INTERNAL | correcting WSSE logic (#3252)

2024-11-21 23:43:15 +01:00 · 2024-10-03 13:53:40 -04:00 · 2024-10-03 13:53:40 -04:00 · 93f8d916c4
commit 93f8d916c4
parent 6bc8acd1e1
2 changed files with 15 additions and 15 deletions
--- a/packages/bruno-cli/src/runner/prepare-request.js
+++ b/packages/bruno-cli/src/runner/prepare-request.js
@ -76,17 +76,17 @@ const prepareRequest = (request, collectionRoot) => {
      const password = get(request, 'auth.wsse.password', '');

      const ts = new Date().toISOString();
-      const nonce = crypto.randomBytes(16).toString('base64');
+      const nonce = crypto.randomBytes(16).toString('hex');

-      // Create the password digest using SHA-256
-      const hash = crypto.createHash('sha256');
+      // Create the password digest using SHA-1 as required for WSSE
+      const hash = crypto.createHash('sha1');
      hash.update(nonce + ts + password);
-      const digest = hash.digest('base64');
+      const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64');

      // Construct the WSSE header
      axiosRequest.headers[
        'X-WSSE'
-      ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`;
+      ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`;
    }
  }

--- a/packages/bruno-electron/src/ipc/network/prepare-request.js
+++ b/packages/bruno-electron/src/ipc/network/prepare-request.js
@ -224,17 +224,17 @@ const setAuthHeaders = (axiosRequest, request, collectionRoot) => {
        const password = get(request, 'auth.wsse.password', '');

        const ts = new Date().toISOString();
-        const nonce = crypto.randomBytes(16).toString('base64');
+        const nonce = crypto.randomBytes(16).toString('hex');

-        // Create the password digest using SHA-256
-        const hash = crypto.createHash('sha256');
+        // Create the password digest using SHA-1 as required for WSSE
+        const hash = crypto.createHash('sha1');
        hash.update(nonce + ts + password);
-        const digest = hash.digest('base64');
+        const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64');

        // Construct the WSSE header
        axiosRequest.headers[
          'X-WSSE'
-        ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`;
+        ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`;
        break;
      case 'apikey':
        const apiKeyAuth = get(collectionAuth, 'apikey');
@ -318,17 +318,17 @@ const setAuthHeaders = (axiosRequest, request, collectionRoot) => {
        const password = get(request, 'auth.wsse.password', '');

        const ts = new Date().toISOString();
-        const nonce = crypto.randomBytes(16).toString('base64');
+        const nonce = crypto.randomBytes(16).toString('hex');

-        // Create the password digest using SHA-256
-        const hash = crypto.createHash('sha256');
+        // Create the password digest using SHA-1 as required for WSSE
+        const hash = crypto.createHash('sha1');
        hash.update(nonce + ts + password);
-        const digest = hash.digest('base64');
+        const digest = Buffer.from(hash.digest('hex').toString('utf8')).toString('base64');

        // Construct the WSSE header
        axiosRequest.headers[
          'X-WSSE'
-        ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Created="${ts}", Nonce="${nonce}"`;
+        ] = `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${ts}"`;
        break;
      case 'apikey':
        const apiKeyAuth = get(request, 'auth.apikey');