srp_js.git/src, branch master [srp_js] Allow extra signup params from account 2015-09-17T14:01:04+00:00 kaeff hi@kaeff.net 2015-09-08T23:13:34+00:00 2d24b1fe1918ad96df4469f8902c3ddcb9bda5f9 For the feature/invite-codes in leap_web, we need to be able to pass an extra parameter (the invite code) from the signup form to the server. This approach allows the consumer of SRP to specify a custom implementation of Account that returns arbitrary `loginParams`, and Session will pass them on so that they become part of the XHR. - Split session.signup into signup and update to restrict extra params to signup only 
For the feature/invite-codes in leap_web, we need to be able to pass an
extra parameter (the invite code) from the signup form to the server.
This approach allows the consumer of SRP to specify a custom
implementation of Account that returns arbitrary `loginParams`, and
Session will pass them on so that they become part of the XHR.

- Split session.signup into signup and update to restrict extra params
  to signup only
properly treat utf8 chars in password 2013-10-14T09:52:44+00:00 Azul azul@riseup.net 2013-10-14T09:43:34+00:00 4c8e593b7b03abb19b451b6be999f10e0fed5ff4 utf-8 encoding used to be bundled with the SHA256 library. However we only want to utf8 encode strings that are actual user input. We do not want to encode the bytearrays that are used when hashing the hex values calculated during for SRP. So I separated the utf-8 encoding and the sha256 hashing. 
utf-8 encoding used to be bundled with the SHA256 library. However we
only want to utf8 encode strings that are actual user input. We do not
want to encode the bytearrays that are used when hashing the hex values
calculated during for SRP.

So I separated the utf-8 encoding and the sha256 hashing.
use token from the form to submit password update 2013-09-24T08:05:15+00:00 Azul azul@riseup.net 2013-09-24T08:05:15+00:00 d22bf3b9fe2fd31192e1e1b358e97e5a0f3f90b3 






also zeroprefix the salt if needed
2013-07-12T10:29:40+00:00

Azul
azul@riseup.net

2013-07-12T10:29:40+00:00

9c61d52f1f975ec0eefe5b4a0b71ac529300cbe7

Now what else can you possibly zeroprefix?
This should be it - shouldn't it?





Now what else can you possibly zeroprefix?
This should be it - shouldn't it?







prefix incoming B too
2013-07-12T10:18:10+00:00

Azul
azul@riseup.net

2013-07-12T10:10:29+00:00

90611d3d29bc1b290e98f2fcd50a5d70de70a111












also prefix our own toString(16) hex values
2013-07-12T09:54:33+00:00

Azul
azul@riseup.net

2013-07-12T09:50:45+00:00

933567499fa4c46e42d45de6066064559cfded09












the 0 prefix in hex is essential for building the M and M2 strings
2013-07-12T09:32:01+00:00

Azul
azul@riseup.net

2013-07-12T09:32:01+00:00

5c8a17447e382f9b9f9f241e293156a94162a1ca












always use the API-only controller for all requests.
2013-07-04T10:51:16+00:00

elijah
elijah@riseup.net

2013-07-04T10:51:16+00:00

bd6d60789bfb97041d0d219f645c08b7b479b782












refactor: separate account from session
2013-06-24T10:33:03+00:00

Azul
azul@riseup.net

2013-06-22T14:17:45+00:00

0c5369fd9299eb9bf7295e3925ce803c5473e2b8












refactor: rename constants to calculate and clean up hash usage
2013-06-24T10:33:03+00:00

Azul
azul@riseup.net

2013-06-22T13:14:14+00:00

f1ad0b7e428205a76f6176f44100eac39bb80310