summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
Diffstat (limited to 'django')
-rw-r--r--django/srpproject/settings.py10
-rw-r--r--django/srpproject/srp/util.py67
-rw-r--r--django/srpproject/srp/views.py23
-rw-r--r--django/srpproject/templates/login.html31
-rw-r--r--django/srpproject/urls.py20
5 files changed, 102 insertions, 49 deletions
diff --git a/django/srpproject/settings.py b/django/srpproject/settings.py
index 7daaf66..5f6f642 100644
--- a/django/srpproject/settings.py
+++ b/django/srpproject/settings.py
@@ -65,10 +65,16 @@ MIDDLEWARE_CLASSES = (
ROOT_URLCONF = 'srpproject.urls'
+AUTHENTICATION_BACKENDS = (
+ 'srp.backends.SRPBackend',
+ 'django.contrib.auth.backends.ModelBackend',
+)
+
TEMPLATE_DIRS = (
# Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
# Always use forward slashes, even on Windows.
# Don't forget to use absolute paths, not relative paths.
+ "/home/austin/Projects/SRP-SVN/srp-js/django/srpproject/templates"
)
INSTALLED_APPS = (
@@ -78,7 +84,3 @@ INSTALLED_APPS = (
'django.contrib.sites',
'srpproject.srp'
)
-
-AUTHENTICATION_BACKENDS = (
- 'srp.backends.SRPBackend',
-)
diff --git a/django/srpproject/srp/util.py b/django/srpproject/srp/util.py
new file mode 100644
index 0000000..1f82450
--- /dev/null
+++ b/django/srpproject/srp/util.py
@@ -0,0 +1,67 @@
+# Locally used functions:
+def join(a,b):
+ return a+b if a.endswith("/") else "/".join((a,b))
+
+def genHeader(jsDir, flist):
+ return "\n".join(["<script src='%s'></script>" % join(jsDir, f) for f in flist])
+
+# Headers:
+def loginHeader(jsDir, compressed=True):
+ return genHeader(jsDir, ["srp.min.js"] if compressed else ["SHA256.js", "prng4.js", "rng.js", "jsbn.js", "jsbn2.js", "srp.js"])
+
+def registerHeader(jsDir, compressed=True):
+ return genHeader(jsDir, ["srp.min.js", "srp_register.min.js"] if compressed else \
+["SHA256.js", "prng4.js", "rng.js", "jsbn.js", "jsbn2.js", "srp.js", "srp_register.js"])
+
+# Forms:
+def loginForm(srp_url, srp_forward, login_function="login()", no_js=True):
+ return """<form action="%s" method="POST" onsubmit="return %s">
+<table>
+<tr><td>Username:</td><td><input type="text" name="srp_username" id="srp_username" /></td></tr>
+<tr><td>Password:</td><td><input type="password" name="srp_password" id="srp_password" /></td></tr>
+<input type="hidden" id="srp_url" value="%s"/>
+<input type="hidden" name="srp_forward" id="srp_forward" value="%s"/>
+<input type="hidden" id="srp_server" value="django"/>
+</table>
+<input type="submit"/>
+</form>""" % (join(srp_url, "noJs/") if no_js else "#", login_function, join(srp_url, ""), srp_forward)
+
+def registerForm(srp_url, srp_forward, login_function="register()"):
+ return """<form action="#" method="POST" onsubmit="return %s">
+<table>
+<tr><td>Username:</td><td><input type="text" name="srp_username" id="srp_username" /></td></tr>
+<tr><td>Password:</td><td><input type="password" name="srp_password" id="srp_password" /></td></tr>
+<tr><td>Confirm Password:</td><td><input type="password" id="confirm_password" /></td></tr>
+<input type="hidden" id="srp_url" value="%s"/>
+<input type="hidden" name="srp_forward" id="srp_forward" value="%s"/>
+<input type="hidden" id="srp_server" value="django"/>
+</table>
+<input type="submit"/>
+</form>""" % (login_function, join(srp_url, ""), srp_forward)
+
+
+# Functions:
+def loginFunction():
+ return """<script type="text/javascript">
+function login()
+{
+ srp = new SRP();
+ srp.identify();
+ return false;
+}
+</script>"""
+
+def registerFunction():
+ return """<script type="text/javascript">function register()
+{
+ if(document.getElementById("confirm_password").value != document.getElementById("srp_password").value)
+ alert("Passwords do not match");
+ else if(document.getElementById("srp_password").value == "")
+ alert("Password cannot be blank");
+ else
+ {
+ srp = new SRP();
+ srp.register();
+ }
+ return false;
+};</script>"""
diff --git a/django/srpproject/srp/views.py b/django/srpproject/srp/views.py
index cde4e5a..74209e5 100644
--- a/django/srpproject/srp/views.py
+++ b/django/srpproject/srp/views.py
@@ -1,5 +1,3 @@
-# Create your views here.
-
from django.http import HttpResponse, HttpResponseRedirect
from django.contrib.auth.models import User
@@ -44,16 +42,21 @@ def generate_verifier(salt, username, password):
def login_page(request):
from django.shortcuts import render_to_response
+ import util
return render_to_response('login.html', \
{'error': "Invalid username or password" if "error" in request.GET and request.GET["error"] == '1' and not request.user.is_authenticated() else "",\
- 'static_files': "http://%s/srp-test/javascript" % request.get_host(), \
- 'srp_url': "http://%s/srp/" % request.get_host()})
+ 'jsHeader': util.loginHeader("http://%s/srp-test/javascript" % request.get_host()),\
+ 'loginForm': util.loginForm("http://%s/srp/" % request.get_host(), "http://google.com"),\
+ 'loginFunction': util.loginFunction() })
def register_page(request):
from django.shortcuts import render_to_response
- return render_to_response('register.html',\
- {'static_files': "http://%s/srp-test/javascript" % request.get_host(),\
- 'srp_url': "http://%s/srp/" % request.get_host()})
+ import util
+ return render_to_response('login.html', \
+ {'error': "Invalid username or password" if "error" in request.GET and request.GET["error"] == '1' and not request.user.is_authenticated() else "",\
+ 'jsHeader': util.registerHeader("http://%s/srp-test/javascript" % request.get_host()),\
+ 'loginForm': util.registerForm("http://%s/srp/" % request.get_host(), "http://google.com"),\
+ 'loginFunction': util.registerFunction() })
###
### User Registration
@@ -190,6 +193,8 @@ def no_javascript(request):
try:
user = User.objects.get(username=request.POST["srp_username"])
try:
+ # Create a verifier for the user, and check that it matches the user's verifier
+ # Since we're doing it all on one side, we can skip the rest of the protocol
v = generate_verifier(user.srpuser.salt, request.POST["srp_username"], request.POST["srp_password"])
user = authenticate(username=request.POST["srp_username"], M=(user.srpuser.verifier, v))
if user:
@@ -199,6 +204,8 @@ def no_javascript(request):
else:
return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"]))
except SRPUser.DoesNotExist:
+ # The user exists in the auth table, but not the SRP table
+ # Create an SRP version of the user
if user.check_password(request.POST["srp_password"]):
srpuser = SRPUser()
srpuser.__dict__.update(user.__dict__)
@@ -211,6 +218,8 @@ def no_javascript(request):
else:
return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"]))
except User.DoesNotExist:
+ # The user does not exist in the auth tables
+ # Send the client back to the login page with an error
pass
if "?" in request.META["HTTP_REFERER"]:
if "error=1" in request.META["HTTP_REFERER"]:
diff --git a/django/srpproject/templates/login.html b/django/srpproject/templates/login.html
index 14f148d..c1d6238 100644
--- a/django/srpproject/templates/login.html
+++ b/django/srpproject/templates/login.html
@@ -1,35 +1,10 @@
<html>
<head>
-
-{% comment %} <script src="{{ static_files }}/SHA256.js"></script>
- <script src="{{ static_files }}/prng4.js"></script>
- <script src="{{ static_files }}/rng.js"></script>
- <script src="{{ static_files }}/jsbn.js"></script>
- <script src="{{ static_files }}/jsbn2.js"></script>
- <script src="{{ static_files }}/srp.js"></script>
-{% endcomment %}
- <script src="{{ static_files }}/jsPacker/srp.min.js"></script>
-
- <script type="text/javascript">
- function login()
- {
- srp = new SRP();
- srp.identify();
- return false;
- }
- </script>
+ {{ jsHeader|safe }}
+ {{ loginFunction|safe }}
</head>
<body>
- <form action="{{ srp_url }}noJs/" method="POST" onsubmit="return login()">
- <table>
{{ error }}<p/>
- <tr><td>Username:</td><td><input type="text" name="srp_username" id="srp_username" /></td></tr>
- <tr><td>Password:</td><td><input type="password" name="srp_password" id="srp_password" /></td></tr>
- <input type="hidden" id="srp_url" value="{{ srp_url }}"/>
- <input type="hidden" name="srp_forward" id="srp_forward" value="#"/>
- <input type="hidden" id="srp_server" value="django"/>
- </table>
- <input type="submit"/>
- </form>
+ {{ loginForm|safe }}
</body>
</html>
diff --git a/django/srpproject/urls.py b/django/srpproject/urls.py
index d436697..c50fd72 100644
--- a/django/srpproject/urls.py
+++ b/django/srpproject/urls.py
@@ -3,27 +3,27 @@ from django.conf.urls.defaults import *
# Uncomment the next two lines to enable the admin:
# from django.contrib import admin
# admin.autodiscover()
-from srpproject.srp import views
+import srp.views
urlpatterns = patterns('',
# Login and regiser pages. These are mainly for testing.
- (r'^srp/register/$', views.register_page),
- (r'^srp/login/$', views.login_page),
+ (r'^srp/register/$', srp.views.register_page),
+ (r'^srp/login/$', srp.views.login_page),
# These pages are necessary for users to register
- (r'^srp/register/salt/$', views.register_salt),
- (r'^srp/register/user/$', views.register_user),
+ (r'^srp/register/salt/$', srp.views.register_salt),
+ (r'^srp/register/user/$', srp.views.register_user),
# These pages are necessary for users to log in
- (r'^srp/handshake/$', views.handshake),
- (r'^srp/authenticate/$', views.verify),
+ (r'^srp/handshake/$', srp.views.handshake),
+ (r'^srp/authenticate/$', srp.views.verify),
# This page allows users to login without javascript,
# but the browser posts their username and password in plaintext.
- (r'^srp/noJs/$', views.no_javascript),
+ (r'^srp/noJs/$', srp.views.no_javascript),
# Only include these if you are upgrading an existing installation to SRP
- (r'^srp/upgrade/authenticate/$', views.upgrade_auth),
- (r'^srp/upgrade/verifier/$', views.upgrade_add_verifier),
+ (r'^srp/upgrade/authenticate/$', srp.views.upgrade_auth),
+ (r'^srp/upgrade/verifier/$', srp.views.upgrade_add_verifier),
)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 09:46:59 +0000