Phase 3b red: login flow tests with SRP mock server

Adds fast-srp-hap (the same SRP library Ente's web client uses, pinned to 2.0.4) as a runtime dependency. Tests build a full mock Ente server using fast-srp-hap's SrpServer to exercise real SRP-6a math end-to-end. The mock handles: GET /users/srp/attributes POST /users/srp/create-session POST /users/srp/verify-session POST /users/two-factor/verify POST /users/ott POST /users/verify-email 7 tests covering: * SRP login completing successfully * SRP login requiring TOTP (returns { kind: 'totp' }) * Wrong password (SRP M1 fails server-side checkM1) * Email MFA fallback (returns { kind: 'emailOTP' }) * submitTOTP * requestEmailOTP + submitEmailOTP
2026-05-11 01:04:10 -07:00
parent 7d19d16b1b
commit 75b57cfb29
4 changed files with 414 additions and 0 deletions
--- a/yarn.lock
+++ b/yarn.lock
@@ -879,6 +879,11 @@ fast-levenshtein@^2.0.6:
  resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917"
  integrity sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==

+fast-srp-hap@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/fast-srp-hap/-/fast-srp-hap-2.0.4.tgz#9db296e21a5143951310f99e5a74290106467811"
+  integrity sha512-lHRYYaaIbMrhZtsdGTwPN82UbqD9Bv8QfOlKs+Dz6YRnByZifOh93EYmf2iEWFtkOEIqR2IK8cFD0UN5wLIWBQ==
+
 fastq@^1.6.0:
  version "1.20.1"
  resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.20.1.tgz#ca750a10dc925bc8b18839fd203e3ef4b3ced675"