sneak/quak - quak - git.eeqj.de

sneak/quak

Fork 0

Commit Graph

Author	SHA1	Message	Date
sneak	75b57cfb29	Phase 3b red: login flow tests with SRP mock server Adds fast-srp-hap (the same SRP library Ente's web client uses, pinned to 2.0.4) as a runtime dependency. Tests build a full mock Ente server using fast-srp-hap's SrpServer to exercise real SRP-6a math end-to-end. The mock handles: GET /users/srp/attributes POST /users/srp/create-session POST /users/srp/verify-session POST /users/two-factor/verify POST /users/ott POST /users/verify-email 7 tests covering: * SRP login completing successfully * SRP login requiring TOTP (returns { kind: 'totp' }) * Wrong password (SRP M1 fails server-side checkM1) * Email MFA fallback (returns { kind: 'emailOTP' }) * submitTOTP * requestEmailOTP + submitEmailOTP	2026-05-11 01:04:10 -07:00
sneak	6386a0ec9f	Phase 3a red: auth.unwrapAuth tests and stub Tests for the password-only decryption chain that follows a successful login (SRP or email OTP, with or without 2FA). The unwrap covers: password -> KEK (Argon2id) -> masterKey (secretbox) -> secretKey (secretbox) -> tokenBytes (sealed box) -> base64url token Each test builds a synthetic AuthorizationResponse using libsodium directly and asserts unwrapAuth recovers the inputs byte for byte. The test file also functions as the canonical description of the protocol. Adds src/auth/types.ts with KeyAttributes, SRPAttributes, AuthorizationResponse, and LoginChallenge declarations matching the README's API reference. src/auth/unwrap.ts is the throwing stub; the real implementation lands next.	2026-05-11 00:58:27 -07:00

Author

SHA1

Message

Date

sneak

75b57cfb29

Phase 3b red: login flow tests with SRP mock server

Adds fast-srp-hap (the same SRP library Ente's web client uses, pinned
to 2.0.4) as a runtime dependency.

Tests build a full mock Ente server using fast-srp-hap's SrpServer to
exercise real SRP-6a math end-to-end. The mock handles:
  GET /users/srp/attributes
  POST /users/srp/create-session
  POST /users/srp/verify-session
  POST /users/two-factor/verify
  POST /users/ott
  POST /users/verify-email

7 tests covering:
  * SRP login completing successfully
  * SRP login requiring TOTP (returns { kind: 'totp' })
  * Wrong password (SRP M1 fails server-side checkM1)
  * Email MFA fallback (returns { kind: 'emailOTP' })
  * submitTOTP
  * requestEmailOTP + submitEmailOTP

2026-05-11 01:04:10 -07:00

sneak

6386a0ec9f

Phase 3a red: auth.unwrapAuth tests and stub

Tests for the password-only decryption chain that follows a successful
login (SRP or email OTP, with or without 2FA). The unwrap covers:
  password -> KEK (Argon2id) -> masterKey (secretbox) ->
  secretKey (secretbox) -> tokenBytes (sealed box) -> base64url token

Each test builds a synthetic AuthorizationResponse using libsodium
directly and asserts unwrapAuth recovers the inputs byte for byte. The
test file also functions as the canonical description of the protocol.

Adds src/auth/types.ts with KeyAttributes, SRPAttributes,
AuthorizationResponse, and LoginChallenge declarations matching the
README's API reference. src/auth/unwrap.ts is the throwing stub; the
real implementation lands next.

2026-05-11 00:58:27 -07:00

2 Commits