fc90de79a2
added verification test for bad forgot password flow
...
updated error responses to more closely match api.md
2013-08-15 13:03:00 -07:00
c08b67aa66
implemented client side of forgot password
...
added a verification test of the forgot/reset flow
2013-08-14 14:44:19 -07:00
0dfde2d737
WIP on forgot password tests
2013-08-13 19:51:04 -07:00
effc806557
began implementing /password/forgot
2013-08-13 19:51:04 -07:00
d01cca7594
add high-level login call to client
2013-08-13 19:31:56 -07:00
bef3c216c9
token.key should be a Buffer, but stored as hex
...
token.key is used by Hawk as the HMAC key. If its
a Buffer, it uses those bytes, if its a string Hawk
converts the it to a Buffer with UTF8 encoding. We
want Hawk to use the "raw" bytes. This was discovered
in #114
2013-08-13 10:35:54 -07:00
e32bfa35e5
style fixes, removing tabs
2013-08-12 18:21:45 -07:00
3194bdb61d
print smtp debug in verification_tests
2013-08-12 13:49:38 -07:00
28aab91867
verifier may be less than 256 bytes, test golf
2013-08-12 12:23:46 -07:00
aa26f2fce0
moved test mail server inside verification test
2013-08-12 11:54:19 -07:00
ddb4ac13a4
added email verification tests
2013-08-09 20:10:32 -07:00
a1fce406fb
handle conversion of email to buffer in the client
2013-08-09 14:21:14 -07:00
dcf69ff1cf
added /account/destroy integration test
2013-08-09 11:17:47 -07:00
5d8c98c74a
updated AuthToken behavior for multiple contexts
2013-08-08 14:31:26 -07:00
9109a58eed
encode email as a hex string of UTF-8 bytes
2013-08-07 15:18:36 -07:00
fd45e4a8cb
fixed mysql test timeouts suboptimally. fixes #116
2013-08-07 14:29:31 -07:00
1cecfd5f76
changed recovery_method to recovery_email
2013-08-06 14:59:28 -07:00
e9a35fac94
implemented new /auth/start /session/create
2013-08-06 12:44:45 -07:00
df0ac8e8e9
updated /account/create to next api
2013-08-05 17:48:02 -07:00
f4a2d992b0
use dannycoates/node-srp module
...
This fork uses Buffers for all function input/output and bignum.
I'll be sending a PR to jedp.
2013-08-05 11:36:45 -07:00
4c37a7cecc
work around mysql in Account.del test
2013-07-31 11:54:47 -07:00
16c8178fce
made integration.js slightly less ghetto
2013-07-31 11:26:07 -07:00
a5a9fa731d
many changes to client module, started integration tests
2013-07-31 10:38:21 -07:00
4c83fd4d37
added error.js for custom errors
2013-07-31 10:38:21 -07:00
846be8340a
Added config.dev.verified option
...
Create new accounts in a verified state by setting
config.dev.verified to true with the env variable
DEV_VERIFIED=true
2013-07-29 15:09:38 -07:00
3ce6ff2a45
added more tests and changed verify_code api to not use sessionToken
2013-07-29 12:11:02 -07:00
a7b48ece91
added tests
2013-07-28 22:17:21 -07:00
0a5ef54187
made Account work better
2013-07-26 17:00:09 -07:00
7164bf1c21
reorganize files to hopefully be more sane
2013-07-25 17:15:38 -07:00
acc0ef6f97
enabled saving tokens on an Account
2013-07-24 13:44:00 -07:00
b66ee4d855
changed Account.getById to Account.get
2013-07-24 13:44:00 -07:00
90a29f1c50
reordered api.md + random wip
2013-07-24 13:43:59 -07:00
190d8739b2
began implementing recovery_methods
2013-07-24 13:43:59 -07:00
cce4ab7071
WIP on account reset
2013-07-24 13:43:59 -07:00
69c9c4dcbe
change everything, YOLO
2013-07-24 13:43:59 -07:00
1abe129d01
Fix running of tests against a live server.
...
This requires using a different email address for each test, so that we
can be sure it doesn't already exist. It also requires correct handling
of the "application/json; charset=utf8" content-type which seems to be
generated by the server.
2013-07-24 14:21:43 +10:00
6e22f08e11
use old kA on account reset - fixes #59
2013-07-09 16:59:09 -07:00
b9945e08b6
began implementing reference client
2013-07-09 15:55:39 -07:00
7633604bc1
Began api.md documentation
...
Also changed the responses for /create and /entropy
so that all responses are JSON
2013-07-09 13:41:47 -07:00
1c7ef7b21a
add payload verification for fields expected to be hex strings
2013-07-08 18:35:46 -07:00
f163fa8caa
include salt in encrypted bundle from client on reset
2013-07-08 17:22:22 -07:00
cdfecb1226
hex all the strings. closes #51
2013-07-08 14:09:15 -07:00
dbd3f3d22f
reset account WIP
2013-07-08 10:59:22 -07:00
3e1ed0804d
Merge branch 'housekeeping' of https://github.com/dannycoates/picl-idp into danny-housekeeping
...
Conflicts:
test/integration/account.js
2013-07-03 15:17:42 -07:00
f2779a4907
Added getEntropy endpoint at /entropy
2013-07-04 03:16:22 +05:30
619f835fc7
removed password login and accountToken
...
Also commented out reset tests until resetToken
is implemented, and refactored login tests.
2013-07-03 14:44:50 -07:00
63e9e50f40
added /sign tests with invalid data
...
the payload validation test will fail until hapi is fixed.
see https://github.com/spumko/hapi/pull/949
2013-07-02 18:01:25 -07:00
4a2da1aea6
implemented /sign with hawk credentials
...
uses the signToken to derive the hawk
tokenId and reqHMACkey as specified:
https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol#Signing_Certificates
2013-07-02 14:29:42 -07:00
a2c66f97fc
added SRP tests
...
also slightly refactored startLogin and finishLogin
2013-06-26 16:41:26 -07:00
cf7b14855b
Began implementing SRP
2013-06-26 12:01:18 -07:00
e3887aad91
implement utilities to compute hmac/xor keys and encrypt response for getSignToken2
2013-06-24 19:02:26 -07:00
c7abb0c156
use bunyan as the logger, remove 'good'
2013-06-20 11:10:34 -07:00
2519d21984
Implement getResetToken and resetPassword of the idp protocol
2013-05-24 16:00:20 -07:00
5e98adcdf3
added mysql.database to test.json config
2013-05-20 14:10:37 -07:00
0321ff4139
added test keys
2013-05-20 14:09:12 -07:00
318bd677e1
now generates certs from a signToken and public key
2013-05-16 17:13:01 -07:00
5725b6d660
additional failure test cases
2013-05-16 00:32:05 -07:00
8bd07a5e95
Add failure test cases
2013-05-15 17:05:28 -07:00
4d38bdbf51
Implement create, startLogin, and finishLogin sans SRP
2013-05-15 16:52:28 -07:00
820633f1bb
add kvstore library and mysql adapter
2013-05-14 17:06:16 -07:00
d92d1038aa
Skeleton Hapi app
2013-05-13 17:00:22 -07:00
Danny Coates
Zachary Carter
vladikoff
Ryan Kelly
MrDHat