| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-09-17 | Allow extra signup params from account | kaeff | |
| For the feature/invite-codes in leap_web, we need to be able to pass an extra parameter (the invite code) from the signup form to the server. This approach allows the consumer of SRP to specify a custom implementation of Account that returns arbitrary `loginParams`, and Session will pass them on so that they become part of the XHR. - Split session.signup into signup and update to restrict extra params to signup only | |||
| 2013-10-14 | properly treat utf8 chars in password | Azul | |
| utf-8 encoding used to be bundled with the SHA256 library. However we only want to utf8 encode strings that are actual user input. We do not want to encode the bytearrays that are used when hashing the hex values calculated during for SRP. So I separated the utf-8 encoding and the sha256 hashing. | |||
| 2013-09-24 | use token from the form to submit password update | Azul | |
| 2013-07-12 | also zeroprefix the salt if needed | Azul | |
| Now what else can you possibly zeroprefix? This should be it - shouldn't it? | |||
| 2013-07-12 | prefix incoming B too | Azul | |
| 2013-07-12 | also prefix our own toString(16) hex values | Azul | |
| 2013-07-12 | the 0 prefix in hex is essential for building the M and M2 strings | Azul | |
| 2013-07-04 | always use the API-only controller for all requests. | elijah | |
| 2013-06-24 | refactor: separate account from session | Azul | |
| 2013-06-24 | refactor: rename constants to calculate and clean up hash usage | Azul | |
| 2013-06-24 | refactor: separate calculations from session | Azul | |
| 2013-06-24 | fix bug wrt zero padding of hashes | Azul | |
| 2013-03-20 | use a proper random a for the handshake | Azul | |
| 2012-11-26 | API: update instead of addToForm | Azul | |
| addToForm was an attempt to not use ajax but just the normal form submit. Turns out it's easy to add hidden fields to the form but quite cumbersome to remove the password fields from teh form so they are not submitted over the eventually untrusted channel. So we use ajax for updates just like for signup. | |||
| 2012-11-23 | addToForm: add the srp signup data to an existing form | Azul | |
| 2012-11-22 | don't cache password and login | Azul | |
| 2012-11-22 | catch empty responses | Azul | |
| 2012-11-22 | using done/fail instead of success/error, handing all properties to fail | Azul | |
| 2012-11-20 | all request should go to absolute paths | Azul | |
| They should be independent of the url we're serving the page from | |||
| 2012-11-20 | make sure we get the current password and login | Azul | |
| 2012-11-20 | make sure srp.login also works as a callback | Azul | |
| 2012-11-20 | sending the parsed json object to the error handler | Azul | |
| 2012-11-19 | further cleanup | Azul | |
| 2012-11-19 | removed the SRP class - using just a plain srp object now | Azul | |
| 2012-11-19 | first step at cleaning up the srp | Azul | |
| 2012-11-19 | works - but not quite what i want. Exposing jqXHR to error function | Azul | |
| 2012-11-14 | cleaned up unused parser functions | Azul | |
| 2012-11-14 | removed outdated django remote and all related files | Azul | |
| Also cleaned up the specs a bit | |||
| 2012-11-09 | Merge branch 'master' into feature-updated_json_api | Azul | |
| 2012-10-30 | we're expecting json responses - so put .json in the url | Azul | |
| 2012-10-19 | don't expect create to return an ok | Azul | |
| * it returns the user * it will return errors if sth. goes wrong. | |||
| 2012-10-19 | added success and error callbacks to register | Azul | |
| 2012-10-17 | hand success and error messages to identify by default | Azul | |
| also cleaned up some other parts that were not needed anymore | |||
| 2012-10-16 | use M2 as the key for the server auth | Azul | |
| 2012-10-16 | not caching x,V,salt to avoid conflicts | Azul | |
| 2012-10-16 | added unit tests for session calculations | Azul | |
| 2012-10-15 | expecting the salt to be send with key salt | Azul | |
| 2012-10-15 | all rest tests passing, using proper verbs | Azul | |
| 2012-10-14 | calculating the right M and M2! | Azul | |
| still missing some error handling, this in Django specs and the right http verbs | |||
| 2012-10-14 | got SRP v6a test setup and basic rest flow to work | Azul | |
| * still need to fix the algo for auth * Also need to get the http verbs right | |||
| 2012-10-12 | got signup to work in accordance with py srp | Azul | |
| 2012-10-02 | using jquery for signup post now. login still pending | Azul | |
| 2012-08-21 | first round of making jslint happy | Azul | |
| 2012-08-21 | moved srp-js files from lib to src | Azul | |
| 2012-07-20 | added an index file to use with sprockets | Azul | |
| 2012-07-20 | INCOMPATIBLE: major restructuring of the repository | Azul | |
| * removed Django code - we're keeping the tests - so I hope the two can still be used together * removed js packer - everyone has their own packaging strategy these days * cleaned up the repository - we only have js so javascript directory does not make much sense | |||
 |
index : srp_js.git | |
| [srp_js] | git repository hosting |
| summaryrefslogtreecommitdiff |