2 files changed, 24 insertions, 19 deletions

diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 7876d84..b6e56a7 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -8,7 +8,9 @@ class SessionsControllerTest < ActionController::TestCase
     @server_hex = 'b123'
     @server_rnd = @server_hex.hex
     @server_rnd_exp = 'e123'.hex
+    @salt = 'stub user salt'
     @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
+    @server_auth = 'adfe'
   end
 
   test "should get login screen" do
@@ -21,11 +23,13 @@ class SessionsControllerTest < ActionController::TestCase
     user.expects(:initialize_auth).
       with(@client_rnd).
       returns(@server_handshake)
+    @server_handshake.expects(:to_json).
+     returns({'B' => @server_hex, 'salt' => @salt}.to_json)
     User.expects(:find_by_param).with(user.login).returns(user)
     post :create, :login => user.login, 'A' => @client_hex
     assert_equal @server_handshake, session[:handshake]
     assert_response :success
-    assert_json_response :B => @server_hex
+    assert_json_response :B => @server_hex, :salt => @salt
   end
 
   test "should report user not found" do
@@ -39,9 +43,11 @@ class SessionsControllerTest < ActionController::TestCase
   test "should authorize" do
     session[:handshake] = @server_handshake
     user = stub :login => "me", :id => 123
-    user.expects(:authenticate!).
-      with(@client_rnd, @server_handshake).
+    @server_handshake.expects(:authenticate!).
+      with(@client_rnd).
       returns(@server_auth)
+    @server_handshake.expects(:to_json).
+      returns({:M2 => @server_auth}.to_json)
     User.expects(:find_by_param).with(user.login).returns(user)
     post :update, :id => user.login, :client_auth => @client_hex
     assert_nil session[:handshake]
@@ -52,8 +58,8 @@ class SessionsControllerTest < ActionController::TestCase
   test "should report wrong password" do
     session[:handshake] = @server_handshake
     user = stub :login => "me", :id => 123
-    user.expects(:authenticate!).
-      with(@client_rnd, @server_handshake).
+    @server_handshake.expects(:authenticate!).
+      with(@client_rnd).
       raises(WRONG_PASSWORD)
     User.expects(:find_by_param).with(user.login).returns(user)
     post :update, :id => user.login, :client_auth => @client_hex
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index e20bcf6..66de1e5 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -30,40 +30,39 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
       :password_verifier => @srp.verifier.to_s(16),
       :password_salt => @srp.salt.to_s(16)
     }
+    post '/users.json', :user => @user_params
+    @user = User.find_by_param(@login)
   end
 
   def teardown
     @user.destroy if @user # make sure we can run this test again
   end
 
-  test "signup and login with srp via api" do
-    post '/users.json', :user => @user_params
-    @user = User.find_by_param(@login)
+  test "signup response" do
     assert_json_response @user_params.slice(:login, :password_salt)
     assert_response :success
-    server_auth = @srp.authenticate(self, @login, @password)
+  end
+
+  test "signup and login with srp via api" do
+    server_auth = @srp.authenticate(self)
     assert_nil server_auth["errors"]
     assert server_auth["M2"]
   end
 
   test "signup and wrong password login attempt" do
-    post '/users.json', :user => @user_params
-    @user = User.find_by_param(@login)
-    assert_json_response @user_params.slice(:login, :password_salt)
-    assert_response :success
-    server_auth = @srp.authenticate(self, @login, "wrong password")
+    srp = SRP::Client.new(@login, "wrong password")
+    server_auth = srp.authenticate(self)
     assert_equal ["wrong password"], server_auth["errors"]['password']
     assert_nil server_auth["M2"]
   end
 
   test "signup and wrong username login attempt" do
-    post '/users.json', :user => @user_params
-    @user = User.find_by_param(@login)
-    assert_json_response @user_params.slice(:login, :password_salt)
-    assert_response :success
+    srp = SRP::Client.new("wrong_login", @password)
+    server_auth = nil
     assert_raises RECORD_NOT_FOUND do
-      server_auth = @srp.authenticate(self, "wronglogin", @password)
+      server_auth = srp.authenticate(self)
     end
+    assert_nil server_auth
   end
 
 end