spec/login_spec.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

describe("Login", function() {

  it("has an identify function", function() {
    var srp = new SRP(jqueryRest());
    expect(typeof srp.identify).toBe('function');
  });

  describe("(Compatibility with py-srp)", function (){
    // these need to be the same as in the spec runner:
    var login = "testuser";
    var password = "password";
    // a valid auth attempt for the user / password given in the spec runner:
    var a = 'a5cccf937ea1bf72df5cf8099442552f5664da6780a75436d5a59bc77a8a9993';
    var A = 'e67d222244564ccd2e37471f226b999a4e987f3d494c7d80e0d36169efd6c6c6d857a96924c25fc165e5e9b0212a31c30701ec376dc32e36be00bbcd6d2104789d368af984e26fc094374f90ee5746478f14cec45c7e131a3cbce15fe79e98894213dac4e63c3f73f644fe25aa8707bc58859dfd1b36972e4e34169db2622899';
    // just for the sake of having a complete set of test vars:
    var b = '6aa5c88d1877af9907ccefad31083e1102a7121dc04706f681f66c8680fb7f05'; 
    var B = 'd56a80aaafdf9f70598b5d1184f122f326a333fafd37ab76d6f7fba4a9c4ee59545be056335150bd64f04880bc8e76949469379fe9de17cf6f36f3ee11713d05f63050486bc73c545163169999ff01b55c0ca4e90d8856a6e3d3a6ffc70b70d993a5308a37a5c2399874344e083e72b3c9afa083d312dfe9096ea9a65023f135';
    var salt = '628365a0';
    var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b';
    var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26';
    var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e';
    var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190';
    var A_, callback;


    beforeEach(function() {
      this.srp = new SRP(jqueryRest());

      specHelper.setupFakeXHR.apply(this);

      A_ = this.srp.session.calculateAndSetA(a)
    });

    afterEach(function() {
      this.xhr.restore();
    });

    it("calculates the same A", function(){
      expect(A_).toBe(A);
    });

    it("calculates the same verifier", function(){
      expect(this.srp.session.getV().toString(16)).toBe(V);
    });

    it("calculates the same key", function(){
      this.srp.session.calculations(salt, B);
      expect(this.srp.session.key()).toBe(K);
    });

    it("authenticates successfully", function(){
      var success = sinon.spy();
      this.srp.identify(success);

      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
      this.respondJSON({salt: salt, B: B});
      this.expectRequest('sessions/'+login+'.json', 'client_auth='+M, 'PUT');
      this.respondJSON({M2: M2});

      expect(success).toHaveBeenCalled();
    });
    
    it("reports errors during handshake", function(){
      this.srp.error = sinon.spy();
      var error = {login: "something went wrong on the server side"};
      this.srp.identify();

      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
      this.respondJSON(error, 422);
      //this.expectNoMoreRequests();

      expect(this.srp.error).toHaveBeenCalled;
      var args = this.srp.error.args[0];
      expect($.parseJSON(args[0].responseText)).toEqual(error);
    });
    
    it("rejects B = 0", function(){
      var success = sinon.spy();
      var error = sinon.spy();
      this.srp.identify(success, error);

      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
      this.respondJSON({salt: salt, B: 0});
      // aborting if B=0
      expect(this.requests).toEqual([]);
      expect(error).toHaveBeenCalledWith("Server send random number 0 - could not login.");
      expect(success).not.toHaveBeenCalled();
    });
  });


});

describe("Login with srp var", function() {

  describe("(Compatibility with py-srp)", function (){
    // these need to be the same as in the spec runner:
    var login = "testuser";
    var password = "password";
    // a valid auth attempt for the user / password given in the spec runner:
    var a = 'a5cccf937ea1bf72df5cf8099442552f5664da6780a75436d5a59bc77a8a9993';
    var A = 'e67d222244564ccd2e37471f226b999a4e987f3d494c7d80e0d36169efd6c6c6d857a96924c25fc165e5e9b0212a31c30701ec376dc32e36be00bbcd6d2104789d368af984e26fc094374f90ee5746478f14cec45c7e131a3cbce15fe79e98894213dac4e63c3f73f644fe25aa8707bc58859dfd1b36972e4e34169db2622899';
    // just for the sake of having a complete set of test vars:
    var b = '6aa5c88d1877af9907ccefad31083e1102a7121dc04706f681f66c8680fb7f05'; 
    var B = 'd56a80aaafdf9f70598b5d1184f122f326a333fafd37ab76d6f7fba4a9c4ee59545be056335150bd64f04880bc8e76949469379fe9de17cf6f36f3ee11713d05f63050486bc73c545163169999ff01b55c0ca4e90d8856a6e3d3a6ffc70b70d993a5308a37a5c2399874344e083e72b3c9afa083d312dfe9096ea9a65023f135';
    var salt = '628365a0';
    var K = 'db6ec0bdab81742315861a828323ff492721bdcd114077a4124bc425e4bf328b';
    var M = '640e51d5ac5461591c31811221261f0e0eae7c08ce43c85e9556adbd94ed8c26';
    var M2 = '49e48f8ac8c4da0e8a7374f73eeedbee2266e123d23fc1be1568523fc9c24b1e';
    var V = '6f5fb78184161f4191babaf1a700ff70e4d261054d002466d05f2ec2b45fc8807dbd7ce25dc3c882331eb8bf72a22caf2868e3438477be7ab151d3281d00aa1a9fc5cb6a725abd99e11882f77d52b56b83f95c0ba0b8fbbf4ee1fbb445c35adb5d1aaa48ba761c4a4417f6bb821fb61956c919e47740b316b960653303fe7190';
    var A_, callback;


    beforeEach(function() {
      srp.session = new SRP().session;

      specHelper.setupFakeXHR.apply(this);

      A_ = srp.session.calculateAndSetA(a)
    });

    afterEach(function() {
      this.xhr.restore();
    });

    it("calculates the same A", function(){
      expect(A_).toBe(A);
    });

    it("calculates the same verifier", function(){
      expect(srp.session.getV().toString(16)).toBe(V);
    });

    it("calculates the same key", function(){
      srp.session.calculations(salt, B);
      expect(srp.session.key()).toBe(K);
    });

    it("authenticates successfully", function(){
      srp.loggedIn = sinon.spy();
      srp.login();

      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
      this.respondJSON({salt: salt, B: B});
      this.expectRequest('sessions/'+login+'.json', 'client_auth='+M, 'PUT');
      this.respondJSON({M2: M2});

      expect(srp.loggedIn).toHaveBeenCalled();
    });
    
    it("reports errors during handshake", function(){
      srp.error = sinon.spy();
      var error = {login: "something went wrong on the server side"};
      srp.login();

      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
      this.respondJSON(error, 422);
      //this.expectNoMoreRequests();

      expect(srp.error).toHaveBeenCalled;
      var args = srp.error.args[0];
      expect($.parseJSON(args[0].responseText)).toEqual(error);
    });
    
    it("rejects B = 0", function(){
      srp.loggedIn = sinon.spy();
      srp.error = sinon.spy();
      srp.login();

      this.expectRequest('sessions.json', 'login=' +login+ '&A=' +A, 'POST');
      this.respondJSON({salt: salt, B: 0});
      // aborting if B=0
      expect(this.requests).toEqual([]);
      expect(srp.error).toHaveBeenCalledWith("Server send random number 0 - could not login.");
      expect(srp.loggedIn).not.toHaveBeenCalled();
    });
  });


});