From 118d9ab5c9f4d7a82b7cf24774ef12d3c221f8ef Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 5 Oct 2012 13:59:39 +0200
Subject: moving to ruby_srp 0.1.0, works with python srp

---
 users/app/controllers/sessions_controller.rb          |  6 ++++--
 users/app/models/user.rb                              | 10 ++++++++--
 users/leap_web_users.gemspec                          |  2 +-
 users/test/integration/api/python/flow_with_srp.py    |  2 +-
 users/test/integration/api/python/signup_and_login.py | 10 +++-------
 5 files changed, 17 insertions(+), 13 deletions(-)

(limited to 'users')

diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 7852e5c..b8043f5 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -15,11 +15,13 @@ class SessionsController < ApplicationController
   end
 
   def update
+    # TODO: validate the id belongs to the session
     @user = User.find_by_param(params[:id])
-    @server_auth = @user.authenticate!(params[:client_auth].hex, session.delete(:handshake))
+    @srp_session = session.delete(:handshake)
+    @server_auth = @srp_session.authenticate!(params[:client_auth].hex)
     session[:user_id] = @user.id
     User.current = @user #?
-    render :json => {:M2 => @server_auth}
+    render :json => {:M2 => "%064x" % @server_auth}
   rescue WRONG_PASSWORD
     session[:handshake] = nil
     render :json => {:errors => {"password" => ["wrong password"]}}
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 95ee810..a6aab84 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -1,7 +1,5 @@
 class User < CouchRest::Model::Base
 
-  include SRP::Authentication
-
   property :login, String, :accessible => true
   property :email, String, :accessible => true
   property :password_verifier, String, :accessible => true
@@ -38,6 +36,10 @@ class User < CouchRest::Model::Base
     super(options.merge(:only => ['login', 'password_salt']))
   end
 
+  def initialize_auth(aa)
+    return SRP::Session.new(self, aa)
+  end
+
   def salt
     password_salt.hex
   end
@@ -46,6 +48,10 @@ class User < CouchRest::Model::Base
     password_verifier.hex
   end
 
+  def username
+    login
+  end
+
   def self.current
     Thread.current[:user]
   end
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index cebb632..2bbb0b8 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
   s.add_dependency "rails", "~> 3.2.8"
   s.add_dependency "leap_web_core", "~> 0.0.1"
   s.add_dependency "couchrest_session_store", "~> 0.0.1"
-  s.add_dependency "ruby-srp"
+  s.add_dependency "ruby-srp", "~> 0.1.0"
 
   LeapWebCore::Dependencies.add_ui_gems_to_spec(s)
   
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 08ac94a..ea630f2 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -52,7 +52,7 @@ user = print_and_parse(signup(session))
 
 # SRP signup would happen here and calculate M hex
 auth = print_and_parse(authenticate(session, user['login']))
-usr.verify_session( auth )
+usr.verify_session( binascii.unhexlify(auth["M2"]) )
 
 # At this point the authentication process is complete.
 assert usr.authenticated()
diff --git a/users/test/integration/api/python/signup_and_login.py b/users/test/integration/api/python/signup_and_login.py
index 2d79688..ac611d7 100755
--- a/users/test/integration/api/python/signup_and_login.py
+++ b/users/test/integration/api/python/signup_and_login.py
@@ -20,14 +20,13 @@ def print_and_parse(response):
   print response.request.method + ': ' + response.url
   print "    " + json.dumps(response.request.data)
   print " -> " + response.text
-  print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
   return json.loads(response.text)
 
 def signup(session):
   user_params = {
       'user[login]': id_generator(),
       'user[password_verifier]': '12345',
-      'user[password_salt]': '54321'
+      'user[password_salt]': 'AB54321'
       }
   return session.post(server + '/users.json', data = user_params)
 
@@ -36,11 +35,8 @@ def authenticate(session, login):
       'login': login,
       'A': '12345',
       }
-  init = session.post(server + '/sessions', data = params)
-  cookies = requests.utils.dict_from_cookiejar(init.cookies)
-  init = session.post(server + '/sessions', data = params, cookies = cookies)
-  print "(%) " + json.dumps(cookies)
-  return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}, cookies = cookies)
+  init = print_and_parse(session.post(server + '/sessions', data = params))
+  return session.put(server + '/sessions/' + login, data = {'client_auth': '123'})
 
 session = requests.session()
 user = print_and_parse(signup(session))
-- 
cgit v1.2.3