SECURITY-10891: pull in new test cases, fix tests

knagy · Borcsa134 · knagy · commit dc1bbea58859 · 2025-09-05T14:10:34.000Z
Co-authored-by: Borisz Juhasz &lt;borisz.juhasz@emarsys.com&gt;
diff --git a/escher-test-cases b/escher-test-cases
@@ -1 +1 @@
-Subproject commit 94d4468f4ccb364469a91fb04ed8fd0cff41b885
+Subproject commit 854684b8e90d135f296bc7ec08dce96e290fb5b2
diff --git a/lib/authhelper.js b/lib/authhelper.js
@@ -44,7 +44,10 @@ class AuthHelper {
   }
 
   generatePreSignedUrl(requestUrl, expires) {
-    const parsedUrl = Utils.parseUrl(requestUrl, true); // TODO apply fixed parse here too (?)
+    let [urlToSign, fragment] = requestUrl.split('#', 2);
+    fragment = fragment ? `#${fragment}` : '';
+
+    const parsedUrl = Utils.parseUrl(urlToSign, true); // TODO apply fixed parse here too (?)
     const requestOptions = {
       host: parsedUrl.host,
       method: 'GET',
@@ -64,16 +67,16 @@ class AuthHelper {
     };
 
     Object.keys(params).forEach(key => {
-      requestUrl = Utils.appendQueryParamToUrl(requestUrl, this._getParamKey(key), params[key]);
+      urlToSign = Utils.appendQueryParamToUrl(urlToSign, this._getParamKey(key), params[key]);
     });
 
-    requestOptions.url = Utils.parseUrl(requestUrl, true).path;
+    requestOptions.url = Utils.parseUrl(urlToSign, true).path;
     const signer = new Signer(this._config, this._currentDate);
     const signature = signer.calculateSignature(
       signer.getStringToSign(requestOptions, 'UNSIGNED-PAYLOAD', headersToSign),
       signer.calculateSigningKey()
     );
-    return Utils.appendQueryParamToUrl(requestUrl, this._getParamKey('Signature'), signature);
+    return Utils.appendQueryParamToUrl(urlToSign, this._getParamKey('Signature'), signature) + fragment;
   }
 
   _getParamKey(paramName) {
diff --git a/lib/escher.js b/lib/escher.js
@@ -12,7 +12,7 @@ class Escher {
     const config = Utils.mergeOptions(
       {
         algoPrefix: 'ESR',
-        vendorKey: 'ESCHER',
+        vendorKey: 'Escher',
         hashAlgo: 'SHA256',
         credentialScope: 'escher_request',
         authHeaderName: 'X-Escher-Auth',
@@ -23,8 +23,8 @@ class Escher {
     );
 
     // validate the configuration
-    if (typeof config.vendorKey !== 'string' || config.vendorKey !== config.vendorKey.toUpperCase()) {
-      throw new Error('Vendor key should be an uppercase string');
+    if (typeof config.vendorKey !== 'string') {
+      throw new Error('Vendor key should be a string');
     }
 
     if (typeof config.algoPrefix !== 'string') {
diff --git a/spec/auth-helper.tape.js b/spec/auth-helper.tape.js
@@ -11,7 +11,7 @@ function runAuthHelperTests(testCases) {
 }
 
 function runGenerateHeaderTape({ test, group, file }) {
-  if (test.expected.authHeader) {
+  if (test.config.hashAlgo && test.expected.authHeader) {
     tape(`[${group}] ${file} | AuthHelper #generateHeader`, t => {
       const authHeader = new AuthHelper(test.config, new Date(test.config.date)).generateHeader(
         test.request,
diff --git a/spec/date-handling.tape.js b/spec/date-handling.tape.js
@@ -60,7 +60,7 @@ function runDateHandlingTests() {
 
       const signedUrl = escher.preSignUrl(urlToSign, 60);
       const query = querystring.parse(Utils.parseUrl(signedUrl).query);
-      const date = query['X-ESCHER-Date'];
+      const date = query['X-Escher-Date'];
 
       t.equal(date, '19780210T010203Z');
       t.end();
@@ -74,11 +74,11 @@ function runDateHandlingTests() {
 
       const firstSignedUrl = escher.preSignUrl(urlToSign, 60);
       const firstQuery = querystring.parse(Utils.parseUrl(firstSignedUrl).query);
-      const firstDate = firstQuery['X-ESCHER-Date'];
+      const firstDate = firstQuery['X-Escher-Date'];
       clock.tick(1000);
       const secondSignedUrl = escher.preSignUrl(urlToSign, 60);
       const secondQuery = querystring.parse(Utils.parseUrl(secondSignedUrl).query);
-      const secondDate = secondQuery['X-ESCHER-Date'];
+      const secondDate = secondQuery['X-Escher-Date'];
 
       t.equal(firstDate, '19780210T010203Z');
       t.equal(secondDate, '19780210T010204Z');
diff --git a/spec/signer.tape.js b/spec/signer.tape.js
@@ -11,7 +11,7 @@ function runSignerTests(testCases) {
 }
 
 function runGetStringToSignTape({ test, group, file }) {
-  if (test.expected.stringToSign) {
+  if (test.config.hashAlgo && test.expected.stringToSign) {
     tape(`[${group}] ${file} | Signer #getStringToSign`, t => {
       const stringToSign = new Signer(test.config, new Date(test.config.date)).getStringToSign(
         test.request,

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ function runAuthHelperTests(testCases) {`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`function runGenerateHeaderTape({ test, group, file }) {`
`14`		`- if (test.expected.authHeader) {`
	`14`	`+ if (test.config.hashAlgo && test.expected.authHeader) {`
`15`	`15`	tape(`[${group}] ${file} \| AuthHelper #generateHeader`, t => {
`16`	`16`	`const authHeader = new AuthHelper(test.config, new Date(test.config.date)).generateHeader(`
`17`	`17`	`test.request,`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ function runSignerTests(testCases) {`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`function runGetStringToSignTape({ test, group, file }) {`
`14`		`- if (test.expected.stringToSign) {`
	`14`	`+ if (test.config.hashAlgo && test.expected.stringToSign) {`
`15`	`15`	tape(`[${group}] ${file} \| Signer #getStringToSign`, t => {
`16`	`16`	`const stringToSign = new Signer(test.config, new Date(test.config.date)).getStringToSign(`
`17`	`17`	`test.request,`