Phase 3b red: login flow tests with SRP mock server

sneak/quak

Adds fast-srp-hap (the same SRP library Ente's web client uses, pinned
to 2.0.4) as a runtime dependency.

Tests build a full mock Ente server using fast-srp-hap's SrpServer to
exercise real SRP-6a math end-to-end. The mock handles:
  GET /users/srp/attributes
  POST /users/srp/create-session
  POST /users/srp/verify-session
  POST /users/two-factor/verify
  POST /users/ott
  POST /users/verify-email

7 tests covering:
  * SRP login completing successfully
  * SRP login requiring TOTP (returns { kind: 'totp' })
  * Wrong password (SRP M1 fails server-side checkM1)
  * Email MFA fallback (returns { kind: 'emailOTP' })
  * submitTOTP
  * requestEmailOTP + submitEmailOTP

This commit is contained in:

Jeffrey Paul

2026-05-11 01:04:10 -07:00

parent 7d19d16b1b

commit 75b57cfb29

4 changed files with 414 additions and 0 deletions

									
										1

package.json
									
												View File
												
				@@ -38,6 +38,7 @@

				        "vitest": "2.1.9"

				    },

				    "dependencies": {

				        "fast-srp-hap": "2.0.4",

				        "libsodium-wrappers-sumo": "0.8.4"

				    }

				}

Phase 3b red: login flow tests with SRP mock server

1 package.json Unescape Escape View File

1

package.json

View File