summaryrefslogtreecommitdiff
path: root/users
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-07-16 12:49:48 -0700
committerjessib <jessib@riseup.net>2013-07-16 12:49:48 -0700
commit97bd0ba4b35481216b2a1592065c70562c81c2d5 (patch)
tree036760e5427bbb32360cf9eb3ccbe80159d62695 /users
parentbf5922d26e27ee9695b07eade42d36a34b63fc4e (diff)
parent8486248a7a960bc75f25f2c5a00791416f124ac4 (diff)
Merge pull request #60 from azul/bugfix/srp-fix-for-zeroprefixed-hashes
Bugfix/srp fix for zeroprefixed hashes
Diffstat (limited to 'users')
m---------users/app/assets/javascripts/srp0
-rw-r--r--users/app/assets/javascripts/users.js4
-rw-r--r--users/app/models/token.rb2
-rw-r--r--users/leap_web_users.gemspec2
-rw-r--r--users/lib/warden/strategies/secure_remote_password.rb4
-rw-r--r--users/test/integration/api/account_flow_test.rb6
-rw-r--r--users/test/integration/api/rack_test.rb3
-rw-r--r--users/test/integration/browser/account_test.rb23
8 files changed, 32 insertions, 12 deletions
diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp
-Subproject 926a5d5960db51903e33c8496487da59f9f4124
+Subproject 9c61d52f1f975ec0eefe5b4a0b71ac529300cbe
diff --git a/users/app/assets/javascripts/users.js b/users/app/assets/javascripts/users.js
index 65bed4f..4c9b510 100644
--- a/users/app/assets/javascripts/users.js
+++ b/users/app/assets/javascripts/users.js
@@ -49,12 +49,12 @@
for (field in message.errors) {
if (field == 'base') {
alert_message(message.errors[field]);
- next;
+ continue;
}
error = message.errors[field];
element = $('form input[name$="[' + field + ']"]');
if (!element) {
- next;
+ continue;
}
element.trigger('element:validate:fail.ClientSideValidations', error).data('valid', false);
}
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index 44a6dfe..cc62778 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -8,7 +8,7 @@ class Token < CouchRest::Model::Base
def initialize(*args)
super
- self.id = SecureRandom.urlsafe_base64(32)
+ self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
end
design do
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 2f4b10c..d33328a 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -17,6 +17,6 @@ Gem::Specification.new do |s|
s.add_dependency "leap_web_core", LeapWeb::VERSION
- s.add_dependency "ruby-srp", "~> 0.1.7"
+ s.add_dependency "ruby-srp", "~> 0.2.0"
s.add_dependency "rails_warden"
end
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index a97e795..2c681be 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -36,7 +36,7 @@ module Warden
end
def validate
- session[:handshake].authenticate(params['client_auth'].hex)
+ session[:handshake].authenticate(params['client_auth'])
end
def initialize!
@@ -44,7 +44,7 @@ module Warden
client = SRP::Client.new user.username,
:verifier => user.verifier,
:salt => user.salt
- session[:handshake] = SRP::Session.new(client, params['A'].hex)
+ session[:handshake] = SRP::Session.new(client, params['A'])
custom! json_response(session[:handshake])
else
fail! :base => 'invalid_user_pass'
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index f5cb0b1..4c94389 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -26,19 +26,19 @@ class AccountFlowTest < RackTest
def handshake(login, aa)
post "http://api.lvh.me:3000/1/sessions.json",
:login => login,
- 'A' => aa.to_s(16),
+ 'A' => aa,
:format => :json
response = JSON.parse(last_response.body)
if response['errors']
raise RECORD_NOT_FOUND.new(response['errors'])
else
- return response['B'].hex
+ return response['B']
end
end
def validate(m)
put "http://api.lvh.me:3000/1/sessions/" + @login + '.json',
- :client_auth => m.to_s(16),
+ :client_auth => m,
:format => :json
return JSON.parse(last_response.body)
end
diff --git a/users/test/integration/api/rack_test.rb b/users/test/integration/api/rack_test.rb
index da960f2..9a69f52 100644
--- a/users/test/integration/api/rack_test.rb
+++ b/users/test/integration/api/rack_test.rb
@@ -1,6 +1,3 @@
-CONFIG_RU = (Rails.root + 'config.ru').to_s
-OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
-
class RackTest < ActiveSupport::TestCase
include Rack::Test::Methods
include Warden::Test::Helpers
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
new file mode 100644
index 0000000..ce63baf
--- /dev/null
+++ b/users/test/integration/browser/account_test.rb
@@ -0,0 +1,23 @@
+require 'test_helper'
+
+class AccountTest < BrowserIntegrationTest
+
+ setup do
+ Capybara.current_driver = Capybara.javascript_driver
+ end
+
+ test "normal account workflow" do
+ username = "test_#{SecureRandom.urlsafe_base64}".downcase
+ password = SecureRandom.base64
+ visit '/users/new'
+ fill_in 'Username', with: username
+ fill_in 'Password', with: password
+ fill_in 'Password confirmation', with: password
+ click_on 'Sign Up'
+ assert page.has_content?("Welcome #{username}")
+ click_on 'Logout'
+ assert page.has_content?("Sign Up")
+ assert_equal '/', current_path
+ end
+
+end