From 0c5369fd9299eb9bf7295e3925ce803c5473e2b8 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 22 Jun 2013 16:17:45 +0200 Subject: refactor: separate account from session --- spec/account_spec.js | 31 +++++++++++++++++++++++++++++++ spec/runner.html | 2 ++ spec/session_spec.js | 14 +++++++------- spec/signup_spec.js | 2 +- src/jqueryRest.js | 2 +- src/srp_account.js | 13 +++++++++++++ src/srp_session.js | 28 +++++++++------------------- 7 files changed, 64 insertions(+), 28 deletions(-) create mode 100644 spec/account_spec.js create mode 100644 src/srp_account.js diff --git a/spec/account_spec.js b/spec/account_spec.js new file mode 100644 index 0000000..4110778 --- /dev/null +++ b/spec/account_spec.js @@ -0,0 +1,31 @@ +describe("Account", function() { + describe("without seeded values", function(){ + beforeEach(function() { + account = new srp.Account(); + }); + + it("fetches the password from the password field", function(){ + expect(account.password()).toBe("password"); + }); + + it("fetches the login from the login field", function(){ + expect(account.login()).toBe("testuser"); + }); + + }); + + describe("with seeded values", function(){ + beforeEach(function() { + account = new srp.Account("login", "secret"); + }); + + it("uses the seeded password", function(){ + expect(account.password()).toBe("secret"); + }); + + it("uses the seeded login", function(){ + expect(account.login()).toBe("login"); + }); + + }); +}); diff --git a/spec/runner.html b/spec/runner.html index 3a458df..d0a5d5d 100644 --- a/spec/runner.html +++ b/spec/runner.html @@ -23,6 +23,7 @@ + @@ -30,6 +31,7 @@ + diff --git a/spec/session_spec.js b/spec/session_spec.js index 5802283..a1378a6 100644 --- a/spec/session_spec.js +++ b/spec/session_spec.js @@ -29,19 +29,19 @@ describe("Session", function() { var session; beforeEach(function() { - session = new srp.Session(compare.username, compare.password); + account = new srp.Account(compare.username, compare.password); + session = new srp.Session(account); }); - it("has the proper username", function() { - expect(session.getI()).toBe(compare.username); - }); - - it("calculates the proper M", function() { + it("calculates the proper M (INTEGRATION)", function() { session.calculateAndSetA(compare.a); session.calculations(compare.salt, compare.bb); expect(session.getS().toString(16)).toBe(compare.s); - // failing from here on... expect(session.key()).toBe(compare.k); expect(session.getM()).toBe(compare.m); }); + + it("delegates login", function() { + expect(session.login()).toBe(compare.username); + }); }); diff --git a/spec/signup_spec.js b/spec/signup_spec.js index 4f7a65d..48a62a7 100644 --- a/spec/signup_spec.js +++ b/spec/signup_spec.js @@ -11,7 +11,7 @@ describe("Signup with srp var", function() { specHelper.setupFakeXHR.apply(this); calculate = new srp.Calculate(); calculate.randomSalt = function() {return "4c78c3f8"}; - srp.session = new srp.Session(undefined, undefined, calculate); + srp.session = new srp.Session(undefined, calculate); }); afterEach(function() { diff --git a/src/jqueryRest.js b/src/jqueryRest.js index bfa4592..c1eb3c1 100644 --- a/src/jqueryRest.js +++ b/src/jqueryRest.js @@ -20,7 +20,7 @@ srp.remote = (function(){ function authenticate(session) { return $.ajax({ - url: "/sessions/" + session.getI() + ".json", + url: "/sessions/" + session.login() + ".json", type: 'PUT', data: {client_auth: session.getM()} }); diff --git a/src/srp_account.js b/src/srp_account.js new file mode 100644 index 0000000..336e013 --- /dev/null +++ b/src/srp_account.js @@ -0,0 +1,13 @@ +srp.Account = function(login, password) { + + // Returns the user's identity + this.login = function() { + return login || document.getElementById("srp_username").value; + }; + + // Returns the password currently typed in + this.password = function() { + return password || document.getElementById("srp_password").value; + }; + +} diff --git a/src/srp_session.js b/src/srp_session.js index ccade72..5d1f829 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -1,6 +1,7 @@ -srp.Session = function(login, password, calculate) { +srp.Session = function(account, calculate) { // default for injected dependency + account = account || new srp.Account(); calculate = calculate || new srp.Calculate(); var a = calculate.randomEphemeral(); @@ -10,8 +11,6 @@ srp.Session = function(login, password, calculate) { var M = null; var M2 = null; var authenticated = false; - var I = login; - var pass = password; // *** Accessor methods *** @@ -25,9 +24,9 @@ srp.Session = function(login, password, calculate) { this.signup = function() { var salt = calculate.randomSalt(); - var x = calculate.X(this.getI(), this.getPass(), salt); + var x = calculate.X(account.login(), account.password(), salt); return { - login: this.getI(), + login: account.login(), password_salt: salt, password_verifier: calculate.V(x) }; @@ -35,7 +34,7 @@ srp.Session = function(login, password, calculate) { this.handshake = function() { return { - login: this.getI(), + login: account.login(), A: this.getA() }; }; @@ -44,17 +43,8 @@ srp.Session = function(login, password, calculate) { return A; } - // Returns the user's identity - this.getI = function() { - I = login || document.getElementById("srp_username").value; - return I; - }; - - // Returns the password currently typed in - this.getPass = function() { - pass = password || document.getElementById("srp_password").value; - return pass; - }; + // Delegate login so it can be used when talking to the remote + this.login = account.login; // Calculate S, M, and M2 // This is the client side of the SRP specification @@ -62,13 +52,13 @@ srp.Session = function(login, password, calculate) { { //S -> C: s | B var B = ephemeral; - var x = calculate.X(this.getI(), this.getPass(), salt); + var x = calculate.X(account.login(), account.password(), salt); S = calculate.S(a, A, B, x); K = calculate.K(S); // M = H(H(N) xor H(g), H(I), s, A, B, K) var xor = calculate.nXorG(); - var hash_i = calculate.hash(I) + var hash_i = calculate.hash(account.login()) M = calculate.hashHex(xor + hash_i + salt + A + B + K); //M2 = H(A, M, K) M2 = calculate.hashHex(A + M + K); -- cgit v1.2.3