[Pkg-javascript-commits] [node-cookie-signature] 04/07: Imported Upstream version 1.0.3

Sun Oct 12 08:03:06 UTC 2014

This is an automated email from the git hooks/post-receive script.

kapouer pushed a commit to branch master
in repository node-cookie-signature.

commit 79041aa00098f05865b7f02285a1fb5ce3bb2eb6
Author: Jérémy Lal <kapouer at melix.org>
Date:   Sun Oct 12 09:56:30 2014 +0200

    Imported Upstream version 1.0.3
---
 History.md    | 12 +++++++++++-
 index.js      |  7 ++++---
 package.json  |  3 ++-
 test/index.js |  3 +--
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/History.md b/History.md
index 9e30179..7aacdf0 100644
--- a/History.md
+++ b/History.md
@@ -1,5 +1,15 @@
+1.0.3 / 2014-01-28
+==================
+
+ * fix for timing attacks
+
+1.0.2 / 2014-01-28
+==================
+
+ * fix missing repository warning
+ * fix typo in test
 
-1.0.1 / 2013-04-15 
+1.0.1 / 2013-04-15
 ==================
 
   * Revert "Changed underlying HMAC algo. to sha512."
diff --git a/index.js b/index.js
index ed62814..32419fe 100644
--- a/index.js
+++ b/index.js
@@ -1,4 +1,3 @@
-
 /**
  * Module dependencies.
  */
@@ -37,6 +36,8 @@ exports.sign = function(val, secret){
 exports.unsign = function(val, secret){
   if ('string' != typeof val) throw new TypeError('cookie required');
   if ('string' != typeof secret) throw new TypeError('secret required');
-  var str = val.slice(0, val.lastIndexOf('.'));
-  return exports.sign(str, secret) == val ? str : false;
+  var str = val.slice(0, val.lastIndexOf('.'))
+    , mac = exports.sign(str, secret);
+  
+  return exports.sign(mac, secret) == exports.sign(val, secret) ? str : false;
 };
diff --git a/package.json b/package.json
index 43798ed..65944f5 100644
--- a/package.json
+++ b/package.json
@@ -1,9 +1,10 @@
 {
   "name": "cookie-signature",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "Sign and unsign cookies",
   "keywords": ["cookie", "sign", "unsign"],
   "author": "TJ Holowaychuk <tj at learnboost.com>",
+  "repository": { "type": "git", "url": "https://github.com/visionmedia/node-cookie-signature.git"},
   "dependencies": {},
   "devDependencies": {
     "mocha": "*",
diff --git a/test/index.js b/test/index.js
index e51ac05..cc2b560 100644
--- a/test/index.js
+++ b/test/index.js
@@ -1,4 +1,3 @@
-
 /**
  * Module dependencies.
  */
@@ -11,7 +10,7 @@ describe('.sign(val, secret)', function(){
     val.should.equal('hello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI');
 
     var val = cookie.sign('hello', 'luna');
-    val.should.not.equal('hhello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI');
+    val.should.not.equal('hello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI');
   })
 })
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-cookie-signature.git

