From fff770a866b44abce6fe0fc5d5ffde034225436d Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Sun, 25 Nov 2012 12:55:00 +0100
Subject: API: update instead of addToForm

addToForm was an attempt to not use ajax but just the normal form submit.

Turns out it's easy to add hidden fields to the form but quite cumbersome to remove the password fields from teh form so they are not submitted over the eventually untrusted channel.

So we use ajax for updates just like for signup.
---
 src/jqueryRest.js | 35 +++++++++++++++++++----------------
 src/srp.js        |  8 ++++----
 2 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index abc53d4..bfa4592 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -1,9 +1,17 @@
 srp.remote = (function(){
   var jqueryRest = (function() {
 
-    // we do not fetch the salt from the server
+    // TODO: Do we need to differentiate between PUT and POST?
     function register(session) {
-      return $.post("/users.json", { user: session.signup() });
+      return $.post("/users.json", {user: session.signup() });
+    }
+
+    function update(url, session) {
+      return $.ajax({
+        url: url,
+        type: 'PUT',
+        data: {user: session.signup() }
+      });
     }
 
     function handshake(session) {
@@ -18,11 +26,9 @@ srp.remote = (function(){
       });
     }
 
-    function addSignupToForm(session) {
-    }
-
     return {
       register: register,
+      update: update,
       handshake: handshake,
       authenticate: authenticate
     };
@@ -35,23 +41,19 @@ srp.remote = (function(){
     .fail(error)
   };
 
+  function update(submitEvent){
+    var form = submitEvent.target;
+    jqueryRest.update(form.action, srp.session)
+    .done(srp.updated)
+    .fail(error)
+  };
+
   function login(){
     jqueryRest.handshake(srp.session)
     .done(receiveSalts)
     .fail(error)
   };
 
-  function addToForm(){
-    form = this.target;
-    $.each(srp.session.signup(), function(key, value) {
-      form.append($('<input/>', {
-        type: 'hidden',
-        name: key
-        value: value
-      }));
-    }
-  }
-
   function receiveSalts(response){
     // B = 0 will make the algorithm always succeed
     // -> refuse such a server answer
@@ -92,6 +94,7 @@ srp.remote = (function(){
 
   return {
     signup: signup,
+    update: update,
     login: login
   }
 
diff --git a/src/srp.js b/src/srp.js
index cbfdd10..efd50d2 100644
--- a/src/srp.js
+++ b/src/srp.js
@@ -10,15 +10,15 @@ var srp = (function(){
     srp.remote.login();
   };
 
-  function addToForm()
+  function update(submitEvent)
   {
-    srp.remote.addToForm();
+    srp.remote.update(submitEvent);
   };
 
   return {
     signup: signup,
-    login: login,
-    addToForm: addToForm
+    update: update,
+    login: login
   }
 }());
 
-- 
cgit v1.2.3