| Age | Commit message (Collapse) | Author |
|---|
|
* removed Django code - we're keeping the tests - so I hope the two can still be used together
* removed js packer - everyone has their own packaging strategy these days
* cleaned up the repository - we only have js so javascript directory does not make much sense
|
|
Functions exist to create headers that include javascript files, and create javascript functions for login and registration. There are also
functions that create login and registration forms.
These functions don't necessarily account for everything a web developer might want to do, but it should simplify things for most developers and
provide guidelines for developers who want to build on top of this functionality.
Views.py now builds the login and register pages based on these functions. The register page now uses the login.html template, and the
register.html template should be deleted in the next release.
|
|
site-by-site basis.
|
|
made them hidden fields in the form. This way a bookmarklet will be
able to read the fields, and authentication can be done without trusting the javascript sent by the server.
I also organized urls.py
|
|
must send the server the password. I wasn't happy about doing this
in plaintext, so I've incorporated slowAES on both the client and the server to encrypt the password before it is sent, using the key generated
in the first SRP transaction.
|
|
If a user exists in the auth table but not the srp table, the server sends back the algorithm and salt needed to hash the password. The hashed
password is used to authenticate the user.
After the server authenticates the user and the user verifies the identity of the server, the user sends the password in plaintext. The server
uses the plaintext password to calculate the verifier and stores. Finally, the client reinitiates the login process.
|
|
|
