postman-runtime 7.28.3 → 7.29.1

package/lib/authorizer/index.js

@@ -24,7 +24,7 @@ AuthLoader = {
     /**
      * Finds the Handler for an Auth type.
      *
-     * @param name
+     * @param {String} name -
      *
      * @returns {AuthHandler}
      */
@@ -35,8 +35,8 @@ AuthLoader = {
     /**
      * Adds a Handler for use with given Auth type.
      *
-     * @param Handler
-     * @param name
+     * @param {Object} Handler -
+     * @param {String} name -
      */
     addHandler: function (Handler, name) {
         if (!_.isFunction(Handler.init)) {
@@ -68,7 +68,7 @@ AuthLoader = {
     /**
      * Removes the Handler for the Auth type.
      *
-     * @param name
+     * @param {String} name -
      */
     removeHandler: function (name) {
         AuthLoader.handlers[name] && (delete AuthLoader.handlers[name]);
@@ -96,8 +96,8 @@ _.forEach({
  *
  * @note This function does not take care of resolving variables.
  *
- * @param {Request} request
- * @param done
+ * @param {Request} request -
+ * @param {Function} done -
  *
  * @returns {Request}
  */
@@ -120,8 +120,8 @@ authorizeRequest = function (request, done) {
 };
 
 module.exports = {
-    AuthLoader: AuthLoader,
-    authorizeRequest: authorizeRequest
+    AuthLoader,
+    authorizeRequest
 };
 
 // Interface
@@ -202,6 +202,7 @@ module.exports = {
  *  - send the intermediate request
  *  - invoke the auth's [init]{@link AuthHandlerInterface#init} hook with the response of the intermediate request
  *  - invoke the auth's [pre]{@link AuthHandlerInterface#pre} hook
+ *
  * @callback AuthHandlerInterface~authPreHookCallback
  * @param {?Error} err
  * @param {Boolean} success Defines whether the [pre]{@link AuthHandlerInterface#pre} hook was successful.
@@ -210,18 +211,21 @@ module.exports = {
 
 /**
  * This callback is called in the `init` hook of the auth handler
+ *
  * @callback AuthHandlerInterface~authInitHookCallback
  * @param {?Error} err
  */
 
 /**
  * This callback is called in the `sign` hook of the auth handler
+ *
  * @callback AuthHandlerInterface~authSignHookCallback
  * @param {?Error} err
  */
 
 /**
  * This callback is called in the `post` hook of the auth handler
+ *
  * @callback AuthHandlerInterface~authPostHookCallback
  * @param {?Error} err
  * @param {Boolean} success Defines whether the request was successful or not. If not, it will be replayed.

package/lib/authorizer/noauth.js

@@ -19,9 +19,9 @@ module.exports = {
      * Initializes an item (extracts parameters from intermediate requests if any, etc)
      * before the actual authorization step.
      *
-     * @param {AuthInterface} auth
-     * @param {Response} response
-     * @param {AuthHandlerInterface~authInitHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Response} response -
+     * @param {AuthHandlerInterface~authInitHookCallback} done -
      */
     init: function (auth, response, done) {
         done(null);
@@ -31,8 +31,8 @@ module.exports = {
      * Checks whether the given item has all the required parameters in its request.
      * Sanitizes the auth parameters if needed.
      *
-     * @param {AuthInterface} auth
-     * @param {AuthHandlerInterface~authPreHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {AuthHandlerInterface~authPreHookCallback} done -
      */
     pre: function (auth, done) {
         done(null, true);
@@ -41,9 +41,9 @@ module.exports = {
     /**
      * Verifies whether the request was successfully authorized after being sent.
      *
-     * @param {AuthInterface} auth
-     * @param {Response} response
-     * @param {AuthHandlerInterface~authPostHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Response} response -
+     * @param {AuthHandlerInterface~authPostHookCallback} done -
      */
     post: function (auth, response, done) {
         done(null, true);
@@ -52,9 +52,9 @@ module.exports = {
     /**
      * Signs a request.
      *
-     * @param {AuthInterface} auth
-     * @param {Request} request
-     * @param {AuthHandlerInterface~authSignHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Request} request -
+     * @param {AuthHandlerInterface~authSignHookCallback} done -
      */
     sign: function (auth, request, done) {
         return done();

package/lib/authorizer/ntlm.js

@@ -36,6 +36,7 @@ var ntlmUtil = require('httpntlm').ntlm,
  *   - Down-Level Logon name format `DOMAIN\USERNAME`
  *   - User Principal Name format `USERNAME@DOMAIN`
  *
+ * @private
  * @param {String} username - Username string to parse from
  * @return {Object} - An object with `username` and `domain` fields, which are `strings`.
  */
@@ -56,7 +57,7 @@ function parseParametersFromUsername (username) {
     // username should be either of the two formats, not both
     if (dllParams.length > 1 && upnParams.length > 1) {
         return {
-            username,
+            username: username,
             domain: EMPTY
         };
     }
@@ -78,15 +79,36 @@ function parseParametersFromUsername (username) {
     }
 
     return {
-        username,
+        username: username,
         domain: EMPTY
     };
 }
 
+/**
+ * Check if `WWW-Authenticate` header has NTLM challenge.
+ *
+ * @private
+ * @param {*} headers - Postman headers instance
+ * @returns {Boolean}
+ */
+function hasNTLMChallenge (headers) {
+    // Case 1: multiple headers
+    // - WWW-Authenticate: NTLM
+    // - WWW-Authenticate: Negotiate
+    if (headers.has(WWW_AUTHENTICATE, NTLM) || headers.has(WWW_AUTHENTICATE, NEGOTIATE)) {
+        return true;
+    }
+
+    // Case 2: single header
+    // - WWW-Authenticate: Negotiate, NTLM
+    return String(headers.get(WWW_AUTHENTICATE)).includes(NTLM);
+}
+
 /**
  * NTLM auth while authenticating requires negotiateMessage (type 1) and authenticateMessage (type 3) to be stored.
  * Also it needs to know which stage is it in (INITIALIZED, T1_MSG_CREATED and T3_MSG_CREATED).
  * After the first successful authentication, it just relies on the TCP connection, no other state is needed.
+ *
  * @todo Currenty we don't close the connection. So there is no way to de-authenticate.
  *
  * @implements {AuthHandlerInterface}
@@ -112,9 +134,9 @@ module.exports = {
      * Initializes an item (extracts parameters from intermediate requests if any, etc)
      * before the actual authorization step.
      *
-     * @param {AuthInterface} auth
-     * @param {Response} response
-     * @param {AuthHandlerInterface~authInitHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Response} response -
+     * @param {AuthHandlerInterface~authInitHookCallback} done -
      */
     init: function (auth, response, done) {
         done(null);
@@ -124,8 +146,8 @@ module.exports = {
      * Verifies whether the request has valid basic auth credentials (which is always).
      * Sanitizes the auth parameters if needed.
      *
-     * @param {AuthInterface} auth
-     * @param {AuthHandlerInterface~authPreHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {AuthHandlerInterface~authPreHookCallback} done -
      */
     pre: function (auth, done) {
         !auth.get(STATE) && auth.set(STATE, STATES.INITIALIZED);
@@ -136,9 +158,9 @@ module.exports = {
     /**
      * Verifies whether the basic auth succeeded.
      *
-     * @param {AuthInterface} auth
-     * @param {Response} response
-     * @param {AuthHandlerInterface~authPostHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Response} response -
+     * @param {AuthHandlerInterface~authPostHookCallback} done -
      */
     post: function (auth, response, done) {
         if (auth.get(DISABLE_RETRY_REQUEST)) {
@@ -170,15 +192,14 @@ module.exports = {
 
         if (state === STATES.INITIALIZED) {
             // Nothing to do if the server does not ask us for auth in the first place.
-            if (!(response.headers.has(WWW_AUTHENTICATE, NTLM) ||
-                  response.headers.has(WWW_AUTHENTICATE, NEGOTIATE))) {
+            if (!hasNTLMChallenge(response.headers)) {
                 return done(null, true);
             }
 
             // Create a type 1 message to send to the server
             negotiateMessage = ntlmUtil.createType1Message({
-                domain: domain,
-                workstation: workstation
+                domain,
+                workstation
             });
 
             // Add the type 1 message as the auth header
@@ -212,10 +233,10 @@ module.exports = {
             }
 
             authenticateMessage = ntlmUtil.createType3Message(challengeMessage, {
-                domain: domain,
-                workstation: workstation,
-                username: username,
-                password: password
+                domain,
+                workstation,
+                username,
+                password
             });
 
             // Now create the type 3 message, and add it to the request
@@ -237,14 +258,14 @@ module.exports = {
     /**
      * Signs a request.
      *
-     * @param {AuthInterface} auth
-     * @param {Request} request
-     * @param {AuthHandlerInterface~authSignHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Request} request -
+     * @param {AuthHandlerInterface~authSignHookCallback} done -
      */
     sign: function (auth, request, done) {
         var ntlmHeader = auth.get(NTLM_HEADER);
 
-        request.removeHeader(AUTHORIZATION, {ignoreCase: true});
+        request.removeHeader(AUTHORIZATION, { ignoreCase: true });
         ntlmHeader && request.addHeader({
             key: AUTHORIZATION,
             value: ntlmHeader,

package/lib/authorizer/oauth1.js

@@ -244,9 +244,9 @@ module.exports = {
      * Initializes an item (extracts parameters from intermediate requests if any, etc)
      * before the actual authorization step.
      *
-     * @param {AuthInterface} auth
-     * @param {Response} response
-     * @param {AuthHandlerInterface~authInitHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Response} response -
+     * @param {AuthHandlerInterface~authInitHookCallback} done -
      */
     init: function (auth, response, done) {
         done(null);
@@ -256,8 +256,8 @@ module.exports = {
      * Verifies whether the request has valid basic auth credentials (which is always).
      * Sanitizes the auth parameters if needed.
      *
-     * @param {AuthInterface} auth
-     * @param {AuthHandlerInterface~authPreHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {AuthHandlerInterface~authPreHookCallback} done -
      */
     pre: function (auth, done) {
         done(null, true);
@@ -266,9 +266,9 @@ module.exports = {
     /**
      * Verifies whether the basic auth succeeded.
      *
-     * @param {AuthInterface} auth
-     * @param {Response} response
-     * @param {AuthHandlerInterface~authPostHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Response} response -
+     * @param {AuthHandlerInterface~authPostHookCallback} done -
      */
     post: function (auth, response, done) {
         done(null, true);
@@ -300,12 +300,12 @@ module.exports = {
             disableUrlEncoding = protocolProfileBehavior && protocolProfileBehavior.disableUrlEncoding;
 
         signatureParams = [
-            {system: true, key: OAUTH1_PARAMS.oauthConsumerKey, value: params.consumerKey},
-            {system: true, key: OAUTH1_PARAMS.oauthToken, value: params.token},
-            {system: true, key: OAUTH1_PARAMS.oauthSignatureMethod, value: params.signatureMethod},
-            {system: true, key: OAUTH1_PARAMS.oauthTimestamp, value: params.timestamp},
-            {system: true, key: OAUTH1_PARAMS.oauthNonce, value: params.nonce},
-            {system: true, key: OAUTH1_PARAMS.oauthVersion, value: params.version}
+            { system: true, key: OAUTH1_PARAMS.oauthConsumerKey, value: params.consumerKey },
+            { system: true, key: OAUTH1_PARAMS.oauthToken, value: params.token },
+            { system: true, key: OAUTH1_PARAMS.oauthSignatureMethod, value: params.signatureMethod },
+            { system: true, key: OAUTH1_PARAMS.oauthTimestamp, value: params.timestamp },
+            { system: true, key: OAUTH1_PARAMS.oauthNonce, value: params.nonce },
+            { system: true, key: OAUTH1_PARAMS.oauthVersion, value: params.version }
         ];
 
         // bodyHash, callback and verifier parameters are part of extensions of the original OAuth1 spec.
@@ -313,15 +313,15 @@ module.exports = {
         // Otherwise it causes problem for servers that don't support the respective OAuth1 extensions.
         // Issue: https://github.com/postmanlabs/postman-app-support/issues/8737
         if (params.bodyHash) {
-            signatureParams.push({system: true, key: OAUTH1_PARAMS.oauthBodyHash, value: params.bodyHash});
+            signatureParams.push({ system: true, key: OAUTH1_PARAMS.oauthBodyHash, value: params.bodyHash });
         }
 
         if (params.callback) {
-            signatureParams.push({system: true, key: OAUTH1_PARAMS.oauthCallback, value: params.callback});
+            signatureParams.push({ system: true, key: OAUTH1_PARAMS.oauthCallback, value: params.callback });
         }
 
         if (params.verifier) {
-            signatureParams.push({system: true, key: OAUTH1_PARAMS.oauthVerifier, value: params.verifier});
+            signatureParams.push({ system: true, key: OAUTH1_PARAMS.oauthVerifier, value: params.verifier });
         }
 
         // filter empty signature parameters
@@ -364,7 +364,7 @@ module.exports = {
             updateQueryParamEncoding(request, url);
         }
 
-        signatureParams.push({system: true, key: OAUTH1_PARAMS.oauthSignature, value: signature});
+        signatureParams.push({ system: true, key: OAUTH1_PARAMS.oauthSignature, value: signature });
 
         // Add signature params to the request. The OAuth specification says
         // that we should add parameters in the following order of preference:
@@ -409,9 +409,9 @@ module.exports = {
     /**
      * Signs a request.
      *
-     * @param {AuthInterface} auth
-     * @param {Request} request
-     * @param {AuthHandlerInterface~authSignHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Request} request -
+     * @param {AuthHandlerInterface~authSignHookCallback} done -
      */
     sign: function (auth, request, done) {
         var self = this,

package/lib/authorizer/oauth2.js

@@ -42,9 +42,9 @@ module.exports = {
      * Initializes an item (extracts parameters from intermediate requests if any, etc)
      * before the actual authorization step.
      *
-     * @param {AuthInterface} auth
-     * @param {Response} response
-     * @param {AuthHandlerInterface~authInitHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Response} response -
+     * @param {AuthHandlerInterface~authInitHookCallback} done -
      */
     init: function (auth, response, done) {
         done(null);
@@ -54,8 +54,8 @@ module.exports = {
      * Verifies whether the request has valid basic auth credentials (which is always).
      * Sanitizes the auth parameters if needed.
      *
-     * @param {AuthInterface} auth
-     * @param {AuthHandlerInterface~authPreHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {AuthHandlerInterface~authPreHookCallback} done -
      */
     pre: function (auth, done) {
         done(null, Boolean(auth.get('accessToken')));
@@ -64,9 +64,9 @@ module.exports = {
     /**
      * Verifies whether the basic auth succeeded.
      *
-     * @param {AuthInterface} auth
-     * @param {Response} response
-     * @param {AuthHandlerInterface~authPostHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Response} response -
+     * @param {AuthHandlerInterface~authPostHookCallback} done -
      */
     post: function (auth, response, done) {
         done(null, true);
@@ -75,9 +75,9 @@ module.exports = {
     /**
      * Signs a request.
      *
-     * @param {AuthInterface} auth
-     * @param {Request} request
-     * @param {AuthHandlerInterface~authSignHookCallback} done
+     * @param {AuthInterface} auth -
+     * @param {Request} request -
+     * @param {AuthHandlerInterface~authSignHookCallback} done -
      */
     sign: function (auth, request, done) {
         var params = auth.get(OAUTH2_PARAMETERS),
@@ -110,7 +110,7 @@ module.exports = {
         // clean conflicting headers and query params
         // @todo: we should be able to get conflicting params from auth manifest
         // and clear them before the sign step for any auth
-        request.removeHeader(AUTHORIZATION, {ignoreCase: true});
+        request.removeHeader(AUTHORIZATION, { ignoreCase: true });
         request.removeQueryParams([ACCESS_TOKEN]);
 
         if (params.addTokenTo === QUERY_PARAMS) {

package/lib/backpack/index.js

@@ -5,9 +5,9 @@ var _ = require('lodash'),
 /**
  * ensure the specified keys are functions in subject
  *
- * @param {Object} subject
- * @param {Array} expectations
- * @param {Array=} [defaults]
+ * @param {Object} subject -
+ * @param {Array} expectations -
+ * @param {Array=} [defaults] -
  * @returns {Object}
  */
 meetExpectations = function (subject, expectations, defaults) {
@@ -24,24 +24,24 @@ module.exports = backpack = {
     /**
      * Ensures that the given argument is a callable.
      *
-     * @param {*} arg
-     * @param {Object=} ctx
+     * @param {*} arg -
+     * @param {Object=} ctx -
      * @returns {boolean|*}
      */
-    ensure: function (arg, ctx) {
+    ensure (arg, ctx) {
         return (typeof arg === 'function') && (ctx ? arg.bind(ctx) : arg) || undefined;
     },
 
     /**
      * accept the callback parameter and convert it into a consistent object interface
      *
-     * @param {Function|Object} cb
-     * @param {Array} [expect=]
+     * @param {Function|Object} cb -
+     * @param {Array} expect -
      * @returns {Object}
      *
      * @todo - write tests
      */
-    normalise: function (cb, expect) {
+    normalise (cb, expect) {
         if (_.isFunction(cb) && cb.__normalised) {
             return meetExpectations(cb, expect);
         }
@@ -86,13 +86,13 @@ module.exports = backpack = {
      * Convert a callback into a function that is called multiple times and the callback is actually called when a set
      * of flags are set to true
      *
-     * @param {Array} flags
-     * @param {Function} callback
-     * @param {Array} args
-     * @param {Number} ms
+     * @param {Array} flags -
+     * @param {Function} callback -
+     * @param {Array} args -
+     * @param {Number} ms -
      * @returns {Function}
      */
-    multiback: function (flags, callback, args, ms) {
+    multiback (flags, callback, args, ms) {
         var status = {},
             sealed;
 
@@ -116,7 +116,7 @@ module.exports = backpack = {
             // if any flag is not defined, we exit. when all flags hold a value, we know that the end callback has to be
             // executed.
             for (var i = 0, ii = flags.length; i < ii; i++) {
-                if (!status.hasOwnProperty(flags[i])) { return; }
+                if (!Object.hasOwnProperty.call(status, flags[i])) { return; }
             }
 
             sealed = true;
@@ -128,14 +128,14 @@ module.exports = backpack = {
     /**
      * Ensures that a callback is executed within a specific time.
      *
-     * @param {Function} callback
-     * @param {Number=} [ms]
-     * @param {Object=} [scope]
+     * @param {Function} callback -
+     * @param {Number=} [ms] -
+     * @param {Object=} [scope] -
      * @param {Function=} [when] - function executed right before callback is called with timeout. one can do cleanup
      * stuff here
      * @returns {Function}
      */
-    timeback: function (callback, ms, scope, when) {
+    timeback (callback, ms, scope, when) {
         ms = Number(ms);
 
         // if np callback time is specified, just return the callback function and exit. this is because we do need to

package/lib/requester/core-body-builder.js

@@ -32,11 +32,11 @@ var _ = require('lodash'),
      * @type {Object}
      */
     CONTENT_TYPE_LANGUAGE = {
-        'html': 'text/html',
-        'text': 'text/plain',
-        'json': 'application/json',
-        'javascript': 'application/javascript',
-        'xml': 'application/xml'
+        html: 'text/html',
+        text: 'text/plain',
+        json: 'application/json',
+        javascript: 'application/javascript',
+        xml: 'application/xml'
     },
 
     STRING = 'string',
@@ -54,8 +54,8 @@ var _ = require('lodash'),
  * @todo Add this helper in Collection SDK.
  *
  * @private
- * @param {HeaderList} headers
- * @param {String} name
+ * @param {HeaderList} headers -
+ * @param {String} name -
  * @returns {Header|undefined}
  */
 oneNormalizedHeader = function oneNormalizedHeader (headers, name) {
@@ -102,7 +102,7 @@ urlEncodedBodyReducer = function (form, param) {
         value = param.value;
 
     // add the parameter to the form while accounting for duplicate values
-    if (!form.hasOwnProperty(key)) {
+    if (!Object.hasOwnProperty.call(form, key)) {
         form[key] = value;
 
         return form;
@@ -186,7 +186,7 @@ module.exports = {
      * @param {Request} [request] - request object
      * @returns {Object}
      */
-    raw: function (content, request) {
+    raw (content, request) {
         var contentLanguage = _.get(request, 'body.options.raw.language', 'text');
 
         // Add `Content-Type` header from body options if not set already
@@ -211,7 +211,7 @@ module.exports = {
      * @param {Object} content - request body content
      * @returns {Object}
      */
-    urlencoded: function (content) {
+    urlencoded (content) {
         if (content && _.isFunction(content.all)) { content = content.all(); } // flatten the body content
 
         return {
@@ -223,7 +223,7 @@ module.exports = {
      * @param {Object} content - request body content
      * @returns {Object}
      */
-    formdata: function (content) {
+    formdata (content) {
         if (content && _.isFunction(content.all)) { content = content.all(); } // flatten the body content
 
         return {
@@ -235,7 +235,7 @@ module.exports = {
      * @param {Object} content - request body content
      * @returns {Object}
      */
-    file: function (content) {
+    file (content) {
         return {
             body: content && content.content
         };
@@ -246,7 +246,7 @@ module.exports = {
      * @param {Request} [request] - Request object
      * @returns {Object}
      */
-    graphql: function (content, request) {
+    graphql (content, request) {
         var body;
 
         // implicitly add `Content-Type` header if not set already
@@ -278,15 +278,15 @@ module.exports = {
         // stringified content. This avoids parsing the variables.
         body = [];
 
-        if (content.hasOwnProperty('query') && (typeof content.query === STRING)) {
+        if (Object.hasOwnProperty.call(content, 'query') && (typeof content.query === STRING)) {
             body.push('"query":' + JSON.stringify(content.query));
         }
 
-        if (content.hasOwnProperty('operationName') && (typeof content.operationName === STRING)) {
+        if (Object.hasOwnProperty.call(content, 'operationName') && (typeof content.operationName === STRING)) {
             body.push('"operationName":' + JSON.stringify(content.operationName));
         }
 
-        if (content.hasOwnProperty('variables') && (typeof content.variables === STRING) &&
+        if (Object.hasOwnProperty.call(content, 'variables') && (typeof content.variables === STRING) &&
             // even though users are free to send even malformed json string, the case of empty string has to be
             // specially disallowed since in most default cases if a text editor is used to accept this data, it will
             // send a blank string for an empty text-editor state and that would be an error flow. That implies majority