From 2e365cba5263ec50f10fb074c054ef19adb8f7b0 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Mon, 19 Nov 2012 17:36:49 +0100
Subject: first step at cleaning up the srp

---
 spec/login_spec.js  | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 spec/signup_spec.js | 22 ++++++++++++++
 src/jqueryRest.js   | 50 ++++++++++++++++++++++++++++++
 src/srp.js          | 19 ++++++++++++
 4 files changed, 179 insertions(+)

diff --git a/spec/login_spec.js b/spec/login_spec.js
index 3c30d28..7bb11f6 100644
--- a/spec/login_spec.js
+++ b/spec/login_spec.js
@@ -90,3 +90,91 @@ describe("Login", function() {
 
 
 });
+
+describe("Login with srp var", function() {
+
+  describe("(Compatibility with py-srp)", function (){
+    // these need to be the same as in the spec runner:
+    var login = "testuser";
+    var password = "password";
+    // a valid auth attempt for the user / password given in the spec runner:
+    var a = 'a5cccf937ea1bf72df5cf8099442552f5664da6780a75436d5a59bc77a8a9993';
+    var A = 'e67d222244564ccd2e37471f226b999a4e987f3d494c7d80e0d36169efd6c6c6d857a96924c25fc165e5e9b0212a31c30701ec376dc32e36be00bbcd6d2104789d368af984e26fc094374f90ee5746478f14cec45c7e131a3cbce15fe79e98894213dac4e63c3f73f644fe25aa8707bc58859dfd1b36972e4e34169db2622899';
+    // just for the sake of having a complete set of test vars:
+    var b = '6aa5c88d1877af9907ccefad31083e1102a7121dc04706f681f66c8680fb7f05'; 
+    var B = 'd56a80aaafdf9f70598b5d1184f122f326a333fafd37ab76d6f7fba4a9c4ee59545be056335150bd64f04880bc8e76949469379fe9de17cf6f36f3ee11713d05f63050486bc73c545163169999ff01b55c0ca4e90d8856a6e3d3a6ffc70b70d993a5308a37a5c2399874344e083e72b3c9afa083d312dfe9096ea9a65023f135';
+    var salt = '628365a0';
+    var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b';
+    var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26';
+    var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e';
+    var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190';
+    var A_, callback;
+
+
+    beforeEach(function() {
+      srp.session = new SRP().session;
+
+      specHelper.setupFakeXHR.apply(this);
+
+      A_ = srp.session.calculateAndSetA(a)
+    });
+
+    afterEach(function() {
+      this.xhr.restore();
+    });
+
+    it("calculates the same A", function(){
+      expect(A_).toBe(A);
+    });
+
+    it("calculates the same verifier", function(){
+      expect(srp.session.getV().toString(16)).toBe(V);
+    });
+
+    it("calculates the same key", function(){
+      srp.session.calculations(salt, B);
+      expect(srp.session.key()).toBe(K);
+    });
+
+    it("authenticates successfully", function(){
+      srp.loggedIn = sinon.spy();
+      srp.login();
+
+      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+      this.respondJSON({salt: salt, B: B});
+      this.expectRequest('sessions/'+login+'.json', 'client_auth='+M, 'PUT');
+      this.respondJSON({M2: M2});
+
+      expect(srp.loggedIn).toHaveBeenCalled();
+    });
+    
+    it("reports errors during handshake", function(){
+      srp.error = sinon.spy();
+      var error = {login: "something went wrong on the server side"};
+      srp.login();
+
+      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+      this.respondJSON(error, 422);
+      //this.expectNoMoreRequests();
+
+      expect(srp.error).toHaveBeenCalled;
+      var args = srp.error.args[0];
+      expect($.parseJSON(args[0].responseText)).toEqual(error);
+    });
+    
+    it("rejects B = 0", function(){
+      srp.loggedIn = sinon.spy();
+      srp.error = sinon.spy();
+      srp.login();
+
+      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
+      this.respondJSON({salt: salt, B: 0});
+      // aborting if B=0
+      expect(this.requests).toEqual([]);
+      expect(srp.error).toHaveBeenCalledWith("Server send random number 0 - could not login.");
+      expect(srp.loggedIn).not.toHaveBeenCalled();
+    });
+  });
+
+
+});
diff --git a/spec/signup_spec.js b/spec/signup_spec.js
index e4d70df..fcb5930 100644
--- a/spec/signup_spec.js
+++ b/spec/signup_spec.js
@@ -29,4 +29,26 @@ describe("Signup", function() {
 
 });
 
+describe("Signup with srp var", function() {
+  
+  beforeEach(function() {
+    specHelper.setupFakeXHR.apply(this);
+  });
+
+  afterEach(function() {
+    this.xhr.restore();
+  });
+  
+  it("identifies after successful registration (INTEGRATION)", function(){
+    var callback = sinon.spy();
+    srp.signedUp = callback;
+    srp.session = new SRP().session
+    srp.session.getSalt = function() {return "4c78c3f8"};
+    srp.signup();
+    this.expectRequest('users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST')
+    this.respondJSON({password_salt: "4c78c3f8", login: "testuser", ok: "true"});
+    expect(callback).toHaveBeenCalled();
+  });
+
+});
 
diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index a7928d5..29f737c 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -35,3 +35,53 @@ jqueryRest = function() {
     authenticate: authenticate
   };
 };
+
+srp.remote = (function(){
+
+  function signup(){
+    jqueryRest().register(srp.session)
+    .success(srp.signedUp)
+    .error(srp.error)
+  };
+
+  function login(){
+    jqueryRest().handshake(srp.session)
+    .success(receiveSalts)
+    .error(srp.error)
+  };
+
+  function receiveSalts(response){
+    // B = 0 will make the algorithm always succeed
+    // -> refuse such a server answer
+    if(response.B === 0) {
+      srp.error("Server send random number 0 - could not login.");
+    }
+    else if(! response.salt || response.salt === 0) {
+      srp.error("Server failed to send salt - could not login.");
+    } 
+    else 
+    {
+      srp.session.calculations(response.salt, response.B);
+      jqueryRest().authenticate(srp.session)
+      .success(confirmAuthentication)
+      .error(srp.error);
+    }
+  };
+
+  // Receive M2 from the server and verify it
+  // If an error occurs, raise it as an alert.
+  function confirmAuthentication(response)
+  {
+    if (srp.session.validate(response.M2))
+      srp.loggedIn();
+    else
+      srp.error("Server key does not match");
+  };
+
+
+  return {
+    signup: signup,
+    login: login
+  }
+
+}());
diff --git a/src/srp.js b/src/srp.js
index 6a377ce..5b76a88 100644
--- a/src/srp.js
+++ b/src/srp.js
@@ -1,3 +1,22 @@
+var srp = (function(){
+
+  function signup()
+  {
+    this.remote.signup();
+  };
+
+  function login()
+  {
+    this.remote.login();
+  };
+
+  return {
+    signup: signup,
+    login: login
+  }
+}());
+
+
 function SRP(remote, session)
 {
   var srp = this;
-- 
cgit v1.2.3