API: update instead of addToForm

addToForm was an attempt to not use ajax but just the normal form submit.

Turns out it's easy to add hidden fields to the form but quite cumbersome to remove the password fields from teh form so they are not submitted over the eventually untrusted channel.

So we use ajax for updates just like for signup.

2 files changed, 23 insertions, 20 deletions

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index abc53d4..bfa4592 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -1,9 +1,17 @@
 srp.remote = (function(){
   var jqueryRest = (function() {
 
-    // we do not fetch the salt from the server
+    // TODO: Do we need to differentiate between PUT and POST?
     function register(session) {
-      return $.post("/users.json", { user: session.signup() });
+      return $.post("/users.json", {user: session.signup() });
+    }
+
+    function update(url, session) {
+      return $.ajax({
+        url: url,
+        type: 'PUT',
+        data: {user: session.signup() }
+      });
     }
 
     function handshake(session) {
@@ -18,11 +26,9 @@ srp.remote = (function(){
       });
     }
 
-    function addSignupToForm(session) {
-    }
-
     return {
       register: register,
+      update: update,
       handshake: handshake,
       authenticate: authenticate
     };
@@ -35,23 +41,19 @@ srp.remote = (function(){
     .fail(error)
   };
 
+  function update(submitEvent){
+    var form = submitEvent.target;
+    jqueryRest.update(form.action, srp.session)
+    .done(srp.updated)
+    .fail(error)
+  };
+
   function login(){
     jqueryRest.handshake(srp.session)
     .done(receiveSalts)
     .fail(error)
   };
 
-  function addToForm(){
-    form = this.target;
-    $.each(srp.session.signup(), function(key, value) {
-      form.append($('<input/>', {
-        type: 'hidden',
-        name: key
-        value: value
-      }));
-    }
-  }
-
   function receiveSalts(response){
     // B = 0 will make the algorithm always succeed
     // -> refuse such a server answer
@@ -92,6 +94,7 @@ srp.remote = (function(){
 
   return {
     signup: signup,
+    update: update,
     login: login
   }
 
diff --git a/src/srp.js b/src/srp.js
index cbfdd10..efd50d2 100644
--- a/src/srp.js
+++ b/src/srp.js
@@ -10,15 +10,15 @@ var srp = (function(){
     srp.remote.login();
   };
 
-  function addToForm()
+  function update(submitEvent)
   {
-    srp.remote.addToForm();
+    srp.remote.update(submitEvent);
   };
 
   return {
     signup: signup,
-    login: login,
-    addToForm: addToForm
+    update: update,
+    login: login
   }
 }());