add SHA-256 support

Eric Lambrecht · Eric Lambrecht · commit a73895ba7d4f · 2013-02-17T18:56:16.000-08:00
diff --git a/lib/passport-http-oauth/strategies/consumer.js b/lib/passport-http-oauth/strategies/consumer.js
@@ -293,6 +293,15 @@ ConsumerStrategy.prototype.authenticate = function(req) {
         if (tokenSecret) { key += utils.encode(tokenSecret); }
         var computedSignature = utils.hmacsha1(key, base);
 
+        if (signature !== computedSignature) {
+          return self.fail(self._challenge('signature_invalid'));
+        }
+
+      } else if (signatureMethod === 'HMAC-SHA256') {
+        var key = consumerSecret + '&';
+        if (tokenSecret) { key += tokenSecret; }
+        var computedSignature = utils.hmacsha256(key, base);
+
         if (signature !== computedSignature) {
           return self.fail(self._challenge('signature_invalid'));
         }
diff --git a/lib/passport-http-oauth/strategies/utils.js b/lib/passport-http-oauth/strategies/utils.js
@@ -185,6 +185,18 @@ exports.hmacsha1 = function(key, text) {
   return crypto.createHmac('sha1', key).update(text).digest('base64')
 }
 
+/**
+ * Generate HMAC-SHA256 signature.
+ *
+ * @param {String} key
+ * @param {String} text
+ * @return {String}
+ * @api private
+ */
+exports.hmacsha256 = function(key, text) {
+  return crypto.createHmac('sha256', key).update(text).digest('base64')
+}
+
 /**
  * Generate PLAINTEXT signature.
  *
