c9a289e4f4
Make SrpToken more like all the other token classes.
2013-11-08 09:48:17 +11:00
8b3665c8a5
Refactor token classes to reduce duplication, improve API compliance
...
This implements the latest tweaks to the token derivation/encrytion
scheme, and uses the new level of symmetry between operations to support
a substantial refactor and cleanup.
2013-11-08 09:48:17 +11:00
beac54a680
encode email as UTF-8 before key stretching and srp - fixes #274
2013-11-06 09:32:04 -08:00
42da3137e6
fixed broken test after #269
2013-11-05 10:41:19 -08:00
7b4623555f
added a test for expired hawk timestamps
2013-11-01 18:03:26 -07:00
ab8f1a1ee0
Merge pull request #267 from dannycoates/validation
...
test for oversized payloads
2013-11-01 16:34:37 -07:00
7c63ecbbbd
fixed jshint complaints
2013-11-01 14:29:39 -07:00
16f7a265f6
test for oversized payloads
2013-10-31 14:49:53 -07:00
657dfb9feb
made heap symmetric to mysql; db tests use config backend
2013-10-30 10:04:50 -07:00
271131a0c8
Fix error codes thrown by MySQL backend
2013-10-30 16:55:11 +11:00
b4b43986fe
More queries implemented for MySQL backend
2013-10-30 15:18:20 +11:00
a7239242fc
Fleshing out query implementations for the MySQL backend
2013-10-30 14:50:12 +11:00
20b4db620e
start of mysql tests
2013-10-29 17:31:54 -07:00
5c81b13c75
Merge branch 'srp2' into db
...
Conflicts:
bin/key_server.js
db/heap.js
db/mysql.js
package.json
tokens/srp_token.js
2013-10-29 15:13:35 -07:00
224083222e
fixed tests deleted obsolete ones. need moar token tests
2013-10-29 13:48:21 -07:00
4c34103589
Adding copyright headers
2013-10-29 11:56:54 -07:00
a41fe08538
updated to node-srp 0.2.0
2013-10-28 17:20:13 -07:00
f59f012e98
fixed tests deleted obsolete ones. need moar token tests
2013-10-28 11:42:16 -07:00
f0f79c4a2c
Merge pull request #252 from mozilla/rfk/static-views-cleanup
...
Cleanup static IDP-related views, and add some basic tests.
2013-10-28 11:35:18 -07:00
030eaf5626
Cleanup static IDP-related views, and add some basic tests.
2013-10-25 15:48:48 +11:00
5b7c185387
Use application-level Error objects in the Model classes.
...
This avoids introducing boom and hoek as dependencies of the client lib.
2013-10-25 14:15:43 +11:00
5d3eca31dc
Intercept hawk errors, transform into custom format.
2013-10-24 19:42:22 +11:00
9065d192b9
Define latest error codes, change existing code structure to use them.
2013-10-24 19:42:14 +11:00
47028e778c
Merge pull request #242 from mozilla/account_exists_client_api
...
add accountExists to client
2013-10-23 11:14:23 -07:00
768649b62d
we don't need the request library anymore in the integration tests because zach added it to the client api
2013-10-23 11:06:39 -07:00
06ae9dd41d
add raw password apis to client api
2013-10-23 05:22:38 -07:00
e48de28465
add accountExists to client
2013-10-23 03:05:05 -07:00
02a51183c4
naive implementation of /raw_password/account/create
2013-10-22 18:35:19 -07:00
20e376f5a7
naive implementation of /auth/password
2013-10-22 17:03:50 -07:00
0f936854de
add verify reset code to client api
2013-09-25 15:38:50 -07:00
ab33146ef0
Re-enable the test to make sure we can still log in after a reset password
2013-09-20 17:59:34 -07:00
de9893fe50
Changes the verification tests to use freshly created emails for each test and fixes some concurrency bugs in how the tests check for the verification and reset codes. Fixes #188
2013-09-20 16:52:56 -07:00
47480905e0
Merge pull request #186 from mozilla/buffers_n_bits
...
adds sjcl bytes codec and makes agument types more consistent
2013-09-10 18:19:57 -07:00
f8a32dc70b
use https for scrypt helper
2013-09-10 18:14:44 -07:00
749b5665d7
adds sjcl bytes codec and makes agument types more consistent - fixes #179
2013-09-06 17:21:48 -07:00
8379e2146e
Merge pull request #164 from vladikoff/key-stretch-updates
...
Updating methods to use buffers, adding tests, addressing feedback
2013-09-03 14:20:35 -07:00
d87c0465f0
Removed reference to authToken from Account
...
This was a race condition that could prevent
multiple devices from authenticating simultaneously.
AuthTokens are ephemeral and single-use so don't
need to be managed by the Account.
2013-09-03 11:53:27 -07:00
c6a3e3286b
Updating methods to use buffers, adding tests, addressing feedback
2013-08-29 20:50:37 -07:00
4485250121
Enhanced logging experience
2013-08-29 13:56:04 -07:00
bae6d84540
Tweak integration tests so they're more easily run against a live server.
2013-08-29 13:11:46 +10:00
72ef0af149
client keys command should return kB
2013-08-23 15:10:19 -07:00
95b4679de9
adding kB key
2013-08-22 19:07:06 -07:00
6cd9341019
Style consistency cleanup
2013-08-22 09:57:31 -07:00
4ea38ab744
Adding password stretching
2013-08-21 18:05:43 -07:00
2b04c921fc
Merge pull request #146 from zaach/email_templates
...
Email templates
2013-08-21 10:54:16 -07:00
9ca7052471
respond with an error on incorrect verification codes
2013-08-20 17:57:25 -07:00
f9f6b59eaa
Use HTML email templates, proxy the verification page through the bridge
2013-08-20 13:39:23 -07:00
796a7b124b
Added integration tests
...
- /session/destroy
- /recovery_email/resend_code
- /get_random_bytes
2013-08-19 13:16:13 -07:00
6adf730960
fix srp tests, bad mailer function
2013-08-15 17:58:01 -07:00
87e13985a9
changed error responses to include and errno
2013-08-15 16:44:18 -07:00
fc90de79a2
added verification test for bad forgot password flow
...
updated error responses to more closely match api.md
2013-08-15 13:03:00 -07:00
c08b67aa66
implemented client side of forgot password
...
added a verification test of the forgot/reset flow
2013-08-14 14:44:19 -07:00
0dfde2d737
WIP on forgot password tests
2013-08-13 19:51:04 -07:00
effc806557
began implementing /password/forgot
2013-08-13 19:51:04 -07:00
d01cca7594
add high-level login call to client
2013-08-13 19:31:56 -07:00
bef3c216c9
token.key should be a Buffer, but stored as hex
...
token.key is used by Hawk as the HMAC key. If its
a Buffer, it uses those bytes, if its a string Hawk
converts the it to a Buffer with UTF8 encoding. We
want Hawk to use the "raw" bytes. This was discovered
in #114
2013-08-13 10:35:54 -07:00
e32bfa35e5
style fixes, removing tabs
2013-08-12 18:21:45 -07:00
3194bdb61d
print smtp debug in verification_tests
2013-08-12 13:49:38 -07:00
28aab91867
verifier may be less than 256 bytes, test golf
2013-08-12 12:23:46 -07:00
aa26f2fce0
moved test mail server inside verification test
2013-08-12 11:54:19 -07:00
ddb4ac13a4
added email verification tests
2013-08-09 20:10:32 -07:00
a1fce406fb
handle conversion of email to buffer in the client
2013-08-09 14:21:14 -07:00
dcf69ff1cf
added /account/destroy integration test
2013-08-09 11:17:47 -07:00
5d8c98c74a
updated AuthToken behavior for multiple contexts
2013-08-08 14:31:26 -07:00
9109a58eed
encode email as a hex string of UTF-8 bytes
2013-08-07 15:18:36 -07:00
fd45e4a8cb
fixed mysql test timeouts suboptimally. fixes #116
2013-08-07 14:29:31 -07:00
1cecfd5f76
changed recovery_method to recovery_email
2013-08-06 14:59:28 -07:00
e9a35fac94
implemented new /auth/start /session/create
2013-08-06 12:44:45 -07:00
df0ac8e8e9
updated /account/create to next api
2013-08-05 17:48:02 -07:00
f4a2d992b0
use dannycoates/node-srp module
...
This fork uses Buffers for all function input/output and bignum.
I'll be sending a PR to jedp.
2013-08-05 11:36:45 -07:00
4c37a7cecc
work around mysql in Account.del test
2013-07-31 11:54:47 -07:00
16c8178fce
made integration.js slightly less ghetto
2013-07-31 11:26:07 -07:00
a5a9fa731d
many changes to client module, started integration tests
2013-07-31 10:38:21 -07:00
4c83fd4d37
added error.js for custom errors
2013-07-31 10:38:21 -07:00
846be8340a
Added config.dev.verified option
...
Create new accounts in a verified state by setting
config.dev.verified to true with the env variable
DEV_VERIFIED=true
2013-07-29 15:09:38 -07:00
3ce6ff2a45
added more tests and changed verify_code api to not use sessionToken
2013-07-29 12:11:02 -07:00
a7b48ece91
added tests
2013-07-28 22:17:21 -07:00
0a5ef54187
made Account work better
2013-07-26 17:00:09 -07:00
7164bf1c21
reorganize files to hopefully be more sane
2013-07-25 17:15:38 -07:00
acc0ef6f97
enabled saving tokens on an Account
2013-07-24 13:44:00 -07:00
b66ee4d855
changed Account.getById to Account.get
2013-07-24 13:44:00 -07:00
90a29f1c50
reordered api.md + random wip
2013-07-24 13:43:59 -07:00
190d8739b2
began implementing recovery_methods
2013-07-24 13:43:59 -07:00
cce4ab7071
WIP on account reset
2013-07-24 13:43:59 -07:00
69c9c4dcbe
change everything, YOLO
2013-07-24 13:43:59 -07:00
1abe129d01
Fix running of tests against a live server.
...
This requires using a different email address for each test, so that we
can be sure it doesn't already exist. It also requires correct handling
of the "application/json; charset=utf8" content-type which seems to be
generated by the server.
2013-07-24 14:21:43 +10:00
6e22f08e11
use old kA on account reset - fixes #59
2013-07-09 16:59:09 -07:00
b9945e08b6
began implementing reference client
2013-07-09 15:55:39 -07:00
7633604bc1
Began api.md documentation
...
Also changed the responses for /create and /entropy
so that all responses are JSON
2013-07-09 13:41:47 -07:00
1c7ef7b21a
add payload verification for fields expected to be hex strings
2013-07-08 18:35:46 -07:00
f163fa8caa
include salt in encrypted bundle from client on reset
2013-07-08 17:22:22 -07:00
cdfecb1226
hex all the strings. closes #51
2013-07-08 14:09:15 -07:00
dbd3f3d22f
reset account WIP
2013-07-08 10:59:22 -07:00
3e1ed0804d
Merge branch 'housekeeping' of https://github.com/dannycoates/picl-idp into danny-housekeeping
...
Conflicts:
test/integration/account.js
2013-07-03 15:17:42 -07:00
f2779a4907
Added getEntropy endpoint at /entropy
2013-07-04 03:16:22 +05:30
619f835fc7
removed password login and accountToken
...
Also commented out reset tests until resetToken
is implemented, and refactored login tests.
2013-07-03 14:44:50 -07:00
63e9e50f40
added /sign tests with invalid data
...
the payload validation test will fail until hapi is fixed.
see https://github.com/spumko/hapi/pull/949
2013-07-02 18:01:25 -07:00
4a2da1aea6
implemented /sign with hawk credentials
...
uses the signToken to derive the hawk
tokenId and reqHMACkey as specified:
https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol#Signing_Certificates
2013-07-02 14:29:42 -07:00
a2c66f97fc
added SRP tests
...
also slightly refactored startLogin and finishLogin
2013-06-26 16:41:26 -07:00
cf7b14855b
Began implementing SRP
2013-06-26 12:01:18 -07:00
e3887aad91
implement utilities to compute hmac/xor keys and encrypt response for getSignToken2
2013-06-24 19:02:26 -07:00
c7abb0c156
use bunyan as the logger, remove 'good'
2013-06-20 11:10:34 -07:00
2519d21984
Implement getResetToken and resetPassword of the idp protocol
2013-05-24 16:00:20 -07:00
5e98adcdf3
added mysql.database to test.json config
2013-05-20 14:10:37 -07:00
0321ff4139
added test keys
2013-05-20 14:09:12 -07:00
318bd677e1
now generates certs from a signToken and public key
2013-05-16 17:13:01 -07:00
5725b6d660
additional failure test cases
2013-05-16 00:32:05 -07:00
8bd07a5e95
Add failure test cases
2013-05-15 17:05:28 -07:00
4d38bdbf51
Implement create, startLogin, and finishLogin sans SRP
2013-05-15 16:52:28 -07:00
820633f1bb
add kvstore library and mysql adapter
2013-05-14 17:06:16 -07:00
d92d1038aa
Skeleton Hapi app
2013-05-13 17:00:22 -07:00
Ryan Kelly
Zachary Carter
Danny Coates
Peter deHaan
Chris Karlof
Zach Carter
vladikoff
MrDHat