diff options
| author | Azul <azul@riseup.net> | 2012-10-15 12:54:24 +0200 |
|---|---|---|
| committer | Azul <azul@riseup.net> | 2012-10-15 12:54:24 +0200 |
| commit | cb8e9f7b3dec1963e0d985b1b2541b260a132762 (patch) | |
| tree | 73854991148d794c411a2beee8bebb1ae871cb43 | |
| parent | 6feb77060140fe8026812970c4d5ea83da3cd200 (diff) | |
expecting the salt to be send with key salt
| -rw-r--r-- | spec/restful/login.js | 9 | ||||
| -rw-r--r-- | src/srp.js | 11 |
2 files changed, 15 insertions, 5 deletions
diff --git a/spec/restful/login.js b/spec/restful/login.js index 0f6aa4f..d84112a 100644 --- a/spec/restful/login.js +++ b/spec/restful/login.js @@ -19,6 +19,7 @@ describe("Login", function() { var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b'; var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26'; var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e'; + var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190'; var A_, callback; @@ -39,6 +40,10 @@ describe("Login", function() { expect(A_).toBe(A); }); + it("starts with the right verifier", function(){ + expect(this.srp.session.getV().toString(16)).toBe(V); + }); + it("calculates the right key", function(){ this.srp.session.calculations(salt, B); expect(this.srp.session.key()).toBe(K); @@ -48,7 +53,7 @@ describe("Login", function() { this.srp.identify(); this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); - this.respondJSON({s: salt, B: B}); + this.respondJSON({salt: salt, B: B}); this.expectRequest('sessions/'+login, 'client_auth='+M, 'PUT'); this.respondJSON({M: M2}); @@ -60,7 +65,7 @@ describe("Login", function() { this.srp.identify(); this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); - this.respondJSON({s: salt, B: 0}); + this.respondJSON({salt: salt, B: 0}); // aborting if B=0 expect(this.requests).toEqual([]); expect(this.srp.error).toHaveBeenCalled(); @@ -19,9 +19,14 @@ function SRP(remote, session) // B = 0 will make the algorithm always succeed // -> refuse such a server answer if(response.B === 0) { - srp.error("Server send random number 0 - this is not allowed"); - } else { - session.calculations(response.s, response.B); + srp.error("Server send random number 0 - could not login."); + } + else if(! response.salt || response.salt === 0) { + srp.error("Server failed to send salt - could not login."); + } + else + { + session.calculations(response.salt, response.B); remote.authenticate(session, confirm_authentication); } } |