diff options
| -rw-r--r-- | Gemfile.lock | 2 | ||||
| -rw-r--r-- | users/app/controllers/sessions_controller.rb | 6 | ||||
| -rw-r--r-- | users/app/models/user.rb | 10 | ||||
| -rw-r--r-- | users/leap_web_users.gemspec | 2 | ||||
| -rwxr-xr-x | users/test/integration/api/python/flow_with_srp.py | 2 | ||||
| -rwxr-xr-x | users/test/integration/api/python/signup_and_login.py | 10 |
6 files changed, 18 insertions, 14 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 4f2ee3b..3f30e62 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -34,7 +34,7 @@ PATH jquery-rails leap_web_core (~> 0.0.1) rails (~> 3.2.8) - ruby-srp + ruby-srp (~> 0.1.0) simple_form GEM diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 7852e5c..b8043f5 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -15,11 +15,13 @@ class SessionsController < ApplicationController end def update + # TODO: validate the id belongs to the session @user = User.find_by_param(params[:id]) - @server_auth = @user.authenticate!(params[:client_auth].hex, session.delete(:handshake)) + @srp_session = session.delete(:handshake) + @server_auth = @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id User.current = @user #? - render :json => {:M2 => @server_auth} + render :json => {:M2 => "%064x" % @server_auth} rescue WRONG_PASSWORD session[:handshake] = nil render :json => {:errors => {"password" => ["wrong password"]}} diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 95ee810..a6aab84 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -1,7 +1,5 @@ class User < CouchRest::Model::Base - include SRP::Authentication - property :login, String, :accessible => true property :email, String, :accessible => true property :password_verifier, String, :accessible => true @@ -38,6 +36,10 @@ class User < CouchRest::Model::Base super(options.merge(:only => ['login', 'password_salt'])) end + def initialize_auth(aa) + return SRP::Session.new(self, aa) + end + def salt password_salt.hex end @@ -46,6 +48,10 @@ class User < CouchRest::Model::Base password_verifier.hex end + def username + login + end + def self.current Thread.current[:user] end diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index cebb632..2bbb0b8 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |s| s.add_dependency "rails", "~> 3.2.8" s.add_dependency "leap_web_core", "~> 0.0.1" s.add_dependency "couchrest_session_store", "~> 0.0.1" - s.add_dependency "ruby-srp" + s.add_dependency "ruby-srp", "~> 0.1.0" LeapWebCore::Dependencies.add_ui_gems_to_spec(s) diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py index 08ac94a..ea630f2 100755 --- a/users/test/integration/api/python/flow_with_srp.py +++ b/users/test/integration/api/python/flow_with_srp.py @@ -52,7 +52,7 @@ user = print_and_parse(signup(session)) # SRP signup would happen here and calculate M hex auth = print_and_parse(authenticate(session, user['login'])) -usr.verify_session( auth ) +usr.verify_session( binascii.unhexlify(auth["M2"]) ) # At this point the authentication process is complete. assert usr.authenticated() diff --git a/users/test/integration/api/python/signup_and_login.py b/users/test/integration/api/python/signup_and_login.py index 2d79688..ac611d7 100755 --- a/users/test/integration/api/python/signup_and_login.py +++ b/users/test/integration/api/python/signup_and_login.py @@ -20,14 +20,13 @@ def print_and_parse(response): print response.request.method + ': ' + response.url print " " + json.dumps(response.request.data) print " -> " + response.text - print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies)) return json.loads(response.text) def signup(session): user_params = { 'user[login]': id_generator(), 'user[password_verifier]': '12345', - 'user[password_salt]': '54321' + 'user[password_salt]': 'AB54321' } return session.post(server + '/users.json', data = user_params) @@ -36,11 +35,8 @@ def authenticate(session, login): 'login': login, 'A': '12345', } - init = session.post(server + '/sessions', data = params) - cookies = requests.utils.dict_from_cookiejar(init.cookies) - init = session.post(server + '/sessions', data = params, cookies = cookies) - print "(%) " + json.dumps(cookies) - return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}, cookies = cookies) + init = print_and_parse(session.post(server + '/sessions', data = params)) + return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}) session = requests.session() user = print_and_parse(signup(session)) |