From 328f5a2983b54da9f4b3663cc2a129027110e922 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 5 Oct 2012 14:12:55 +0200 Subject: adjusting git repo to leap_web from leap_web_demo --- config/deploy.rb.example | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/config/deploy.rb.example b/config/deploy.rb.example index 552c820..9e54c22 100644 --- a/config/deploy.rb.example +++ b/config/deploy.rb.example @@ -1,10 +1,10 @@ require "bundler/capistrano" set :application, "webapp" -set :repository, "git://leap.se/leap_web_demo" set :scm, :git -# Or: `accurev`, `bzr`, `cvs`, `darcs`, `git`, `mercurial`, `perforce`, `subversion` or `none` +set :repository, "git://leap.se/leap_web" +set :branch, "master" set :deploy_via, :remote_cache set :deploy_to, '/home/webapp' @@ -14,8 +14,10 @@ set :normalize_asset_timestamps, false set :user, "webapp" -role :web, "YOUR SERVER GOES HERE" # Your HTTP server, Apache/etc -role :app, "YOUR SERVER GOES HERE" # This may be the same as your `Web` server +role :web, "YOUR SERVER" # Your HTTP server, Apache/etc +role :app, "YOUR SERVER" # This may be the same as your `Web` server + +# We're not using this for now... # role :db, "your primary db-server here", :primary => true # This is where Rails migrations will run # role :db, "your slave db-server here" -- cgit v1.2.3 From 9621b9013bbeb7ae7111cec081db6ea695755cde Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 5 Oct 2012 14:20:33 +0200 Subject: removing leap_web_help for version 0.1.0 --- Gemfile | 2 +- Gemfile.lock | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/Gemfile b/Gemfile index 0bdea00..f2803bc 100644 --- a/Gemfile +++ b/Gemfile @@ -32,7 +32,7 @@ gem 'simple_form' gem 'leap_web_core', :path => 'core' gem 'leap_web_users', :path => 'users' gem 'leap_web_certs', :path => 'certs' -gem 'leap_web_help', :path => 'help' +# gem 'leap_web_help', :path => 'help' gem 'couchrest_session_store' diff --git a/Gemfile.lock b/Gemfile.lock index 3f30e62..589b702 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,17 +13,6 @@ PATH couchrest_model (~> 2.0.0.beta2) rails (~> 3.2.8) -PATH - remote: help - specs: - leap_web_help (0.0.1) - bootstrap-sass (~> 2.0.4) - haml (~> 3.1.7) - jquery-rails - leap_web_core (~> 0.0.1) - rails (~> 3.2.8) - simple_form - PATH remote: users specs: @@ -187,7 +176,6 @@ DEPENDENCIES json leap_web_certs! leap_web_core! - leap_web_help! leap_web_users! mocha rails (= 3.2.8) -- cgit v1.2.3 From 76e4a13c3d2cc16c552d2205c8659be686f3718c Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 5 Oct 2012 14:24:40 +0200 Subject: enable therubyracer so we have a js runtime --- Gemfile | 2 +- Gemfile.lock | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index f2803bc..2aedae1 100644 --- a/Gemfile +++ b/Gemfile @@ -16,7 +16,7 @@ group :assets do gem 'coffee-rails', '~> 3.2.2' # See https://github.com/sstephenson/execjs#readme for more supported runtimes - # gem 'therubyracer', :platforms => :ruby + gem 'therubyracer', :platforms => :ruby gem 'uglifier', '>= 1.2.7' end diff --git a/Gemfile.lock b/Gemfile.lock index 589b702..636ce1b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -95,6 +95,7 @@ GEM railties (>= 3.1.0, < 5.0) thor (~> 0.14) json (1.7.5) + libv8 (3.3.10.4) linecache (0.46) rbx-require-relative (> 0.0.4) mail (2.4.4) @@ -153,6 +154,8 @@ GEM hike (~> 1.2) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) + therubyracer (0.10.2) + libv8 (~> 3.3.10) thor (0.16.0) tilt (1.3.3) treetop (1.4.10) @@ -182,4 +185,5 @@ DEPENDENCIES ruby-debug sass-rails (~> 3.2.5) simple_form + therubyracer uglifier (>= 1.2.7) -- cgit v1.2.3 From c2d5a80b576ffc5f9ff0807c9a52fec8b4f34123 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 5 Oct 2012 16:47:19 +0200 Subject: ruby-srp 0.1.1 has to_json method - simplifies controller --- Gemfile.lock | 4 ++-- users/app/controllers/sessions_controller.rb | 6 +++--- users/leap_web_users.gemspec | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 636ce1b..e9994f9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -23,7 +23,7 @@ PATH jquery-rails leap_web_core (~> 0.0.1) rails (~> 3.2.8) - ruby-srp (~> 0.1.0) + ruby-srp (~> 0.1.1) simple_form GEM @@ -141,7 +141,7 @@ GEM ruby-debug-base (~> 0.10.4.0) ruby-debug-base (0.10.4) linecache (>= 0.3) - ruby-srp (0.1.0) + ruby-srp (0.1.1) sass (3.2.1) sass-rails (3.2.5) railties (~> 3.2.0) diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index b8043f5..284c0e2 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -9,7 +9,7 @@ class SessionsController < ApplicationController @user = User.find_by_param(params[:login]) session[:handshake] = @user.initialize_auth(params['A'].hex) User.current = @user #? - render :json => { :B => session[:handshake].bb.to_s(16), :salt => @user.password_salt } + render :json => session[:handshake] rescue RECORD_NOT_FOUND render :json => {:errors => {:login => ["unknown user"]}} end @@ -18,10 +18,10 @@ class SessionsController < ApplicationController # TODO: validate the id belongs to the session @user = User.find_by_param(params[:id]) @srp_session = session.delete(:handshake) - @server_auth = @srp_session.authenticate!(params[:client_auth].hex) + @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id User.current = @user #? - render :json => {:M2 => "%064x" % @server_auth} + render :json => @srp_session rescue WRONG_PASSWORD session[:handshake] = nil render :json => {:errors => {"password" => ["wrong password"]}} diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 2bbb0b8..90aa4df 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |s| s.add_dependency "rails", "~> 3.2.8" s.add_dependency "leap_web_core", "~> 0.0.1" s.add_dependency "couchrest_session_store", "~> 0.0.1" - s.add_dependency "ruby-srp", "~> 0.1.0" + s.add_dependency "ruby-srp", "~> 0.1.1" LeapWebCore::Dependencies.add_ui_gems_to_spec(s) -- cgit v1.2.3 From e264e7354788c0b7eff7bb296eed9c59304cc8b8 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 5 Oct 2012 16:48:27 +0200 Subject: using safe_unhexlify to workaround 0 padding also changed the debug output so it helps creating tests for ruby-srp --- users/test/integration/api/python/flow_with_srp.py | 29 ++++++++++++++++++---- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py index ea630f2..3bbbc71 100755 --- a/users/test/integration/api/python/flow_with_srp.py +++ b/users/test/integration/api/python/flow_with_srp.py @@ -6,9 +6,11 @@ import requests import json import string import random -import srp +import srp._pysrp as srp import binascii +safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x) + # let's have some random name def id_generator(size=6, chars=string.ascii_uppercase + string.digits): return ''.join(random.choice(chars) for x in range(size)) @@ -18,15 +20,20 @@ server = 'http://localhost:3000' login = id_generator() password = id_generator() + id_generator() +print ' username = "' + login + '"' +print ' password = "' + password + '"' + # log the server communication def print_and_parse(response): - print response.request.method + ': ' + response.url - print " " + json.dumps(response.request.data) + # print response.request.method + ': ' + response.url + # print " " + json.dumps(response.request.data) print " -> " + response.text return json.loads(response.text) def signup(session): salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 ) + print ' salt = "' + binascii.hexlify(salt) + '"' + print ' v = "' + binascii.hexlify(vkey) + '"' user_params = { 'user[login]': login, 'user[password_verifier]': binascii.hexlify(vkey), @@ -38,12 +45,16 @@ usr = srp.User( login, password, srp.SHA256, srp.NG_1024 ) def authenticate(session, login): uname, A = usr.start_authentication() + print ' aa = "' + binascii.hexlify(A) + '"' params = { 'login': uname, 'A': binascii.hexlify(A) } init = print_and_parse(session.post(server + '/sessions', data = params)) - M = usr.process_challenge( binascii.unhexlify(init['salt']), binascii.unhexlify(init['B']) ) + # print ' b = "' + init['b'] + '"' + print ' bb = "' + init['B'] + '"' + M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) ) + print ' m = "' + binascii.hexlify(M) + '"' return session.put(server + '/sessions/' + login, data = {'client_auth': binascii.hexlify(M)}) @@ -52,7 +63,15 @@ user = print_and_parse(signup(session)) # SRP signup would happen here and calculate M hex auth = print_and_parse(authenticate(session, user['login'])) -usr.verify_session( binascii.unhexlify(auth["M2"]) ) +if ( 'errors' in auth ): + print ' u = "%x"' % usr.u + print ' x = "%x"' % usr.x + print ' v = "%x"' % usr.v + print ' S = "%x"' % usr.S + print ' K = "' + binascii.hexlify(usr.K) + '"' + print ' M = "%x"' % usr.M +else: + usr.verify_session( safe_unhexlify(auth["M2"]) ) # At this point the authentication process is complete. assert usr.authenticated() -- cgit v1.2.3