diff options
Diffstat (limited to 'app/assets/javascripts/srp/spec')
m--------- | app/assets/javascripts/srp | 0 | ||||
-rw-r--r-- | app/assets/javascripts/srp/spec/account_spec.js | 31 | ||||
-rw-r--r-- | app/assets/javascripts/srp/spec/calculate_spec.js | 52 | ||||
-rw-r--r-- | app/assets/javascripts/srp/spec/helper.js | 48 | ||||
-rw-r--r-- | app/assets/javascripts/srp/spec/login_spec.js | 113 | ||||
-rw-r--r-- | app/assets/javascripts/srp/spec/session_spec.js | 108 | ||||
-rw-r--r-- | app/assets/javascripts/srp/spec/signup_spec.js | 31 |
7 files changed, 383 insertions, 0 deletions
diff --git a/app/assets/javascripts/srp b/app/assets/javascripts/srp deleted file mode 160000 -Subproject 9e1a41733468d4a3f5102b04277b9cd7b52d0a4 diff --git a/app/assets/javascripts/srp/spec/account_spec.js b/app/assets/javascripts/srp/spec/account_spec.js new file mode 100644 index 0000000..4110778 --- /dev/null +++ b/app/assets/javascripts/srp/spec/account_spec.js @@ -0,0 +1,31 @@ +describe("Account", function() { + describe("without seeded values", function(){ + beforeEach(function() { + account = new srp.Account(); + }); + + it("fetches the password from the password field", function(){ + expect(account.password()).toBe("password"); + }); + + it("fetches the login from the login field", function(){ + expect(account.login()).toBe("testuser"); + }); + + }); + + describe("with seeded values", function(){ + beforeEach(function() { + account = new srp.Account("login", "secret"); + }); + + it("uses the seeded password", function(){ + expect(account.password()).toBe("secret"); + }); + + it("uses the seeded login", function(){ + expect(account.login()).toBe("login"); + }); + + }); +}); diff --git a/app/assets/javascripts/srp/spec/calculate_spec.js b/app/assets/javascripts/srp/spec/calculate_spec.js new file mode 100644 index 0000000..02bff1d --- /dev/null +++ b/app/assets/javascripts/srp/spec/calculate_spec.js @@ -0,0 +1,52 @@ +describe("Calculate", function() { + + beforeEach(function() { + calculate = new srp.Calculate(); + }); + + // login attempt with correct password that failed never the less: + var compare = { + username: "blues", + password: "justtest", + salt: "6a6ef9ce5cb998eb", + v: "a5da6d376d503e22d93385db0244c382d1413d9f721ad9866dfc5e895cf2a3331514ceec5f48aceab58b260651cc9ee1ba96d906f67a6b4a7414c82d1333607ebe96403ecc86050224dc4c17b1d30efdbb451a68d1b6a25cce10f0e844082329d3cb46e1c3d46298a0de2cd3b8c6acc1a80c206f0f10ec8cd3c050babdf338ba", + aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868", + a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", + bb: "dee64fd54daafc18b338c5783ade3ff4275dfee8c97008e2d9fb445880a2e1d452c822a35e8e3f012bc6facaa28022f8de3fb1d632667d635abde0afc0ca4ed06c9197ea88f379042b10bc7b7f816a1ec14fefe6e9adef4ab904315b3a3f36749f3f6d1083b0eb0029173770f8e9342b098298389ba49a88d4ea6b78a7f576a4", + s: "50973f6e8134f95bd04f54f522e6e57d957d0640f91f0a989ff775712b81d5856ae3bdd2aa9c5eda8019e9db18065519c99c33a62c7f12f98e7aed60b153feee9ab73ba1272b4d76aa002da8cd47c6da733c88a0e70d4c3d6752fd366d66efe40870d26fd5d1755883b9489721e1881376628bf6ef89902f35e5e7e31227e2f", + k: "dd93e648abfe2ac6c6d46e062ded60b31ec043e55ceca1946ec29508f4c68461", + m: "ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c" + }; + + it("calculates the proper A", function() { + expect(calculate.A(compare.a)).toBe(compare.aa); + }); + + it("prefixes A with 0 if needed", function() { + expect(calculate.A("3971782b")[0]).toBe("0"); + }); + + it("calculates the right x", function() { + x = calculate.X("testuser","password","7686acb8") + expect(x).toBe('84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398'); + }); + + it("calculates the right verifier", function() { + calculate_and_compare_verifier(compare); + }); + + it("calculates the right verifier with umlauts", function() { + with_umlauts = { + username: "test_joakcq", + password: "fs5uofäöìfvqynn", + salt: "eec1ff4c", + v: "551e82de8d61a6575a3da7fbede61f6f38164ed52eb64db031c1ec2316b474745d3ff24408bfcca3c50fc53283f2f975feebf1564d197051c834a56bf8bd804f3696d81e579915141f306242f133db210cbd11385afff01c355ca8446d92d8a54ff147ebb0e1cd3d5c78750a0488f1453473e9449a946c7c9298c167cc5adafc" + } + calculate_and_compare_verifier(with_umlauts); + }); + + function calculate_and_compare_verifier(values) { + x = calculate.X(values.username, values.password, values.salt) + expect(calculate.V(x)).toBe(values.v); + } +}); diff --git a/app/assets/javascripts/srp/spec/helper.js b/app/assets/javascripts/srp/spec/helper.js new file mode 100644 index 0000000..d1c699b --- /dev/null +++ b/app/assets/javascripts/srp/spec/helper.js @@ -0,0 +1,48 @@ +var specHelper = (function() { + // HELPERS + + function setupFakeXHR() { + this.xhr = sinon.useFakeXMLHttpRequest(); + var requests = this.requests = []; + this.xhr.onCreate = function (xhr) { + requests.push(xhr); + }; + this.expectRequest = expectRequest; + this.respondJSON = respondJSON; + this.respondXML = respondXML; + } + + // TODO: validate http verb + function expectRequest(url, content, verb) { + expect(this.requests.length).toBe(1); + expect(this.requests[0].url).toBe(url); + expect(decodeURI(this.requests[0].requestBody)).toBe(content); + if (verb) { + expect(this.requests[0].method).toBe(verb); + } + } + + function respondXML(content) { + var request = this.requests.pop(); + header = { "Content-Type": "application/xml;charset=utf-8" }; + body = '<?xml version="1.0" encoding="UTF-8"?>\n'; + body += content; + request.respond(200, header, body); + } + + function respondJSON(object, responseCode) { + var request = this.requests.pop(); + header = { "Content-Type": "application/json;charset=utf-8" }; + body = JSON.stringify(object); + request.respond(responseCode || 200, header, body); + } + + return { + setupFakeXHR: setupFakeXHR, + } + +})(); + +beforeEach(function () { + setFixtures("<form action='.' onsubmit='return register()'> <table> <tr><td>Username:</td><td><input type='text' id='srp_username' value='testuser' /></td></tr> <tr><td>Password:</td><td><input type='password' id='srp_password' value='password'/></td></tr> </table> <input type='submit'/> </form> "); +}); diff --git a/app/assets/javascripts/srp/spec/login_spec.js b/app/assets/javascripts/srp/spec/login_spec.js new file mode 100644 index 0000000..24c7f4f --- /dev/null +++ b/app/assets/javascripts/srp/spec/login_spec.js @@ -0,0 +1,113 @@ +describe("Login with srp var", function() { + + var fixtures = { + "failed_login": { + "username": "asre", + "password": "Started GET", + "salt": "ae631d2d5ed2c41d", + "verifier": "8abe157957f22cc3b0b004e964d8f4d036636b23c6489877db9a9f7e19f21b78df5b489171996dd4a57ab6714e31ed0f3187c930dd0b00654cab60aaf73d701cf71d3faed99da9cd37c0161c93f3e12c2627e286df9217bad7731d51c7558a7d07d9888808c5b62b275b07706cf2e3d0cdc628791c69975580f760c7bf28bae8", + "a": "eb9784d9", + "aa": "ab0109064a2da3c02c0cc6da028495d402affb814f4b40898c9c87922718bd03dbd41cf2fa0e23f4abd0f19722c3687b673177328ae4f74f48f7d8fafc30466652e97a2f8c438b471eb0ccbe66fb5bf0837ac7b2aa34bfc731714c3ce4fbb288abd59458e2e563391925a8b74b4179652839ea91da40a467702b1574728c9e22", + "bb": "ccc834b851d7d6e1aa86969705ecd53fd47c5e94c1e31f739db3534a73dee8eed362747d7b4c60ea9169352000dfe42ca8ae5d3b20bb8f40590106021e7a4cd398ca2df55cc209ad9732c8d6bd6c6acf8a27254dac3c74cbb326ee53a4519e6a630ccadebf1434f5e3d9bf99c7cd301255c94710445383808638394dd641aa27", + "s": "919418fb396e125dc8e881b01f3925029e8049e0f15032f601317a99489526fd46b8e8edb62962177b97efe2106a7da44b381e65a500ff1a86459683475b86b31fd81e73accc835a5e0da37b71ed68612c68fbe43a96b57bf3f5d560f71f37a3dbc7a2080c8a4dd7de1bb42cc6e1a21e66e3845f775cb4559ba9ac1faf551a39", + "k": "0aa8c328244c426c6165be08a1fa8b07e2949c1df577466b4815109221e2da6b", + "m": "8438a6e4f31334588b826ee92b7669dd8db59856c5934a9c659e1481bcdcae86", + "m2": "ec1fd1de67a08b981016272222f54f4b1c42768cb46cd3675fe6573fd60eb186" + }, + "py_srp": { + // these need to be the same as in the spec runner: + username: "testuser", + password: "password", + salt: '628365a0', + verifier: '4277ddfdd111cc6a4cd27af570172a93ff4dddd9441ad89ecd78b08504812819d85712fbb6d2b487798ea0e19eeb960ce129725286d1c891314c0620abce02ac0a37fac823d0858553aed30ba99622ec9c66cc937016b96e82ef9e3b5d06e1db707293459c0aa8e082b528fd236cda347c45d8b022a9d4f3701c696e0397332a', + // a valid auth attempt for the user / password given in the spec runner: + a: 'a5cccf937ea1bf72df5cf8099442552f5664da6780a75436d5a59bc77a8a9993', + aa: 'e67d222244564ccd2e37471f226b999a4e987f3d494c7d80e0d36169efd6c6c6d857a96924c25fc165e5e9b0212a31c30701ec376dc32e36be00bbcd6d2104789d368af984e26fc094374f90ee5746478f14cec45c7e131a3cbce15fe79e98894213dac4e63c3f73f644fe25aa8707bc58859dfd1b36972e4e34169db2622899', + // just for the sake of having a complete set of test vars: + b: '6aa5c88d1877af9907ccefad31083e1102a7121dc04706f681f66c8680fb7f05', + bb: 'd56a80aaafdf9f70598b5d1184f122f326a333fafd37ab76d6f7fba4a9c4ee59545be056335150bd64f04880bc8e76949469379fe9de17cf6f36f3ee11713d05f63050486bc73c545163169999ff01b55c0ca4e90d8856a6e3d3a6ffc70b70d993a5308a37a5c2399874344e083e72b3c9afa083d312dfe9096ea9a65023f135', + k: 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b', + m: '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26', + m2: '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e', + } + }; + + + describe("(Compatibility with py-srp)", function (){ + var A_, callback; + var data = fixtures.failed_login; + var old_pass, old_login, old_conf; + + + beforeEach(function() { + specHelper.setupFakeXHR.apply(this); + + calculate = new srp.Calculate(); + calculate.randomSalt = function() {return "4c78c3f8"}; + srp.session = new srp.Session(undefined, calculate); + + A_ = srp.session.calculateAndSetA(data.a) + old_login = $('#srp_username').val(); + old_conf = $('#srp_password_confirmation').val(); + old_pass = $('#srp_password').val(); + $('#srp_username').val(data.username); + $('#srp_password_confirmation').val(data.password); + $('#srp_password').val(data.password); + }); + + afterEach(function() { + $('#srp_username').val(old_login); + $('#srp_password_confirmation').val(old_conf); + $('#srp_password').val(old_pass); + this.xhr.restore(); + }); + + it("calculates the same A", function(){ + expect(A_).toBe(data.aa); + }); + + it("calculates the same key", function(){ + srp.session.calculations(data.salt, data.bb); + expect(srp.session.key()).toBe(data.k); + }); + + it("authenticates successfully", function(){ + srp.loggedIn = jasmine.createSpy(); + srp.login(); + + this.expectRequest('/1/sessions.json', 'login=' +data.username+ '&A=' +data.aa, 'POST'); + this.respondJSON({salt: data.salt, B: data.bb}); + this.expectRequest('/1/sessions/'+data.username+'.json', 'client_auth='+data.m, 'PUT'); + this.respondJSON({M2: data.m2}); + + expect(srp.loggedIn).toHaveBeenCalled(); + }); + + it("reports errors during handshake", function(){ + srp.error = jasmine.createSpy(); + var error = {login: "something went wrong on the server side"}; + srp.login(); + + this.expectRequest('/1/sessions.json', 'login=' +data.username+ '&A=' +data.aa, 'POST'); + this.respondJSON(error, 422); + //this.expectNoMoreRequests(); + + expect(srp.error).toHaveBeenCalledWith(error); + }); + + it("rejects B = 0", function(){ + srp.loggedIn = jasmine.createSpy(); + srp.error = jasmine.createSpy(); + srp.login(); + + this.expectRequest('/1/sessions.json', 'login=' +data.username+ '&A=' +data.aa, 'POST'); + this.respondJSON({salt: data.salt, B: 0}); + // aborting if B=0 + expect(this.requests).toEqual([]); + expect(srp.error).toHaveBeenCalledWith("Server send random number 0 - could not login."); + expect(srp.loggedIn).not.toHaveBeenCalled(); + }); + }); + + +}); diff --git a/app/assets/javascripts/srp/spec/session_spec.js b/app/assets/javascripts/srp/spec/session_spec.js new file mode 100644 index 0000000..b37d7b1 --- /dev/null +++ b/app/assets/javascripts/srp/spec/session_spec.js @@ -0,0 +1,108 @@ +describe("Session", function() { + + // data gathered from py-srp and ruby-srp + var old_compare = { + username: "UC6LTQ", + password: "PVSQ7DCEIR0B", + salt: "d6ed8dba", + v: "c86a8c04a4f71cb10bfe3fedb74bae545b9a20e0f3e95b6334fce1cb3384a296f75d774a3829ffd63f405f13f58ffbae415fd234b08b996c11e8618c17961defcebb1d244b388b75cf36882ee97182a900ebeaf7cffa0a83eed294f3a9449a06beb88954952759d2957b80ef851f4cc4fcaa6001fee4f00c273ecdd712d48371", + aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868", + a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", + bb: "5f5bedd1f95b6b0d6809614f162e49753acce6979e1041f4da5bfa91e1dadd2a5470270ed102a49c5f74fd42f2b61a8a1a43218159a22b31a7cbd4670679480e56d0e4e72a22c07e07102ff063045d0c3c96085dec1cc2959453e0299890bd95af76403cec6ec5f212667a75ae6f4a8327183d72c3ee85792ca43820fbccf244", + m: "bc30b8781e67a657e93d0a6cf7e7847fc60f79e2b0641e9c26b3522bc8f974cc" + } + + // login attempt with correct password that failed never the less: + var zero_prefixed_m = { + username: "blues", + password: "justtest", + salt: "6a6ef9ce5cb998eb", + v: "a5da6d376d503e22d93385db0244c382d1413d9f721ad9866dfc5e895cf2a3331514ceec5f48aceab58b260651cc9ee1ba96d906f67a6b4a7414c82d1333607ebe96403ecc86050224dc4c17b1d30efdbb451a68d1b6a25cce10f0e844082329d3cb46e1c3d46298a0de2cd3b8c6acc1a80c206f0f10ec8cd3c050babdf338ba", + aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868", + a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", + bb: "dee64fd54daafc18b338c5783ade3ff4275dfee8c97008e2d9fb445880a2e1d452c822a35e8e3f012bc6facaa28022f8de3fb1d632667d635abde0afc0ca4ed06c9197ea88f379042b10bc7b7f816a1ec14fefe6e9adef4ab904315b3a3f36749f3f6d1083b0eb0029173770f8e9342b098298389ba49a88d4ea6b78a7f576a4", + s: "050973f6e8134f95bd04f54f522e6e57d957d0640f91f0a989ff775712b81d5856ae3bdd2aa9c5eda8019e9db18065519c99c33a62c7f12f98e7aed60b153feee9ab73ba1272b4d76aa002da8cd47c6da733c88a0e70d4c3d6752fd366d66efe40870d26fd5d1755883b9489721e1881376628bf6ef89902f35e5e7e31227e2f", + k: "dd93e648abfe2ac6c6d46e062ded60b31ec043e55ceca1946ec29508f4c68461", + m: "0ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c" + }; + + var short_b = { + "username": "fwe", + "password": "eckout -b ne", + "salt": "67f5f4aaf82a2a86", + "verifier": "d0624d86b8ce793e8570d0a8e31df50bb5bd7c6bf56926b00b10125c541d663324018be5a9c9ec794e44e1be739270d0fa258af0e15c780d47ff889c881c7a6b22fd201265471953f2788f08b2f95709602b1a47207241432226bba224285c8ed706d0a47a49eb06c111dfdafe01fe6ac3ab98c9a4958a00a136d9c069bea065", + "a": "b82dbaac", + "aa": "6e0197741d4da91a97adb05c705dae37a778d44cab697afdbcfc2450a5ccbc96dae1f4144a8446b53bfda65bc4ae4bc04c81f41f17da3389a5477bd8c5799538fffda2d745a4aa0381297c904b474d0525c2d08b4f70f7d3f9c1c52a0e126fc3402e37ea82aed603fe76fa2d8827e1e5d80996260a8aba6dc53e5e57dd7bd6a4", + "bb": "c9ffd5cb17e29aedf08fb37f54af2f4b798ce8341d8d1f36fde589e76f8aa2541118125d419632eef1582fb4fe7d5df4e795c808b0b2f964f67927b73be6f7545f2d291b9b36ab3d4b9fd0eb506f22887706b94c36ff963af44050bd89043d85b6f75846244785624fd2afb91ee1b5706b5a6f453f057be14537faa8051be56", + "s": "ca95b0d1223f4180f9b664d7aab69325263ee8700c02cbb7b3e67f1b08f94e11397f03faf186559602f9948305c73a6b69eb31770421f9e69757a3e4235e61197eab703e8378a290d70c335f5b4a39af402d9c68512def102737c5e70182645f3a1b9e8dcfea6eb4407a2bfbe1d923b6a7322e1b058e2f551f584ab12b61bc2b", + "k": "2cc2a0641bfd142a9c34b038c61e64a2298d1fd07de10fae945ad9b1a6172d19", + "m": "c3e3096ed1553a7dad36d600cee4e2f43fa67e306ae9771fc045d4f1b092d5e6", + "m2": "13bae65005e54e6ccfc5c5d04e143c4ff1124972875be6860aa8a99ab179ebf3" + } + + var session; + + it("calculates the proper M even if that is 0 prefixed (INTEGRATION)", function() { + var compare = zero_prefixed_m; + account = new srp.Account(compare.username, compare.password); + session = new srp.Session(account); + session.calculateAndSetA(compare.a); + session.calculations(compare.salt, compare.bb); + expect(session.getS().toString(16)).toBe(compare.s); + expect(session.key()).toBe(compare.k); + expect(session.getM()).toBe(compare.m); + }); + + it("calculates the proper M from a smaller B (INTEGRATION)", function() { + // B has one less char than usual + var compare = short_b; + account = new srp.Account(compare.username, compare.password); + session = new srp.Session(account); + session.calculateAndSetA(compare.a); + session.calculations(compare.salt, compare.bb); + expect(session.getS().toString(16)).toBe(compare.s); + expect(session.key()).toBe(compare.k); + expect(session.getM()).toBe(compare.m); + }); + + + it("delegates login", function() { + var compare = zero_prefixed_m; + account = new srp.Account(compare.username, compare.password); + session = new srp.Session(account); + expect(session.login()).toBe(compare.username); + }); + + it('calculates secure user parameters for signup', function() { + var compare = short_b; + account = new srp.Account(compare.username, compare.password); + session = new srp.Session(account); + + var signupParams = session.signup(); + + expect(Object.keys(signupParams)).toEqual(['login', 'password_salt', 'password_verifier']); + }); + + it('calculates secure user parameters for update', function() { + var compare = short_b; + account = new srp.Account(compare.username, compare.password); + session = new srp.Session(account); + + var signupParams = session.update(); + + expect(Object.keys(signupParams)).toEqual(['login', 'password_salt', 'password_verifier']); + }); + + it("grabs extra signup parameters from account", function() { + account = jasmine.createSpyObj('account', ['login', 'password']); + account.loginParams = function() { + return { + "extraParam": "foobar" + } + } + session = new srp.Session(account); + + expect(session.signup().extraParam).toBe("foobar"); + }); + +}); diff --git a/app/assets/javascripts/srp/spec/signup_spec.js b/app/assets/javascripts/srp/spec/signup_spec.js new file mode 100644 index 0000000..89b0936 --- /dev/null +++ b/app/assets/javascripts/srp/spec/signup_spec.js @@ -0,0 +1,31 @@ +describe("Loading SRP", function() { + it("provides a signup function", function() { + expect(typeof srp.signup).toBe('function'); + }); + +}); + +describe("Signup with srp var", function() { + + beforeEach(function() { + specHelper.setupFakeXHR.apply(this); + calculate = new srp.Calculate(); + calculate.randomSalt = function() {return "4c78c3f8"}; + srp.session = new srp.Session(undefined, calculate); + }); + + afterEach(function() { + this.xhr.restore(); + }); + + it("identifies after successful registration (INTEGRATION)", function(){ + var callback = jasmine.createSpy(); + srp.signedUp = callback; + srp.signup(); + this.expectRequest('/1/users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST') + this.respondJSON({password_salt: "4c78c3f8", login: "testuser", ok: "true"}); + expect(callback).toHaveBeenCalled(); + }); + +}); + |