Jasmine Spec Runner

From 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c09 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 15:09:13 +0100 Subject: we're expecting json responses - so put .json in the url --- src/jqueryRest.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/jqueryRest.js b/src/jqueryRest.js index f50080b..133e3fd 100644 --- a/src/jqueryRest.js +++ b/src/jqueryRest.js @@ -54,7 +54,7 @@ jqueryRest = function() { function sendVerifier(session, callback) { var salt = session.getSalt(); - $.post("users", { user: + $.post("users.json", { user: { login: session.getI(), password_salt: salt, password_verifier: session.getV(salt).toString(16)} @@ -62,13 +62,13 @@ jqueryRest = function() { } function handshake(session, callback) { - $.post("sessions", { login: session.getI(), + $.post("sessions.json", { login: session.getI(), A: session.getAstr()}, callback); } function authenticate(session, success) { $.ajax({ - url: "sessions/" + session.getI(), + url: "sessions/" + session.getI() + ".json", type: 'PUT', data: {client_auth: session.getM()}, success: success -- cgit v1.2.3 From e5ae94132bb55fdd10090dcd427e95e33e31f15e Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 12 Nov 2012 11:14:47 +0100 Subject: specifying charset and fetching jquery remotely This way you don't have to add jquery to the lib dir for specs to work --- spec/RestfulSpecRunner.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/RestfulSpecRunner.html b/spec/RestfulSpecRunner.html index a9d708b..f880720 100644 --- a/spec/RestfulSpecRunner.html +++ b/spec/RestfulSpecRunner.html @@ -2,6 +2,7 @@ "http://www.w3.org/TR/html4/loose.dtd"> + Jasmine Spec Runner @@ -12,7 +13,7 @@ - + -- cgit v1.2.3 From 71ba8a28ebf04b84a9d2f0eb1a64dedec2ec8fe3 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 12 Nov 2012 11:14:58 +0100 Subject: adopting tests to new .json urls --- spec/restful/login.js | 6 +++--- spec/restful/signup.js | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/restful/login.js b/spec/restful/login.js index 9c43c00..4df62a8 100644 --- a/spec/restful/login.js +++ b/spec/restful/login.js @@ -52,9 +52,9 @@ describe("Login", function() { var success = sinon.spy(); this.srp.identify(success); - this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); + this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST'); this.respondJSON({salt: salt, B: B}); - this.expectRequest('sessions/'+login, 'client_auth='+M, 'PUT'); + this.expectRequest('sessions/'+login+'.json', 'client_auth='+M, 'PUT'); this.respondJSON({M2: M2}); expect(success).toHaveBeenCalled(); @@ -65,7 +65,7 @@ describe("Login", function() { var error = sinon.spy(); this.srp.identify(success, error); - this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); + this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST'); this.respondJSON({salt: salt, B: 0}); // aborting if B=0 expect(this.requests).toEqual([]); diff --git a/spec/restful/signup.js b/spec/restful/signup.js index 7b66dd7..e4d70df 100644 --- a/spec/restful/signup.js +++ b/spec/restful/signup.js @@ -22,7 +22,7 @@ describe("Signup", function() { this.srp.identify = callback; this.srp.session.getSalt = function() {return "4c78c3f8"}; this.srp.register(); - this.expectRequest('users', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST') + this.expectRequest('users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST') this.respondJSON({password_salt: "4c78c3f8", login: "testuser", ok: "true"}); expect(callback).toHaveBeenCalled(); }); -- cgit v1.2.3 From 0bf072f0e5d26016e61fbe68a5c0fec60e13e5e3 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 14 Nov 2012 12:21:00 +0100 Subject: removed outdated django remote and all related files Also cleaned up the specs a bit --- Readme.md | 8 +-- spec/DjangoSpecRunner.html | 75 --------------------------- spec/RestfulSpecRunner.html | 75 --------------------------- spec/django/login.js | 69 ------------------------- spec/django/signup.js | 50 ------------------ spec/helper.js | 44 ++++++++++++++++ spec/login_spec.js | 78 ++++++++++++++++++++++++++++ spec/restful/login.js | 78 ---------------------------- spec/restful/session.js | 39 -------------- spec/restful/signup.js | 32 ------------ spec/runner.html | 75 +++++++++++++++++++++++++++ spec/session_spec.js | 39 ++++++++++++++ spec/signup_spec.js | 32 ++++++++++++ spec/specHelper.js | 44 ---------------- src/plainXHR.js | 120 -------------------------------------------- 15 files changed, 272 insertions(+), 586 deletions(-) delete mode 100644 spec/DjangoSpecRunner.html delete mode 100644 spec/RestfulSpecRunner.html delete mode 100644 spec/django/login.js delete mode 100644 spec/django/signup.js create mode 100644 spec/helper.js create mode 100644 spec/login_spec.js delete mode 100644 spec/restful/login.js delete mode 100644 spec/restful/session.js delete mode 100644 spec/restful/signup.js create mode 100644 spec/runner.html create mode 100644 spec/session_spec.js create mode 100644 spec/signup_spec.js delete mode 100644 spec/specHelper.js delete mode 100644 src/plainXHR.js diff --git a/Readme.md b/Readme.md index bc80cd7..6c38a6b 100644 --- a/Readme.md +++ b/Readme.md @@ -1,8 +1,7 @@ -imported to github from: https://code.google.com/p/srp-js/ +originally imported to github from: https://code.google.com/p/srp-js/ License: [New BSD License](http://www.opensource.org/licenses/bsd-license.php) - Many websites today require some form of authentication to access the site's full functionality. Unfortunately, many of these websites do not use secure authentication protocols. In some cases, websites will store user passwords in their database. If the database ever becomes compromised, an attacker could authenticate as any user he wanted. @@ -15,6 +14,7 @@ The Secure Remote Password protocol addresses this problem. First presented by T This project aims to provide a strong javascript implementation of SRP that will provide some peace of mind when using websites that do not use HTTPS. Due to the nature of HTTP, it is not invulnerable to man-in-the-middle attacks, but it should provide strong security against passive eavesdroppers, which are increasingly common in the age of wireless internet. -To accompany the Javascript implementation of the client, the [original repository](https://code.google.com/p/srp-js/) had a django server. +[ruby-srp](https://github.com/leapcode/ruby-srp) contains client and server implementations in ruby that work with the current version of srp-js. It also ships an example using srp-js as the client. + +The [original repository](https://code.google.com/p/srp-js/) had code working with a django server. -[ruby-srp](https://github.com/leapcode/ruby-srp) contains client and server implementations in ruby that work with srp-js. It also ships an example using srp-js as the client. diff --git a/spec/DjangoSpecRunner.html b/spec/DjangoSpecRunner.html deleted file mode 100644 index 5920745..0000000 --- a/spec/DjangoSpecRunner.html +++ /dev/null @@ -1,75 +0,0 @@ - - - - Jasmine Spec Runner - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spec/RestfulSpecRunner.html b/spec/RestfulSpecRunner.html deleted file mode 100644 index f880720..0000000 --- a/spec/RestfulSpecRunner.html +++ /dev/null @@ -1,75 +0,0 @@ - - - - - Jasmine Spec Runner - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spec/django/login.js b/spec/django/login.js deleted file mode 100644 index d13f695..0000000 --- a/spec/django/login.js +++ /dev/null @@ -1,69 +0,0 @@ -describe("Login", function() { - - it("has an identify function", function() { - var srp = new SRP(); - expect(typeof srp.identify).toBe('function'); - }); - - describe("(INTEGRATION)", function (){ - // a valid auth attempt for the user / password given in the spec runner: - var a = 'af141ae6'; - var B = '887005895b1f5528b4e4dfdce914f73e763b96d3c901d2f41d8b8cd26255a75'; - var salt = '5d3055e0acd3ddcfc15'; - var M = 'be6d7db2186d5f6a2c55788479b6eaf75229a7ca0d9e7dc1f886f1970a0e8065' - var M2 = '2547cf26318519090f506ab73a68995a2626b1c948e6f603ef9e1b0b78bf0f7b'; - var A, callback; - - - beforeEach(function() { - var srp = new SRP(); - var session = new srp.Session(); - this.srp = new SRP(null, session) - A = session.calculateAndSetA(a); - - specHelper.setupFakeXHR.apply(this); - - this.srp.success = sinon.spy(); - }); - - afterEach(function() { - this.xhr.restore(); - }); - - it("works with XML responses", function(){ - this.srp.identify(); - - this.expectRequest('handshake/', 'I=user&A='+A); - this.respondXML(""); - this.expectRequest('authenticate/', 'M='+M); - this.respondXML(""+M2+""); - - expect(this.srp.success).toHaveBeenCalled(); - }); - - it("works with JSON responses", function(){ - this.srp.identify(); - - this.expectRequest('handshake/', 'I=user&A='+A); - this.respondJSON({s: salt, B: B}); - this.expectRequest('authenticate/', 'M='+M); - this.respondJSON({M: M2}); - - expect(this.srp.success).toHaveBeenCalled(); - }); - - it("rejects B = 0", function(){ - this.srp.error = sinon.spy(); - this.srp.identify(); - - this.expectRequest('handshake/', 'I=user&A='+A); - this.respondJSON({s: salt, B: 0}); - // aborting if B=0 - expect(this.requests).toEqual([]); - expect(this.srp.error).toHaveBeenCalled(); - }); - }); - - -}); - diff --git a/spec/django/signup.js b/spec/django/signup.js deleted file mode 100644 index 383dd14..0000000 --- a/spec/django/signup.js +++ /dev/null @@ -1,50 +0,0 @@ -describe("Signup", function() { - - beforeEach(function() { - this.srp = new SRP(); - specHelper.setupFakeXHR.apply(this); - }); - - afterEach(function() { - this.xhr.restore(); - }); - - it("has a register function", function() { - expect(typeof this.srp.register).toBe('function'); - }); - - it("receives the salt from /register/salt", function(){ - var callback = sinon.spy(); - this.srp.remote.sendVerifier = callback; - this.srp.register(); - this.expectRequest('register/salt/', "I=user") - this.respondXML("5d3055e0acd3ddcfc15"); - expect(callback).toHaveBeenCalledWith(this.srp.session, this.srp.registered_user); - }); - - it("identifies after successful registration (INTEGRATION)", function(){ - var callback = sinon.spy(); - this.srp.identify = callback; - this.srp.register(); - this.expectRequest('register/salt/', "I=user") - this.respondXML("5d3055e0acd3ddcfc15"); - this.expectRequest('register/user/', "v=adcd57b4a4a05c2e205b0b7b30014d9ff635d8d8db2f502f08e9b9c132800c44"); - this.respondXML(""); - expect(callback).toHaveBeenCalled(); - }); - - it("identifies after successful registration with JSON (INTEGRATION)", function(){ - var callback = sinon.spy(); - this.srp.identify = callback; - this.srp.register(); - this.expectRequest('register/salt/', "I=user") - this.respondJSON({salt: "5d3055e0acd3ddcfc15"}); - this.expectRequest('register/user/', "v=adcd57b4a4a05c2e205b0b7b30014d9ff635d8d8db2f502f08e9b9c132800c44"); - this.respondJSON({ok: true}); - expect(callback).toHaveBeenCalled(); - }); - - -}); - - diff --git a/spec/helper.js b/spec/helper.js new file mode 100644 index 0000000..11327af --- /dev/null +++ b/spec/helper.js @@ -0,0 +1,44 @@ +var specHelper = (function() { + // HELPERS + + function setupFakeXHR() { + this.xhr = sinon.useFakeXMLHttpRequest(); + var requests = this.requests = []; + this.xhr.onCreate = function (xhr) { + requests.push(xhr); + }; + this.expectRequest = expectRequest; + this.respondJSON = respondJSON; + this.respondXML = respondXML; + } + + // TODO: validate http verb + function expectRequest(url, content, verb) { + expect(this.requests.length).toBe(1); + expect(this.requests[0].url).toBe(url); + expect(decodeURI(this.requests[0].requestBody)).toBe(content); + if (verb) { + expect(this.requests[0].method).toBe(verb); + } + } + + function respondXML(content) { + var request = this.requests.pop(); + header = { "Content-Type": "application/xml;charset=utf-8" }; + body = '\n'; + body += content; + request.respond(200, header, body); + } + + function respondJSON(object) { + var request = this.requests.pop(); + header = { "Content-Type": "application/json;charset=utf-8" }; + body = JSON.stringify(object); + request.respond(200, header, body); + } + + return { + setupFakeXHR: setupFakeXHR, + } + +})(); diff --git a/spec/login_spec.js b/spec/login_spec.js new file mode 100644 index 0000000..4df62a8 --- /dev/null +++ b/spec/login_spec.js @@ -0,0 +1,78 @@ +describe("Login", function() { + + it("has an identify function", function() { + var srp = new SRP(jqueryRest()); + expect(typeof srp.identify).toBe('function'); + }); + + describe("(Compatibility with py-srp)", function (){ + // these need to be the same as in the spec runner: + var login = "testuser"; + var password = "password"; + // a valid auth attempt for the user / password given in the spec runner: + var a = 'a5cccf937ea1bf72df5cf8099442552f5664da6780a75436d5a59bc77a8a9993'; + var A = 'e67d222244564ccd2e37471f226b999a4e987f3d494c7d80e0d36169efd6c6c6d857a96924c25fc165e5e9b0212a31c30701ec376dc32e36be00bbcd6d2104789d368af984e26fc094374f90ee5746478f14cec45c7e131a3cbce15fe79e98894213dac4e63c3f73f644fe25aa8707bc58859dfd1b36972e4e34169db2622899'; + // just for the sake of having a complete set of test vars: + var b = '6aa5c88d1877af9907ccefad31083e1102a7121dc04706f681f66c8680fb7f05'; + var B = 'd56a80aaafdf9f70598b5d1184f122f326a333fafd37ab76d6f7fba4a9c4ee59545be056335150bd64f04880bc8e76949469379fe9de17cf6f36f3ee11713d05f63050486bc73c545163169999ff01b55c0ca4e90d8856a6e3d3a6ffc70b70d993a5308a37a5c2399874344e083e72b3c9afa083d312dfe9096ea9a65023f135'; + var salt = '628365a0'; + var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b'; + var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26'; + var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e'; + var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190'; + var A_, callback; + + + beforeEach(function() { + this.srp = new SRP(jqueryRest()); + + specHelper.setupFakeXHR.apply(this); + + A_ = this.srp.session.calculateAndSetA(a) + }); + + afterEach(function() { + this.xhr.restore(); + }); + + it("calculates the same A", function(){ + expect(A_).toBe(A); + }); + + it("calculates the same verifier", function(){ + expect(this.srp.session.getV().toString(16)).toBe(V); + }); + + it("calculates the same key", function(){ + this.srp.session.calculations(salt, B); + expect(this.srp.session.key()).toBe(K); + }); + + it("works with JSON responses", function(){ + var success = sinon.spy(); + this.srp.identify(success); + + this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST'); + this.respondJSON({salt: salt, B: B}); + this.expectRequest('sessions/'+login+'.json', 'client_auth='+M, 'PUT'); + this.respondJSON({M2: M2}); + + expect(success).toHaveBeenCalled(); + }); + + it("rejects B = 0", function(){ + var success = sinon.spy(); + var error = sinon.spy(); + this.srp.identify(success, error); + + this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST'); + this.respondJSON({salt: salt, B: 0}); + // aborting if B=0 + expect(this.requests).toEqual([]); + expect(error).toHaveBeenCalled(); + expect(success).not.toHaveBeenCalled(); + }); + }); + + +}); diff --git a/spec/restful/login.js b/spec/restful/login.js deleted file mode 100644 index 4df62a8..0000000 --- a/spec/restful/login.js +++ /dev/null @@ -1,78 +0,0 @@ -describe("Login", function() { - - it("has an identify function", function() { - var srp = new SRP(jqueryRest()); - expect(typeof srp.identify).toBe('function'); - }); - - describe("(Compatibility with py-srp)", function (){ - // these need to be the same as in the spec runner: - var login = "testuser"; - var password = "password"; - // a valid auth attempt for the user / password given in the spec runner: - var a = 'a5cccf937ea1bf72df5cf8099442552f5664da6780a75436d5a59bc77a8a9993'; - var A = 'e67d222244564ccd2e37471f226b999a4e987f3d494c7d80e0d36169efd6c6c6d857a96924c25fc165e5e9b0212a31c30701ec376dc32e36be00bbcd6d2104789d368af984e26fc094374f90ee5746478f14cec45c7e131a3cbce15fe79e98894213dac4e63c3f73f644fe25aa8707bc58859dfd1b36972e4e34169db2622899'; - // just for the sake of having a complete set of test vars: - var b = '6aa5c88d1877af9907ccefad31083e1102a7121dc04706f681f66c8680fb7f05'; - var B = 'd56a80aaafdf9f70598b5d1184f122f326a333fafd37ab76d6f7fba4a9c4ee59545be056335150bd64f04880bc8e76949469379fe9de17cf6f36f3ee11713d05f63050486bc73c545163169999ff01b55c0ca4e90d8856a6e3d3a6ffc70b70d993a5308a37a5c2399874344e083e72b3c9afa083d312dfe9096ea9a65023f135'; - var salt = '628365a0'; - var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b'; - var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26'; - var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e'; - var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190'; - var A_, callback; - - - beforeEach(function() { - this.srp = new SRP(jqueryRest()); - - specHelper.setupFakeXHR.apply(this); - - A_ = this.srp.session.calculateAndSetA(a) - }); - - afterEach(function() { - this.xhr.restore(); - }); - - it("calculates the same A", function(){ - expect(A_).toBe(A); - }); - - it("calculates the same verifier", function(){ - expect(this.srp.session.getV().toString(16)).toBe(V); - }); - - it("calculates the same key", function(){ - this.srp.session.calculations(salt, B); - expect(this.srp.session.key()).toBe(K); - }); - - it("works with JSON responses", function(){ - var success = sinon.spy(); - this.srp.identify(success); - - this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST'); - this.respondJSON({salt: salt, B: B}); - this.expectRequest('sessions/'+login+'.json', 'client_auth='+M, 'PUT'); - this.respondJSON({M2: M2}); - - expect(success).toHaveBeenCalled(); - }); - - it("rejects B = 0", function(){ - var success = sinon.spy(); - var error = sinon.spy(); - this.srp.identify(success, error); - - this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST'); - this.respondJSON({salt: salt, B: 0}); - // aborting if B=0 - expect(this.requests).toEqual([]); - expect(error).toHaveBeenCalled(); - expect(success).not.toHaveBeenCalled(); - }); - }); - - -}); diff --git a/spec/restful/session.js b/spec/restful/session.js deleted file mode 100644 index b7f16f0..0000000 --- a/spec/restful/session.js +++ /dev/null @@ -1,39 +0,0 @@ -describe("Session", function() { - - // data gathered from py-srp and ruby-srp - var compare = { - username: "UC6LTQ", - password: "PVSQ7DCEIR0B", - salt: "d6ed8dba", - v: "c86a8c04a4f71cb10bfe3fedb74bae545b9a20e0f3e95b6334fce1cb3384a296f75d774a3829ffd63f405f13f58ffbae415fd234b08b996c11e8618c17961defcebb1d244b388b75cf36882ee97182a900ebeaf7cffa0a83eed294f3a9449a06beb88954952759d2957b80ef851f4cc4fcaa6001fee4f00c273ecdd712d48371", - aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868", - a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", - bb: "5f5bedd1f95b6b0d6809614f162e49753acce6979e1041f4da5bfa91e1dadd2a5470270ed102a49c5f74fd42f2b61a8a1a43218159a22b31a7cbd4670679480e56d0e4e72a22c07e07102ff063045d0c3c96085dec1cc2959453e0299890bd95af76403cec6ec5f212667a75ae6f4a8327183d72c3ee85792ca43820fbccf244", - m: "bc30b8781e67a657e93d0a6cf7e7847fc60f79e2b0641e9c26b3522bc8f974cc" - } - - var session; - - beforeEach(function() { - var srp = new SRP(jqueryRest()); - session = new srp.Session(compare.username, compare.password); - }); - - it("has the proper username", function() { - expect(session.getI()).toBe(compare.username); - }); - - it("calculates the proper verifier", function() { - expect(session.getV(compare.salt).toString(16)).toBe(compare.v); - }); - - it("calculates the proper A", function() { - expect(session.calculateAndSetA(compare.a)).toBe(compare.aa); - }); - - it("calculates the proper M", function() { - session.calculateAndSetA(compare.a); - session.calculations(compare.salt, compare.bb); - expect(session.getM()).toBe(compare.m); - }); -}); diff --git a/spec/restful/signup.js b/spec/restful/signup.js deleted file mode 100644 index e4d70df..0000000 --- a/spec/restful/signup.js +++ /dev/null @@ -1,32 +0,0 @@ -describe("Signup", function() { - - beforeEach(function() { - this.srp = new SRP(jqueryRest()); - specHelper.setupFakeXHR.apply(this); - }); - - afterEach(function() { - this.xhr.restore(); - }); - - it("has a register function", function() { - expect(typeof this.srp.register).toBe('function'); - }); - - it("calculates the right x", function(){ - expect(this.srp.session.calcX("7686acb8").toString(16)).toBe('84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398'); - }); - - it("identifies after successful registration (INTEGRATION)", function(){ - var callback = sinon.spy(); - this.srp.identify = callback; - this.srp.session.getSalt = function() {return "4c78c3f8"}; - this.srp.register(); - this.expectRequest('users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST') - this.respondJSON({password_salt: "4c78c3f8", login: "testuser", ok: "true"}); - expect(callback).toHaveBeenCalled(); - }); - -}); - - diff --git a/spec/runner.html b/spec/runner.html new file mode 100644 index 0000000..5f4727c --- /dev/null +++ b/spec/runner.html @@ -0,0 +1,75 @@ + + + + + Jasmine Spec Runner + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spec/session_spec.js b/spec/session_spec.js new file mode 100644 index 0000000..b7f16f0 --- /dev/null +++ b/spec/session_spec.js @@ -0,0 +1,39 @@ +describe("Session", function() { + + // data gathered from py-srp and ruby-srp + var compare = { + username: "UC6LTQ", + password: "PVSQ7DCEIR0B", + salt: "d6ed8dba", + v: "c86a8c04a4f71cb10bfe3fedb74bae545b9a20e0f3e95b6334fce1cb3384a296f75d774a3829ffd63f405f13f58ffbae415fd234b08b996c11e8618c17961defcebb1d244b388b75cf36882ee97182a900ebeaf7cffa0a83eed294f3a9449a06beb88954952759d2957b80ef851f4cc4fcaa6001fee4f00c273ecdd712d48371", + aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868", + a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", + bb: "5f5bedd1f95b6b0d6809614f162e49753acce6979e1041f4da5bfa91e1dadd2a5470270ed102a49c5f74fd42f2b61a8a1a43218159a22b31a7cbd4670679480e56d0e4e72a22c07e07102ff063045d0c3c96085dec1cc2959453e0299890bd95af76403cec6ec5f212667a75ae6f4a8327183d72c3ee85792ca43820fbccf244", + m: "bc30b8781e67a657e93d0a6cf7e7847fc60f79e2b0641e9c26b3522bc8f974cc" + } + + var session; + + beforeEach(function() { + var srp = new SRP(jqueryRest()); + session = new srp.Session(compare.username, compare.password); + }); + + it("has the proper username", function() { + expect(session.getI()).toBe(compare.username); + }); + + it("calculates the proper verifier", function() { + expect(session.getV(compare.salt).toString(16)).toBe(compare.v); + }); + + it("calculates the proper A", function() { + expect(session.calculateAndSetA(compare.a)).toBe(compare.aa); + }); + + it("calculates the proper M", function() { + session.calculateAndSetA(compare.a); + session.calculations(compare.salt, compare.bb); + expect(session.getM()).toBe(compare.m); + }); +}); diff --git a/spec/signup_spec.js b/spec/signup_spec.js new file mode 100644 index 0000000..e4d70df --- /dev/null +++ b/spec/signup_spec.js @@ -0,0 +1,32 @@ +describe("Signup", function() { + + beforeEach(function() { + this.srp = new SRP(jqueryRest()); + specHelper.setupFakeXHR.apply(this); + }); + + afterEach(function() { + this.xhr.restore(); + }); + + it("has a register function", function() { + expect(typeof this.srp.register).toBe('function'); + }); + + it("calculates the right x", function(){ + expect(this.srp.session.calcX("7686acb8").toString(16)).toBe('84d6bb567ddf584b1d8c8728289644d45dbfbb02deedd05c0f64db96740f0398'); + }); + + it("identifies after successful registration (INTEGRATION)", function(){ + var callback = sinon.spy(); + this.srp.identify = callback; + this.srp.session.getSalt = function() {return "4c78c3f8"}; + this.srp.register(); + this.expectRequest('users.json', "user[login]=testuser&user[password_salt]=4c78c3f8&user[password_verifier]=474c26aa42d11f20544a00f7bf9711c4b5cf7aab95ed448df82b95521b96668e7480b16efce81c861870302560ddf6604c67df54f1d04b99d5bb9d0f02c6051ada5dc9d594f0d4314e12f876cfca3dcd99fc9c98c2e6a5e04298b11061fb8549a22cde0564e91514080df79bca1c38c682214d65d590f66b3719f954b078b83c", 'POST') + this.respondJSON({password_salt: "4c78c3f8", login: "testuser", ok: "true"}); + expect(callback).toHaveBeenCalled(); + }); + +}); + + diff --git a/spec/specHelper.js b/spec/specHelper.js deleted file mode 100644 index 11327af..0000000 --- a/spec/specHelper.js +++ /dev/null @@ -1,44 +0,0 @@ -var specHelper = (function() { - // HELPERS - - function setupFakeXHR() { - this.xhr = sinon.useFakeXMLHttpRequest(); - var requests = this.requests = []; - this.xhr.onCreate = function (xhr) { - requests.push(xhr); - }; - this.expectRequest = expectRequest; - this.respondJSON = respondJSON; - this.respondXML = respondXML; - } - - // TODO: validate http verb - function expectRequest(url, content, verb) { - expect(this.requests.length).toBe(1); - expect(this.requests[0].url).toBe(url); - expect(decodeURI(this.requests[0].requestBody)).toBe(content); - if (verb) { - expect(this.requests[0].method).toBe(verb); - } - } - - function respondXML(content) { - var request = this.requests.pop(); - header = { "Content-Type": "application/xml;charset=utf-8" }; - body = '\n'; - body += content; - request.respond(200, header, body); - } - - function respondJSON(object) { - var request = this.requests.pop(); - header = { "Content-Type": "application/json;charset=utf-8" }; - body = JSON.stringify(object); - request.respond(200, header, body); - } - - return { - setupFakeXHR: setupFakeXHR, - } - -})(); diff --git a/src/plainXHR.js b/src/plainXHR.js deleted file mode 100644 index c03c90a..0000000 --- a/src/plainXHR.js +++ /dev/null @@ -1,120 +0,0 @@ -// -// SRP JS - Plain XHR module -// -// This is deprecated - unless you are using srp-js with the original drupal -// server side I recommend you use a different API such as restful.js -// -// This code has been largely refactored, tests are still passing but I did -// not test it with the server itself. - -SRP.prototype.Remote = function() { - - // Perform ajax requests at the specified path, with the specified parameters - // Calling back the specified function. - function ajaxRequest(url, params, callback) - { - if( window.XMLHttpRequest) { - xhr = new XMLHttpRequest(); - } - else if (window.ActiveXObject){ - try{ - xhr = new ActiveXObject("Microsoft.XMLHTTP"); - }catch (e){} - } - else - { - session.error_message("Ajax not supported."); - return; - } - if(xhr){ - xhr.onreadystatechange = function() { - if(xhr.readyState == 4 && xhr.status == 200) { - callback(parseResponse()); - } - }; - xhr.open("POST", url, true); - xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); - xhr.setRequestHeader("Content-length", params.length); - xhr.send(params); - } - else - { - session.error_message("Ajax failed."); - } - } - - function parseResponse() { - if (responseIsXML()) { - return parseXML(xhr.responseXML); - } else if (responseIsJSON()) { - return JSON.parse(xhr.responseText); - } - } - - function responseIsXML() { - return (xhr.responseType == 'document') || - (xhr.getResponseHeader("Content-Type").indexOf('application/xml') >= 0); - } - - function responseIsJSON() { - return (xhr.responseType == 'json') || - (xhr.getResponseHeader("Content-Type").indexOf('application/json') >= 0); - } - - function parseXML(xml) { - if (xml.getElementsByTagName("r").length > 0) { - return parseAttributesOfElement(xml.getElementsByTagName("r")[0]); - } else { - return parseNodes(xml.childNodes); - } - } - - function parseAttributesOfElement(elem) { - var response = {}; - for (var i = 0; i < elem.attributes.length; i++) { - var attrib = elem.attributes[i]; - if (attrib.specified) { - response[attrib.name] = attrib.value; - } - } - return response; - } - - function parseNodes(nodes) { - var response = {}; - for (var i = 0; i < nodes.length; i++) { - var node = nodes[i]; - response[node.tagName] = node.textContent || true; - } - return response; - } - - // Drupal version fetches the salt from the server. No idea why but this - // should still do it. - this.register = function(session, callback) - { - function receive_salt(response) { - if(response.salt) - { - var s = response.salt; - var v = session.getV(s); - that.sendVerifier(session, callback); - } - } - - var that = this; - ajaxRequest("register/salt/", "I="+session.getI(), receive_salt); - }; - - this.sendVerifier = function(session, callback) { - ajaxRequest("register/user/", "v="+session.getV().toString(16), callback); - }; - - this.handshake = function(session, callback) { - ajaxRequest("handshake/", "I="+session.getI()+"&A="+session.getAstr(), callback); - }; - - this.authenticate = function(session, callback) { - ajaxRequest("authenticate/", "M="+session.getM(), callback); - }; -}; -- cgit v1.2.3 From 47c7a78e948f139074ec8d975cdd38cc3335253d Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 14 Nov 2012 12:28:36 +0100 Subject: cleaned up unused parser functions --- src/jqueryRest.js | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/src/jqueryRest.js b/src/jqueryRest.js index 133e3fd..54a0908 100644 --- a/src/jqueryRest.js +++ b/src/jqueryRest.js @@ -1,51 +1,5 @@ jqueryRest = function() { - function parseResponse() { - if (responseIsXML()) { - return parseXML(xhr.responseXML); - } else if (responseIsJSON()) { - return JSON.parse(xhr.responseText); - } - } - - function responseIsXML() { - return (xhr.responseType == 'document') || - (xhr.getResponseHeader("Content-Type").indexOf('application/xml') >= 0); - } - - function responseIsJSON() { - return (xhr.responseType == 'json') || - (xhr.getResponseHeader("Content-Type").indexOf('application/json') >= 0); - } - - function parseXML(xml) { - if (xml.getElementsByTagName("r").length > 0) { - return parseAttributesOfElement(xml.getElementsByTagName("r")[0]); - } else { - return parseNodes(xml.childNodes); - } - } - - function parseAttributesOfElement(elem) { - var response = {}; - for (var i = 0; i < elem.attributes.length; i++) { - var attrib = elem.attributes[i]; - if (attrib.specified) { - response[attrib.name] = attrib.value; - } - } - return response; - } - - function parseNodes(nodes) { - var response = {}; - for (var i = 0; i < nodes.length; i++) { - var node = nodes[i]; - response[node.tagName] = node.textContent || true; - } - return response; - } - // we do not fetch the salt from the server function register(session, callback) { -- cgit v1.2.3

Username:
Password:

Username:
Password:

Username:
Password: