complete ajax flow is working - just auth fails

Also we currently generate the salt on the server - this should happen on the client but for now i stick to the srp-js workflow.
author: Azul <azul@leap.se> 2012-06-28 16:13:13 +0200
committer: Azul <azul@leap.se> 2012-06-28 16:13:13 +0200
commit: e55ff681bcc5a6c479530d1411a3da75912d78e5 (patch)
tree: aca518663d05f3093520fd3b5d0449efe0b7eb84 /example
parent: 424c80fde151d4507cd34aaf8f116016df405c8a (diff)
5 files changed, 34 insertions, 14 deletions
diff --git a/example/http-srp.rb b/example/http-srp.rb
index b2de7bf..e83036f 100644
--- a/example/http-srp.rb
+++ b/example/http-srp.rb
@@ -14,12 +14,17 @@ get '/signup' do
   erb :signup
 end
 
-post '/signup' do
+# TODO: Client should generate the salt!
+# Getting things to work the srp-js way first.
+post '/register/salt/' do
   Log.clear
-  Log.log(:signup, params)
-  @user = User.current
-  @user.signup!(params)
-  redirect '/'
+  @user = User.new(params.delete('I'))
+  erb :salt, :layout => false, :content_type => :xml
+end
+
+post '/register/user/' do
+  User.current.verifier = params.delete('v').to_i
+  erb :ok, :layout => false, :content_type => :xml
 end
 
 get '/login' do
diff --git a/example/models/user.rb b/example/models/user.rb
index 3ad8147..af92300 100644
--- a/example/models/user.rb
+++ b/example/models/user.rb
@@ -5,17 +5,21 @@ class User
     @current ||= User.new
   end
 
+  def self.current=(user)
+    @current = user
+  end
+
   attr_accessor :login
   attr_accessor :salt
   attr_accessor :verifier
   attr_accessor :active
   attr_accessor :srp
 
-  def signup!(params)
-    self.login = params.delete('login')
-    self.salt = params.delete('salt').to_i
-    self.verifier = params.delete('verifier').to_i
+  def initialize(login)
+    self.login = login
+    self.salt = OpenSSL::Random.random_bytes(10).unpack("H*")[0]
     self.active = false
+    User.current = self
   end
 
   def initialize_auth(params)
diff --git a/example/public/srp.js b/example/public/srp.js
index e68e220..51aba5c 100644
--- a/example/public/srp.js
+++ b/example/public/srp.js
@@ -1,5 +1,6 @@
 $(document).ready(function(){
   $('#login-btn').click(on_login);
+  $('#signup-btn').click(on_signup);
 });
 
 function on_login(event) {
@@ -7,3 +8,12 @@ function on_login(event) {
   srp.identify();
   event.preventDefault();
 }
+
+function on_signup(event) {
+  srp = new SRP();
+  srp.success = function() {
+    alert("Signed up successfully");
+  };
+  srp.register();
+  event.preventDefault();
+}
diff --git a/example/views/layout.erb b/example/views/layout.erb
index ab980c8..f4eae0a 100644
--- a/example/views/layout.erb
+++ b/example/views/layout.erb
@@ -23,6 +23,7 @@
 
     <script type="text/javascript" src="jquery.min.js"> </script>
     <script type="text/javascript" src="srp.min.js"> </script>
+    <script type="text/javascript" src="srp_register.min.js"> </script>
     <script type="text/javascript" src="srp.js"> </script>
 
   </body>
diff --git a/example/views/signup.erb b/example/views/signup.erb
index baeb007..6e1bbf3 100644
--- a/example/views/signup.erb
+++ b/example/views/signup.erb
@@ -4,18 +4,18 @@
   <legend>Signup to test secure remote passwords</legend>
   <div class="control-group">
     <label class="control-label" for="login">Login</label>
-    <input type="text" class"input-xlarge" name="login"></input>
+    <input type="text" class"input-xlarge" name="srp_username" id="srp_username"></input>
   </div>
 
   <div class="control-group">
     <label class="control-label" for="password">Password</label>
-    <input type="password" class"input-xlarge" name="password"></input>
-    <input type="hidden" class"input-xlarge" name="seed" value="624848790506324805995013"></input>
-    <input type="hidden" class"input-xlarge" name="verifier" value="100580140046706175735129154266794946404091486659235926309138114843862401271008476617107722147233360718775042845375531421388163398889326297385327521531575749857884877960888755227994771967905136828058233126017527751738166121598194480710839381273324624500340831193855479639683906360867824492692241079248646622455"></input>
+    <input type="password" class"input-xlarge" name="srp_password" id="srp_password"></input>
   </div>
 
+  <input type="hidden" id="srp_url" name="srp_url" value="/"></input>
+  <input type="hidden" id="srp_server" name="srp_server" value="django"></input>
   <div class="form-actions">
-    <button type="submit" class="btn btn-primary">Signup</button>
+    <button type="submit" class="btn btn-primary" id="signup-btn">Signup</button>
     <a href="/" class="btn">Cancel</a>
   </div>
 </form>
author	Azul <azul@leap.se>	2012-06-28 16:13:13 +0200
committer	Azul <azul@leap.se>	2012-06-28 16:13:13 +0200
commit	e55ff681bcc5a6c479530d1411a3da75912d78e5 (patch)
tree	aca518663d05f3093520fd3b5d0449efe0b7eb84 /example
parent	424c80fde151d4507cd34aaf8f116016df405c8a (diff)