diff options
-rw-r--r-- | users/app/models/user.rb | 4 | ||||
-rw-r--r-- | users/leap_web_users.gemspec | 2 | ||||
-rw-r--r-- | users/lib/warden/strategies/secure_remote_password.rb | 11 | ||||
-rw-r--r-- | users/test/integration/api/account_flow_test.rb | 6 | ||||
-rw-r--r-- | users/test/unit/user_test.rb | 7 |
5 files changed, 12 insertions, 18 deletions
diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 80d49a3..e41c2dc 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -57,10 +57,6 @@ class User < CouchRest::Model::Base }.to_json(options) end - def initialize_auth(aa) - return SRP::Session.new(self, aa) - end - def salt password_salt.hex end diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 0682a99..0182c1f 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -17,6 +17,6 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "ruby-srp", "~> 0.1.4" + s.add_dependency "ruby-srp", "~> 0.1.5" s.add_dependency "rails_warden" end diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 594e27e..483336d 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -25,13 +25,18 @@ module Warden end def validate! - user = session[:handshake].authenticate(params['client_auth'].hex) - user ? success!(user) : fail!(:password => "wrong_password") + client = session[:handshake].authenticate(params['client_auth'].hex) + client ? + success!(User.find_by_login(client.username)) : + fail!(:password => "wrong_password") end def initialize! if user = User.find_by_login(id) - session[:handshake] = user.initialize_auth(params['A'].hex) + client = SRP::Client.new user.username, + :verifier => user.verifier, + :salt => user.salt + session[:handshake] = SRP::Session.new(client, params['A'].hex) custom! json_response(session[:handshake]) else fail! :login => "user_not_found" diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 4937814..314d71a 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -16,7 +16,7 @@ class AccountFlowTest < ActiveSupport::TestCase @login = "integration_test_user" User.find_by_login(@login).tap{|u| u.destroy if u} @password = "srp, verify me!" - @srp = SRP::Client.new(@login, @password) + @srp = SRP::Client.new @login, :password => @password @user_params = { :login => @login, :password_verifier => @srp.verifier.to_s(16), @@ -73,7 +73,7 @@ class AccountFlowTest < ActiveSupport::TestCase end test "signup and wrong password login attempt" do - srp = SRP::Client.new(@login, "wrong password") + srp = SRP::Client.new @login, :password => "wrong password" server_auth = srp.authenticate(self) assert_json_error :password => "wrong password" assert !last_response.successful? @@ -81,7 +81,7 @@ class AccountFlowTest < ActiveSupport::TestCase end test "signup and wrong username login attempt" do - srp = SRP::Client.new("wrong_login", @password) + srp = SRP::Client.new "wrong_login", :password => @password server_auth = nil assert_raises RECORD_NOT_FOUND do server_auth = srp.authenticate(self) diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb index 66563a3..10c8b46 100644 --- a/users/test/unit/user_test.rb +++ b/users/test/unit/user_test.rb @@ -40,13 +40,6 @@ class UserTest < ActiveSupport::TestCase assert_equal @user.password_salt.hex, @user.salt end - test "should include SRP" do - client_rnd = bigrand(32).hex - srp_session = @user.initialize_auth(client_rnd) - assert srp_session.is_a? SRP::Session - assert_equal client_rnd, srp_session.aa - end - test 'normal user is no admin' do assert !@user.is_admin? end |