diff options
| -rw-r--r-- | example/http-srp.rb | 5 | ||||
| -rw-r--r-- | example/models/user.rb | 13 | ||||
| -rw-r--r-- | example/views/layout.erb | 1 | ||||
| -rw-r--r-- | example/views/login.erb | 12 | ||||
| -rw-r--r-- | example/views/signup.erb | 2 | ||||
| -rw-r--r-- | lib/srp/client.rb | 3 | ||||
| -rw-r--r-- | test/auth_test.rb | 8 |
7 files changed, 38 insertions, 6 deletions
diff --git a/example/http-srp.rb b/example/http-srp.rb index 4faa149..d0b32dd 100644 --- a/example/http-srp.rb +++ b/example/http-srp.rb @@ -3,6 +3,7 @@ require 'pp' require 'models/user' require 'models/log' +require '../lib/srp' get '/' do @user = User.current @@ -22,6 +23,10 @@ post '/signup' do end get '/login' do + @user = User.current + Log.log(:init_server_login, params) + @auth = @user.initialize_auth(params) + Log.log(:init_client_login, @auth) erb :login end diff --git a/example/models/user.rb b/example/models/user.rb index f3f86ba..daea621 100644 --- a/example/models/user.rb +++ b/example/models/user.rb @@ -6,15 +6,24 @@ class User end attr_accessor :login - attr_accessor :password + attr_accessor :salt + attr_accessor :verifier attr_accessor :active + attr_accessor :srp def signup!(params) self.login = params.delete('login') - self.password = params.delete('password') + self.salt = params.delete('salt').to_i + self.verifier = params.delete('verifier').to_i self.active = false end + def initialize_auth(params) + srp = SRP::Server.new(self.salt, self.verifier) + bb, u = srp.initialize_auth(params.delete('aa').to_i) + return {:bb => bb, :u => u} + end + def login!(params) self.active = valid_login?(params[:login], params[:password]) end diff --git a/example/views/layout.erb b/example/views/layout.erb index c68ac23..d7e9985 100644 --- a/example/views/layout.erb +++ b/example/views/layout.erb @@ -21,6 +21,7 @@ <%= yield %> + <script type="text/javascript" src="jquery.min.js"> </script> <script type="text/javascript" src="srp.js"> </script> </body> diff --git a/example/views/login.erb b/example/views/login.erb index 32a16e5..131b0b9 100644 --- a/example/views/login.erb +++ b/example/views/login.erb @@ -3,12 +3,20 @@ <legend>Login with the user you <a href="/signup.html">created</a>.</legend> <div class="control-group"> <label class="control-label" for="login">Login</label> - <input type="text" class"input-xlarge" name="login"></input> + <input type="text" class="input-xlarge" name="login"></input> </div> <div class="control-group"> <label class="control-label" for="password">Password</label> - <input type="password" class"input-xlarge" name="password"></input> + <input type="password" class="input-xlarge" name="password"></input> + </div> + <div class="control-group"> + <label class="control-label" for="srp-bb">B</label> + <input type="text" class="input-xlarge" disabled id="srp-bb" name="srp-bb" value="<%=@auth[:bb]%>"></input> + </div> + <div class="control-group"> + <label class="control-label" for="srp-u">u</label> + <input type="text" class="input-xlarge" disabled id="srp-u" name="srp-u" value="<%=@auth[:u]%>"></input> </div> <div class="form-actions"> diff --git a/example/views/signup.erb b/example/views/signup.erb index 3a949ab..baeb007 100644 --- a/example/views/signup.erb +++ b/example/views/signup.erb @@ -10,6 +10,8 @@ <div class="control-group"> <label class="control-label" for="password">Password</label> <input type="password" class"input-xlarge" name="password"></input> + <input type="hidden" class"input-xlarge" name="seed" value="624848790506324805995013"></input> + <input type="hidden" class"input-xlarge" name="verifier" value="100580140046706175735129154266794946404091486659235926309138114843862401271008476617107722147233360718775042845375531421388163398889326297385327521531575749857884877960888755227994771967905136828058233126017527751738166121598194480710839381273324624500340831193855479639683906360867824492692241079248646622455"></input> </div> <div class="form-actions"> diff --git a/lib/srp/client.rb b/lib/srp/client.rb index f4662e6..7aa147c 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -21,6 +21,9 @@ module SRP aa = modpow(GENERATOR, a, PRIME_N) # A = g^a (mod N) bb, u = server.initialize_auth(aa) client_s = calculate_client_s(x, a, bb, u) + puts "bb: " + bb.to_s + puts "aa: " + aa.to_s + puts "client_s: " + client_s.to_s server.authenticate(aa, client_s) end diff --git a/test/auth_test.rb b/test/auth_test.rb index e6c4017..0f76404 100644 --- a/test/auth_test.rb +++ b/test/auth_test.rb @@ -10,15 +10,19 @@ class AuthTest < Test::Unit::TestCase end def test_successful_auth + print "salt: " + puts @client.salt + print "verifier: " + puts @client.verifier assert @client.authenticate(@server, @username, @password) end def test_wrong_password - assert !@client.authenticate(@server, @username, "password") + assert !@client.authenticate(@server, @username, "wrong password") end def test_wrong_username - assert !@client.authenticate(@server, "username", @password) + assert !@client.authenticate(@server, "wrong username", @password) end end |