From d5e30a95e09bab18a55f9aad1572b6ae3e16e482 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 21 Aug 2012 17:14:06 +0200 Subject: moved on with refactoring * srp_register now is part of srp.js * moved server specific stuff into plainXHR (such as fetching the seed from the server) * fixed tests --- lib/jqueryRest.js | 2 +- lib/plainXHR.js | 26 ++++++++++++++++++-- lib/srp.js | 59 +++++++++++++++++++++++++++++---------------- lib/srp_register.js | 35 --------------------------- spec/DjangoSpecRunner.html | 1 - spec/RestfulSpecRunner.html | 2 +- spec/django/signup.js | 13 ++-------- 7 files changed, 66 insertions(+), 72 deletions(-) delete mode 100644 lib/srp_register.js diff --git a/lib/jqueryRest.js b/lib/jqueryRest.js index 84a9731..8c8163c 100644 --- a/lib/jqueryRest.js +++ b/lib/jqueryRest.js @@ -93,7 +93,7 @@ jqueryRest = function() { // we do not fetch the salt from the server function register(session, callback) { - callback({salt: session.getSalt()}); + sendVerifier(session, callback); } function sendVerifier(session, callback) { diff --git a/lib/plainXHR.js b/lib/plainXHR.js index 95ceeac..d07416b 100644 --- a/lib/plainXHR.js +++ b/lib/plainXHR.js @@ -1,3 +1,12 @@ +// +// SRP JS - Plain XHR module +// +// This is deprecated - unless you are using srp-js with the original drupal +// server side I recommend you use a different API such as restful.js +// +// This code has been largely refactored, tests are still passing but I did +// not test it with the server itself. + SRP.prototype.Remote = function() { // Perform ajax requests at the specified path, with the specified parameters @@ -78,10 +87,23 @@ SRP.prototype.Remote = function() { } return response; }; - + + // Drupal version fetches the salt from the server. No idea why but this + // should still do it. this.register = function(session, callback) { - ajaxRequest("register/salt/", "I="+session.getI(), callback); + var that = this; + ajaxRequest("register/salt/", "I="+session.getI(), receive_salt); + + function receive_salt(response) + { + if(response.salt) + { + var s = response.salt; + var v = session.getV(s); + that.sendVerifier(session, callback); + } + }; } this.sendVerifier = function(session, callback) { diff --git a/lib/srp.js b/lib/srp.js index b54d6b7..0482a06 100644 --- a/lib/srp.js +++ b/lib/srp.js @@ -3,43 +3,60 @@ function SRP(remote, session) var srp = this; session = session || new this.Session(); remote = remote || new this.Remote(); + remote.onError = remote.onError || this.error; + session.onError = session.onError || this.error; + this.remote = remote; + this.session = session; // Start the login process by identifying the user this.identify = function() { remote.handshake(session, receive_salts); + + // Receive login salts from the server, start calculations + function receive_salts(response) + { + // B = 0 will make the algorithm always succeed + // -> refuse such a server answer + if(response.B == 0) { + srp.error("Server send random number 0 - this is not allowed"); + } else { + session.calculations(response.s, response.B); + remote.authenticate(session, confirm_authentication) + } + }; + + // Receive M2 from the server and verify it + // If an error occurs, raise it as an alert. + function confirm_authentication(response) + { + if (session.validate(response.M)) + srp.success(); + else + srp.error("Server key does not match"); + }; }; - // Receive login salts from the server, start calculations - function receive_salts(response) + // Initiate the registration process + this.register = function() { - // B = 0 will make the algorithm always succeed - // -> refuse such a server answer - if(response.B == 0) { - srp.error("Server send random number 0 - this is not allowed"); - } else { - session.calculations(response.s, response.B); - remote.authenticate(session, confirm_authentication) - } + remote.register(session, srp.registered_user); }; - // Receive M2 from the server and verify it - // If an error occurs, raise it as an alert. - function confirm_authentication(response) + // The user has been registered successfully, now login + this.registered_user = function(response) { - if (session.validate(response.M)) - srp.success(); - else - alertErrorMessage("Server key does not match"); - }; + if(response.ok) + { + srp.identify(); + } + }; // Minimal error handling - set remote.onError to sth better to overwrite. this.error = function(text) { alert(text); }; - remote.onError = remote.onError || this.error; - session.onError = session.onError || this.error; // This function is called when authentication is successful. // Developers can set this to other functions in specific implementations @@ -55,5 +72,5 @@ function SRP(remote, session) alert("Login successful."); } }; - }; + diff --git a/lib/srp_register.js b/lib/srp_register.js deleted file mode 100644 index 5f9da36..0000000 --- a/lib/srp_register.js +++ /dev/null @@ -1,35 +0,0 @@ -function SRP_REGISTER() -{ - var that; - - // Initiate the registration process - SRP.prototype.register = function() - { - session = this; - this.remote.register(session, session.register_receive_salt); - }; - - // Receive the salt for registration - SRP.prototype.register_receive_salt = function(response) - { - if(response.salt) - { - var s = response.salt; - var v = session.getV(s); - session.remote.register_send_verifier(session, session.registered_user); - } - else if(response.error) - { - session.error_message(response.error); - } - }; - // The user has been registered successfully, now login - SRP.prototype.registered_user = function(response) - { - if(response.ok) - { - session.identify(); - } - }; -}; -SRP_REGISTER(); diff --git a/spec/DjangoSpecRunner.html b/spec/DjangoSpecRunner.html index 5d8c95a..93696f0 100644 --- a/spec/DjangoSpecRunner.html +++ b/spec/DjangoSpecRunner.html @@ -22,7 +22,6 @@ - diff --git a/spec/RestfulSpecRunner.html b/spec/RestfulSpecRunner.html index bc4715f..11858e8 100644 --- a/spec/RestfulSpecRunner.html +++ b/spec/RestfulSpecRunner.html @@ -21,7 +21,7 @@ - + diff --git a/spec/django/signup.js b/spec/django/signup.js index 08a9b64..383dd14 100644 --- a/spec/django/signup.js +++ b/spec/django/signup.js @@ -13,22 +13,13 @@ describe("Signup", function() { expect(typeof this.srp.register).toBe('function'); }); - it("fetches a salt from /register/salt", function(){ - var callback = sinon.spy(); - this.srp.register_receive_salt = callback; - this.srp.register(); - this.expectRequest('register/salt/', "I=user") - this.respondXML("5d3055e0acd3ddcfc15"); - expect(callback.called).toBeTruthy(); - }); - it("receives the salt from /register/salt", function(){ var callback = sinon.spy(); - this.srp.remote.register_send_verifier = callback; + this.srp.remote.sendVerifier = callback; this.srp.register(); this.expectRequest('register/salt/', "I=user") this.respondXML("5d3055e0acd3ddcfc15"); - expect(callback).toHaveBeenCalledWith(this.srp, this.srp.registered_user); + expect(callback).toHaveBeenCalledWith(this.srp.session, this.srp.registered_user); }); it("identifies after successful registration (INTEGRATION)", function(){ -- cgit v1.2.3