diff options
author | jessib <jessib@riseup.net> | 2013-07-16 12:49:48 -0700 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2013-07-16 12:49:48 -0700 |
commit | 97bd0ba4b35481216b2a1592065c70562c81c2d5 (patch) | |
tree | 036760e5427bbb32360cf9eb3ccbe80159d62695 /users | |
parent | bf5922d26e27ee9695b07eade42d36a34b63fc4e (diff) | |
parent | 8486248a7a960bc75f25f2c5a00791416f124ac4 (diff) |
Merge pull request #60 from azul/bugfix/srp-fix-for-zeroprefixed-hashes
Bugfix/srp fix for zeroprefixed hashes
Diffstat (limited to 'users')
m--------- | users/app/assets/javascripts/srp | 0 | ||||
-rw-r--r-- | users/app/assets/javascripts/users.js | 4 | ||||
-rw-r--r-- | users/app/models/token.rb | 2 | ||||
-rw-r--r-- | users/leap_web_users.gemspec | 2 | ||||
-rw-r--r-- | users/lib/warden/strategies/secure_remote_password.rb | 4 | ||||
-rw-r--r-- | users/test/integration/api/account_flow_test.rb | 6 | ||||
-rw-r--r-- | users/test/integration/api/rack_test.rb | 3 | ||||
-rw-r--r-- | users/test/integration/browser/account_test.rb | 23 |
8 files changed, 32 insertions, 12 deletions
diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp -Subproject 926a5d5960db51903e33c8496487da59f9f4124 +Subproject 9c61d52f1f975ec0eefe5b4a0b71ac529300cbe diff --git a/users/app/assets/javascripts/users.js b/users/app/assets/javascripts/users.js index 65bed4f..4c9b510 100644 --- a/users/app/assets/javascripts/users.js +++ b/users/app/assets/javascripts/users.js @@ -49,12 +49,12 @@ for (field in message.errors) { if (field == 'base') { alert_message(message.errors[field]); - next; + continue; } error = message.errors[field]; element = $('form input[name$="[' + field + ']"]'); if (!element) { - next; + continue; } element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false); } diff --git a/users/app/models/token.rb b/users/app/models/token.rb index 44a6dfe..cc62778 100644 --- a/users/app/models/token.rb +++ b/users/app/models/token.rb @@ -8,7 +8,7 @@ class Token < CouchRest::Model::Base def initialize(*args) super - self.id = SecureRandom.urlsafe_base64(32) + self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '') end design do diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 2f4b10c..d33328a 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -17,6 +17,6 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "ruby-srp", "~> 0.1.7" + s.add_dependency "ruby-srp", "~> 0.2.0" s.add_dependency "rails_warden" end diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index a97e795..2c681be 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -36,7 +36,7 @@ module Warden end def validate - session[:handshake].authenticate(params['client_auth'].hex) + session[:handshake].authenticate(params['client_auth']) end def initialize! @@ -44,7 +44,7 @@ module Warden client = SRP::Client.new user.username, :verifier => user.verifier, :salt => user.salt - session[:handshake] = SRP::Session.new(client, params['A'].hex) + session[:handshake] = SRP::Session.new(client, params['A']) custom! json_response(session[:handshake]) else fail! :base => 'invalid_user_pass' diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index f5cb0b1..4c94389 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -26,19 +26,19 @@ class AccountFlowTest < RackTest def handshake(login, aa) post "http://api.lvh.me:3000/1/sessions.json", :login => login, - 'A' => aa.to_s(16), + 'A' => aa, :format => :json response = JSON.parse(last_response.body) if response['errors'] raise RECORD_NOT_FOUND.new(response['errors']) else - return response['B'].hex + return response['B'] end end def validate(m) put "http://api.lvh.me:3000/1/sessions/" + @login + '.json', - :client_auth => m.to_s(16), + :client_auth => m, :format => :json return JSON.parse(last_response.body) end diff --git a/users/test/integration/api/rack_test.rb b/users/test/integration/api/rack_test.rb index da960f2..9a69f52 100644 --- a/users/test/integration/api/rack_test.rb +++ b/users/test/integration/api/rack_test.rb @@ -1,6 +1,3 @@ -CONFIG_RU = (Rails.root + 'config.ru').to_s -OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first - class RackTest < ActiveSupport::TestCase include Rack::Test::Methods include Warden::Test::Helpers diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb new file mode 100644 index 0000000..ce63baf --- /dev/null +++ b/users/test/integration/browser/account_test.rb @@ -0,0 +1,23 @@ +require 'test_helper' + +class AccountTest < BrowserIntegrationTest + + setup do + Capybara.current_driver = Capybara.javascript_driver + end + + test "normal account workflow" do + username = "test_#{SecureRandom.urlsafe_base64}".downcase + password = SecureRandom.base64 + visit '/users/new' + fill_in 'Username', with: username + fill_in 'Password', with: password + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + assert page.has_content?("Welcome #{username}") + click_on 'Logout' + assert page.has_content?("Sign Up") + assert_equal '/', current_path + end + +end |