summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-08-21updated srp-js after forced pushAzul
2012-08-06hand over the login on handshake like we normally wouldAzul
still missing the salt in this. auth should be more independent from registry to resemble the real process more closely
2012-08-06added authenticate! which raises SRP::WrongPassword if it fails, version 0.0.2Azul
2012-08-02added gemspecAzul
2012-08-02make sure our urls still work with srp-jsAzul
2012-08-01bringing in srp-js as a submodule for the exampleAzul
This will most likely become a simple js file once both are more stable.
2012-07-26we cache neither the verifier nor the secret in the session just in caseAzul
People might store the session in a CookieStore - which would probably be a bad idea anyway - but let's be save rather than sorry.
2012-07-26session is handled by the class that includes SRP::Authentication - not the ↵Azul
client
2012-07-26SRP::Authentication::Session holds the per session dataAzul
2012-07-26removing the remaining zerofillsAzul
2012-07-26both sides calculate their own uAzul
2012-07-26turned server class into authentication module - test green, example brokenAzul
The example seems to be broken due to changes in srp-js
2012-07-26removed debugging output and adjusted ruby client to new server apiAzul
2012-07-03more info and resources on the index pageAzul
bit of styling added
2012-07-03fixed workflow and reduced copyAzul
2012-07-03using json instead of xml responsesAzul
2012-06-29adopted srp algo to srp-js way of doing things.Azul
all large integers are now send as hex strings. Using sha256_str all over the place. This finally gives me successful logins. Needs a log of cleanup never the less.
2012-06-28complete ajax flow is working - just auth failsAzul
Also we currently generate the salt on the server - this should happen on the client but for now i stick to the srp-js workflow.
2012-06-27adjusted user model to use srpAzul
2012-06-27moved to ajax workflow and integrated srp-js - not quite there yetAzul
* needs a bit of cleanup from the old workflow * are client and server using the same primes right now? * store multiple users on the server side
2012-06-26first steps towards adding a server side srp flow to the exampleAzul
2012-06-26moved user and log class to models, verify prints logsAzul
2012-06-26moved the sample app to it's own subdirectoryAzul
2012-06-26stress three step layout with a little helperAzul
2012-06-26using layout in the sinatra appAzul
2012-06-26added simple sinatra app for demoing / testingAzul
2012-06-18added readmeAzul
2012-06-18initial commit - testing srp authAzul
* This is lacking a few steps. We confirm the secret is the same but no key is generated from it and it is transfered over the wire in clear. * this was inspired by https://gist.github.com/790048 * seperated util, client, server and test code