aws-sdk 2.0.1 → 2.0.5

package/test/services/sts.spec.coffee

@@ -0,0 +1,72 @@
+helpers = require('../helpers')
+AWS = helpers.AWS
+
+describe 'AWS.STS', ->
+
+  sts = null
+  beforeEach ->
+    sts = new AWS.STS()
+
+  describe 'credentialsFrom', ->
+    it 'returns null if no data is provided', ->
+      expect(sts.credentialsFrom(null)).toEqual(null)
+
+    it 'creates a TemporaryCredentials object with hydrated data', ->
+      creds = sts.credentialsFrom Credentials:
+         AccessKeyId: 'KEY'
+         SecretAccessKey: 'SECRET'
+         SessionToken: 'TOKEN'
+         Expiration: new Date(0)
+      expect(creds instanceof AWS.TemporaryCredentials)
+      expect(creds.accessKeyId).toEqual('KEY')
+      expect(creds.secretAccessKey).toEqual('SECRET')
+      expect(creds.sessionToken).toEqual('TOKEN')
+      expect(creds.expireTime).toEqual(new Date(0))
+      expect(creds.expired).toEqual(false)
+
+    it 'updates an existing Credentials object with hydrated data', ->
+      data = Credentials:
+         AccessKeyId: 'KEY'
+         SecretAccessKey: 'SECRET'
+         SessionToken: 'TOKEN'
+         Expiration: new Date(0)
+      creds = new AWS.Credentials
+      sts.credentialsFrom(data, creds)
+      expect(creds instanceof AWS.Credentials)
+      expect(creds.accessKeyId).toEqual('KEY')
+      expect(creds.secretAccessKey).toEqual('SECRET')
+      expect(creds.sessionToken).toEqual('TOKEN')
+      expect(creds.expireTime).toEqual(new Date(0))
+      expect(creds.expired).toEqual(false)
+
+  describe 'assumeRoleWithWebIdentity', ->
+    service = new AWS.STS
+
+    it 'sends an unsigned GET request (params in query string)', ->
+      helpers.mockHttpResponse 200, {}, '{}'
+      params = RoleArn: 'ARN', RoleSessionName: 'NAME', WebIdentityToken: 'TOK'
+      service.assumeRoleWithWebIdentity params, ->
+        hr = this.request.httpRequest
+        expect(hr.method).toEqual('GET')
+        expect(hr.body).toEqual('')
+        expect(hr.headers['Authorization']).toEqual(undefined)
+        expect(hr.headers['Content-Type']).toEqual(undefined)
+        expect(hr.path).toEqual('/?Action=AssumeRoleWithWebIdentity&' +
+          'RoleArn=ARN&RoleSessionName=NAME&Version=' +
+          service.api.apiVersion + '&WebIdentityToken=TOK')
+
+  describe 'assumeRoleWithSAML', ->
+    service = new AWS.STS
+
+    it 'sends an unsigned GET request (params in query string)', ->
+      helpers.mockHttpResponse 200, {}, '{}'
+      params = RoleArn: 'ARN', PrincipalArn: 'PARN', SAMLAssertion: 'OK'
+      service.assumeRoleWithSAML params, ->
+        hr = this.request.httpRequest
+        expect(hr.method).toEqual('GET')
+        expect(hr.body).toEqual('')
+        expect(hr.headers['Authorization']).toEqual(undefined)
+        expect(hr.headers['Content-Type']).toEqual(undefined)
+        expect(hr.path).toEqual('/?Action=AssumeRoleWithSAML&' +
+          'PrincipalArn=PARN&RoleArn=ARN&SAMLAssertion=OK&' +
+          'Version=' + service.api.apiVersion)

package/test/services/swf.spec.coffee

@@ -0,0 +1,6 @@
+helpers = require('../helpers')
+AWS = helpers.AWS
+
+describe 'AWS.SWF', ->
+  it 'is also AWS.SimpleWorkflow', ->
+    expect(AWS.SWF).toBe(AWS.SimpleWorkflow)

package/test/signers/presign.spec.coffee

@@ -0,0 +1,36 @@
+helpers = require('../helpers')
+AWS = helpers.AWS
+cw = new AWS.CloudWatch()
+
+describe 'AWS.Signers.Presign', ->
+  resultUrl = "https://monitoring.mock-region.amazonaws.com/?" +
+    "Action=ListMetrics&Version=#{cw.api.apiVersion}&" +
+    "X-Amz-Algorithm=AWS4-HMAC-SHA256&" +
+    "X-Amz-Credential=akid%2F19700101%2Fmock-region%2Fmonitoring%2Faws4_request&" +
+    "X-Amz-Date=19700101T000000Z&X-Amz-Expires=3600&X-Amz-Security-Token=session&" +
+    "X-Amz-Signature=953bd6d74e86c12adc305f656473d614269d2f20a0c18c5edbb3d7f57ca2b439&" +
+    "X-Amz-SignedHeaders=host"
+
+  beforeEach ->
+    spyOn(AWS.util.date, 'getDate').andReturn(new Date(0))
+
+  it 'presigns requests', ->
+    cw.listMetrics().presign (err, url) ->
+      expect(url).toEqual(resultUrl)
+
+  it 'presigns synchronously', ->
+    expect(cw.listMetrics().presign()).toEqual(resultUrl)
+
+  it 'allows specifying different expiry time', ->
+    expect(cw.listMetrics().presign(900)).toMatch('X-Amz-Expires=900&')
+
+  it 'limits expiry time to a week in SigV4', ->
+    cw.listMetrics().presign 9999999, (err) ->
+      expect(err.code).toEqual('InvalidExpiryTime')
+      expect(err.message).toEqual(
+        'Presigning does not support expiry time greater than a week with SigV4 signing.')
+
+  it 'only supports s3 or v4 signers', ->
+    new AWS.EC2().describeInstances().presign (err) ->
+      expect(err.code).toEqual('UnsupportedSigner')
+      expect(err.message).toEqual('Presigning only supports S3 or SigV4 signing.')

package/test/signers/s3.spec.coffee

@@ -0,0 +1,297 @@
+AWS = require('../helpers').AWS
+
+describe 'AWS.Signers.S3', ->
+
+  # these can be overriden in tests
+  method = null
+  path = null
+  headers = null
+  body = null
+  date = null
+  virtualHostedBucket = null
+  accessKeyId = null
+  secretAccessKey = null
+  sessionToken = null
+
+  # reset the overriden variable before each test
+  beforeEach ->
+    method = 'POST'
+    path = '/'
+    virtualHostedBucket = null
+    date = new Date(0)
+    headers = {}
+    body = null
+    accessKeyId = 'akid'
+    secretAccessKey = 'secret'
+    sessionToken = null
+
+  buildRequest = () ->
+    req = new AWS.HttpRequest('https://s3.amazonaws.com')
+    req.method = method
+    req.path = path
+    req.headers = headers
+    req.body = body
+    req.virtualHostedBucket = virtualHostedBucket
+    req
+
+  credentials = () ->
+    creds = {}
+    creds.accessKeyId = accessKeyId
+    creds.secretAccessKey = secretAccessKey
+    creds.sessionToken = sessionToken if (sessionToken)
+    creds
+
+  addAuth = (req) ->
+    signer = new AWS.Signers.S3(req || buildRequest())
+    signer.addAuthorization(credentials(), date)
+    signer.request
+
+  stringToSign = (req) ->
+    signer = new AWS.Signers.S3(req || buildRequest())
+    signer.stringToSign()
+
+  describe 'addAuthorization', ->
+    it 'sets the date header when not present', ->
+      req = buildRequest()
+      addAuth(req)
+      expect(req.headers['X-Amz-Date']).toEqual(AWS.util.date.rfc822(date))
+
+    it 'overwrites Date if present', ->
+      req = buildRequest()
+      req.headers['X-Amz-Date'] = 'date-string'
+      addAuth(req)
+      expect(req.headers['X-Amz-Date']).toEqual(AWS.util.date.rfc822(date))
+
+    it 'omits the security token header when session token is blank', ->
+      sessionToken = null
+      req = addAuth()
+      expect(req.headers['x-amz-security-token']).toEqual(undefined)
+
+    it 'adds a security token header when session token available', ->
+      sessionToken = 'session'
+      req = addAuth()
+      expect(req.headers['x-amz-security-token']).toEqual('session')
+
+    it 'adds an Authorization header which contains akid and signature', ->
+
+      creds = { accessKeyId: 'AKID', secretAccessKey: 'secret' }
+
+      req = buildRequest()
+
+      signer = new AWS.Signers.S3(req)
+
+      spyOn(signer, 'stringToSign')
+      signer.stringToSign.andReturn('string-to-sign')
+      signer.addAuthorization(creds, date)
+
+      expect(req.headers['Authorization']).toEqual('AWS AKID:Gg5WLabTOvH0WMd15wv7lWe4zK0=')
+
+    it 'properly signs special characters', ->
+
+      creds = { accessKeyId: 'AKID', secretAccessKey: 'secret' }
+
+      req = buildRequest()
+
+      signer = new AWS.Signers.S3(req)
+
+      spyOn(signer, 'stringToSign')
+      signer.stringToSign.andReturn('!@#$%^&*();\':"{}[],./?`~')
+      signer.addAuthorization(creds, date)
+
+      expect(req.headers['Authorization']).toEqual('AWS AKID:2E04i7QCa0uZTYtxue9dEqto3dg=')
+
+
+  describe 'stringToSign', ->
+
+    beforeEach ->
+      headers['X-Amz-Date'] = 'DATE-STRING'
+
+    it 'builds a basic string to sign', ->
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /
+      """)
+
+    it 'includes content md5 and content type when present', ->
+      headers['Content-Type'] = 'CONTENT-TYPE'
+      headers['Content-MD5'] = 'CONTENT-MD5'
+      expect(stringToSign()).toEqual("""
+      POST
+      CONTENT-MD5
+      CONTENT-TYPE
+
+      x-amz-date:DATE-STRING
+      /
+      """)
+
+    it 'includes the http method, whatever it is', ->
+      method = 'VERB'
+      expect(stringToSign()).toEqual("""
+      VERB
+
+
+
+      x-amz-date:DATE-STRING
+      /
+      """)
+
+    it 'includes any x-amz- style headers, but not others', ->
+      headers['X-Amz-Abc'] = 'abc'
+      headers['X-Amz-Xyz'] = 'xyz'
+      headers['random-header'] = 'random'
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-abc:abc
+      x-amz-date:DATE-STRING
+      x-amz-xyz:xyz
+      /
+      """)
+
+    it 'includes x-amz- headers that are lower-cased', ->
+      headers['x-amz-Abc'] = 'abc'
+      headers['x-amz-Xyz'] = 'xyz'
+      headers['random-header'] = 'random'
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-abc:abc
+      x-amz-date:DATE-STRING
+      x-amz-xyz:xyz
+      /
+      """)
+
+    it 'sorts headers by their name', ->
+      headers['x-amz-mno'] = 'mno'
+      headers['x-amz-Xyz'] = 'xyz'
+      headers['x-amz-Abc'] = 'abc'
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-abc:abc
+      x-amz-date:DATE-STRING
+      x-amz-mno:mno
+      x-amz-xyz:xyz
+      /
+      """)
+
+    it 'builds a canonical resource from the path', ->
+      path = '/bucket_name/key'
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /bucket_name/key
+      """)
+
+    it 'appends the bucket to the path when it is part of the hostname', ->
+      path = '/'
+      virtualHostedBucket = 'bucket-name'
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /bucket-name/
+      """)
+
+    it 'appends the subresource portion of the path querystring', ->
+      path = '/?acl'
+      virtualHostedBucket = 'bucket-name'
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /bucket-name/?acl
+      """)
+
+    it 'includes the sub resource value when present', ->
+      path = '/bucket_name/key?versionId=123'
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /bucket_name/key?versionId=123
+      """)
+
+    it 'omits non-sub-resource querystring params from the resource string', ->
+      path = '/?versionId=abc&next-marker=xyz'
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /?versionId=abc
+      """)
+
+    it 'sorts sub resources by name', ->
+      path = '/?logging&acl&website&torrent=123' # made up example
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /?acl&logging&torrent=123&website
+      """)
+
+    it 'sorts sub resources by name', ->
+      path = '/?logging&acl&website&torrent=123' # made up example
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /?acl&logging&torrent=123&website
+      """)
+
+    it 'includes the un-decoded query string param for sub resources', ->
+      path = '/?versionId=a%2Bb' # a+b
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /?versionId=a%2Bb
+      """)
+
+    it 'includes the non-encoded query string get header overrides', ->
+      path = '/?response-content-type=a%2Bb' # a+b
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      x-amz-date:DATE-STRING
+      /?response-content-type=a+b
+      """)
+
+    it 'omits the date header when not present', ->
+      delete headers['X-Amz-Date']
+      expect(stringToSign()).toEqual("""
+      POST
+
+
+
+      /
+      """)

package/test/signers/v2.spec.coffee

@@ -0,0 +1,68 @@
+AWS = require('../helpers').AWS
+
+describe 'AWS.Signers.V2', ->
+
+  credentials = null
+  date = null
+  request = null
+  signer = null
+
+  buildRequest = ->
+    request = new AWS.HttpRequest(new AWS.Endpoint('localhost'))
+    request.params = {}
+    request
+
+  buildSigner = (request) ->
+    new AWS.Signers.V2(request)
+
+  signRequest = (request) ->
+    signer = new AWS.Signers.V2(request)
+    signer.addAuthorization(credentials, date)
+
+  beforeEach ->
+    credentials = { accessKeyId:'akid', secretAccessKey:'secret' }
+    date = new Date(1935346573456)
+    signRequest(buildRequest())
+
+  stringify = AWS.util.queryParamsToString
+
+  describe 'constructor', ->
+
+    it 'builds a signer for a request object', ->
+      expect(signer.request).toBe(request)
+
+  describe 'addAuthorization', ->
+
+    it 'adds a url encoded iso8601 timestamp param', ->
+      expect(stringify(request.params)).toMatch(/Timestamp=2031-04-30T20%3A16%3A13.456Z/)
+
+    it 'adds a SignatureVersion param', ->
+      expect(stringify(request.params)).toMatch(/SignatureVersion=2/)
+
+    it 'adds a SignatureMethod param', ->
+      expect(stringify(request.params)).toMatch(/SignatureMethod=HmacSHA256/)
+
+    it 'adds an AWSAccessKeyId param', ->
+      expect(stringify(request.params)).toMatch(/AWSAccessKeyId=akid/)
+
+    it 'omits SecurityToken when sessionToken has been omitted', ->
+      expect(stringify(request.params)).not.toMatch(/SecurityToken/)
+
+    it 'adds the SecurityToken when sessionToken is provided', ->
+      credentials.sessionToken = 'session'
+      signRequest(buildRequest())
+      expect(stringify(request.params)).toMatch(/SecurityToken=session/)
+
+    it 'populates the body', ->
+      expect(request.body).toEqual('AWSAccessKeyId=akid&Signature=%2FrumhWptMPvyb4aaeOv5iGpl6%2FLfs5uVHu8k1d3NNfc%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2031-04-30T20%3A16%3A13.456Z')
+
+    it 'populates content-length header', ->
+      expect(request.headers['Content-Length']).toEqual(165)
+
+    it 'signs additional body params', ->
+      request = buildRequest()
+      request.params['Param.1'] = 'abc'
+      request.params['Param.2'] = 'xyz'
+      signRequest(request)
+      expect(request.body).toEqual('AWSAccessKeyId=akid&Param.1=abc&Param.2=xyz&Signature=3pcXIWw0eVd4wFmp%2Blo24L93UTMGcYSNE%2BFYNNqzDts%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2031-04-30T20%3A16%3A13.456Z')
+

package/test/signers/v4.spec.coffee

@@ -0,0 +1,135 @@
+helpers = require('../helpers')
+AWS = helpers.AWS
+
+beforeEach ->
+  spyOn(AWS.util, 'userAgent').andReturn('aws-sdk-js/0.1')
+
+buildRequest = ->
+  ddb = new AWS.DynamoDB({region: 'region', endpoint: 'localhost', apiVersion: '2011-12-05'})
+  req = ddb.makeRequest('listTables', {ExclusiveStartTableName: 'bår'})
+  req.build()
+  req.httpRequest.headers['X-Amz-User-Agent'] = 'aws-sdk-js/0.1'
+  req.httpRequest
+
+buildSigner = (request) ->
+  return new AWS.Signers.V4(request || buildRequest(), 'dynamodb')
+
+describe 'AWS.Signers.V4', ->
+  date = new Date(1935346573456)
+  datetime = AWS.util.date.iso8601(date).replace(/[:\-]|\.\d{3}/g, '')
+  creds = null
+  signature = '0e24aaa0cc86cdc1b73143a147e731cf8c93d450cfcf1d18b2b7473f810b7a1d'
+  authorization = 'AWS4-HMAC-SHA256 Credential=akid/20310430/region/dynamodb/aws4_request, ' +
+    'SignedHeaders=host;x-amz-date;x-amz-security-token;x-amz-target;x-amz-user-agent, ' +
+    'Signature=' + signature
+  signer = null
+
+  beforeEach ->
+    creds = accessKeyId: 'akid', secretAccessKey: 'secret', sessionToken: 'session'
+    signer = buildSigner()
+    signer.addHeaders(creds, datetime)
+
+  describe 'constructor', ->
+    it 'can build a signer for a request object', ->
+      req = buildRequest()
+      signer = buildSigner(req)
+      expect(signer.request).toBe(req)
+
+  describe 'addAuthorization', ->
+    headers = {
+      'Content-Type': 'application/x-amz-json-1.0',
+      'Content-Length': 34,
+      'X-Amz-Target': 'DynamoDB_20111205.ListTables',
+      'Host': 'localhost',
+      'X-Amz-Date': datetime,
+      'x-amz-security-token' : 'session',
+      'Authorization' : authorization
+    }
+
+    for key, value of headers
+      it 'should add ' + key + ' header', ->
+        signer.addAuthorization(creds, date)
+        key = this.description.match(/(\S+) header/)[1]
+        expect(signer.request.headers[key]).toEqual(headers[key])
+
+  describe 'authorization', ->
+    it 'should return authorization part for signer', ->
+      expect(signer.authorization(creds, datetime)).toEqual(authorization)
+
+  describe 'signature', ->
+    it 'should generate proper signature', ->
+      expect(signer.signature(creds, datetime)).toEqual(signature)
+
+    describe 'caching', ->
+      callCount = null
+      calls = null
+
+      beforeEach ->
+        spyOn(AWS.util.crypto, 'hmac')
+        signer.signature(creds, datetime)
+        calls = AWS.util.crypto.hmac.calls
+        callCount = calls.length
+
+      it 'caches subsequent requests', ->
+        signer.signature(creds, datetime)
+        expect(calls.length).toEqual(callCount + 1)
+        signer.signature(creds, datetime)
+        expect(calls.length).toEqual(callCount + 2)
+
+      it 'busts cache if region changes', ->
+        signer.request.region = 'new-region'
+        signer.signature(creds, datetime)
+        expect(calls.length).toEqual(callCount + 5)
+
+      it 'busts cache if service changes', ->
+        signer.serviceName = 'newService'
+        signer.signature(creds, datetime)
+        expect(calls.length).toEqual(callCount + 5)
+
+      it 'busts cache if access key changes', ->
+        creds.accessKeyId = 'NEWAKID'
+        signer.signature(creds, datetime)
+        expect(calls.length).toEqual(callCount + 5)
+
+      it 'busts cache if date changes', ->
+        newDate = new Date(date.getTime() + 1000000000)
+        newDatetime = AWS.util.date.iso8601(newDate).replace(/[:\-]|\.\d{3}/g, '')
+        signer.signature(creds, newDatetime)
+        expect(calls.length).toEqual(callCount + 5)
+
+  describe 'stringToSign', ->
+    it 'should sign correctly generated input string', ->
+      expect(signer.stringToSign(datetime)).toEqual 'AWS4-HMAC-SHA256\n' +
+        datetime + '\n' +
+        '20310430/region/dynamodb/aws4_request\n' +
+        signer.hexEncodedHash(signer.canonicalString())
+
+  describe 'canonicalHeaders', ->
+    it 'should return headers', ->
+      expect(signer.canonicalHeaders()).toEqual [
+        'host:localhost',
+        'x-amz-date:' + datetime,
+        'x-amz-security-token:session',
+        'x-amz-target:DynamoDB_20111205.ListTables',
+        'x-amz-user-agent:aws-sdk-js/0.1'
+      ].join('\n')
+
+    it 'should ignore Authorization header', ->
+      signer.request.headers = {'Authorization': 'foo'}
+      expect(signer.canonicalHeaders()).toEqual('')
+
+    it 'should lowercase all header names (not values)', ->
+      signer.request.headers = {'FOO': 'BAR'}
+      expect(signer.canonicalHeaders()).toEqual('foo:BAR')
+
+    it 'should sort headers by key', ->
+      signer.request.headers = {abc: 'a', bca: 'b', Qux: 'c', bar: 'd'}
+      expect(signer.canonicalHeaders()).toEqual('abc:a\nbar:d\nbca:b\nqux:c')
+
+    it 'should compact multiple spaces in keys/values to a single space', ->
+      signer.request.headers = {'Header': 'Value     with  Multiple   \t spaces'}
+      expect(signer.canonicalHeaders()).toEqual('header:Value with Multiple spaces')
+
+    it 'should strip starting and end of line spaces', ->
+      signer.request.headers = {'Header': ' \t   Value  \t  '}
+      expect(signer.canonicalHeaders()).toEqual('header:Value')