diff --git a/packages/bruno-cli/src/runner/prepare-request.js b/packages/bruno-cli/src/runner/prepare-request.js index d6688a1ff..bc2b22886 100644 --- a/packages/bruno-cli/src/runner/prepare-request.js +++ b/packages/bruno-cli/src/runner/prepare-request.js @@ -76,17 +76,17 @@ const prepareRequest = (request, collectionRoot) => { const password = get(request, 'auth.wsse.password', ''); const ts = new Date().toISOString(); - const nonce = crypto.randomBytes(16).toString('base64'); + const nonce = crypto.randomBytes(16).toString('hex'); - // Create the password digest using SHA-256 - const hash = crypto.createHash('sha256'); + // Create the password digest using SHA-1 as required for WSSE + const hash = crypto.createHash('sha1'); hash.update(nonce + ts + password); - const digest = hash.digest('base64'); + const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64'); // Construct the WSSE header axiosRequest.headers[ 'X-WSSE' - ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`; + ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`; } } diff --git a/packages/bruno-electron/src/ipc/network/prepare-request.js b/packages/bruno-electron/src/ipc/network/prepare-request.js index 0bac42af9..93cbed419 100644 --- a/packages/bruno-electron/src/ipc/network/prepare-request.js +++ b/packages/bruno-electron/src/ipc/network/prepare-request.js @@ -224,17 +224,17 @@ const setAuthHeaders = (axiosRequest, request, collectionRoot) => { const password = get(request, 'auth.wsse.password', ''); const ts = new Date().toISOString(); - const nonce = crypto.randomBytes(16).toString('base64'); + const nonce = crypto.randomBytes(16).toString('hex'); - // Create the password digest using SHA-256 - const hash = crypto.createHash('sha256'); + // Create the password digest using SHA-1 as required for WSSE + const hash = crypto.createHash('sha1'); hash.update(nonce + ts + password); - const digest = hash.digest('base64'); + const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64'); // Construct the WSSE header axiosRequest.headers[ 'X-WSSE' - ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`; + ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`; break; case 'apikey': const apiKeyAuth = get(collectionAuth, 'apikey'); @@ -318,17 +318,17 @@ const setAuthHeaders = (axiosRequest, request, collectionRoot) => { const password = get(request, 'auth.wsse.password', ''); const ts = new Date().toISOString(); - const nonce = crypto.randomBytes(16).toString('base64'); + const nonce = crypto.randomBytes(16).toString('hex'); - // Create the password digest using SHA-256 - const hash = crypto.createHash('sha256'); + // Create the password digest using SHA-1 as required for WSSE + const hash = crypto.createHash('sha1'); hash.update(nonce + ts + password); - const digest = hash.digest('base64'); + const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64'); // Construct the WSSE header axiosRequest.headers[ 'X-WSSE' - ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`; + ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`; break; case 'apikey': const apiKeyAuth = get(request, 'auth.apikey');