diff options
| author | Azul <azul@leap.se> | 2012-06-28 19:43:40 +0200 |
|---|---|---|
| committer | Azul <azul@leap.se> | 2012-06-29 14:55:10 +0200 |
| commit | 20bf14939fbd75e3ee0206c2bf14737e2c7ac2c2 (patch) | |
| tree | e035c91c65e8e48d6a6af317e900a8fb9897a739 /example | |
| parent | e55ff681bcc5a6c479530d1411a3da75912d78e5 (diff) | |
adopted srp algo to srp-js way of doing things.
all large integers are now send as hex strings.
Using sha256_str all over the place.
This finally gives me successful logins. Needs a log of cleanup never the less.
Diffstat (limited to 'example')
| -rw-r--r-- | example/http-srp.rb | 2 | ||||
| -rw-r--r-- | example/models/user.rb | 10 | ||||
| l--------- | example/public/srp-source | 1 | ||||
| -rw-r--r-- | example/public/srp_register.min.js | 1 | ||||
| -rw-r--r-- | example/views/authenticate.erb | 2 | ||||
| -rw-r--r-- | example/views/handshake.erb | 2 | ||||
| -rw-r--r-- | example/views/index.erb | 10 | ||||
| -rw-r--r-- | example/views/layout.erb | 12 | ||||
| -rw-r--r-- | example/views/ok.erb | 2 | ||||
| -rw-r--r-- | example/views/salt.erb | 2 | ||||
| -rw-r--r-- | example/views/xml.erb | 2 |
11 files changed, 31 insertions, 15 deletions
diff --git a/example/http-srp.rb b/example/http-srp.rb index e83036f..ef43844 100644 --- a/example/http-srp.rb +++ b/example/http-srp.rb @@ -23,7 +23,7 @@ post '/register/salt/' do end post '/register/user/' do - User.current.verifier = params.delete('v').to_i + User.current.verifier = params.delete('v').hex erb :ok, :layout => false, :content_type => :xml end diff --git a/example/models/user.rb b/example/models/user.rb index af92300..d374d36 100644 --- a/example/models/user.rb +++ b/example/models/user.rb @@ -1,8 +1,7 @@ class User def self.current - # p "getting #{@current ? @current.login : 'nil'}" - @current ||= User.new + @current end def self.current=(user) @@ -17,19 +16,20 @@ class User def initialize(login) self.login = login - self.salt = OpenSSL::Random.random_bytes(10).unpack("H*")[0] + self.salt = "5d3055e0acd3ddcfc15".hex + # OpenSSL::Random.random_bytes(10).unpack("H*")[0] self.active = false User.current = self end def initialize_auth(params) self.srp = SRP::Server.new(self.salt, self.verifier) - bb, u = self.srp.initialize_auth(params.delete('A').to_i) + bb, u = self.srp.initialize_auth(params.delete('A').hex) return {:B => bb, :u => u} end def authenticate(params) - if m2 = self.srp.authenticate(params.delete('aa').to_i, params.delete('M').to_i) + if m2 = self.srp.authenticate(params.delete('M').hex) self.active = true return {:M2 => m2} else diff --git a/example/public/srp-source b/example/public/srp-source new file mode 120000 index 0000000..2b47f38 --- /dev/null +++ b/example/public/srp-source @@ -0,0 +1 @@ +/oldvar/src/srp-js/javascript/
\ No newline at end of file diff --git a/example/public/srp_register.min.js b/example/public/srp_register.min.js new file mode 100644 index 0000000..6c5a1d5 --- /dev/null +++ b/example/public/srp_register.min.js @@ -0,0 +1 @@ +eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('9 g(){3 1;b.a.e=9(){1=5;3 w=5.p()+5.o("e/f/");3 c="I="+5.K();5.n(w,c,5.u)};b.a.u=9(){3 2=1.k();8(2.j==4&&2.i==h){8(2.7.6("f").d>0){3 s=1.t(2.7.6("f")[0]);3 x=1.J(s);3 v=1.H().G(x,1.F());1.q(v.E(D))}C 8(2.7.6("r").d>0){1.B(1.t(2.7.6("r")[0]))}}};b.a.q=9(v){3 c="v="+v;3 m=1.p()+1.o("e/A/");1.n(m,c,1.l)};b.a.l=9(){3 2=1.k();8(2.j==4&&2.i==h){8(2.7.6("z").d>0){1.y()}}}};g();',47,47,'|that|xhr|var||this|getElementsByTagName|responseXML|if|function|prototype|SRP|params|length|register|salt|SRP_REGISTER|200|status|readyState|getxhr|register_user|auth_url|ajaxRequest|paths|geturl|register_send_verifier|error||innerxml|register_receive_salt||handshake_url||identify|ok|user|error_message|else|16|toString|getN|modPow|getg||calcX|getI'.split('|'),0,{})) diff --git a/example/views/authenticate.erb b/example/views/authenticate.erb index 7d6e39f..a6bf80d 100644 --- a/example/views/authenticate.erb +++ b/example/views/authenticate.erb @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <% if @auth[:M2] %> - <M><%=@auth[:M2]%></M> + <M><%="%x" % [@auth[:M2]]%></M> <% end %> <% if @auth[:error] %> <error><%=@auth[:error]%></error> diff --git a/example/views/handshake.erb b/example/views/handshake.erb index 66fac73..49eca91 100644 --- a/example/views/handshake.erb +++ b/example/views/handshake.erb @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<r s="<%=@user.salt%>" B="<%=@auth[:B]%>" /> +<%= %Q(<r s="%x" B="%x" />) % [@user.salt, @auth[:B]] %> diff --git a/example/views/index.erb b/example/views/index.erb index 48d9f71..24d2501 100644 --- a/example/views/index.erb +++ b/example/views/index.erb @@ -21,12 +21,12 @@ </div> <div class="row-fluid"> <div class="span4"> - <% if @user.login %> + <% if @user %> <h4> You are signed up as <%= @user.login %>. </h4> <% end %> </div> <div class="span4"> - <% if @user.active %> + <% if @user && @user.active %> <h4> You are logged in.</h4> <% end %> </div> @@ -35,13 +35,13 @@ </div> <div class="row-fluid"> <div class="span4"> - <%= button_link(:signup, :primary => !@user.login) %> + <%= button_link(:signup, :primary => !@user) %> </div> <div class="span4"> - <%= button_link(:login, :primary => @user.login && !@user.active) %> + <%= button_link(:login, :primary => @user && !@user.active) %> </div> <div class="span4"> - <%= button_link(:verify, :primary => @user.active) %> + <%= button_link(:verify, :primary => @user && @user.active) %> </div> </div> diff --git a/example/views/layout.erb b/example/views/layout.erb index f4eae0a..fc0eaf1 100644 --- a/example/views/layout.erb +++ b/example/views/layout.erb @@ -22,8 +22,16 @@ <%= yield %> <script type="text/javascript" src="jquery.min.js"> </script> - <script type="text/javascript" src="srp.min.js"> </script> - <script type="text/javascript" src="srp_register.min.js"> </script> +<!-- <script type="text/javascript" src="srp.min.js"> </script> +<script type="text/javascript" src="srp_register.min.js"> </script> --> + + <script type="text/javascript" src="srp-source/SHA256.js"> </script> + <script type="text/javascript" src="srp-source/prng4.js"> </script> + <script type="text/javascript" src="srp-source/rng.js"> </script> + <script type="text/javascript" src="srp-source/jsbn.js"> </script> + <script type="text/javascript" src="srp-source/jsbn2.js"> </script> + <script type="text/javascript" src="srp-source/srp.js"> </script> + <script type="text/javascript" src="srp-source/srp_register.js"> </script> <script type="text/javascript" src="srp.js"> </script> </body> diff --git a/example/views/ok.erb b/example/views/ok.erb new file mode 100644 index 0000000..b0d4f93 --- /dev/null +++ b/example/views/ok.erb @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ok/> diff --git a/example/views/salt.erb b/example/views/salt.erb new file mode 100644 index 0000000..5b34b93 --- /dev/null +++ b/example/views/salt.erb @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<salt><%="%x" % @user.salt %></salt> diff --git a/example/views/xml.erb b/example/views/xml.erb new file mode 100644 index 0000000..0e2dcc2 --- /dev/null +++ b/example/views/xml.erb @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<%= yield %> |