From 93f8d916c444a38e94a650d61a27e307f749acb2 Mon Sep 17 00:00:00 2001 From: dwolter-emarsys <42273062+dwolter-emarsys@users.noreply.github.com> Date: Thu, 3 Oct 2024 13:53:40 -0400 Subject: [PATCH] INTERNAL | correcting WSSE logic (#3252) --- .../bruno-cli/src/runner/prepare-request.js | 10 +++++----- .../src/ipc/network/prepare-request.js | 20 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/packages/bruno-cli/src/runner/prepare-request.js b/packages/bruno-cli/src/runner/prepare-request.js index d6688a1ff..bc2b22886 100644 --- a/packages/bruno-cli/src/runner/prepare-request.js +++ b/packages/bruno-cli/src/runner/prepare-request.js @@ -76,17 +76,17 @@ const prepareRequest = (request, collectionRoot) => { const password = get(request, 'auth.wsse.password', ''); const ts = new Date().toISOString(); - const nonce = crypto.randomBytes(16).toString('base64'); + const nonce = crypto.randomBytes(16).toString('hex'); - // Create the password digest using SHA-256 - const hash = crypto.createHash('sha256'); + // Create the password digest using SHA-1 as required for WSSE + const hash = crypto.createHash('sha1'); hash.update(nonce + ts + password); - const digest = hash.digest('base64'); + const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64'); // Construct the WSSE header axiosRequest.headers[ 'X-WSSE' - ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`; + ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`; } } diff --git a/packages/bruno-electron/src/ipc/network/prepare-request.js b/packages/bruno-electron/src/ipc/network/prepare-request.js index 0bac42af9..93cbed419 100644 --- a/packages/bruno-electron/src/ipc/network/prepare-request.js +++ b/packages/bruno-electron/src/ipc/network/prepare-request.js @@ -224,17 +224,17 @@ const setAuthHeaders = (axiosRequest, request, collectionRoot) => { const password = get(request, 'auth.wsse.password', ''); const ts = new Date().toISOString(); - const nonce = crypto.randomBytes(16).toString('base64'); + const nonce = crypto.randomBytes(16).toString('hex'); - // Create the password digest using SHA-256 - const hash = crypto.createHash('sha256'); + // Create the password digest using SHA-1 as required for WSSE + const hash = crypto.createHash('sha1'); hash.update(nonce + ts + password); - const digest = hash.digest('base64'); + const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64'); // Construct the WSSE header axiosRequest.headers[ 'X-WSSE' - ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`; + ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`; break; case 'apikey': const apiKeyAuth = get(collectionAuth, 'apikey'); @@ -318,17 +318,17 @@ const setAuthHeaders = (axiosRequest, request, collectionRoot) => { const password = get(request, 'auth.wsse.password', ''); const ts = new Date().toISOString(); - const nonce = crypto.randomBytes(16).toString('base64'); + const nonce = crypto.randomBytes(16).toString('hex'); - // Create the password digest using SHA-256 - const hash = crypto.createHash('sha256'); + // Create the password digest using SHA-1 as required for WSSE + const hash = crypto.createHash('sha1'); hash.update(nonce + ts + password); - const digest = hash.digest('base64'); + const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64'); // Construct the WSSE header axiosRequest.headers[ 'X-WSSE' - ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`; + ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`; break; case 'apikey': const apiKeyAuth = get(request, 'auth.apikey');