diff options
| author | Azul <azul@leap.se> | 2012-07-03 14:24:17 +0200 |
|---|---|---|
| committer | Azul <azul@leap.se> | 2012-07-03 14:24:17 +0200 |
| commit | 7367bf009d778d96c1c40a20c055bba0596ab2b4 (patch) | |
| tree | 74f2786c51d5af9adec4696a459ca485633fcdb5 | |
| parent | 458975ce0e17a5d752ac99f68a23236b7f078519 (diff) | |
fixed workflow and reduced copy
| -rw-r--r-- | example/public/srp.js | 13 | ||||
| -rw-r--r-- | example/views/index.erb | 6 | ||||
| -rw-r--r-- | example/views/layout.erb | 2 |
3 files changed, 14 insertions, 7 deletions
diff --git a/example/public/srp.js b/example/public/srp.js index 51aba5c..4a4b9ee 100644 --- a/example/public/srp.js +++ b/example/public/srp.js @@ -5,15 +5,22 @@ $(document).ready(function(){ function on_login(event) { srp = new SRP(); + srp.success= on_authenticated; srp.identify(); event.preventDefault(); } function on_signup(event) { srp = new SRP(); - srp.success = function() { - alert("Signed up successfully"); - }; + srp.registered_user = on_registered; srp.register(); event.preventDefault(); } + +function on_registered() { + window.location = '/'; +} + +function on_authenticated() { + window.location = '/'; +} diff --git a/example/views/index.erb b/example/views/index.erb index 24d2501..0ff91e1 100644 --- a/example/views/index.erb +++ b/example/views/index.erb @@ -3,19 +3,19 @@ <div class="span4"> <h2>1. Signup</h2> <p> - First you signup just like normal. Your browser runs a bit of javascript and does not transfer your password but some validator based on it. + Your browser transfers an encrypted verifier based your password. But it does not send the password itself. </p> </div> <div class="span4"> <h2>2. Login</h2> <p> - Login using the same credentials. Again javascript is used to calculate a random number and a key based on it that the server then uses to validate your password. + You enter your password - your browser exchanges encrypted data with the site to check if it was the right one. </p> </div> <div class="span4"> <h2>3. Verify</h2> <p> - The server logs will tell you your password was not transmitted in clear. Never the less the server can determine wether you were authorized. + You can see from the logs that your password was not send. The login process is different each time so it can't be replayed. </p> </div> </div> diff --git a/example/views/layout.erb b/example/views/layout.erb index fc0eaf1..6b56eac 100644 --- a/example/views/layout.erb +++ b/example/views/layout.erb @@ -14,7 +14,7 @@ <div class="hero-unit span12"> <h1>Secure Remote Passwords</h1> <p> - Secure remote passwords allow you to login with a password that will be unkown to the server and anyone eavesdropping + Login with a password hidden from the server and anyone eavesdropping. </p> </div> </div> |