\r\n - [MAC Keys Transmission](#mac-keys-transmission)\r\n - [Confidentiality of Requests](#confidentiality-of-requests)\r\n - [Spoofing by Counterfeit Servers](#spoofing-by-counterfeit-servers)\r\n - [Plaintext Storage of Credentials](#plaintext-storage-of-credentials)\r\n - [Entropy of Keys](#entropy-of-keys)\r\n - [Coverage Limitations](#coverage-limitations)\r\n - [Future Time Manipulation](#future-time-manipulation)\r\n - [Client Clock Poisoning](#client-clock-poisoning)\r\n - [Bewit Limitations](#bewit-limitations)\r\n - [Host Header Forgery](#host-header-forgery)\r\n

\r\n- [**Frequently Asked Questions**](#frequently-asked-questions)\r\n

\r\n- [**Implementations**](#implementations)\r\n- [**Acknowledgements**](#acknowledgements)\r\n\r\n# Introduction\r\n\r\n**Hawk** is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with\r\npartial cryptographic verification of the request and response, covering the HTTP method, request URI, host,\r\nand optionally the request payload.\r\n\r\nSimilar to the HTTP [Digest access authentication schemes](http://www.ietf.org/rfc/rfc2617.txt), **Hawk** uses a set of\r\nclient credentials which include an identifier (e.g. username) and key (e.g. password). Likewise, just as with the Digest scheme,\r\nthe key is never included in authenticated requests. Instead, it is used to calculate a request MAC value which is\r\nincluded in its place.\r\n\r\nHowever, **Hawk** has several differences from Digest. In particular, while both use a nonce to limit the possibility of\r\nreplay attacks, in **Hawk** the client generates the nonce and uses it in combination with a timestamp, leading to less\r\n\"chattiness\" (interaction with the server).\r\n\r\nAlso unlike Digest, this scheme is not intended to protect the key itself (the password in Digest) because\r\nthe client and server must both have access to the key material in the clear.\r\n\r\nThe primary design goals of this scheme are to:\r\n* simplify and improve HTTP authentication for services that are unwilling or unable to deploy TLS for all resources,\r\n* secure credentials against leakage (e.g., when the client uses some form of dynamic configuration to determine where\r\n to send an authenticated request), and\r\n* avoid the exposure of credentials sent to a malicious server over an unauthenticated secure channel due to client\r\n failure to validate the server's identity as part of its TLS handshake.\r\n\r\nIn addition, **Hawk** supports a method for granting third-parties temporary access to individual resources using\r\na query parameter called _bewit_ (in falconry, a leather strap used to attach a tracking device to the leg of a hawk).\r\n\r\nThe **Hawk** scheme requires the establishment of a shared symmetric key between the client and the server,\r\nwhich is beyond the scope of this module. Typically, the shared credentials are established via an initial\r\nTLS-protected phase or derived from some other shared confidential information available to both the client\r\nand the server.\r\n\r\n\r\n## Replay Protection\r\n\r\nWithout replay protection, an attacker can use a compromised (but otherwise valid and authenticated) request more \r\nthan once, gaining access to a protected resource. To mitigate this, clients include both a nonce and a timestamp when \r\nmaking requests. This gives the server enough information to prevent replay attacks.\r\n\r\nThe nonce is generated by the client, and is a string unique across all requests with the same timestamp and\r\nkey identifier combination. \r\n\r\nThe timestamp enables the server to restrict the validity period of the credentials where requests occuring afterwards\r\nare rejected. It also removes the need for the server to retain an unbounded number of nonce values for future checks.\r\nBy default, **Hawk** uses a time window of 1 minute to allow for time skew between the client and server (which in\r\npractice translates to a maximum of 2 minutes as the skew can be positive or negative).\r\n\r\nUsing a timestamp requires the client's clock to be in sync with the server's clock. **Hawk** requires both the client\r\nclock and the server clock to use NTP to ensure synchronization. However, given the limitations of some client types\r\n(e.g. browsers) to deploy NTP, the server provides the client with its current time (in seconds precision) in response\r\nto a bad timestamp.\r\n\r\nThere is no expectation that the client will adjust its system clock to match the server (in fact, this would be a\r\npotential attack vector). Instead, the client only uses the server's time to calculate an offset used only\r\nfor communications with that particular server. The protocol rewards clients with synchronized clocks by reducing\r\nthe number of round trips required to authenticate the first request.\r\n\r\n\r\n## Usage Example\r\n\r\nServer code:\r\n\r\n```javascript\r\nvar Http = require('http');\r\nvar Hawk = require('hawk');\r\n\r\n\r\n// Credentials lookup function\r\n\r\nvar credentialsFunc = function (id, callback) {\r\n\r\n var credentials = {\r\n key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',\r\n algorithm: 'sha256',\r\n user: 'Steve'\r\n };\r\n\r\n return callback(null, credentials);\r\n};\r\n\r\n// Create HTTP server\r\n\r\nvar handler = function (req, res) {\r\n\r\n // Authenticate incoming request\r\n\r\n Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {\r\n\r\n // Prepare response\r\n\r\n var payload = (!err ? 'Hello ' + credentials.user + ' ' + artifacts.ext : 'Shoosh!');\r\n var headers = { 'Content-Type': 'text/plain' };\r\n\r\n // Generate Server-Authorization response header\r\n\r\n var header = Hawk.server.header(credentials, artifacts, { payload: payload, contentType: headers['Content-Type'] });\r\n headers['Server-Authorization'] = header;\r\n\r\n // Send the response back\r\n\r\n res.writeHead(!err ? 200 : 401, headers);\r\n res.end(payload);\r\n });\r\n};\r\n\r\n// Start server\r\n\r\nHttp.createServer(handler).listen(8000, 'example.com');\r\n```\r\n\r\nClient code:\r\n\r\n```javascript\r\nvar Request = require('request');\r\nvar Hawk = require('hawk');\r\n\r\n\r\n// Client credentials\r\n\r\nvar credentials = {\r\n id: 'dh37fgj492je',\r\n key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',\r\n algorithm: 'sha256'\r\n}\r\n\r\n// Request options\r\n\r\nvar requestOptions = {\r\n uri: 'http://example.com:8000/resource/1?b=1&a=2',\r\n method: 'GET',\r\n headers: {}\r\n};\r\n\r\n// Generate Authorization request header\r\n\r\nvar header = Hawk.client.header('http://example.com:8000/resource/1?b=1&a=2', 'GET', { credentials: credentials, ext: 'some-app-data' });\r\nrequestOptions.headers.Authorization = header.field;\r\n\r\n// Send authenticated request\r\n\r\nRequest(requestOptions, function (error, response, body) {\r\n\r\n // Authenticate the server's response\r\n\r\n var isValid = Hawk.client.authenticate(response, credentials, header.artifacts, { payload: body });\r\n\r\n // Output results\r\n\r\n console.log(response.statusCode + ': ' + body + (isValid ? ' (valid)' : ' (invalid)'));\r\n});\r\n```\r\n\r\n**Hawk** utilized the [**SNTP**](https://github.com/hueniverse/sntp) module for time sync management. By default, the local\r\nmachine time is used. To automatically retrieve and synchronice the clock within the application, use the SNTP 'start()' method.\r\n\r\n```javascript\r\nHawk.sntp.start();\r\n```\r\n\r\n\r\n## Protocol Example\r\n\r\nThe client attempts to access a protected resource without authentication, sending the following HTTP request to\r\nthe resource server:\r\n\r\n```\r\nGET /resource/1?b=1&a=2 HTTP/1.1\r\nHost: example.com:8000\r\n```\r\n\r\nThe resource server returns an authentication challenge.\r\n\r\n```\r\nHTTP/1.1 401 Unauthorized\r\nWWW-Authenticate: Hawk\r\n```\r\n\r\nThe client has previously obtained a set of **Hawk** credentials for accessing resources on the \"http://example.com/\"\r\nserver. The **Hawk** credentials issued to the client include the following attributes:\r\n\r\n* Key identifier: dh37fgj492je\r\n* Key: werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn\r\n* Algorithm: sha256\r\n\r\nThe client generates the authentication header by calculating a timestamp (e.g. the number of seconds since January 1,\r\n1970 00:00:00 GMT), generating a nonce, and constructing the normalized request string (each value followed by a newline\r\ncharacter):\r\n\r\n```\r\nhawk.1.header\r\n1353832234\r\nj4h3g2\r\nGET\r\n/resource/1?b=1&a=2\r\nexample.com\r\n8000\r\n\r\nsome-app-ext-data\r\n\r\n```\r\n\r\nThe request MAC is calculated using HMAC with the specified hash algorithm \"sha256\" and the key over the normalized request string.\r\nThe result is base64-encoded to produce the request MAC:\r\n\r\n```\r\n6R4rV5iE+NPoym+WwjeHzjAGXUtLNIxmo1vpMofpLAE=\r\n```\r\n\r\nThe client includes the **Hawk** key identifier, timestamp, nonce, application specific data, and request MAC with the request using\r\nthe HTTP `Authorization` request header field:\r\n\r\n```\r\nGET /resource/1?b=1&a=2 HTTP/1.1\r\nHost: example.com:8000\r\nAuthorization: Hawk id=\"dh37fgj492je\", ts=\"1353832234\", nonce=\"j4h3g2\", ext=\"some-app-ext-data\", mac=\"6R4rV5iE+NPoym+WwjeHzjAGXUtLNIxmo1vpMofpLAE=\"\r\n```\r\n\r\nThe server validates the request by calculating the request MAC again based on the request received and verifies the validity\r\nand scope of the **Hawk** credentials. If valid, the server responds with the requested resource.\r\n\r\n\r\n### Payload Validation\r\n\r\n**Hawk** provides optional payload validation. When generating the authentication header, the client calculates a payload hash\r\nusing the specified hash algorithm. The hash is calculated over the concatenated value of (each followed by a newline character):\r\n* `hawk.1.payload`\r\n* the content-type in lowercase, without any parameters (e.g. `application/json`)\r\n* the request payload prior to any content encoding (the exact representation requirements should be specified by the server for payloads other than simple single-part ascii to ensure interoperability)\r\n\r\nFor example:\r\n\r\n* Payload: `Thank you for flying Hawk`\r\n* Content Type: `text/plain`\r\n* Hash (sha256): `Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=`\r\n\r\nResults in the following input to the payload hash function (newline terminated values):\r\n\r\n```\r\nhawk.1.payload\r\ntext/plain\r\nThank you for flying Hawk\r\n\r\n```\r\n\r\nWhich produces the following hash value:\r\n\r\n```\r\nYi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=\r\n```\r\n\r\nThe client constructs the normalized request string (newline terminated values):\r\n\r\n```\r\nhawk.1.header\r\n1353832234\r\nj4h3g2\r\nPOST\r\n/resource/1?a=1&b=2\r\nexample.com\r\n8000\r\nYi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=\r\nsome-app-ext-data\r\n\r\n```\r\n\r\nThen calculates the request MAC and includes the **Hawk** key identifier, timestamp, nonce, payload hash, application specific data,\r\nand request MAC, with the request using the HTTP `Authorization` request header field:\r\n\r\n```\r\nPOST /resource/1?a=1&b=2 HTTP/1.1\r\nHost: example.com:8000\r\nAuthorization: Hawk id=\"dh37fgj492je\", ts=\"1353832234\", nonce=\"j4h3g2\", hash=\"Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=\", ext=\"some-app-ext-data\", mac=\"aSe1DERmZuRl3pI36/9BdZmnErTw3sNzOOAUlfeKjVw=\"\r\n```\r\n\r\nIt is up to the server if and when it validates the payload for any given request, based solely on it's security policy\r\nand the nature of the data included.\r\n\r\nIf the payload is available at the time of authentication, the server uses the hash value provided by the client to construct\r\nthe normalized string and validates the MAC. If the MAC is valid, the server calculates the payload hash and compares the value\r\nwith the provided payload hash in the header. In many cases, checking the MAC first is faster than calculating the payload hash.\r\n\r\nHowever, if the payload is not available at authentication time (e.g. too large to fit in memory, streamed elsewhere, or processed\r\nat a different stage in the application), the server may choose to defer payload validation for later by retaining the hash value\r\nprovided by the client after validating the MAC.\r\n\r\nIt is important to note that MAC validation does not mean the hash value provided by the client is valid, only that the value\r\nincluded in the header was not modified. Without calculating the payload hash on the server and comparing it to the value provided\r\nby the client, the payload may be modified by an attacker.\r\n\r\n\r\n## Response Payload Validation\r\n\r\n**Hawk** provides partial response payload validation. The server includes the `Server-Authorization` response header which enables the\r\nclient to authenticate the response and ensure it is talking to the right server. **Hawk** defines the HTTP `Server-Authorization` header\r\nas a response header using the exact same syntax as the `Authorization` request header field.\r\n\r\nThe header is contructed using the same process as the client's request header. The server uses the same credentials and other\r\nartifacts provided by the client to constructs the normalized request string. The `ext` and `hash` values are replaced with\r\nnew values based on the server response. The rest as identical to those used by the client.\r\n\r\nThe result MAC digest is included with the optional `hash` and `ext` values:\r\n\r\n```\r\nServer-Authorization: Hawk mac=\"XIJRsMl/4oL+nn+vKoeVZPdCHXB4yJkNnBbTbHFZUYE=\", hash=\"f9cDF/TDm7TkYRLnGwRMfeDzT6LixQVLvrIKhh0vgmM=\", ext=\"response-specific\"\r\n```\r\n\r\n\r\n## Browser Support and Considerations\r\n\r\nA browser script is provided for including using a `