Merge remote branch 'origin/release-0.1.0' into help_develop

author: jessib <jessib@riseup.net> 2012-10-08 10:52:20 -0700
committer: jessib <jessib@riseup.net> 2012-10-08 10:52:20 -0700
commit: f77301824c42bdd4559a0b0e58b8f3c26f239643 (patch)
tree: c815c1c82e4350e12e6ee38d00b979812fa840c2 /users
parent: c4220a167f883f31c408b55cd970761faeb53aa5 (diff)
parent: e264e7354788c0b7eff7bb296eed9c59304cc8b8 (diff)
3 files changed, 28 insertions, 9 deletions
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index b8043f5..284c0e2 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -9,7 +9,7 @@ class SessionsController < ApplicationController
     @user = User.find_by_param(params[:login])
     session[:handshake] = @user.initialize_auth(params['A'].hex)
     User.current = @user #?
-    render :json => { :B => session[:handshake].bb.to_s(16), :salt => @user.password_salt }
+    render :json => session[:handshake]
   rescue RECORD_NOT_FOUND
     render :json => {:errors => {:login => ["unknown user"]}}
   end
@@ -18,10 +18,10 @@ class SessionsController < ApplicationController
     # TODO: validate the id belongs to the session
     @user = User.find_by_param(params[:id])
     @srp_session = session.delete(:handshake)
-    @server_auth = @srp_session.authenticate!(params[:client_auth].hex)
+    @srp_session.authenticate!(params[:client_auth].hex)
     session[:user_id] = @user.id
     User.current = @user #?
-    render :json => {:M2 => "%064x" % @server_auth}
+    render :json => @srp_session
   rescue WRONG_PASSWORD
     session[:handshake] = nil
     render :json => {:errors => {"password" => ["wrong password"]}}
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 2bbb0b8..90aa4df 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
   s.add_dependency "rails", "~> 3.2.8"
   s.add_dependency "leap_web_core", "~> 0.0.1"
   s.add_dependency "couchrest_session_store", "~> 0.0.1"
-  s.add_dependency "ruby-srp", "~> 0.1.0"
+  s.add_dependency "ruby-srp", "~> 0.1.1"
 
   LeapWebCore::Dependencies.add_ui_gems_to_spec(s)
   
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index ea630f2..3bbbc71 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -6,9 +6,11 @@ import requests
 import json
 import string
 import random
-import srp
+import srp._pysrp as srp
 import binascii
 
+safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
+
 # let's have some random name
 def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
   return ''.join(random.choice(chars) for x in range(size))
@@ -18,15 +20,20 @@ server = 'http://localhost:3000'
 login = id_generator()
 password = id_generator() + id_generator()
 
+print '    username = "' + login + '"'
+print '    password = "' + password + '"'
+
 # log the server communication
 def print_and_parse(response):
-  print response.request.method + ': ' + response.url
-  print "    " + json.dumps(response.request.data)
+  # print response.request.method + ': ' + response.url
+  # print "    " + json.dumps(response.request.data)
   print " -> " + response.text
   return json.loads(response.text)
 
 def signup(session):
   salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+  print '    salt = "' + binascii.hexlify(salt) + '"'
+  print '    v = "' + binascii.hexlify(vkey) + '"'
   user_params = {
       'user[login]': login,
       'user[password_verifier]': binascii.hexlify(vkey),
@@ -38,12 +45,16 @@ usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
 
 def authenticate(session, login):
   uname, A = usr.start_authentication()
+  print '    aa = "' + binascii.hexlify(A) + '"'
   params = {
       'login': uname,
       'A': binascii.hexlify(A)
       }
   init = print_and_parse(session.post(server + '/sessions', data = params))
-  M = usr.process_challenge( binascii.unhexlify(init['salt']), binascii.unhexlify(init['B']) )
+  # print '    b = "' + init['b'] + '"'
+  print '    bb = "' + init['B'] + '"'
+  M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
+  print '    m = "' + binascii.hexlify(M) + '"'
   return session.put(server + '/sessions/' + login, 
       data = {'client_auth': binascii.hexlify(M)})
 
@@ -52,7 +63,15 @@ user = print_and_parse(signup(session))
 
 # SRP signup would happen here and calculate M hex
 auth = print_and_parse(authenticate(session, user['login']))
-usr.verify_session( binascii.unhexlify(auth["M2"]) )
+if ( 'errors' in auth ):
+  print '    u = "%x"' % usr.u
+  print '    x = "%x"' % usr.x
+  print '    v = "%x"' % usr.v
+  print '    S = "%x"' % usr.S
+  print '    K = "' + binascii.hexlify(usr.K) + '"'
+  print '    M = "%x"' % usr.M
+else:
+  usr.verify_session( safe_unhexlify(auth["M2"]) )
 
 # At this point the authentication process is complete.
 assert usr.authenticated()
author	jessib <jessib@riseup.net>	2012-10-08 10:52:20 -0700
committer	jessib <jessib@riseup.net>	2012-10-08 10:52:20 -0700
commit	f77301824c42bdd4559a0b0e58b8f3c26f239643 (patch)
tree	c815c1c82e4350e12e6ee38d00b979812fa840c2 /users
parent	c4220a167f883f31c408b55cd970761faeb53aa5 (diff)
parent	e264e7354788c0b7eff7bb296eed9c59304cc8b8 (diff)