Merge branch 'master' into feature-updated_json_api

2 files changed, 40 insertions, 38 deletions

diff --git a/src/srp.js b/src/srp.js
index 972b211..6d1e8c1 100644
--- a/src/srp.js
+++ b/src/srp.js
@@ -9,8 +9,9 @@ function SRP(remote, session)
   this.session = session;
 
   // Start the login process by identifying the user
-  this.identify = function()
+  this.identify = function(success, error)
   {
+    store_callbacks(success, error);
     remote.handshake(session, receive_salts);
 
     // Receive login salts from the server, start calculations
@@ -19,9 +20,14 @@ function SRP(remote, session)
       // B = 0 will make the algorithm always succeed
       // -> refuse such a server answer
       if(response.B === 0) {
-        srp.error("Server send random number 0 - this is not allowed");
-      } else {
-        session.calculations(response.s, response.B);
+        srp.error("Server send random number 0 - could not login.");
+      }
+      else if(! response.salt || response.salt === 0) {
+        srp.error("Server failed to send salt - could not login.");
+      } 
+      else 
+      {
+        session.calculations(response.salt, response.B);
         remote.authenticate(session, confirm_authentication);
       }
     }
@@ -30,7 +36,7 @@ function SRP(remote, session)
     // If an error occurs, raise it as an alert.
     function confirm_authentication(response)
     {
-      if (session.validate(response.M))
+      if (session.validate(response.M2))
         srp.success();
       else
         srp.error("Server key does not match");
@@ -38,16 +44,19 @@ function SRP(remote, session)
   };
 
   // Initiate the registration process
-  this.register = function()
+  this.register = function(success, error)
   {
+    store_callbacks(success, error);
     remote.register(session, srp.registered_user);
   };
 
   // The user has been registered successfully, now login
   this.registered_user = function(response)
   {
-    if(response.ok)
-    {
+    if(response.errors) {
+      srp.error(response.errors)
+    }
+    else {
       srp.identify();
     }
   };  
@@ -59,18 +68,19 @@ function SRP(remote, session)
   };
 
   // This function is called when authentication is successful.
-  // Developers can set this to other functions in specific implementations
-  // and change the functionality.
+  // It's a dummy. Please hand the real thing to the call to identify.
   this.success = function()
   {
-    var forward_url = document.getElementById("srp_forward").value;
-    if(forward_url.charAt(0) != "#")
-      window.location = forward_url;
-    else
-    {
-      window.location = forward_url;
-      alert("Login successful.");
-    }
+    alert("Login successful.");
   };
+
+  function store_callbacks(success, error) {
+    if (typeof success == "function") {
+      srp.success = success;
+    }
+    if (typeof error == "function") {
+      srp.error = error;
+    }
+  }
 };
 
diff --git a/src/srp_session.js b/src/srp_session.js
index 07c1e25..8f45a44 100644
--- a/src/srp_session.js
+++ b/src/srp_session.js
@@ -1,4 +1,4 @@
-SRP.prototype.Session = function() {
+SRP.prototype.Session = function(login, password) {
   
   // Variables session will be used in the SRP protocol
   var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3";
@@ -7,7 +7,8 @@ SRP.prototype.Session = function() {
   var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16);
 
   var rng = new SecureRandom();
-  var a = new BigInteger(32, rng);
+//  var a = new BigInteger(32, rng);
+  var a = new BigInteger("d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", 16);
   var A = g.modPow(a, N);
   while(A.mod(N) == 0)
   {
@@ -20,17 +21,14 @@ SRP.prototype.Session = function() {
   var M = null;
   var M2 = null;
   var authenticated = false;
-  var I = document.getElementById("srp_username").value;
-  var pass = document.getElementById("srp_password").value;
-  var V;
-  var salt;
+  var I = login || document.getElementById("srp_username").value;
+  var pass = password || document.getElementById("srp_password").value;
 
   // *** Accessor methods ***
 
   // allows setting the random number A for testing
 
-  this.calculateAndSetA = function(_a)
-  {
+  this.calculateAndSetA = function(_a) {
     a = new BigInteger(_a, 16);
     A = g.modPow(a, N);
     Astr = A.toString(16);
@@ -42,39 +40,33 @@ SRP.prototype.Session = function() {
   }
 
   // Returns the user's identity
-  this.getI = function()
-  {
+  this.getI = function() {
     return I;
   };
 
   // some 16 byte random number
   this.getSalt = function() {
-    salt = salt || new BigInteger(64, rng).toString(16);
-    return salt
+    return new BigInteger(64, rng).toString(16);
   }
 
   // Returns the BigInteger, g
-  this.getg = function()
-  {
+  this.getg = function() {
     return g;
   };
 
   // Returns the BigInteger, N
-  this.getN = function()
-  {
+  this.getN = function() {
     return N;
   };
 
   // Calculates the X value and return it as a BigInteger
-  this.calcX = function(salt)
-  {
+  this.calcX = function(salt) {
     return new BigInteger(SHA256(hex2a(salt + SHA256(I + ":" + pass))), 16);
   };
 
   this.getV = function(salt)
   {
-    V = V || this.getg().modPow(this.calcX(salt), this.getN());
-    return V;
+    return this.getg().modPow(this.calcX(salt), this.getN());
   }
 
   // Calculate S, M, and M2