3 files changed, 52 insertions, 19 deletions

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index c4b0161..bfa4592 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -1,18 +1,26 @@
 srp.remote = (function(){
   var jqueryRest = (function() {
 
-    // we do not fetch the salt from the server
+    // TODO: Do we need to differentiate between PUT and POST?
     function register(session) {
-      return $.post("users.json", { user: session.signup() });
+      return $.post("/users.json", {user: session.signup() });
+    }
+
+    function update(url, session) {
+      return $.ajax({
+        url: url,
+        type: 'PUT',
+        data: {user: session.signup() }
+      });
     }
 
     function handshake(session) {
-      return $.post("sessions.json", session.handshake());
+      return $.post("/sessions.json", session.handshake());
     }
 
     function authenticate(session) {
       return $.ajax({
-        url: "sessions/" + session.getI() + ".json",
+        url: "/sessions/" + session.getI() + ".json",
         type: 'PUT',
         data: {client_auth: session.getM()}
       });
@@ -20,6 +28,7 @@ srp.remote = (function(){
 
     return {
       register: register,
+      update: update,
       handshake: handshake,
       authenticate: authenticate
     };
@@ -28,14 +37,21 @@ srp.remote = (function(){
 
   function signup(){
     jqueryRest.register(srp.session)
-    .success(srp.signedUp)
-    .error(error)
+    .done(srp.signedUp)
+    .fail(error)
+  };
+
+  function update(submitEvent){
+    var form = submitEvent.target;
+    jqueryRest.update(form.action, srp.session)
+    .done(srp.updated)
+    .fail(error)
   };
 
   function login(){
     jqueryRest.handshake(srp.session)
-    .success(receiveSalts)
-    .error(error)
+    .done(receiveSalts)
+    .fail(error)
   };
 
   function receiveSalts(response){
@@ -51,8 +67,8 @@ srp.remote = (function(){
     {
       srp.session.calculations(response.salt, response.B);
       jqueryRest.authenticate(srp.session)
-      .success(confirmAuthentication)
-      .error(error);
+      .done(confirmAuthentication)
+      .fail(error);
     }
   };
 
@@ -68,13 +84,17 @@ srp.remote = (function(){
 
   // The server will send error messages as json alongside
   // the http error response.
-  function error(xhr)
+  function error(xhr, text, thrown)
   { 
-    srp.error($.parseJSON(xhr.responseText))
+    if (xhr.responseText && xhr.responseText != "")
+      srp.error($.parseJSON(xhr.responseText));
+    else
+      srp.error("Server did not respond.");
   };
 
   return {
     signup: signup,
+    update: update,
     login: login
   }
 
diff --git a/src/srp.js b/src/srp.js
index e57b7e9..efd50d2 100644
--- a/src/srp.js
+++ b/src/srp.js
@@ -2,16 +2,22 @@ var srp = (function(){
 
   function signup()
   {
-    this.remote.signup();
+    srp.remote.signup();
   };
 
   function login()
   {
-    this.remote.login();
+    srp.remote.login();
+  };
+
+  function update(submitEvent)
+  {
+    srp.remote.update(submitEvent);
   };
 
   return {
     signup: signup,
+    update: update,
     login: login
   }
 }());
diff --git a/src/srp_session.js b/src/srp_session.js
index b278993..b1b6014 100644
--- a/src/srp_session.js
+++ b/src/srp_session.js
@@ -7,8 +7,7 @@ srp.Session = function(login, password) {
   var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16);
 
   var rng = new SecureRandom();
-//  var a = new BigInteger(32, rng);
-  var a = new BigInteger("d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", 16);
+  var a = new BigInteger(32, rng);
   var A = g.modPow(a, N);
   while(A.mod(N) == 0)
   {
@@ -21,8 +20,8 @@ srp.Session = function(login, password) {
   var M = null;
   var M2 = null;
   var authenticated = false;
-  var I = login || document.getElementById("srp_username").value;
-  var pass = password || document.getElementById("srp_password").value;
+  var I = login;
+  var pass = password;
 
   // *** Accessor methods ***
 
@@ -57,9 +56,16 @@ srp.Session = function(login, password) {
 
   // Returns the user's identity
   this.getI = function() {
+    I = login || document.getElementById("srp_username").value;
     return I;
   };
 
+  // Returns the password currently typed in
+  this.getPass = function() {
+    pass = password || document.getElementById("srp_password").value;
+    return pass;
+  };
+
   // some 16 byte random number
   this.getSalt = function() {
     return new BigInteger(64, rng).toString(16);
@@ -77,7 +83,8 @@ srp.Session = function(login, password) {
 
   // Calculates the X value and return it as a BigInteger
   this.calcX = function(salt) {
-    return new BigInteger(SHA256(hex2a(salt + SHA256(I + ":" + pass))), 16);
+    var inner = salt + SHA256(this.getI() + ":" + this.getPass())
+    return new BigInteger(SHA256(hex2a(inner)), 16);
   };
 
   this.getV = function(salt)