Merge pull request #52 from figo-connect/feature-remove-pinning

- emoved ssl cert pinning and bumped version to 3.1.0 - dropped support for Node.js 4.0
figo-connect · Apr 17, 2019 · 182c292 · 182c292
2 parents c0c4f0c + 7f9b78a
commit 182c292
Show file tree

Hide file tree

Showing 6 changed files with 790 additions and 179 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,9 +1,10 @@
 language: node_js
 before_install: npm -g install npm@latest
 node_js:
-- 8  
+- 11
+- 10
+- 8
 - 6
-- 4
 install:
 - npm install
 script:

diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,21 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "node",
+            "request": "launch",
+            "name": "NPM TEST",
+            "runtimeExecutable": "npm",
+            "runtimeArgs": [
+                "test",
+                "--inspect-brk=9229",
+            ],
+            "port": 9229,
+            "console": "integratedTerminal",
+            "internalConsoleOptions": "openOnSessionStart",
+        }
+    ]
+}
diff --git a/README.md b/README.md
@@ -222,7 +222,6 @@ npm install
 You need to set the following environment variables:
   - `FIGO_CLIENT_ID`
   - `FIGO_CLIENT_SECRET`
-  - `FIGO_API_FINGERPRINT`
   - `FIGO_API_ENDPOINT` (optional, defaults to `https://staging.figo.me/v3`)
 
 ```bash

diff --git a/lib/figo.js b/lib/figo.js
@@ -57,10 +57,6 @@ const Config = {
   },
 
   userAgent: 'node-figo/' + require('../package.json').version,
-
-  // figo Connect TLS certificate fingerprints.
-  valid_fingerprints: [ "cdf3d326278991b9cdae4b106c9681b7ebb33810c472376a4d9c84b7b3dcd68d",
-                        "79b2a29300853b0692b1b5f2247948583aa5220fc5cde9499ac8451edbe0da50"],
 };
 
 const RETRIABLE_ERRORS = [
@@ -76,7 +72,7 @@ const RETRIABLE_ERRORS = [
 
 // Override config, e.g. to use staging evironment.
 const setConfig = function(config) {
-  const fields = ['api_endpoint', 'valid_fingerprints', 'userAgent'];
+  const fields = ['api_endpoint', 'userAgent'];
 
   for (var f of fields) {
     if (config.hasOwnProperty(f)) {
@@ -191,11 +187,7 @@ var HttpsRequest = function(agent, path, method, callback) {
   request.on("error", function(error) {
     if (!aborted) {
       aborted = true;
-      if (request.figo_ssl_error) {
-        callback(new FigoError("ssl_error", "SSL/TLS certificate fingerprint mismatch."));
-      } else {
-        callback(new FigoError("socket_error", error.message, error.errno));
-      }
+      callback(new FigoError("socket_error", error.message, error.errno));
       request.abort();
     }
   });
@@ -214,17 +206,6 @@ var HttpsAgent = function() {
     var agent = this;
     var stream = tls.connect(options);
 
-    stream.on("secureConnect", function() {
-      var fingerprint = crypto
-        .createHash('sha256')
-        .update(stream.getPeerCertificate().raw)
-        .digest('hex');
-      if (!~Config.valid_fingerprints.indexOf(fingerprint)) {
-        agent.figo_request.figo_ssl_error = true;
-        agent.figo_request.abort();
-      }
-    });
-
     return stream;
   };
 
@@ -282,7 +263,7 @@ var queryWithRetries = function (agent, authorization, contentType, path, data,
 };
 
 var clean = function (obj) {
-  for (var propName in obj) { 
+  for (var propName in obj) {
     if (obj[propName] === null || obj[propName] === undefined) {
       delete obj[propName];
     }