summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/jqueryRest.js2
-rw-r--r--lib/plainXHR.js26
-rw-r--r--lib/srp.js59
-rw-r--r--lib/srp_register.js35
-rw-r--r--spec/DjangoSpecRunner.html1
-rw-r--r--spec/RestfulSpecRunner.html2
-rw-r--r--spec/django/signup.js13
7 files changed, 66 insertions, 72 deletions
diff --git a/lib/jqueryRest.js b/lib/jqueryRest.js
index 84a9731..8c8163c 100644
--- a/lib/jqueryRest.js
+++ b/lib/jqueryRest.js
@@ -93,7 +93,7 @@ jqueryRest = function() {
// we do not fetch the salt from the server
function register(session, callback)
{
- callback({salt: session.getSalt()});
+ sendVerifier(session, callback);
}
function sendVerifier(session, callback) {
diff --git a/lib/plainXHR.js b/lib/plainXHR.js
index 95ceeac..d07416b 100644
--- a/lib/plainXHR.js
+++ b/lib/plainXHR.js
@@ -1,3 +1,12 @@
+//
+// SRP JS - Plain XHR module
+//
+// This is deprecated - unless you are using srp-js with the original drupal
+// server side I recommend you use a different API such as restful.js
+//
+// This code has been largely refactored, tests are still passing but I did
+// not test it with the server itself.
+
SRP.prototype.Remote = function() {
// Perform ajax requests at the specified path, with the specified parameters
@@ -78,10 +87,23 @@ SRP.prototype.Remote = function() {
}
return response;
};
-
+
+ // Drupal version fetches the salt from the server. No idea why but this
+ // should still do it.
this.register = function(session, callback)
{
- ajaxRequest("register/salt/", "I="+session.getI(), callback);
+ var that = this;
+ ajaxRequest("register/salt/", "I="+session.getI(), receive_salt);
+
+ function receive_salt(response)
+ {
+ if(response.salt)
+ {
+ var s = response.salt;
+ var v = session.getV(s);
+ that.sendVerifier(session, callback);
+ }
+ };
}
this.sendVerifier = function(session, callback) {
diff --git a/lib/srp.js b/lib/srp.js
index b54d6b7..0482a06 100644
--- a/lib/srp.js
+++ b/lib/srp.js
@@ -3,43 +3,60 @@ function SRP(remote, session)
var srp = this;
session = session || new this.Session();
remote = remote || new this.Remote();
+ remote.onError = remote.onError || this.error;
+ session.onError = session.onError || this.error;
+ this.remote = remote;
+ this.session = session;
// Start the login process by identifying the user
this.identify = function()
{
remote.handshake(session, receive_salts);
+
+ // Receive login salts from the server, start calculations
+ function receive_salts(response)
+ {
+ // B = 0 will make the algorithm always succeed
+ // -> refuse such a server answer
+ if(response.B == 0) {
+ srp.error("Server send random number 0 - this is not allowed");
+ } else {
+ session.calculations(response.s, response.B);
+ remote.authenticate(session, confirm_authentication)
+ }
+ };
+
+ // Receive M2 from the server and verify it
+ // If an error occurs, raise it as an alert.
+ function confirm_authentication(response)
+ {
+ if (session.validate(response.M))
+ srp.success();
+ else
+ srp.error("Server key does not match");
+ };
};
- // Receive login salts from the server, start calculations
- function receive_salts(response)
+ // Initiate the registration process
+ this.register = function()
{
- // B = 0 will make the algorithm always succeed
- // -> refuse such a server answer
- if(response.B == 0) {
- srp.error("Server send random number 0 - this is not allowed");
- } else {
- session.calculations(response.s, response.B);
- remote.authenticate(session, confirm_authentication)
- }
+ remote.register(session, srp.registered_user);
};
- // Receive M2 from the server and verify it
- // If an error occurs, raise it as an alert.
- function confirm_authentication(response)
+ // The user has been registered successfully, now login
+ this.registered_user = function(response)
{
- if (session.validate(response.M))
- srp.success();
- else
- alertErrorMessage("Server key does not match");
- };
+ if(response.ok)
+ {
+ srp.identify();
+ }
+ };
// Minimal error handling - set remote.onError to sth better to overwrite.
this.error = function(text)
{
alert(text);
};
- remote.onError = remote.onError || this.error;
- session.onError = session.onError || this.error;
// This function is called when authentication is successful.
// Developers can set this to other functions in specific implementations
@@ -55,5 +72,5 @@ function SRP(remote, session)
alert("Login successful.");
}
};
-
};
+
diff --git a/lib/srp_register.js b/lib/srp_register.js
deleted file mode 100644
index 5f9da36..0000000
--- a/lib/srp_register.js
+++ /dev/null
@@ -1,35 +0,0 @@
-function SRP_REGISTER()
-{
- var that;
-
- // Initiate the registration process
- SRP.prototype.register = function()
- {
- session = this;
- this.remote.register(session, session.register_receive_salt);
- };
-
- // Receive the salt for registration
- SRP.prototype.register_receive_salt = function(response)
- {
- if(response.salt)
- {
- var s = response.salt;
- var v = session.getV(s);
- session.remote.register_send_verifier(session, session.registered_user);
- }
- else if(response.error)
- {
- session.error_message(response.error);
- }
- };
- // The user has been registered successfully, now login
- SRP.prototype.registered_user = function(response)
- {
- if(response.ok)
- {
- session.identify();
- }
- };
-};
-SRP_REGISTER();
diff --git a/spec/DjangoSpecRunner.html b/spec/DjangoSpecRunner.html
index 5d8c95a..93696f0 100644
--- a/spec/DjangoSpecRunner.html
+++ b/spec/DjangoSpecRunner.html
@@ -22,7 +22,6 @@
<script type="text/javascript" src="../lib/srp.js"></script>
<script type="text/javascript" src="../lib/plainXHR.js"></script>
<script type="text/javascript" src="../lib/srp_session.js"></script>
- <script type="text/javascript" src="../lib/srp_register.js"></script>
<!-- include spec files here... -->
<script type="text/javascript" src="specHelper.js"></script>
diff --git a/spec/RestfulSpecRunner.html b/spec/RestfulSpecRunner.html
index bc4715f..11858e8 100644
--- a/spec/RestfulSpecRunner.html
+++ b/spec/RestfulSpecRunner.html
@@ -21,7 +21,7 @@
<script type="text/javascript" src="../lib/jsbn2.js"></script>
<script type="text/javascript" src="../lib/srp.js"></script>
<script type="text/javascript" src="../lib/jqueryRest.js"></script>
- <script type="text/javascript" src="../lib/srp_register.js"></script>
+ <script type="text/javascript" src="../lib/srp_session.js"></script>
<!-- include spec files here... -->
<script type="text/javascript" src="specHelper.js"></script>
diff --git a/spec/django/signup.js b/spec/django/signup.js
index 08a9b64..383dd14 100644
--- a/spec/django/signup.js
+++ b/spec/django/signup.js
@@ -13,22 +13,13 @@ describe("Signup", function() {
expect(typeof this.srp.register).toBe('function');
});
- it("fetches a salt from /register/salt", function(){
- var callback = sinon.spy();
- this.srp.register_receive_salt = callback;
- this.srp.register();
- this.expectRequest('register/salt/', "I=user")
- this.respondXML("<salt>5d3055e0acd3ddcfc15</salt>");
- expect(callback.called).toBeTruthy();
- });
-
it("receives the salt from /register/salt", function(){
var callback = sinon.spy();
- this.srp.remote.register_send_verifier = callback;
+ this.srp.remote.sendVerifier = callback;
this.srp.register();
this.expectRequest('register/salt/', "I=user")
this.respondXML("<salt>5d3055e0acd3ddcfc15</salt>");
- expect(callback).toHaveBeenCalledWith(this.srp, this.srp.registered_user);
+ expect(callback).toHaveBeenCalledWith(this.srp.session, this.srp.registered_user);
});
it("identifies after successful registration (INTEGRATION)", function(){