srp_js.git - [srp

Age	Commit message (Collapse)	Author
2012-07-20	INCOMPATIBLE: major restructuring of the repository	Azul
	* removed Django code - we're keeping the tests - so I hope the two can still be used together * removed js packer - everyone has their own packaging strategy these days * cleaned up the repository - we only have js so javascript directory does not make much sense
2009-08-15	This adds a file 'utils.py' to simplify templating.	ausiv4
	Functions exist to create headers that include javascript files, and create javascript functions for login and registration. There are also functions that create login and registration forms. These functions don't necessarily account for everything a web developer might want to do, but it should simplify things for most developers and provide guidelines for developers who want to build on top of this functionality. Views.py now builds the login and register pages based on these functions. The register page now uses the login.html template, and the register.html template should be deleted in the next release.
2009-08-13	Added support for logins without javascript. This is configurable on a ↵	ausiv4
	site-by-site basis.
2009-08-12	Rather than passing the necessary parameters to the SRP constructor, I've ↵	ausiv4
	made them hidden fields in the form. This way a bookmarklet will be able to read the fields, and authentication can be done without trusting the javascript sent by the server. I also organized urls.py
2009-08-12	When upgrading the user from a non-srp account to an SRP account, the client ↵	ausiv4
	must send the server the password. I wasn't happy about doing this in plaintext, so I've incorporated slowAES on both the client and the server to encrypt the password before it is sent, using the key generated in the first SRP transaction.
2009-08-07	This update separates the register functionality from the login library. The ↵	ausiv4
	login script is now .3 kb smaller, but there is a new 1.1 kb register file. I think that registrations are rare enough relative to logins that this should be a worthwhile tradeoff. This also prepares a framework for importing an update file, which will allow existing installations to upgrade from less secure authentication protocols, so some of the overhead in srp.js that was added here will help reduce the size as we add the update functionality.
2009-07-28	Fixed srp.js for IE6.	ausiv4

2009-07-28	In this update we use jsPacker.pl to combine and compress javascript	ausiv4
	files. Instead of sending 6 javascript files totaling about 50KB, we now send 1 file totaling 21.1KB. After modifying any javascript files, run build-pack.sh to update srp.min.js. The login.html and register.html templates have been changed to send the one packed file. The file srp.js was modified so that it would pack properly. Necessary files from the perl version of packer are included, but they shouldn't be included on production web servers. The packer files are released under the LGPL.
2009-07-25	Moved register and login page to templates rather than cluttering views.py. ↵	ausiv4
	Also added a 'key' function to the SRP javascript library, in case anyone wants to use K for encrypting communications.