Merge branch 'release/0.3.0'

8 files changed, 189 insertions, 157 deletions

diff --git a/Version b/Version
new file mode 100644
index 0000000..0d91a54
--- /dev/null
+++ b/Version
@@ -0,0 +1 @@
+0.3.0
diff --git a/spec/helper.js b/spec/helper.js
index 11327af..8bae2c6 100644
--- a/spec/helper.js
+++ b/spec/helper.js
@@ -30,11 +30,11 @@ var specHelper = (function() {
     request.respond(200, header, body);
   }
 
-  function respondJSON(object) {
+  function respondJSON(object, responseCode) {
     var request = this.requests.pop();
     header = { "Content-Type": "application/json;charset=utf-8" };
     body = JSON.stringify(object);
-    request.respond(200, header, body);
+    request.respond(responseCode || 200, header, body);
   }
 
   return {
diff --git a/spec/login_spec.js b/spec/login_spec.js
index 4df62a8..e806cff 100644
--- a/spec/login_spec.js
+++ b/spec/login_spec.js
@@ -1,9 +1,4 @@
-describe("Login", function() {
-
-  it("has an identify function", function() {
-    var srp = new SRP(jqueryRest());
-    expect(typeof srp.identify).toBe('function');
-  });
+describe("Login with srp var", function() {
 
   describe("(Compatibility with py-srp)", function (){
     // these need to be the same as in the spec runner:
@@ -24,11 +19,9 @@ describe("Login", function() {
 
 
     beforeEach(function() {
-      this.srp = new SRP(jqueryRest());
-
       specHelper.setupFakeXHR.apply(this);
 
-      A_ = this.srp.session.calculateAndSetA(a)
+      A_ = srp.session.calculateAndSetA(a)
     });
 
     afterEach(function() {
@@ -40,37 +33,51 @@ describe("Login", function() {
     });
 
     it("calculates the same verifier", function(){
-      expect(this.srp.session.getV().toString(16)).toBe(V);
+      expect(srp.session.getV().toString(16)).toBe(V);
     });
 
     it("calculates the same key", function(){
-      this.srp.session.calculations(salt, B);
-      expect(this.srp.session.key()).toBe(K);
+      srp.session.calculations(salt, B);
+      expect(srp.session.key()).toBe(K);
     });
 
-    it("works with JSON responses", function(){
-      var success = sinon.spy();
-      this.srp.identify(success);
+    it("authenticates successfully", function(){
+      srp.loggedIn = sinon.spy();
+      srp.login();
 
-      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+      this.expectRequest('/sessions.json', 'login=' +login+ '&A=' +A, 'POST');
       this.respondJSON({salt: salt, B: B});
-      this.expectRequest('sessions/'+login+'.json', 'client_auth='+M, 'PUT');
+      this.expectRequest('/sessions/'+login+'.json', 'client_auth='+M, 'PUT');
       this.respondJSON({M2: M2});
 
-      expect(success).toHaveBeenCalled();
+      expect(srp.loggedIn).toHaveBeenCalled();
+    });
+    
+    it("reports errors during handshake", function(){
+      srp.error = sinon.spy();
+      var error = {login: "something went wrong on the server side"};
+      srp.login();
+
+      this.expectRequest('/sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+      this.respondJSON(error, 422);
+      //this.expectNoMoreRequests();
+
+      expect(srp.error).toHaveBeenCalled;
+      var args = srp.error.args[0];
+      expect(args[0]).toEqual(error);
     });
     
     it("rejects B = 0", function(){
-      var success = sinon.spy();
-      var error = sinon.spy();
-      this.srp.identify(success, error);
+      srp.loggedIn = sinon.spy();
+      srp.error = sinon.spy();
+      srp.login();
 
-      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+      this.expectRequest('/sessions.json', 'login=' +login+ '&A=' +A, 'POST');
       this.respondJSON({salt: salt, B: 0});
       // aborting if B=0
       expect(this.requests).toEqual([]);
-      expect(error).toHaveBeenCalled();
-      expect(success).not.toHaveBeenCalled();
+      expect(srp.error).toHaveBeenCalledWith("Server send random number 0 - could not login.");
+      expect(srp.loggedIn).not.toHaveBeenCalled();
     });
   });
 
diff --git a/spec/session_spec.js b/spec/session_spec.js
index b7f16f0..643a717 100644
--- a/spec/session_spec.js
+++ b/spec/session_spec.js
@@ -15,7 +15,6 @@ describe("Session", function() {
   var session;
 
   beforeEach(function() {
-    var srp = new SRP(jqueryRest());
     session = new srp.Session(compare.username, compare.password);
   });
 
diff --git a/spec/signup_spec.js b/spec/signup_spec.js
index e4d70df..72689b1 100644
--- a/spec/signup_spec.js
+++ b/spec/signup_spec.js
@@ -1,32 +1,34 @@
-describe("Signup", function() {
+describe("Loading SRP", function() {
+  it("provides a signup function", function() {
+    expect(typeof srp.signup).toBe('function');
+  });
 
+  it("provides session which calculates the right x", function(){
+    srp.session = new srp.Session();
+    expect(srp.session.calcX("7686acb8").toString(16)).toBe('84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398');
+  });
+});
+
+describe("Signup with srp var", function() {
+  
   beforeEach(function() {
-    this.srp = new SRP(jqueryRest());
     specHelper.setupFakeXHR.apply(this);
+    srp.session = new srp.Session();
   });
 
   afterEach(function() {
     this.xhr.restore();
   });
-
-  it("has a register function", function() {
-    expect(typeof this.srp.register).toBe('function');
-  });
-
-  it("calculates the right x", function(){
-    expect(this.srp.session.calcX("7686acb8").toString(16)).toBe('84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398');
-  });
-
+  
   it("identifies after successful registration (INTEGRATION)", function(){
     var callback = sinon.spy();
-    this.srp.identify = callback;
-    this.srp.session.getSalt = function() {return "4c78c3f8"};
-    this.srp.register();
-    this.expectRequest('users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST')
+    srp.signedUp = callback;
+    srp.session.getSalt = function() {return "4c78c3f8"};
+    srp.signup();
+    this.expectRequest('/users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST')
     this.respondJSON({password_salt: "4c78c3f8", login: "testuser", ok: "true"});
     expect(callback).toHaveBeenCalled();
   });
 
 });
 
-
diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index 54a0908..bfa4592 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -1,38 +1,101 @@
-jqueryRest = function() {
+srp.remote = (function(){
+  var jqueryRest = (function() {
 
-  // we do not fetch the salt from the server
-  function register(session, callback)
-  {
-    sendVerifier(session, callback);
-  }
+    // TODO: Do we need to differentiate between PUT and POST?
+    function register(session) {
+      return $.post("/users.json", {user: session.signup() });
+    }
 
-  function sendVerifier(session, callback) {
-    var salt = session.getSalt();
-    $.post("users.json", { user:
-      { login: session.getI(),
-        password_salt: salt,
-        password_verifier: session.getV(salt).toString(16)}
-    }, callback);
-  }
+    function update(url, session) {
+      return $.ajax({
+        url: url,
+        type: 'PUT',
+        data: {user: session.signup() }
+      });
+    }
 
-  function handshake(session, callback) {
-    $.post("sessions.json", { login: session.getI(),
-      A: session.getAstr()}, callback);
-  }
+    function handshake(session) {
+      return $.post("/sessions.json", session.handshake());
+    }
 
-  function authenticate(session, success) {
-    $.ajax({
-      url: "sessions/" + session.getI() + ".json",
-      type: 'PUT',
-      data: {client_auth: session.getM()},
-      success: success
-    });
-  }
+    function authenticate(session) {
+      return $.ajax({
+        url: "/sessions/" + session.getI() + ".json",
+        type: 'PUT',
+        data: {client_auth: session.getM()}
+      });
+    }
 
-  return {
-    register: register,
-    register_send_verifier: sendVerifier,
-    handshake: handshake,
-    authenticate: authenticate
+    return {
+      register: register,
+      update: update,
+      handshake: handshake,
+      authenticate: authenticate
+    };
+  }());
+
+
+  function signup(){
+    jqueryRest.register(srp.session)
+    .done(srp.signedUp)
+    .fail(error)
+  };
+
+  function update(submitEvent){
+    var form = submitEvent.target;
+    jqueryRest.update(form.action, srp.session)
+    .done(srp.updated)
+    .fail(error)
+  };
+
+  function login(){
+    jqueryRest.handshake(srp.session)
+    .done(receiveSalts)
+    .fail(error)
   };
-};
+
+  function receiveSalts(response){
+    // B = 0 will make the algorithm always succeed
+    // -> refuse such a server answer
+    if(response.B === 0) {
+      srp.error("Server send random number 0 - could not login.");
+    }
+    else if(! response.salt || response.salt === 0) {
+      srp.error("Server failed to send salt - could not login.");
+    } 
+    else 
+    {
+      srp.session.calculations(response.salt, response.B);
+      jqueryRest.authenticate(srp.session)
+      .done(confirmAuthentication)
+      .fail(error);
+    }
+  };
+
+  // Receive M2 from the server and verify it
+  // If an error occurs, raise it as an alert.
+  function confirmAuthentication(response)
+  {
+    if (srp.session.validate(response.M2))
+      srp.loggedIn();
+    else
+      srp.error("Server key does not match");
+  };
+
+  // The server will send error messages as json alongside
+  // the http error response.
+  function error(xhr, text, thrown)
+  { 
+    if (xhr.responseText && xhr.responseText != "")
+      srp.error($.parseJSON(xhr.responseText));
+    else
+      srp.error("Server did not respond.");
+  };
+
+  return {
+    signup: signup,
+    update: update,
+    login: login
+  }
+
+}());
diff --git a/src/srp.js b/src/srp.js
index 6d1e8c1..efd50d2 100644
--- a/src/srp.js
+++ b/src/srp.js
@@ -1,86 +1,24 @@
-function SRP(remote, session)
-{
-  var srp = this;
-  session = session || new this.Session();
-  remote = remote || new this.Remote();
-  remote.onError = remote.onError || this.error;
-  session.onError = session.onError || this.error;
-  this.remote = remote;
-  this.session = session;
+var srp = (function(){
 
-  // Start the login process by identifying the user
-  this.identify = function(success, error)
+  function signup()
   {
-    store_callbacks(success, error);
-    remote.handshake(session, receive_salts);
-
-    // Receive login salts from the server, start calculations
-    function receive_salts(response)
-    {
-      // B = 0 will make the algorithm always succeed
-      // -> refuse such a server answer
-      if(response.B === 0) {
-        srp.error("Server send random number 0 - could not login.");
-      }
-      else if(! response.salt || response.salt === 0) {
-        srp.error("Server failed to send salt - could not login.");
-      } 
-      else 
-      {
-        session.calculations(response.salt, response.B);
-        remote.authenticate(session, confirm_authentication);
-      }
-    }
-
-    // Receive M2 from the server and verify it
-    // If an error occurs, raise it as an alert.
-    function confirm_authentication(response)
-    {
-      if (session.validate(response.M2))
-        srp.success();
-      else
-        srp.error("Server key does not match");
-    };
+    srp.remote.signup();
   };
 
-  // Initiate the registration process
-  this.register = function(success, error)
-  {
-    store_callbacks(success, error);
-    remote.register(session, srp.registered_user);
-  };
-
-  // The user has been registered successfully, now login
-  this.registered_user = function(response)
-  {
-    if(response.errors) {
-      srp.error(response.errors)
-    }
-    else {
-      srp.identify();
-    }
-  };  
-
-  // Minimal error handling - set remote.onError to sth better to overwrite.
-  this.error = function(text)
+  function login()
   {
-    alert(text);
+    srp.remote.login();
   };
 
-  // This function is called when authentication is successful.
-  // It's a dummy. Please hand the real thing to the call to identify.
-  this.success = function()
+  function update(submitEvent)
   {
-    alert("Login successful.");
+    srp.remote.update(submitEvent);
   };
 
-  function store_callbacks(success, error) {
-    if (typeof success == "function") {
-      srp.success = success;
-    }
-    if (typeof error == "function") {
-      srp.error = error;
-    }
+  return {
+    signup: signup,
+    update: update,
+    login: login
   }
-};
+}());
 
diff --git a/src/srp_session.js b/src/srp_session.js
index 8f45a44..b1b6014 100644
--- a/src/srp_session.js
+++ b/src/srp_session.js
@@ -1,4 +1,4 @@
-SRP.prototype.Session = function(login, password) {
+srp.Session = function(login, password) {
   
   // Variables session will be used in the SRP protocol
   var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3";
@@ -7,8 +7,7 @@ SRP.prototype.Session = function(login, password) {
   var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16);
 
   var rng = new SecureRandom();
-//  var a = new BigInteger(32, rng);
-  var a = new BigInteger("d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", 16);
+  var a = new BigInteger(32, rng);
   var A = g.modPow(a, N);
   while(A.mod(N) == 0)
   {
@@ -21,8 +20,8 @@ SRP.prototype.Session = function(login, password) {
   var M = null;
   var M2 = null;
   var authenticated = false;
-  var I = login || document.getElementById("srp_username").value;
-  var pass = password || document.getElementById("srp_password").value;
+  var I = login;
+  var pass = password;
 
   // *** Accessor methods ***
 
@@ -35,15 +34,38 @@ SRP.prototype.Session = function(login, password) {
     return Astr;
   };
 
+  this.signup = function() {
+    var salt = this.getSalt();
+    return {
+      login: this.getI(),
+      password_salt: salt,
+      password_verifier: this.getV(salt).toString(16)
+    };
+  };
+
+  this.handshake = function() {
+    return { 
+      login: this.getI(), 
+      A: this.getAstr()
+    };
+  };
+
   this.getAstr = function() {
     return Astr;
   }
 
   // Returns the user's identity
   this.getI = function() {
+    I = login || document.getElementById("srp_username").value;
     return I;
   };
 
+  // Returns the password currently typed in
+  this.getPass = function() {
+    pass = password || document.getElementById("srp_password").value;
+    return pass;
+  };
+
   // some 16 byte random number
   this.getSalt = function() {
     return new BigInteger(64, rng).toString(16);
@@ -61,7 +83,8 @@ SRP.prototype.Session = function(login, password) {
 
   // Calculates the X value and return it as a BigInteger
   this.calcX = function(salt) {
-    return new BigInteger(SHA256(hex2a(salt + SHA256(I + ":" + pass))), 16);
+    var inner = salt + SHA256(this.getI() + ":" + this.getPass())
+    return new BigInteger(SHA256(hex2a(inner)), 16);
   };
 
   this.getV = function(salt)
@@ -154,6 +177,5 @@ SRP.prototype.Session = function(login, password) {
     }
     return str;
   }
+};
 
-
-}