Merge pull request #60 from azul/bugfix/srp-fix-for-zeroprefixed-hashes

Bugfix/srp fix for zeroprefixed hashes

10 files changed, 71 insertions, 12 deletions

diff --git a/common_dependencies.rb b/common_dependencies.rb
index 63c3710..085a898 100644
--- a/common_dependencies.rb
+++ b/common_dependencies.rb
@@ -1,7 +1,14 @@
 source "http://rubygems.org"
 
 group :test do
+  # moching and stubing
   gem 'mocha', '~> 0.13.0', :require => false
+  # integration testing
+  gem 'capybara'
+  # headless js integration testing
+  gem 'poltergeist'
+  # required for save_and_open_page in integration tests
+  # gem 'launchy'
 end
 
 group :test, :development do
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 0016771..26b99f4 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -10,3 +10,35 @@ Dir["#{File.dirname(__FILE__)}/../*/test/support/**/*.rb"].each { |f| require f
 class ActiveSupport::TestCase
   # Add more helper methods to be used by all tests here...
 end
+
+require 'capybara/poltergeist'
+
+CONFIG_RU = (Rails.root + 'config.ru').to_s
+OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
+
+Capybara.register_driver :rack_test do |app|
+  Capybara::RackTest::Driver.new(app)
+end
+
+Capybara.register_driver :poltergeist do |app|
+  Capybara::Poltergeist::Driver.new(app)
+end
+
+# this is integration testing. So let's make the whole
+# rack stack available...
+Capybara.app = OUTER_APP
+Capybara.run_server = true
+Capybara.app_host = 'http://lvh.me:3003'
+Capybara.server_port = 3003
+Capybara.javascript_driver = :poltergeist
+Capybara.default_wait_time = 5
+
+class BrowserIntegrationTest < ActionDispatch::IntegrationTest
+  # Make the Capybara DSL available
+  include Capybara::DSL
+
+  teardown do
+    Capybara.reset_sessions!    # Forget the (simulated) browser state
+    Capybara.use_default_driver # Revert Capybara.current_driver to Capybara.default_driver
+  end
+end
diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp
-Subproject 926a5d5960db51903e33c8496487da59f9f4124
+Subproject 9c61d52f1f975ec0eefe5b4a0b71ac529300cbe
diff --git a/users/app/assets/javascripts/users.js b/users/app/assets/javascripts/users.js
index 65bed4f..4c9b510 100644
--- a/users/app/assets/javascripts/users.js
+++ b/users/app/assets/javascripts/users.js
@@ -49,12 +49,12 @@
       for (field in message.errors) {
         if (field == 'base') {
           alert_message(message.errors[field]);
-          next;
+          continue;
         }
         error = message.errors[field];
         element = $('form input[name$="[' + field + ']"]');
         if (!element) {
-          next;
+          continue;
         }
         element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false);
       }
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index 44a6dfe..cc62778 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -8,7 +8,7 @@ class Token < CouchRest::Model::Base
 
   def initialize(*args)
     super
-    self.id = SecureRandom.urlsafe_base64(32)
+    self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
   end
 
   design do
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 2f4b10c..d33328a 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -17,6 +17,6 @@ Gem::Specification.new do |s|
 
   s.add_dependency "leap_web_core", LeapWeb::VERSION
 
-  s.add_dependency "ruby-srp", "~> 0.1.7"
+  s.add_dependency "ruby-srp", "~> 0.2.0"
   s.add_dependency "rails_warden"
 end
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index a97e795..2c681be 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -36,7 +36,7 @@ module Warden
       end
 
       def validate
-        session[:handshake].authenticate(params['client_auth'].hex)
+        session[:handshake].authenticate(params['client_auth'])
       end
 
       def initialize!
@@ -44,7 +44,7 @@ module Warden
           client = SRP::Client.new user.username,
             :verifier => user.verifier,
             :salt => user.salt
-          session[:handshake] = SRP::Session.new(client, params['A'].hex)
+          session[:handshake] = SRP::Session.new(client, params['A'])
           custom! json_response(session[:handshake])
         else
           fail! :base => 'invalid_user_pass'
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index f5cb0b1..4c94389 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -26,19 +26,19 @@ class AccountFlowTest < RackTest
   def handshake(login, aa)
     post "http://api.lvh.me:3000/1/sessions.json",
       :login => login,
-      'A' => aa.to_s(16),
+      'A' => aa,
       :format => :json
     response = JSON.parse(last_response.body)
     if response['errors']
       raise RECORD_NOT_FOUND.new(response['errors'])
     else
-      return response['B'].hex
+      return response['B']
     end
   end
 
   def validate(m)
     put "http://api.lvh.me:3000/1/sessions/" + @login + '.json',
-      :client_auth => m.to_s(16),
+      :client_auth => m,
       :format => :json
     return JSON.parse(last_response.body)
   end
diff --git a/users/test/integration/api/rack_test.rb b/users/test/integration/api/rack_test.rb
index da960f2..9a69f52 100644
--- a/users/test/integration/api/rack_test.rb
+++ b/users/test/integration/api/rack_test.rb
@@ -1,6 +1,3 @@
-CONFIG_RU = (Rails.root + 'config.ru').to_s
-OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
-
 class RackTest < ActiveSupport::TestCase
   include Rack::Test::Methods
   include Warden::Test::Helpers
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
new file mode 100644
index 0000000..ce63baf
--- /dev/null
+++ b/users/test/integration/browser/account_test.rb
@@ -0,0 +1,23 @@
+require 'test_helper'
+
+class AccountTest < BrowserIntegrationTest
+
+  setup do
+    Capybara.current_driver = Capybara.javascript_driver
+  end
+
+  test "normal account workflow" do
+    username = "test_#{SecureRandom.urlsafe_base64}".downcase
+    password = SecureRandom.base64
+    visit '/users/new'
+    fill_in 'Username', with: username
+    fill_in 'Password', with: password
+    fill_in 'Password confirmation', with: password
+    click_on 'Sign Up'
+    assert page.has_content?("Welcome #{username}")
+    click_on 'Logout'
+    assert page.has_content?("Sign Up")
+    assert_equal '/', current_path
+  end
+
+end