summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2013-03-20 12:52:24 +0100
committerAzul <azul@riseup.net>2013-03-20 12:52:24 +0100
commitcc31045a9215ea255ab686040fce804859aadde7 (patch)
tree5afee96076bd922653231af818e98d5147457dff
parentcb46537c98db3cb7ac8cf23de243a86aa4a36acd (diff)
parentd29d1146865d36e9d9789d3936e7a9163511be0a (diff)
Merge branch 'release/0.3.0' into develop
Diffstat
-rw-r--r--Version1
-rw-r--r--spec/login_spec.js8
-rw-r--r--spec/signup_spec.js2
-rw-r--r--src/jqueryRest.js44
-rw-r--r--src/srp.js10
-rw-r--r--src/srp_session.js17
6 files changed, 58 insertions, 24 deletions
diff --git a/Version b/Version
new file mode 100644
index 0000000..0d91a54
--- /dev/null
+++ b/Version
@@ -0,0 +1 @@
+0.3.0
diff --git a/spec/login_spec.js b/spec/login_spec.js
index 16a63d0..e806cff 100644
--- a/spec/login_spec.js
+++ b/spec/login_spec.js
@@ -45,9 +45,9 @@ describe("Login with srp var", function() {
srp.loggedIn = sinon.spy();
srp.login();
- this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+ this.expectRequest('/sessions.json', 'login=' +login+ '&A=' +A, 'POST');
this.respondJSON({salt: salt, B: B});
- this.expectRequest('sessions/'+login+'.json', 'client_auth='+M, 'PUT');
+ this.expectRequest('/sessions/'+login+'.json', 'client_auth='+M, 'PUT');
this.respondJSON({M2: M2});
expect(srp.loggedIn).toHaveBeenCalled();
@@ -58,7 +58,7 @@ describe("Login with srp var", function() {
var error = {login: "something went wrong on the server side"};
srp.login();
- this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+ this.expectRequest('/sessions.json', 'login=' +login+ '&A=' +A, 'POST');
this.respondJSON(error, 422);
//this.expectNoMoreRequests();
@@ -72,7 +72,7 @@ describe("Login with srp var", function() {
srp.error = sinon.spy();
srp.login();
- this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+ this.expectRequest('/sessions.json', 'login=' +login+ '&A=' +A, 'POST');
this.respondJSON({salt: salt, B: 0});
// aborting if B=0
expect(this.requests).toEqual([]);
diff --git a/spec/signup_spec.js b/spec/signup_spec.js
index 41af179..72689b1 100644
--- a/spec/signup_spec.js
+++ b/spec/signup_spec.js
@@ -25,7 +25,7 @@ describe("Signup with srp var", function() {
srp.signedUp = callback;
srp.session.getSalt = function() {return "4c78c3f8"};
srp.signup();
- this.expectRequest('users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST')
+ this.expectRequest('/users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST')
this.respondJSON({password_salt: "4c78c3f8", login: "testuser", ok: "true"});
expect(callback).toHaveBeenCalled();
});
diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index c4b0161..bfa4592 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -1,18 +1,26 @@
srp.remote = (function(){
var jqueryRest = (function() {
- // we do not fetch the salt from the server
+ // TODO: Do we need to differentiate between PUT and POST?
function register(session) {
- return $.post("users.json", { user: session.signup() });
+ return $.post("/users.json", {user: session.signup() });
+ }
+
+ function update(url, session) {
+ return $.ajax({
+ url: url,
+ type: 'PUT',
+ data: {user: session.signup() }
+ });
}
function handshake(session) {
- return $.post("sessions.json", session.handshake());
+ return $.post("/sessions.json", session.handshake());
}
function authenticate(session) {
return $.ajax({
- url: "sessions/" + session.getI() + ".json",
+ url: "/sessions/" + session.getI() + ".json",
type: 'PUT',
data: {client_auth: session.getM()}
});
@@ -20,6 +28,7 @@ srp.remote = (function(){
return {
register: register,
+ update: update,
handshake: handshake,
authenticate: authenticate
};
@@ -28,14 +37,21 @@ srp.remote = (function(){
function signup(){
jqueryRest.register(srp.session)
- .success(srp.signedUp)
- .error(error)
+ .done(srp.signedUp)
+ .fail(error)
+ };
+
+ function update(submitEvent){
+ var form = submitEvent.target;
+ jqueryRest.update(form.action, srp.session)
+ .done(srp.updated)
+ .fail(error)
};
function login(){
jqueryRest.handshake(srp.session)
- .success(receiveSalts)
- .error(error)
+ .done(receiveSalts)
+ .fail(error)
};
function receiveSalts(response){
@@ -51,8 +67,8 @@ srp.remote = (function(){
{
srp.session.calculations(response.salt, response.B);
jqueryRest.authenticate(srp.session)
- .success(confirmAuthentication)
- .error(error);
+ .done(confirmAuthentication)
+ .fail(error);
}
};
@@ -68,13 +84,17 @@ srp.remote = (function(){
// The server will send error messages as json alongside
// the http error response.
- function error(xhr)
+ function error(xhr, text, thrown)
{
- srp.error($.parseJSON(xhr.responseText))
+ if (xhr.responseText && xhr.responseText != "")
+ srp.error($.parseJSON(xhr.responseText));
+ else
+ srp.error("Server did not respond.");
};
return {
signup: signup,
+ update: update,
login: login
}
diff --git a/src/srp.js b/src/srp.js
index e57b7e9..efd50d2 100644
--- a/src/srp.js
+++ b/src/srp.js
@@ -2,16 +2,22 @@ var srp = (function(){
function signup()
{
- this.remote.signup();
+ srp.remote.signup();
};
function login()
{
- this.remote.login();
+ srp.remote.login();
+ };
+
+ function update(submitEvent)
+ {
+ srp.remote.update(submitEvent);
};
return {
signup: signup,
+ update: update,
login: login
}
}());
diff --git a/src/srp_session.js b/src/srp_session.js
index b278993..b1b6014 100644
--- a/src/srp_session.js
+++ b/src/srp_session.js
@@ -7,8 +7,7 @@ srp.Session = function(login, password) {
var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16);
var rng = new SecureRandom();
-// var a = new BigInteger(32, rng);
- var a = new BigInteger("d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", 16);
+ var a = new BigInteger(32, rng);
var A = g.modPow(a, N);
while(A.mod(N) == 0)
{
@@ -21,8 +20,8 @@ srp.Session = function(login, password) {
var M = null;
var M2 = null;
var authenticated = false;
- var I = login || document.getElementById("srp_username").value;
- var pass = password || document.getElementById("srp_password").value;
+ var I = login;
+ var pass = password;
// *** Accessor methods ***
@@ -57,9 +56,16 @@ srp.Session = function(login, password) {
// Returns the user's identity
this.getI = function() {
+ I = login || document.getElementById("srp_username").value;
return I;
};
+ // Returns the password currently typed in
+ this.getPass = function() {
+ pass = password || document.getElementById("srp_password").value;
+ return pass;
+ };
+
// some 16 byte random number
this.getSalt = function() {
return new BigInteger(64, rng).toString(16);
@@ -77,7 +83,8 @@ srp.Session = function(login, password) {
// Calculates the X value and return it as a BigInteger
this.calcX = function(salt) {
- return new BigInteger(SHA256(hex2a(salt + SHA256(I + ":" + pass))), 16);
+ var inner = salt + SHA256(this.getI() + ":" + this.getPass())
+ return new BigInteger(SHA256(hex2a(inner)), 16);
};
this.getV = function(salt)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-15 18:23:55 +0000