From bd6d60789bfb97041d0d219f645c08b7b479b782 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 03:51:16 -0700 Subject: always use the API-only controller for all requests. --- src/jqueryRest.js | 18 +++++++++--------- src/srp_account.js | 8 ++++++-- src/srp_session.js | 11 ++++++----- 3 files changed, 21 insertions(+), 16 deletions(-) diff --git a/src/jqueryRest.js b/src/jqueryRest.js index c1eb3c1..85ef0ca 100644 --- a/src/jqueryRest.js +++ b/src/jqueryRest.js @@ -3,24 +3,24 @@ srp.remote = (function(){ // TODO: Do we need to differentiate between PUT and POST? function register(session) { - return $.post("/users.json", {user: session.signup() }); + return $.post("/1/users.json", {user: session.signup() }); } - function update(url, session) { + function update(session) { return $.ajax({ - url: url, + url: "/1/users/" + session.id() + ".json", type: 'PUT', data: {user: session.signup() } }); } function handshake(session) { - return $.post("/sessions.json", session.handshake()); + return $.post("/1/sessions.json", session.handshake()); } function authenticate(session) { return $.ajax({ - url: "/sessions/" + session.login() + ".json", + url: "/1/sessions/" + session.login() + ".json", type: 'PUT', data: {client_auth: session.getM()} }); @@ -43,7 +43,7 @@ srp.remote = (function(){ function update(submitEvent){ var form = submitEvent.target; - jqueryRest.update(form.action, srp.session) + jqueryRest.update(srp.session) .done(srp.updated) .fail(error) }; @@ -62,8 +62,8 @@ srp.remote = (function(){ } else if(! response.salt || response.salt === 0) { srp.error("Server failed to send salt - could not login."); - } - else + } + else { srp.session.calculations(response.salt, response.B); jqueryRest.authenticate(srp.session) @@ -85,7 +85,7 @@ srp.remote = (function(){ // The server will send error messages as json alongside // the http error response. function error(xhr, text, thrown) - { + { if (xhr.responseText && xhr.responseText != "") srp.error($.parseJSON(xhr.responseText)); else diff --git a/src/srp_account.js b/src/srp_account.js index 336e013..e949f12 100644 --- a/src/srp_account.js +++ b/src/srp_account.js @@ -1,5 +1,5 @@ -srp.Account = function(login, password) { - +srp.Account = function(login, password, id) { + // Returns the user's identity this.login = function() { return login || document.getElementById("srp_username").value; @@ -10,4 +10,8 @@ srp.Account = function(login, password) { return password || document.getElementById("srp_password").value; }; + // The user's id + this.id = function() { + return id || document.getElementById("user_param").value; + }; } diff --git a/src/srp_session.js b/src/srp_session.js index 5d1f829..0648959 100644 --- a/src/srp_session.js +++ b/src/srp_session.js @@ -33,8 +33,8 @@ srp.Session = function(account, calculate) { }; this.handshake = function() { - return { - login: account.login(), + return { + login: account.login(), A: this.getA() }; }; @@ -43,19 +43,20 @@ srp.Session = function(account, calculate) { return A; } - // Delegate login so it can be used when talking to the remote + // Delegate login & id so they can be used when talking to the remote this.login = account.login; + this.id = account.id; // Calculate S, M, and M2 // This is the client side of the SRP specification this.calculations = function(salt, ephemeral) - { + { //S -> C: s | B var B = ephemeral; var x = calculate.X(account.login(), account.password(), salt); S = calculate.S(a, A, B, x); K = calculate.K(S); - + // M = H(H(N) xor H(g), H(I), s, A, B, K) var xor = calculate.nXorG(); var hash_i = calculate.hash(account.login()) -- cgit v1.2.3