diff options
author | kaeff <hi@kaeff.net> | 2015-09-09 01:13:34 +0200 |
---|---|---|
committer | kaeff <hi@kaeff.net> | 2015-09-17 16:01:04 +0200 |
commit | 2d24b1fe1918ad96df4469f8902c3ddcb9bda5f9 (patch) | |
tree | 12c065893ae4e3cd31b980088aafc41d48a54532 | |
parent | 8f33d32d40b1e21ae7fb9a92c78a275422af4217 (diff) |
Allow extra signup params from account
For the feature/invite-codes in leap_web, we need to be able to pass an
extra parameter (the invite code) from the signup form to the server.
This approach allows the consumer of SRP to specify a custom
implementation of Account that returns arbitrary `loginParams`, and
Session will pass them on so that they become part of the XHR.
- Split session.signup into signup and update to restrict extra params
to signup only
-rw-r--r-- | spec/session_spec.js | 33 | ||||
-rw-r--r-- | src/jqueryRest.js | 2 | ||||
-rw-r--r-- | src/srp_session.js | 15 |
3 files changed, 48 insertions, 2 deletions
diff --git a/spec/session_spec.js b/spec/session_spec.js index 2f58d25..b37d7b1 100644 --- a/spec/session_spec.js +++ b/spec/session_spec.js @@ -72,4 +72,37 @@ describe("Session", function() { session = new srp.Session(account); expect(session.login()).toBe(compare.username); }); + + it('calculates secure user parameters for signup', function() { + var compare = short_b; + account = new srp.Account(compare.username, compare.password); + session = new srp.Session(account); + + var signupParams = session.signup(); + + expect(Object.keys(signupParams)).toEqual(['login', 'password_salt', 'password_verifier']); + }); + + it('calculates secure user parameters for update', function() { + var compare = short_b; + account = new srp.Account(compare.username, compare.password); + session = new srp.Session(account); + + var signupParams = session.update(); + + expect(Object.keys(signupParams)).toEqual(['login', 'password_salt', 'password_verifier']); + }); + + it("grabs extra signup parameters from account", function() { + account = jasmine.createSpyObj('account', ['login', 'password']); + account.loginParams = function() { + return { + "extraParam": "foobar" + } + } + session = new srp.Session(account); + + expect(session.signup().extraParam).toBe("foobar"); + }); + }); diff --git a/src/jqueryRest.js b/src/jqueryRest.js index 103f700..0c58eb2 100644 --- a/src/jqueryRest.js +++ b/src/jqueryRest.js @@ -11,7 +11,7 @@ srp.remote = (function(){ url: "/1/users/" + session.id() + ".json", type: 'PUT', headers: { Authorization: 'Token token="' + token + '"' }, - data: {user: session.signup() } + data: {user: session.update() } }); } diff --git a/src/srp_session.js b/src/srp_session.js index bdff9c4..88f19d5 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -22,7 +22,7 @@ srp.Session = function(account, calculate) { return A; }; - this.signup = function() { + this.update = function() { var salt = calculate.randomSalt(); var x = calculate.X(account.login(), account.password(), salt); return { @@ -30,6 +30,19 @@ srp.Session = function(account, calculate) { password_salt: salt, password_verifier: calculate.V(x) }; + } + + this.signup = function() { + var loginParams = this.update(); + + if (account.loginParams) { + var extraParams = account.loginParams(); + for (var attr in extraParams) { + loginParams[attr] = extraParams[attr]; + } + } + + return loginParams; }; this.handshake = function() { |