Merge branch 'master' into feature/use-couchrest-session-store

author: Azul <azul@leap.se> 2013-02-07 20:12:00 +0100
committer: Azul <azul@leap.se> 2013-02-07 20:12:00 +0100
commit: 5df0631c6ee7f073c4e463d3c1d12bbaeb4fc39a (patch)
tree: 986a65ded26e48a002b783b1048bdff07ffd0917
parent: 0362663decaa1c861b183ec3773f69952398a976 (diff)
parent: 40955e06c038ad3d84bfe88052c501fb7a6208d8 (diff)
7 files changed, 17 insertions, 19 deletions
diff --git a/Gemfile b/Gemfile
index 8b13e51..4bf0f3b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -14,3 +14,7 @@ gem 'leap_web_help', :path => 'help'
 # To use debugger
 gem 'debugger', :platforms => :mri_19
 gem 'ruby-debug', :platforms => :mri_18
+
+# unreleased so far ... but leap_web_certs need it
+
+gem 'certificate_authority', :git => 'git://github.com/cchandler/certificate_authority.git'
diff --git a/certs/leap_web_certs.gemspec b/certs/leap_web_certs.gemspec
index 531afda..21be09d 100644
--- a/certs/leap_web_certs.gemspec
+++ b/certs/leap_web_certs.gemspec
@@ -16,6 +16,6 @@ Gem::Specification.new do |s|
   s.test_files = Dir["test/**/*"]
 
   s.add_dependency "leap_web_core", LeapWeb::VERSION
-  s.add_dependency "certificate_authority"
+  s.add_dependency "certificate_authority", [">= 0.2.0"]
 
 end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 80d49a3..e41c2dc 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -57,10 +57,6 @@ class User < CouchRest::Model::Base
     }.to_json(options)
   end
 
-  def initialize_auth(aa)
-    return SRP::Session.new(self, aa)
-  end
-
   def salt
     password_salt.hex
   end
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 0682a99..0182c1f 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -17,6 +17,6 @@ Gem::Specification.new do |s|
 
   s.add_dependency "leap_web_core", LeapWeb::VERSION
 
-  s.add_dependency "ruby-srp", "~> 0.1.4"
+  s.add_dependency "ruby-srp", "~> 0.1.5"
   s.add_dependency "rails_warden"
 end
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 594e27e..483336d 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -25,13 +25,18 @@ module Warden
       end
 
       def validate!
-        user = session[:handshake].authenticate(params['client_auth'].hex)
-        user ? success!(user) : fail!(:password => "wrong_password")
+        client = session[:handshake].authenticate(params['client_auth'].hex)
+        client ?
+          success!(User.find_by_login(client.username)) :
+          fail!(:password => "wrong_password")
       end
 
       def initialize!
         if user = User.find_by_login(id)
-          session[:handshake] = user.initialize_auth(params['A'].hex)
+          client = SRP::Client.new user.username,
+            :verifier => user.verifier,
+            :salt => user.salt
+          session[:handshake] = SRP::Session.new(client, params['A'].hex)
           custom! json_response(session[:handshake])
         else
           fail! :login => "user_not_found"
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 4937814..314d71a 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -16,7 +16,7 @@ class AccountFlowTest < ActiveSupport::TestCase
     @login = "integration_test_user"
     User.find_by_login(@login).tap{|u| u.destroy if u}
     @password = "srp, verify me!"
-    @srp = SRP::Client.new(@login, @password)
+    @srp = SRP::Client.new @login, :password => @password
     @user_params = {
       :login => @login,
       :password_verifier => @srp.verifier.to_s(16),
@@ -73,7 +73,7 @@ class AccountFlowTest < ActiveSupport::TestCase
   end
 
   test "signup and wrong password login attempt" do
-    srp = SRP::Client.new(@login, "wrong password")
+    srp = SRP::Client.new @login, :password => "wrong password"
     server_auth = srp.authenticate(self)
     assert_json_error :password => "wrong password"
     assert !last_response.successful?
@@ -81,7 +81,7 @@ class AccountFlowTest < ActiveSupport::TestCase
   end
 
   test "signup and wrong username login attempt" do
-    srp = SRP::Client.new("wrong_login", @password)
+    srp = SRP::Client.new "wrong_login", :password => @password
     server_auth = nil
     assert_raises RECORD_NOT_FOUND do
       server_auth = srp.authenticate(self)
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index 66563a3..10c8b46 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -40,13 +40,6 @@ class UserTest < ActiveSupport::TestCase
     assert_equal @user.password_salt.hex, @user.salt
   end
 
-  test "should include SRP" do
-    client_rnd = bigrand(32).hex
-    srp_session = @user.initialize_auth(client_rnd)
-    assert srp_session.is_a? SRP::Session
-    assert_equal client_rnd, srp_session.aa
-  end
-
   test 'normal user is no admin' do
     assert !@user.is_admin?
   end
author	Azul <azul@leap.se>	2013-02-07 20:12:00 +0100
committer	Azul <azul@leap.se>	2013-02-07 20:12:00 +0100
commit	5df0631c6ee7f073c4e463d3c1d12bbaeb4fc39a (patch)
tree	986a65ded26e48a002b783b1048bdff07ffd0917
parent	0362663decaa1c861b183ec3773f69952398a976 (diff)
parent	40955e06c038ad3d84bfe88052c501fb7a6208d8 (diff)