summaryrefslogtreecommitdiff
path: root/users
diff options
context:
space:
mode:
Diffstat (limited to 'users')
-rw-r--r--users/leap_web_users.gemspec2
-rw-r--r--users/lib/warden/strategies/secure_remote_password.rb10
-rw-r--r--users/test/integration/api/account_flow_test.rb8
3 files changed, 11 insertions, 9 deletions
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 013b44a..2f4b10c 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -17,6 +17,6 @@ Gem::Specification.new do |s|
s.add_dependency "leap_web_core", LeapWeb::VERSION
- s.add_dependency "ruby-srp", "~> 0.1.6"
+ s.add_dependency "ruby-srp", "~> 0.1.7"
s.add_dependency "rails_warden"
end
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 2dcd706..a97e795 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -28,6 +28,9 @@ module Warden
if client = validate
success!(User.find_by_login(client.username))
else
+ Rails.logger.warn "Login attempt failed."
+ Rails.logger.debug debug_info
+ Rails.logger.debug "Received: #{params['client_auth']}"
fail!(:base => "invalid_user_pass")
end
end
@@ -58,6 +61,13 @@ module Warden
def id
params["id"] || params["login"]
end
+
+ protected
+
+ def debug_info
+ JSON.pretty_generate(session[:handshake].internal_state)
+ end
+
end
end
Warden::Strategies.add :secure_remote_password,
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index d4360de..f5cb0b1 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -55,14 +55,6 @@ class AccountFlowTest < RackTest
assert server_auth["M2"]
end
- test "duplicate login does not break things" do
- server_auth = @srp.authenticate(self)
- server_auth = @srp.authenticate(self)
- assert last_response.successful?
- assert_nil server_auth["errors"]
- assert server_auth["M2"]
- end
-
test "signup and wrong password login attempt" do
srp = SRP::Client.new @login, :password => "wrong password"
server_auth = srp.authenticate(self)