From 53dcb038bd5637bee2ee68fb380920b2b0d9febb Mon Sep 17 00:00:00 2001
From: ausiv4 <ausiv4@eb105b4a-77de-11de-a249-6bf219df57d5>
Date: Sat, 15 Aug 2009 23:15:31 +0000
Subject: This adds a file 'utils.py' to simplify templating.

Functions exist to create headers that include javascript files, and create javascript functions for login and registration. There are also
functions that create login and registration forms.

These functions don't necessarily account for everything a web developer might want to do, but it should simplify things for most developers and
provide guidelines for developers who want to build on top of this functionality.

Views.py now builds the login and register pages based on these functions. The register page now uses the login.html template, and the
register.html template should be deleted in the next release.
---
 django/srpproject/settings.py          | 10 +++--
 django/srpproject/srp/util.py          | 67 ++++++++++++++++++++++++++++++++++
 django/srpproject/srp/views.py         | 23 ++++++++----
 django/srpproject/templates/login.html | 31 ++--------------
 django/srpproject/urls.py              | 20 +++++-----
 5 files changed, 102 insertions(+), 49 deletions(-)
 create mode 100644 django/srpproject/srp/util.py

(limited to 'django/srpproject')

diff --git a/django/srpproject/settings.py b/django/srpproject/settings.py
index 7daaf66..5f6f642 100644
--- a/django/srpproject/settings.py
+++ b/django/srpproject/settings.py
@@ -65,10 +65,16 @@ MIDDLEWARE_CLASSES = (
 
 ROOT_URLCONF = 'srpproject.urls'
 
+AUTHENTICATION_BACKENDS = (
+    'srp.backends.SRPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+
 TEMPLATE_DIRS = (
     # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
     # Always use forward slashes, even on Windows.
     # Don't forget to use absolute paths, not relative paths.
+    "/home/austin/Projects/SRP-SVN/srp-js/django/srpproject/templates"
 )
 
 INSTALLED_APPS = (
@@ -78,7 +84,3 @@ INSTALLED_APPS = (
     'django.contrib.sites',
     'srpproject.srp'
 )
-
-AUTHENTICATION_BACKENDS = (
-    'srp.backends.SRPBackend',
-)
diff --git a/django/srpproject/srp/util.py b/django/srpproject/srp/util.py
new file mode 100644
index 0000000..1f82450
--- /dev/null
+++ b/django/srpproject/srp/util.py
@@ -0,0 +1,67 @@
+# Locally used functions: 
+def join(a,b):
+    return a+b if a.endswith("/") else "/".join((a,b))
+
+def genHeader(jsDir, flist):
+    return "\n".join(["<script src='%s'></script>" % join(jsDir, f) for f in flist])
+
+# Headers:
+def loginHeader(jsDir, compressed=True):
+    return genHeader(jsDir, ["srp.min.js"] if compressed else ["SHA256.js", "prng4.js", "rng.js", "jsbn.js", "jsbn2.js", "srp.js"])
+
+def registerHeader(jsDir, compressed=True):
+    return genHeader(jsDir, ["srp.min.js", "srp_register.min.js"] if compressed else \
+["SHA256.js", "prng4.js", "rng.js", "jsbn.js", "jsbn2.js", "srp.js", "srp_register.js"])
+
+# Forms:
+def loginForm(srp_url, srp_forward, login_function="login()", no_js=True):
+    return """<form action="%s" method="POST" onsubmit="return %s">
+<table>
+<tr><td>Username:</td><td><input type="text" name="srp_username" id="srp_username" /></td></tr>
+<tr><td>Password:</td><td><input type="password" name="srp_password" id="srp_password" /></td></tr>
+<input type="hidden" id="srp_url" value="%s"/>
+<input type="hidden" name="srp_forward" id="srp_forward" value="%s"/>
+<input type="hidden" id="srp_server" value="django"/>
+</table>
+<input type="submit"/>
+</form>""" % (join(srp_url, "noJs/") if no_js else "#", login_function, join(srp_url, ""), srp_forward)
+
+def registerForm(srp_url, srp_forward, login_function="register()"):
+    return """<form action="#" method="POST" onsubmit="return %s">
+<table>
+<tr><td>Username:</td><td><input type="text" name="srp_username" id="srp_username" /></td></tr>
+<tr><td>Password:</td><td><input type="password" name="srp_password" id="srp_password" /></td></tr>
+<tr><td>Confirm Password:</td><td><input type="password" id="confirm_password" /></td></tr>
+<input type="hidden" id="srp_url" value="%s"/>
+<input type="hidden" name="srp_forward" id="srp_forward" value="%s"/>
+<input type="hidden" id="srp_server" value="django"/>
+</table>
+<input type="submit"/>
+</form>""" % (login_function, join(srp_url, ""), srp_forward)
+
+
+# Functions: 
+def loginFunction():
+    return """<script type="text/javascript">
+function login()
+{
+    srp = new SRP();
+    srp.identify();
+    return false;
+}
+</script>"""
+
+def registerFunction():
+    return """<script type="text/javascript">function register()
+{
+    if(document.getElementById("confirm_password").value != document.getElementById("srp_password").value)
+        alert("Passwords do not match");
+    else if(document.getElementById("srp_password").value == "")
+        alert("Password cannot be blank");
+    else
+    {
+        srp = new SRP();
+        srp.register();
+    }
+    return false;
+};</script>"""
diff --git a/django/srpproject/srp/views.py b/django/srpproject/srp/views.py
index cde4e5a..74209e5 100644
--- a/django/srpproject/srp/views.py
+++ b/django/srpproject/srp/views.py
@@ -1,5 +1,3 @@
-# Create your views here.
-
 from django.http import HttpResponse, HttpResponseRedirect
 
 from django.contrib.auth.models import User
@@ -44,16 +42,21 @@ def generate_verifier(salt, username, password):
     
 def login_page(request):
     from django.shortcuts import render_to_response
+    import util
     return render_to_response('login.html', \
         {'error': "Invalid username or password" if "error" in request.GET and request.GET["error"] == '1' and not request.user.is_authenticated() else "",\
-        'static_files': "http://%s/srp-test/javascript" % request.get_host(), \
-        'srp_url': "http://%s/srp/" % request.get_host()})
+        'jsHeader': util.loginHeader("http://%s/srp-test/javascript" % request.get_host()),\
+        'loginForm': util.loginForm("http://%s/srp/" % request.get_host(), "http://google.com"),\
+        'loginFunction': util.loginFunction() })
 
 def register_page(request):
     from django.shortcuts import render_to_response
-    return render_to_response('register.html',\
-        {'static_files': "http://%s/srp-test/javascript" % request.get_host(),\
-         'srp_url': "http://%s/srp/" % request.get_host()})
+    import util
+    return render_to_response('login.html', \
+        {'error': "Invalid username or password" if "error" in request.GET and request.GET["error"] == '1' and not request.user.is_authenticated() else "",\
+        'jsHeader': util.registerHeader("http://%s/srp-test/javascript" % request.get_host()),\
+        'loginForm': util.registerForm("http://%s/srp/" % request.get_host(), "http://google.com"),\
+        'loginFunction': util.registerFunction() })
 
 ###
 ### User Registration
@@ -190,6 +193,8 @@ def no_javascript(request):
     try:
         user = User.objects.get(username=request.POST["srp_username"])
         try:
+            # Create a verifier for the user, and check that it matches the user's verifier
+            # Since we're doing it all on one side, we can skip the rest of the protocol
             v = generate_verifier(user.srpuser.salt, request.POST["srp_username"], request.POST["srp_password"])
             user = authenticate(username=request.POST["srp_username"], M=(user.srpuser.verifier, v))
             if user:
@@ -199,6 +204,8 @@ def no_javascript(request):
                 else:
                     return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"]))
         except SRPUser.DoesNotExist:
+            # The user exists in the auth table, but not the SRP table
+            # Create an SRP version of the user
             if user.check_password(request.POST["srp_password"]):
                 srpuser = SRPUser()
                 srpuser.__dict__.update(user.__dict__)
@@ -211,6 +218,8 @@ def no_javascript(request):
                 else:
                     return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"]))
     except User.DoesNotExist:
+        # The user does not exist in the auth tables
+        # Send the client back to the login page with an error
         pass
     if "?" in request.META["HTTP_REFERER"]:
         if "error=1" in request.META["HTTP_REFERER"]:
diff --git a/django/srpproject/templates/login.html b/django/srpproject/templates/login.html
index 14f148d..c1d6238 100644
--- a/django/srpproject/templates/login.html
+++ b/django/srpproject/templates/login.html
@@ -1,35 +1,10 @@
 <html>
  <head>
-
-{% comment %}    <script src="{{ static_files }}/SHA256.js"></script>
-    <script src="{{ static_files }}/prng4.js"></script>
-    <script src="{{ static_files }}/rng.js"></script>
-    <script src="{{ static_files }}/jsbn.js"></script>
-    <script src="{{ static_files }}/jsbn2.js"></script>
-    <script src="{{ static_files }}/srp.js"></script>
-{% endcomment %}
-    <script src="{{ static_files }}/jsPacker/srp.min.js"></script>
-
-    <script type="text/javascript">
-    function login()
-    {
-        srp = new SRP();
-        srp.identify();
-        return false;
-    }
-    </script>
+    {{ jsHeader|safe }}
+    {{ loginFunction|safe }}
  </head>
  <body>
-    <form action="{{ srp_url }}noJs/" method="POST" onsubmit="return login()">
-    <table>
     {{ error }}<p/>
-    <tr><td>Username:</td><td><input type="text" name="srp_username" id="srp_username" /></td></tr>
-    <tr><td>Password:</td><td><input type="password" name="srp_password" id="srp_password" /></td></tr>
-    <input type="hidden" id="srp_url" value="{{ srp_url }}"/>
-    <input type="hidden" name="srp_forward" id="srp_forward" value="#"/>
-    <input type="hidden" id="srp_server" value="django"/>
-    </table>
-    <input type="submit"/>
-    </form>
+    {{ loginForm|safe }}
  </body>
 </html>
diff --git a/django/srpproject/urls.py b/django/srpproject/urls.py
index d436697..c50fd72 100644
--- a/django/srpproject/urls.py
+++ b/django/srpproject/urls.py
@@ -3,27 +3,27 @@ from django.conf.urls.defaults import *
 # Uncomment the next two lines to enable the admin:
 # from django.contrib import admin
 # admin.autodiscover()
-from srpproject.srp import views
+import srp.views
 
 urlpatterns = patterns('',
 
     # Login and regiser pages. These are mainly for testing.
-    (r'^srp/register/$', views.register_page),
-    (r'^srp/login/$', views.login_page),
+    (r'^srp/register/$', srp.views.register_page),
+    (r'^srp/login/$', srp.views.login_page),
 
     # These pages are necessary for users to register
-    (r'^srp/register/salt/$', views.register_salt),
-    (r'^srp/register/user/$', views.register_user),
+    (r'^srp/register/salt/$', srp.views.register_salt),
+    (r'^srp/register/user/$', srp.views.register_user),
 
     # These pages are necessary for users to log in
-    (r'^srp/handshake/$', views.handshake),
-    (r'^srp/authenticate/$', views.verify),
+    (r'^srp/handshake/$', srp.views.handshake),
+    (r'^srp/authenticate/$', srp.views.verify),
 
     # This page allows users to login without javascript, 
     # but the browser posts their username and password in plaintext.
-    (r'^srp/noJs/$', views.no_javascript),
+    (r'^srp/noJs/$', srp.views.no_javascript),
 
     # Only include these if you are upgrading an existing installation to SRP
-    (r'^srp/upgrade/authenticate/$', views.upgrade_auth),
-    (r'^srp/upgrade/verifier/$', views.upgrade_add_verifier),
+    (r'^srp/upgrade/authenticate/$', srp.views.upgrade_auth),
+    (r'^srp/upgrade/verifier/$', srp.views.upgrade_add_verifier),
 )
-- 
cgit v1.2.3