diff options
Diffstat (limited to 'django/srpproject/srp')
| -rw-r--r-- | django/srpproject/srp/util.py | 67 | ||||
| -rw-r--r-- | django/srpproject/srp/views.py | 23 |
2 files changed, 83 insertions, 7 deletions
diff --git a/django/srpproject/srp/util.py b/django/srpproject/srp/util.py new file mode 100644 index 0000000..1f82450 --- /dev/null +++ b/django/srpproject/srp/util.py @@ -0,0 +1,67 @@ +# Locally used functions: +def join(a,b): + return a+b if a.endswith("/") else "/".join((a,b)) + +def genHeader(jsDir, flist): + return "\n".join(["<script src='%s'></script>" % join(jsDir, f) for f in flist]) + +# Headers: +def loginHeader(jsDir, compressed=True): + return genHeader(jsDir, ["srp.min.js"] if compressed else ["SHA256.js", "prng4.js", "rng.js", "jsbn.js", "jsbn2.js", "srp.js"]) + +def registerHeader(jsDir, compressed=True): + return genHeader(jsDir, ["srp.min.js", "srp_register.min.js"] if compressed else \ +["SHA256.js", "prng4.js", "rng.js", "jsbn.js", "jsbn2.js", "srp.js", "srp_register.js"]) + +# Forms: +def loginForm(srp_url, srp_forward, login_function="login()", no_js=True): + return """<form action="%s" method="POST" onsubmit="return %s"> +<table> +<tr><td>Username:</td><td><input type="text" name="srp_username" id="srp_username" /></td></tr> +<tr><td>Password:</td><td><input type="password" name="srp_password" id="srp_password" /></td></tr> +<input type="hidden" id="srp_url" value="%s"/> +<input type="hidden" name="srp_forward" id="srp_forward" value="%s"/> +<input type="hidden" id="srp_server" value="django"/> +</table> +<input type="submit"/> +</form>""" % (join(srp_url, "noJs/") if no_js else "#", login_function, join(srp_url, ""), srp_forward) + +def registerForm(srp_url, srp_forward, login_function="register()"): + return """<form action="#" method="POST" onsubmit="return %s"> +<table> +<tr><td>Username:</td><td><input type="text" name="srp_username" id="srp_username" /></td></tr> +<tr><td>Password:</td><td><input type="password" name="srp_password" id="srp_password" /></td></tr> +<tr><td>Confirm Password:</td><td><input type="password" id="confirm_password" /></td></tr> +<input type="hidden" id="srp_url" value="%s"/> +<input type="hidden" name="srp_forward" id="srp_forward" value="%s"/> +<input type="hidden" id="srp_server" value="django"/> +</table> +<input type="submit"/> +</form>""" % (login_function, join(srp_url, ""), srp_forward) + + +# Functions: +def loginFunction(): + return """<script type="text/javascript"> +function login() +{ + srp = new SRP(); + srp.identify(); + return false; +} +</script>""" + +def registerFunction(): + return """<script type="text/javascript">function register() +{ + if(document.getElementById("confirm_password").value != document.getElementById("srp_password").value) + alert("Passwords do not match"); + else if(document.getElementById("srp_password").value == "") + alert("Password cannot be blank"); + else + { + srp = new SRP(); + srp.register(); + } + return false; +};</script>""" diff --git a/django/srpproject/srp/views.py b/django/srpproject/srp/views.py index cde4e5a..74209e5 100644 --- a/django/srpproject/srp/views.py +++ b/django/srpproject/srp/views.py @@ -1,5 +1,3 @@ -# Create your views here. - from django.http import HttpResponse, HttpResponseRedirect from django.contrib.auth.models import User @@ -44,16 +42,21 @@ def generate_verifier(salt, username, password): def login_page(request): from django.shortcuts import render_to_response + import util return render_to_response('login.html', \ {'error': "Invalid username or password" if "error" in request.GET and request.GET["error"] == '1' and not request.user.is_authenticated() else "",\ - 'static_files': "http://%s/srp-test/javascript" % request.get_host(), \ - 'srp_url': "http://%s/srp/" % request.get_host()}) + 'jsHeader': util.loginHeader("http://%s/srp-test/javascript" % request.get_host()),\ + 'loginForm': util.loginForm("http://%s/srp/" % request.get_host(), "http://google.com"),\ + 'loginFunction': util.loginFunction() }) def register_page(request): from django.shortcuts import render_to_response - return render_to_response('register.html',\ - {'static_files': "http://%s/srp-test/javascript" % request.get_host(),\ - 'srp_url': "http://%s/srp/" % request.get_host()}) + import util + return render_to_response('login.html', \ + {'error': "Invalid username or password" if "error" in request.GET and request.GET["error"] == '1' and not request.user.is_authenticated() else "",\ + 'jsHeader': util.registerHeader("http://%s/srp-test/javascript" % request.get_host()),\ + 'loginForm': util.registerForm("http://%s/srp/" % request.get_host(), "http://google.com"),\ + 'loginFunction': util.registerFunction() }) ### ### User Registration @@ -190,6 +193,8 @@ def no_javascript(request): try: user = User.objects.get(username=request.POST["srp_username"]) try: + # Create a verifier for the user, and check that it matches the user's verifier + # Since we're doing it all on one side, we can skip the rest of the protocol v = generate_verifier(user.srpuser.salt, request.POST["srp_username"], request.POST["srp_password"]) user = authenticate(username=request.POST["srp_username"], M=(user.srpuser.verifier, v)) if user: @@ -199,6 +204,8 @@ def no_javascript(request): else: return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"])) except SRPUser.DoesNotExist: + # The user exists in the auth table, but not the SRP table + # Create an SRP version of the user if user.check_password(request.POST["srp_password"]): srpuser = SRPUser() srpuser.__dict__.update(user.__dict__) @@ -211,6 +218,8 @@ def no_javascript(request): else: return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"])) except User.DoesNotExist: + # The user does not exist in the auth tables + # Send the client back to the login page with an error pass if "?" in request.META["HTTP_REFERER"]: if "error=1" in request.META["HTTP_REFERER"]: |