From cb8e9f7b3dec1963e0d985b1b2541b260a132762 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Oct 2012 12:54:24 +0200 Subject: expecting the salt to be send with key salt --- spec/restful/login.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'spec/restful') diff --git a/spec/restful/login.js b/spec/restful/login.js index 0f6aa4f..d84112a 100644 --- a/spec/restful/login.js +++ b/spec/restful/login.js @@ -19,6 +19,7 @@ describe("Login", function() { var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b'; var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26'; var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e'; + var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190'; var A_, callback; @@ -39,6 +40,10 @@ describe("Login", function() { expect(A_).toBe(A); }); + it("starts with the right verifier", function(){ + expect(this.srp.session.getV().toString(16)).toBe(V); + }); + it("calculates the right key", function(){ this.srp.session.calculations(salt, B); expect(this.srp.session.key()).toBe(K); @@ -48,7 +53,7 @@ describe("Login", function() { this.srp.identify(); this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); - this.respondJSON({s: salt, B: B}); + this.respondJSON({salt: salt, B: B}); this.expectRequest('sessions/'+login, 'client_auth='+M, 'PUT'); this.respondJSON({M: M2}); @@ -60,7 +65,7 @@ describe("Login", function() { this.srp.identify(); this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); - this.respondJSON({s: salt, B: 0}); + this.respondJSON({salt: salt, B: 0}); // aborting if B=0 expect(this.requests).toEqual([]); expect(this.srp.error).toHaveBeenCalled(); -- cgit v1.2.3 From 5e7d79423cbc8b4cb48e2619f871bc223fd5ccdd Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 16 Oct 2012 15:20:57 +0200 Subject: added unit tests for session calculations --- spec/restful/session.js | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 spec/restful/session.js (limited to 'spec/restful') diff --git a/spec/restful/session.js b/spec/restful/session.js new file mode 100644 index 0000000..b7f16f0 --- /dev/null +++ b/spec/restful/session.js @@ -0,0 +1,39 @@ +describe("Session", function() { + + // data gathered from py-srp and ruby-srp + var compare = { + username: "UC6LTQ", + password: "PVSQ7DCEIR0B", + salt: "d6ed8dba", + v: "c86a8c04a4f71cb10bfe3fedb74bae545b9a20e0f3e95b6334fce1cb3384a296f75d774a3829ffd63f405f13f58ffbae415fd234b08b996c11e8618c17961defcebb1d244b388b75cf36882ee97182a900ebeaf7cffa0a83eed294f3a9449a06beb88954952759d2957b80ef851f4cc4fcaa6001fee4f00c273ecdd712d48371", + aa: "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868", + a: "d498c3d024ec17689b5320e33fc349a3f3f91320384155b3043fa410c90eab71", + bb: "5f5bedd1f95b6b0d6809614f162e49753acce6979e1041f4da5bfa91e1dadd2a5470270ed102a49c5f74fd42f2b61a8a1a43218159a22b31a7cbd4670679480e56d0e4e72a22c07e07102ff063045d0c3c96085dec1cc2959453e0299890bd95af76403cec6ec5f212667a75ae6f4a8327183d72c3ee85792ca43820fbccf244", + m: "bc30b8781e67a657e93d0a6cf7e7847fc60f79e2b0641e9c26b3522bc8f974cc" + } + + var session; + + beforeEach(function() { + var srp = new SRP(jqueryRest()); + session = new srp.Session(compare.username, compare.password); + }); + + it("has the proper username", function() { + expect(session.getI()).toBe(compare.username); + }); + + it("calculates the proper verifier", function() { + expect(session.getV(compare.salt).toString(16)).toBe(compare.v); + }); + + it("calculates the proper A", function() { + expect(session.calculateAndSetA(compare.a)).toBe(compare.aa); + }); + + it("calculates the proper M", function() { + session.calculateAndSetA(compare.a); + session.calculations(compare.salt, compare.bb); + expect(session.getM()).toBe(compare.m); + }); +}); -- cgit v1.2.3 From d21474a0290edab1c765741d484335d83f50be75 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 16 Oct 2012 17:24:12 +0200 Subject: use M2 as the key for the server auth --- spec/restful/login.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'spec/restful') diff --git a/spec/restful/login.js b/spec/restful/login.js index d84112a..1bc6108 100644 --- a/spec/restful/login.js +++ b/spec/restful/login.js @@ -55,7 +55,7 @@ describe("Login", function() { this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); this.respondJSON({salt: salt, B: B}); this.expectRequest('sessions/'+login, 'client_auth='+M, 'PUT'); - this.respondJSON({M: M2}); + this.respondJSON({M2: M2}); expect(this.srp.success).toHaveBeenCalled(); }); -- cgit v1.2.3 From 5a0ceeb1ca0055719a9b8977a799362163955766 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 12:06:37 +0200 Subject: hand success and error messages to identify by default also cleaned up some other parts that were not needed anymore --- spec/restful/login.js | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'spec/restful') diff --git a/spec/restful/login.js b/spec/restful/login.js index 1bc6108..9c43c00 100644 --- a/spec/restful/login.js +++ b/spec/restful/login.js @@ -5,7 +5,7 @@ describe("Login", function() { expect(typeof srp.identify).toBe('function'); }); - describe("(INTEGRATION)", function (){ + describe("(Compatibility with py-srp)", function (){ // these need to be the same as in the spec runner: var login = "testuser"; var password = "password"; @@ -29,46 +29,48 @@ describe("Login", function() { specHelper.setupFakeXHR.apply(this); A_ = this.srp.session.calculateAndSetA(a) - this.srp.success = sinon.spy(); }); afterEach(function() { this.xhr.restore(); }); - it("starts with the right A", function(){ + it("calculates the same A", function(){ expect(A_).toBe(A); }); - it("starts with the right verifier", function(){ + it("calculates the same verifier", function(){ expect(this.srp.session.getV().toString(16)).toBe(V); }); - it("calculates the right key", function(){ + it("calculates the same key", function(){ this.srp.session.calculations(salt, B); expect(this.srp.session.key()).toBe(K); }); it("works with JSON responses", function(){ - this.srp.identify(); + var success = sinon.spy(); + this.srp.identify(success); this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); this.respondJSON({salt: salt, B: B}); this.expectRequest('sessions/'+login, 'client_auth='+M, 'PUT'); this.respondJSON({M2: M2}); - expect(this.srp.success).toHaveBeenCalled(); + expect(success).toHaveBeenCalled(); }); it("rejects B = 0", function(){ - this.srp.error = sinon.spy(); - this.srp.identify(); + var success = sinon.spy(); + var error = sinon.spy(); + this.srp.identify(success, error); this.expectRequest('sessions', 'login=' +login+ '&A=' +A, 'POST'); this.respondJSON({salt: salt, B: 0}); // aborting if B=0 expect(this.requests).toEqual([]); - expect(this.srp.error).toHaveBeenCalled(); + expect(error).toHaveBeenCalled(); + expect(success).not.toHaveBeenCalled(); }); }); -- cgit v1.2.3