From 49bfe6ab74229ba4da5342382b87dcd6fca239fa Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Mon, 19 Nov 2012 15:58:46 +0100
Subject: works - but not quite what i want. Exposing jqXHR to error function

---
 src/jqueryRest.js | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index 54a0908..a7928d5 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -1,31 +1,30 @@
 jqueryRest = function() {
 
   // we do not fetch the salt from the server
-  function register(session, callback)
+  function register(session)
   {
-    sendVerifier(session, callback);
+    return sendVerifier(session);
   }
 
-  function sendVerifier(session, callback) {
+  function sendVerifier(session) {
     var salt = session.getSalt();
-    $.post("users.json", { user:
+    return $.post("users.json", { user:
       { login: session.getI(),
         password_salt: salt,
-        password_verifier: session.getV(salt).toString(16)}
-    }, callback);
+        password_verifier: session.getV(salt).toString(16)
+      }
+    });
   }
 
-  function handshake(session, callback) {
-    $.post("sessions.json", { login: session.getI(),
-      A: session.getAstr()}, callback);
+  function handshake(session) {
+    return $.post("sessions.json", { login: session.getI(), A: session.getAstr()});
   }
 
-  function authenticate(session, success) {
-    $.ajax({
+  function authenticate(session) {
+    return $.ajax({
       url: "sessions/" + session.getI() + ".json",
       type: 'PUT',
       data: {client_auth: session.getM()},
-      success: success
     });
   }
 
-- 
cgit v1.2.3


From 2e365cba5263ec50f10fb074c054ef19adb8f7b0 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Mon, 19 Nov 2012 17:36:49 +0100
Subject: first step at cleaning up the srp

---
 src/jqueryRest.js | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index a7928d5..29f737c 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -35,3 +35,53 @@ jqueryRest = function() {
     authenticate: authenticate
   };
 };
+
+srp.remote = (function(){
+
+  function signup(){
+    jqueryRest().register(srp.session)
+    .success(srp.signedUp)
+    .error(srp.error)
+  };
+
+  function login(){
+    jqueryRest().handshake(srp.session)
+    .success(receiveSalts)
+    .error(srp.error)
+  };
+
+  function receiveSalts(response){
+    // B = 0 will make the algorithm always succeed
+    // -> refuse such a server answer
+    if(response.B === 0) {
+      srp.error("Server send random number 0 - could not login.");
+    }
+    else if(! response.salt || response.salt === 0) {
+      srp.error("Server failed to send salt - could not login.");
+    } 
+    else 
+    {
+      srp.session.calculations(response.salt, response.B);
+      jqueryRest().authenticate(srp.session)
+      .success(confirmAuthentication)
+      .error(srp.error);
+    }
+  };
+
+  // Receive M2 from the server and verify it
+  // If an error occurs, raise it as an alert.
+  function confirmAuthentication(response)
+  {
+    if (srp.session.validate(response.M2))
+      srp.loggedIn();
+    else
+      srp.error("Server key does not match");
+  };
+
+
+  return {
+    signup: signup,
+    login: login
+  }
+
+}());
-- 
cgit v1.2.3


From 082f859bbdaedf4f03eb85aea9b8f88ffda2fe6d Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Mon, 19 Nov 2012 18:11:20 +0100
Subject: further cleanup

---
 src/jqueryRest.js | 62 ++++++++++++++++++++++---------------------------------
 1 file changed, 25 insertions(+), 37 deletions(-)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index 29f737c..c439f67 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -1,51 +1,39 @@
-jqueryRest = function() {
-
-  // we do not fetch the salt from the server
-  function register(session)
-  {
-    return sendVerifier(session);
-  }
+srp.remote = (function(){
+  var jqueryRest = (function() {
 
-  function sendVerifier(session) {
-    var salt = session.getSalt();
-    return $.post("users.json", { user:
-      { login: session.getI(),
-        password_salt: salt,
-        password_verifier: session.getV(salt).toString(16)
-      }
-    });
-  }
+    // we do not fetch the salt from the server
+    function register(session) {
+      return $.post("users.json", { user: session.signup() });
+    }
 
-  function handshake(session) {
-    return $.post("sessions.json", { login: session.getI(), A: session.getAstr()});
-  }
+    function handshake(session) {
+      return $.post("sessions.json", session.handshake());
+    }
 
-  function authenticate(session) {
-    return $.ajax({
-      url: "sessions/" + session.getI() + ".json",
-      type: 'PUT',
-      data: {client_auth: session.getM()},
-    });
-  }
+    function authenticate(session) {
+      return $.ajax({
+        url: "sessions/" + session.getI() + ".json",
+        type: 'PUT',
+        data: {client_auth: session.getM()}
+      });
+    }
 
-  return {
-    register: register,
-    register_send_verifier: sendVerifier,
-    handshake: handshake,
-    authenticate: authenticate
-  };
-};
+    return {
+      register: register,
+      handshake: handshake,
+      authenticate: authenticate
+    };
+  }());
 
-srp.remote = (function(){
 
   function signup(){
-    jqueryRest().register(srp.session)
+    jqueryRest.register(srp.session)
     .success(srp.signedUp)
     .error(srp.error)
   };
 
   function login(){
-    jqueryRest().handshake(srp.session)
+    jqueryRest.handshake(srp.session)
     .success(receiveSalts)
     .error(srp.error)
   };
@@ -62,7 +50,7 @@ srp.remote = (function(){
     else 
     {
       srp.session.calculations(response.salt, response.B);
-      jqueryRest().authenticate(srp.session)
+      jqueryRest.authenticate(srp.session)
       .success(confirmAuthentication)
       .error(srp.error);
     }
-- 
cgit v1.2.3


From cb46537c98db3cb7ac8cf23de243a86aa4a36acd Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Tue, 20 Nov 2012 10:52:45 +0100
Subject: sending the parsed json object to the error handler

---
 src/jqueryRest.js | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index c439f67..c4b0161 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -29,13 +29,13 @@ srp.remote = (function(){
   function signup(){
     jqueryRest.register(srp.session)
     .success(srp.signedUp)
-    .error(srp.error)
+    .error(error)
   };
 
   function login(){
     jqueryRest.handshake(srp.session)
     .success(receiveSalts)
-    .error(srp.error)
+    .error(error)
   };
 
   function receiveSalts(response){
@@ -52,7 +52,7 @@ srp.remote = (function(){
       srp.session.calculations(response.salt, response.B);
       jqueryRest.authenticate(srp.session)
       .success(confirmAuthentication)
-      .error(srp.error);
+      .error(error);
     }
   };
 
@@ -66,6 +66,12 @@ srp.remote = (function(){
       srp.error("Server key does not match");
   };
 
+  // The server will send error messages as json alongside
+  // the http error response.
+  function error(xhr)
+  { 
+    srp.error($.parseJSON(xhr.responseText))
+  };
 
   return {
     signup: signup,
-- 
cgit v1.2.3


From 635ea47f1c19d7985a8f5107c070ae19edf9dd54 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Tue, 20 Nov 2012 12:43:34 +0100
Subject: all request should go to absolute paths

They should be independent of the url we're serving the page from
---
 src/jqueryRest.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index c4b0161..1a60385 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -3,16 +3,16 @@ srp.remote = (function(){
 
     // we do not fetch the salt from the server
     function register(session) {
-      return $.post("users.json", { user: session.signup() });
+      return $.post("/users.json", { user: session.signup() });
     }
 
     function handshake(session) {
-      return $.post("sessions.json", session.handshake());
+      return $.post("/sessions.json", session.handshake());
     }
 
     function authenticate(session) {
       return $.ajax({
-        url: "sessions/" + session.getI() + ".json",
+        url: "/sessions/" + session.getI() + ".json",
         type: 'PUT',
         data: {client_auth: session.getM()}
       });
-- 
cgit v1.2.3


From ac5e8d8aa7d4a69a20e20d3079691d13ed2faa66 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Thu, 22 Nov 2012 12:49:46 +0100
Subject: using done/fail instead of success/error, handing all properties to
 fail

---
 src/jqueryRest.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index 1a60385..20692e9 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -28,14 +28,14 @@ srp.remote = (function(){
 
   function signup(){
     jqueryRest.register(srp.session)
-    .success(srp.signedUp)
-    .error(error)
+    .done(srp.signedUp)
+    .fail(error)
   };
 
   function login(){
     jqueryRest.handshake(srp.session)
-    .success(receiveSalts)
-    .error(error)
+    .done(receiveSalts)
+    .fail(error)
   };
 
   function receiveSalts(response){
@@ -51,8 +51,8 @@ srp.remote = (function(){
     {
       srp.session.calculations(response.salt, response.B);
       jqueryRest.authenticate(srp.session)
-      .success(confirmAuthentication)
-      .error(error);
+      .done(confirmAuthentication)
+      .fail(error);
     }
   };
 
@@ -68,7 +68,7 @@ srp.remote = (function(){
 
   // The server will send error messages as json alongside
   // the http error response.
-  function error(xhr)
+  function error(xhr, text, thrown)
   { 
     srp.error($.parseJSON(xhr.responseText))
   };
-- 
cgit v1.2.3


From 61ab6195768e78f1378caca7ca8ef4e7adcaebb3 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Thu, 22 Nov 2012 12:56:12 +0100
Subject: catch empty responses

---
 src/jqueryRest.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index 20692e9..bc3bb51 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -70,7 +70,10 @@ srp.remote = (function(){
   // the http error response.
   function error(xhr, text, thrown)
   { 
-    srp.error($.parseJSON(xhr.responseText))
+    if (xhr.responseText && xhr.responseText != "")
+      srp.error($.parseJSON(xhr.responseText));
+    else
+      srp.error("Server did not respond.");
   };
 
   return {
-- 
cgit v1.2.3


From 32719dee1d9a4d6ce717eef948dedd54f77b288b Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Fri, 23 Nov 2012 15:33:33 +0100
Subject: addToForm: add the srp signup data to an existing form

---
 src/jqueryRest.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index bc3bb51..abc53d4 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -18,6 +18,9 @@ srp.remote = (function(){
       });
     }
 
+    function addSignupToForm(session) {
+    }
+
     return {
       register: register,
       handshake: handshake,
@@ -38,6 +41,17 @@ srp.remote = (function(){
     .fail(error)
   };
 
+  function addToForm(){
+    form = this.target;
+    $.each(srp.session.signup(), function(key, value) {
+      form.append($('<input/>', {
+        type: 'hidden',
+        name: key
+        value: value
+      }));
+    }
+  }
+
   function receiveSalts(response){
     // B = 0 will make the algorithm always succeed
     // -> refuse such a server answer
-- 
cgit v1.2.3


From fff770a866b44abce6fe0fc5d5ffde034225436d Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Sun, 25 Nov 2012 12:55:00 +0100
Subject: API: update instead of addToForm

addToForm was an attempt to not use ajax but just the normal form submit.

Turns out it's easy to add hidden fields to the form but quite cumbersome to remove the password fields from teh form so they are not submitted over the eventually untrusted channel.

So we use ajax for updates just like for signup.
---
 src/jqueryRest.js | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

(limited to 'src/jqueryRest.js')

diff --git a/src/jqueryRest.js b/src/jqueryRest.js
index abc53d4..bfa4592 100644
--- a/src/jqueryRest.js
+++ b/src/jqueryRest.js
@@ -1,9 +1,17 @@
 srp.remote = (function(){
   var jqueryRest = (function() {
 
-    // we do not fetch the salt from the server
+    // TODO: Do we need to differentiate between PUT and POST?
     function register(session) {
-      return $.post("/users.json", { user: session.signup() });
+      return $.post("/users.json", {user: session.signup() });
+    }
+
+    function update(url, session) {
+      return $.ajax({
+        url: url,
+        type: 'PUT',
+        data: {user: session.signup() }
+      });
     }
 
     function handshake(session) {
@@ -18,11 +26,9 @@ srp.remote = (function(){
       });
     }
 
-    function addSignupToForm(session) {
-    }
-
     return {
       register: register,
+      update: update,
       handshake: handshake,
       authenticate: authenticate
     };
@@ -35,23 +41,19 @@ srp.remote = (function(){
     .fail(error)
   };
 
+  function update(submitEvent){
+    var form = submitEvent.target;
+    jqueryRest.update(form.action, srp.session)
+    .done(srp.updated)
+    .fail(error)
+  };
+
   function login(){
     jqueryRest.handshake(srp.session)
     .done(receiveSalts)
     .fail(error)
   };
 
-  function addToForm(){
-    form = this.target;
-    $.each(srp.session.signup(), function(key, value) {
-      form.append($('<input/>', {
-        type: 'hidden',
-        name: key
-        value: value
-      }));
-    }
-  }
-
   function receiveSalts(response){
     // B = 0 will make the algorithm always succeed
     // -> refuse such a server answer
@@ -92,6 +94,7 @@ srp.remote = (function(){
 
   return {
     signup: signup,
+    update: update,
     login: login
   }
 
-- 
cgit v1.2.3