Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-10-19 | require srp.js first and the remotes afterwards | Azul | |
2012-10-19 | added success and error callbacks to register | Azul | |
2012-10-17 | hand success and error messages to identify by default | Azul | |
also cleaned up some other parts that were not needed anymore | |||
2012-10-16 | use M2 as the key for the server auth | Azul | |
2012-10-16 | not caching x,V,salt to avoid conflicts | Azul | |
2012-10-16 | added unit tests for session calculations | Azul | |
2012-10-15 | expecting the salt to be send with key salt | Azul | |
2012-10-15 | Merge branch 'feature-jquery-remote' into develop | Azul | |
2012-10-15 | all rest tests passing, using proper verbs | Azul | |
2012-10-14 | calculating the right M and M2! | Azul | |
still missing some error handling, this in Django specs and the right http verbs | |||
2012-10-14 | got SRP v6a test setup and basic rest flow to work | Azul | |
* still need to fix the algo for auth * Also need to get the http verbs right | |||
2012-10-12 | got signup to work in accordance with py srp | Azul | |
2012-10-02 | using jquery for signup post now. login still pending | Azul | |
2012-10-02 | fixed restful signup test | Azul | |
2012-08-21 | first round of making jslint happy | Azul | |
2012-08-21 | moved srp-js files from lib to src | Azul | |
2012-08-21 | moved on with refactoring | Azul | |
* srp_register now is part of srp.js * moved server specific stuff into plainXHR (such as fetching the seed from the server) * fixed tests | |||
2012-08-13 | seperated session from the srp flow - login tests pass, signup fail | Azul | |
2012-08-04 | started implementing a restful signup | Azul | |
2012-08-04 | copied jqueryRest and restful specs from django | Azul | |
no real change yet | |||
2012-08-03 | moved all xhr related stuff to a seperate class | Azul | |
We can replace this if we want to use jquery ajax or similar. Also this has all the urls so it's super easy to overwrite | |||
2012-07-20 | expose function to create salt | Azul | |
2012-07-20 | calcV to calculate verifier, do not use srp_url or srp_server anymore | Azul | |
We can easily overwrite the corresponding functions | |||
2012-07-20 | moved src to lib and use relative path in require_tree | Azul | |
2012-07-20 | Merge branch 'master' of git://github.com/leapcode/srp-js | Azul | |
2012-07-20 | added an index file to use with sprockets | Azul | |
2012-07-20 | added an index file to use with sprockets | Azul | |
2012-07-20 | INCOMPATIBLE: major restructuring of the repository | Azul | |
* removed Django code - we're keeping the tests - so I hope the two can still be used together * removed js packer - everyone has their own packaging strategy these days * cleaned up the repository - we only have js so javascript directory does not make much sense | |||
2012-07-02 | reject server response with error message if B=0 | Azul | |
2012-07-02 | expectRequest and respond{JSON,XML} functions to simplify the tests | Azul | |
2012-07-02 | refactoring the tests a bit | Azul | |
2012-07-02 | parsing JSON responses tested and fixed | Azul | |
2012-07-02 | factored out parsing the responses | Azul | |
2012-07-02 | check for ready state and status before callback | Azul | |
2012-07-02 | changed indentation to the 2 spaces i love | Azul | |
2012-07-02 | added integration test for login | Azul | |
* added a small hook in srp to set a, A and Astr for testing * moved generic functions for tests to SpecHelper | |||
2012-06-29 | Connection Header is not allowed according to xhr spec. | Azul | |
Not sure if this was needed. Tests will throw exceptions when it's in but maybe some legacy browsers require it. | |||
2012-06-29 | added tests for registration with jasmin and sinon | Azul | |
2012-06-27 | adding license remark in readme | Azul | |
2012-06-27 | added Readme from the original project site | Azul | |
2009-08-15 | This adds a file 'utils.py' to simplify templating. | ausiv4 | |
Functions exist to create headers that include javascript files, and create javascript functions for login and registration. There are also functions that create login and registration forms. These functions don't necessarily account for everything a web developer might want to do, but it should simplify things for most developers and provide guidelines for developers who want to build on top of this functionality. Views.py now builds the login and register pages based on these functions. The register page now uses the login.html template, and the register.html template should be deleted in the next release. | |||
2009-08-14 | Fixed bug in views.py, changed files named 'hash' to 'crypto' since it now ↵ | ausiv4 | |
includes AES. | |||
2009-08-13 | Added support for logins without javascript. This is configurable on a ↵ | ausiv4 | |
site-by-site basis. | |||
2009-08-12 | Rather than passing the necessary parameters to the SRP constructor, I've ↵ | ausiv4 | |
made them hidden fields in the form. This way a bookmarklet will be able to read the fields, and authentication can be done without trusting the javascript sent by the server. I also organized urls.py | |||
2009-08-12 | When upgrading the user from a non-srp account to an SRP account, the client ↵ | ausiv4 | |
must send the server the password. I wasn't happy about doing this in plaintext, so I've incorporated slowAES on both the client and the server to encrypt the password before it is sent, using the key generated in the first SRP transaction. | |||
2009-08-09 | Significant cleanup to srp.js. | ausiv4 | |
2009-08-08 | This adds upgrade functionality so that existing django apps can switch to SRP. | ausiv4 | |
If a user exists in the auth table but not the srp table, the server sends back the algorithm and salt needed to hash the password. The hashed password is used to authenticate the user. After the server authenticates the user and the user verifies the identity of the server, the user sends the password in plaintext. The server uses the plaintext password to calculate the verifier and stores. Finally, the client reinitiates the login process. | |||
2009-08-07 | This update separates the register functionality from the login library. The ↵ | ausiv4 | |
login script is now .3 kb smaller, but there is a new 1.1 kb register file. I think that registrations are rare enough relative to logins that this should be a worthwhile tradeoff. This also prepares a framework for importing an update file, which will allow existing installations to upgrade from less secure authentication protocols, so some of the overhead in srp.js that was added here will help reduce the size as we add the update functionality. | |||
2009-08-06 | Changes were made to improve database efficiency and to use the django ↵ | ausiv4 | |
authentication backend framework. | |||
2009-08-04 | Removed debugging line from srp.js | ausiv4 | |