From e55ff681bcc5a6c479530d1411a3da75912d78e5 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 28 Jun 2012 16:13:13 +0200 Subject: complete ajax flow is working - just auth fails Also we currently generate the salt on the server - this should happen on the client but for now i stick to the srp-js workflow. --- example/http-srp.rb | 15 ++++++++++----- example/models/user.rb | 12 ++++++++---- example/public/srp.js | 10 ++++++++++ example/views/layout.erb | 1 + example/views/signup.erb | 10 +++++----- 5 files changed, 34 insertions(+), 14 deletions(-) (limited to 'example') diff --git a/example/http-srp.rb b/example/http-srp.rb index b2de7bf..e83036f 100644 --- a/example/http-srp.rb +++ b/example/http-srp.rb @@ -14,12 +14,17 @@ get '/signup' do erb :signup end -post '/signup' do +# TODO: Client should generate the salt! +# Getting things to work the srp-js way first. +post '/register/salt/' do Log.clear - Log.log(:signup, params) - @user = User.current - @user.signup!(params) - redirect '/' + @user = User.new(params.delete('I')) + erb :salt, :layout => false, :content_type => :xml +end + +post '/register/user/' do + User.current.verifier = params.delete('v').to_i + erb :ok, :layout => false, :content_type => :xml end get '/login' do diff --git a/example/models/user.rb b/example/models/user.rb index 3ad8147..af92300 100644 --- a/example/models/user.rb +++ b/example/models/user.rb @@ -5,17 +5,21 @@ class User @current ||= User.new end + def self.current=(user) + @current = user + end + attr_accessor :login attr_accessor :salt attr_accessor :verifier attr_accessor :active attr_accessor :srp - def signup!(params) - self.login = params.delete('login') - self.salt = params.delete('salt').to_i - self.verifier = params.delete('verifier').to_i + def initialize(login) + self.login = login + self.salt = OpenSSL::Random.random_bytes(10).unpack("H*")[0] self.active = false + User.current = self end def initialize_auth(params) diff --git a/example/public/srp.js b/example/public/srp.js index e68e220..51aba5c 100644 --- a/example/public/srp.js +++ b/example/public/srp.js @@ -1,5 +1,6 @@ $(document).ready(function(){ $('#login-btn').click(on_login); + $('#signup-btn').click(on_signup); }); function on_login(event) { @@ -7,3 +8,12 @@ function on_login(event) { srp.identify(); event.preventDefault(); } + +function on_signup(event) { + srp = new SRP(); + srp.success = function() { + alert("Signed up successfully"); + }; + srp.register(); + event.preventDefault(); +} diff --git a/example/views/layout.erb b/example/views/layout.erb index ab980c8..f4eae0a 100644 --- a/example/views/layout.erb +++ b/example/views/layout.erb @@ -23,6 +23,7 @@ + diff --git a/example/views/signup.erb b/example/views/signup.erb index baeb007..6e1bbf3 100644 --- a/example/views/signup.erb +++ b/example/views/signup.erb @@ -4,18 +4,18 @@ Signup to test secure remote passwords
- +
- - - +
+ +
- + Cancel
-- cgit v1.2.3