changing pam sign input generation logic , and adding random parameter test

Author: Devendra

VERSION

@@ -1 +1 @@
-3.6.2
+3.6.3

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "pubnub",
-  "version": "3.6.2",
+  "version": "3.6.3",
   "main": "web/pubnub.min.js",
   "license": "https://github.com/pubnub/javascript/blob/master/LICENSE",
   "ignore" : [ "**/*", "!web/pubnub.js", "!web/pubnub.min.js"],

core/pubnub-common.js

@@ -205,7 +205,6 @@ function PN_API(setup) {
     ,   SUBSCRIBE_KEY = setup['subscribe_key'] || 'demo'
     ,   AUTH_KEY      = setup['auth_key']      || ''
     ,   SECRET_KEY    = setup['secret_key']    || ''
-    ,   PNSDK         = setup['PNSDK']         || ''
     ,   hmac_SHA256   = setup['hmac_SHA256']
     ,   SSL           = setup['ssl']            ? 's' : ''
     ,   ORIGIN        = 'http'+SSL+'://'+(setup['origin']||'pubsub.pubnub.com')
@@ -230,6 +229,7 @@ function PN_API(setup) {
     ,   NO_WAIT_FOR_PENDING  = setup['no_wait_for_pending']
     ,   COMPATIBLE_35 = setup['compatible_3.5']  || false
     ,   xdr           = setup['xdr']
+    ,   params        = setup['params'] || {}
     ,   error         = setup['error']      || function() {}
     ,   _is_online    = setup['_is_online'] || function() { return 1 }
     ,   jsonp_cb      = setup['jsonp_cb']   || function() { return 0 }
@@ -243,6 +243,37 @@ function PN_API(setup) {
             'decrypt' : function(b,key){return b}
         };
 
+    function _get_url_params(data) {
+        if (!data) data = {};
+        each( params , function( key, value ) {
+            data[key] = value;
+        });
+        return data;
+    }
+
+    function _object_to_key_list(o) {
+        var l = []
+        each( o , function( key, value ) {
+            l.push(key);
+        });
+        return l;
+    }    
+    function _object_to_key_list_sorted(o) {
+        return _object_to_key_list(o).sort();
+    }
+
+    function _get_pam_sign_input_from_params(params) {
+        var si = "";
+        var l = _object_to_key_list_sorted(params);
+
+        for (var i in l) {
+            var k = l[i]
+            si += k + "=" + encode(params[k]) ;
+            if (i != l.length - 1) si += "&"
+        }
+        return si;
+    }
+
     function validate_presence_heartbeat(heartbeat, cur_heartbeat, error) {
         var err = false;
 
@@ -379,7 +410,7 @@ function PN_API(setup) {
                 blocking : blocking || SSL,
                 timeout  : 2000,
                 callback : jsonp,
-                data     : data,
+                data     : _get_url_params(data),
                 success  : function(response) {
                     _invoke_callback(response, callback, err);
                 },
@@ -427,6 +458,9 @@ function PN_API(setup) {
         'get_version' : function() {
             return SDK_VER;
         },
+        '_add_param' : function(key,val) {
+            params[key] = val;
+        },
 
         /*
             PUBNUB.history({
@@ -467,7 +501,7 @@ function PN_API(setup) {
             // Send Message
             xdr({
                 callback : jsonp,
-                data     : params,
+                data     : _get_url_params(params),
                 success  : function(response) {
                     if (typeof response == 'object' && response['error']) {
                         err({'message' : response['message'], 'payload' : response['payload']});
@@ -546,7 +580,7 @@ function PN_API(setup) {
                 },
                 fail     : function() { callback([ 0, 'Disconnected' ]) },
                 url      : url,
-                data     : data
+                data     : _get_url_params(data)
             });
         },
 
@@ -565,7 +599,7 @@ function PN_API(setup) {
             var jsonp = jsonp_cb();
             xdr({
                 callback : jsonp,
-                data     : { 'uuid' : UUID, 'auth' : AUTH_KEY },
+                data     : _get_url_params({ 'uuid' : UUID, 'auth' : AUTH_KEY }),
                 timeout  : SECOND * 5,
                 url      : [STD_ORIGIN, 'time', jsonp],
                 success  : function(response) { callback(response[0]) },
@@ -613,7 +647,7 @@ function PN_API(setup) {
                 callback : jsonp,
                 timeout  : SECOND * 5,
                 url      : url,
-                data     : { 'uuid' : UUID, 'auth' : auth_key },
+                data     : _get_url_params({ 'uuid' : UUID, 'auth' : auth_key }),
                 fail     : function(response){
                     _invoke_error(response, err);
                     publish(1);
@@ -802,7 +836,7 @@ function PN_API(setup) {
                 // Connect to PubNub Subscribe Servers
                 _reset_offline();
 
-                var data = { 'uuid' : UUID, 'auth' : auth_key };
+                var data = _get_url_params({ 'uuid' : UUID, 'auth' : auth_key });
 
                 var st = JSON.stringify(STATE);
                 if (st.length > 2) data['state'] = JSON.stringify(STATE);
@@ -818,7 +852,7 @@ function PN_API(setup) {
                         //SUB_RECEIVER = null;
                         SELF['time'](_test_connection);
                     },
-                    data     : data,
+                    data     : _get_url_params(data),
                     url      : [
                         SUB_ORIGIN, 'subscribe',
                         SUBSCRIBE_KEY, encode(channels),
@@ -946,7 +980,7 @@ function PN_API(setup) {
 
             xdr({
                 callback : jsonp,
-                data     : data,
+                data     : _get_url_params(data),
                 success  : function(response) {
                     _invoke_callback(response, callback, err);
                 },
@@ -976,7 +1010,7 @@ function PN_API(setup) {
 
             xdr({
                 callback : jsonp,
-                data     : data,
+                data     : _get_url_params(data),
                 success  : function(response) {
                     _invoke_callback(response, callback, err);
                 },
@@ -1000,7 +1034,7 @@ function PN_API(setup) {
             ,   uuid     = args['uuid'] || UUID
             ,   channel  = args['channel']
             ,   url
-            ,   data     = { 'auth' : auth_key };
+            ,   data     = _get_url_params({ 'auth' : auth_key });
 
             // Make sure we have a Channel
             if (!SUBSCRIBE_KEY) return error('Missing Subscribe Key');
@@ -1031,7 +1065,7 @@ function PN_API(setup) {
 
             xdr({
                 callback : jsonp,
-                data     : data,
+                data     : _get_url_params(data),
                 success  : function(response) {
                     _invoke_callback(response, callback, err);
                 },
@@ -1076,27 +1110,9 @@ function PN_API(setup) {
             ,   sign_input = SUBSCRIBE_KEY + "\n" + PUBLISH_KEY + "\n"
                     + "grant" + "\n";
 
-
-            if (auth_key)  sign_input += ("auth=" + encode(auth_key) + "&");
-            if (jsonp != '0')   sign_input += ("callback=" + encode(jsonp) + "&") ;
-            if (channel)   sign_input += ("channel=" + encode(channel) + "&") ;
-
-            sign_input += "pnsdk=" + encode(PNSDK) + "&"
-                    + "r=" + r + "&"
-                    + "timestamp=" + encode(timestamp);
-                    
-            if (ttl || ttl === 0) sign_input += "&" + "ttl=" + ttl;
-
-            sign_input += "&" + "w=" + w;
-            var signature = hmac_SHA256( sign_input, SECRET_KEY );
-
-            signature = signature.replace( /\+/g, "-" );
-            signature = signature.replace( /\//g, "_" );
-
             var data = {
                 'w'         : w,
                 'r'         : r,
-                'signature' : signature,
                 'channel'   : channel,
                 'timestamp' : timestamp
             };
@@ -1105,6 +1121,17 @@ function PN_API(setup) {
             if (ttl || ttl === 0) data['ttl'] = ttl;
             if (auth_key) data['auth'] = auth_key;
 
+            data = _get_url_params(data)
+
+            sign_input += _get_pam_sign_input_from_params(data);
+
+            var signature = hmac_SHA256( sign_input, SECRET_KEY );
+
+            signature = signature.replace( /\+/g, "-" );
+            signature = signature.replace( /\//g, "_" );
+
+            data['signature'] = signature;
+
             xdr({
                 callback : jsonp,
                 data     : data,
@@ -1149,23 +1176,21 @@ function PN_API(setup) {
                 + PUBLISH_KEY + "\n"
                 + "audit" + "\n";
 
-            if (auth_key)  sign_input += ("auth=" + encode(auth_key) + "&");
-            if (jsonp != '0')   sign_input += ("callback=" + encode(jsonp) + "&") ;
-            if (channel)   sign_input += ("channel=" + encode(channel) + "&") ;
+            var data = {'timestamp' : timestamp };
+            if (jsonp != '0') { data['callback'] = jsonp; }
+            if (channel)  data['channel'] = channel;
+            if (auth_key) data['auth']    = auth_key;    
+
+            data = _get_url_params(data)
 
-            sign_input += "pnsdk=" + encode(PNSDK) + "&" + "timestamp=" + timestamp;
+            sign_input += _get_pam_sign_input_from_params(data);
 
             var signature = hmac_SHA256( sign_input, SECRET_KEY );
 
             signature = signature.replace( /\+/g, "-" );
             signature = signature.replace( /\//g, "_" );
 
-            var data = { 'signature' : signature, 'timestamp' : timestamp };
-
-            if (jsonp != '0') { data['callback'] = jsonp; }
-            if (channel)  data['channel'] = channel;
-            if (auth_key) data['auth']    = auth_key;
-
+            data['signature'] = signature;
             xdr({
                 callback : jsonp,
                 data     : data,
@@ -1215,7 +1240,7 @@ function PN_API(setup) {
 
             xdr({
                 callback : jsonp,
-                data     : data,
+                data     : _get_url_params(data),
                 timeout  : SECOND * 5,
                 url      : [
                     STD_ORIGIN, 'v2', 'presence',