summaryrefslogtreecommitdiff
path: root/users
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2012-10-05 13:59:39 +0200
committerAzul <azul@leap.se>2012-10-05 13:59:39 +0200
commit118d9ab5c9f4d7a82b7cf24774ef12d3c221f8ef (patch)
tree0f698522a1beaaab6993cc5d2160c3d69ab2a19f /users
parentf7e832b111b38c1b2bdef45ab74001590b17c0dc (diff)
moving to ruby_srp 0.1.0, works with python srp
Diffstat (limited to 'users')
-rw-r--r--users/app/controllers/sessions_controller.rb6
-rw-r--r--users/app/models/user.rb10
-rw-r--r--users/leap_web_users.gemspec2
-rwxr-xr-xusers/test/integration/api/python/flow_with_srp.py2
-rwxr-xr-xusers/test/integration/api/python/signup_and_login.py10
5 files changed, 17 insertions, 13 deletions
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 7852e5c..b8043f5 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -15,11 +15,13 @@ class SessionsController < ApplicationController
end
def update
+ # TODO: validate the id belongs to the session
@user = User.find_by_param(params[:id])
- @server_auth = @user.authenticate!(params[:client_auth].hex, session.delete(:handshake))
+ @srp_session = session.delete(:handshake)
+ @server_auth = @srp_session.authenticate!(params[:client_auth].hex)
session[:user_id] = @user.id
User.current = @user #?
- render :json => {:M2 => @server_auth}
+ render :json => {:M2 => "%064x" % @server_auth}
rescue WRONG_PASSWORD
session[:handshake] = nil
render :json => {:errors => {"password" => ["wrong password"]}}
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 95ee810..a6aab84 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -1,7 +1,5 @@
class User < CouchRest::Model::Base
- include SRP::Authentication
-
property :login, String, :accessible => true
property :email, String, :accessible => true
property :password_verifier, String, :accessible => true
@@ -38,6 +36,10 @@ class User < CouchRest::Model::Base
super(options.merge(:only => ['login', 'password_salt']))
end
+ def initialize_auth(aa)
+ return SRP::Session.new(self, aa)
+ end
+
def salt
password_salt.hex
end
@@ -46,6 +48,10 @@ class User < CouchRest::Model::Base
password_verifier.hex
end
+ def username
+ login
+ end
+
def self.current
Thread.current[:user]
end
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index cebb632..2bbb0b8 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
s.add_dependency "rails", "~> 3.2.8"
s.add_dependency "leap_web_core", "~> 0.0.1"
s.add_dependency "couchrest_session_store", "~> 0.0.1"
- s.add_dependency "ruby-srp"
+ s.add_dependency "ruby-srp", "~> 0.1.0"
LeapWebCore::Dependencies.add_ui_gems_to_spec(s)
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 08ac94a..ea630f2 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -52,7 +52,7 @@ user = print_and_parse(signup(session))
# SRP signup would happen here and calculate M hex
auth = print_and_parse(authenticate(session, user['login']))
-usr.verify_session( auth )
+usr.verify_session( binascii.unhexlify(auth["M2"]) )
# At this point the authentication process is complete.
assert usr.authenticated()
diff --git a/users/test/integration/api/python/signup_and_login.py b/users/test/integration/api/python/signup_and_login.py
index 2d79688..ac611d7 100755
--- a/users/test/integration/api/python/signup_and_login.py
+++ b/users/test/integration/api/python/signup_and_login.py
@@ -20,14 +20,13 @@ def print_and_parse(response):
print response.request.method + ': ' + response.url
print " " + json.dumps(response.request.data)
print " -> " + response.text
- print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
return json.loads(response.text)
def signup(session):
user_params = {
'user[login]': id_generator(),
'user[password_verifier]': '12345',
- 'user[password_salt]': '54321'
+ 'user[password_salt]': 'AB54321'
}
return session.post(server + '/users.json', data = user_params)
@@ -36,11 +35,8 @@ def authenticate(session, login):
'login': login,
'A': '12345',
}
- init = session.post(server + '/sessions', data = params)
- cookies = requests.utils.dict_from_cookiejar(init.cookies)
- init = session.post(server + '/sessions', data = params, cookies = cookies)
- print "(%) " + json.dumps(cookies)
- return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}, cookies = cookies)
+ init = print_and_parse(session.post(server + '/sessions', data = params))
+ return session.put(server + '/sessions/' + login, data = {'client_auth': '123'})
session = requests.session()
user = print_and_parse(signup(session))