SFN has been removed from the spec. Tests and docs updated.

Author: Perlkonig

docs/index.rst

@@ -66,6 +66,11 @@ The project is licensed under the MIT licence.
 Changelog
 =========
 
+04 Jul 2017
+  * Released v0.3.0
+  * SFN was removed from the spec, so removed from the code
+  * Tests and docs updated
+
 03 Jul 2017
   * Released v0.2.0
   * Added SFN check; SFN is now required with every request

sqrlserver/request.py

@@ -43,17 +43,13 @@ class Request(object):
     Args:
         key (bytes) : 32-byte encryption key. Must be the same as
             what you used to encrypt the nut.
-        sfn (string) : Advertised Server Friendly Name. If sfn is passed
-            in ``params`` and doesn't match what you pass, the request
-            will be aborted.
 
         params (dict) : All the query parameters from the query string
             and POST body. 
 
             The following parameters must exist:
 
             - nut
-            - sfn
             - server
             - client
             - ids
@@ -93,7 +89,7 @@ class Request(object):
     _known_opts = ['sqrlonly', 'hardlock', 'cps', 'suk']
     _supported_opts = ['sqrlonly', 'hardlock', 'cps', 'suk']
 
-    def __init__(self, key, sfn, params, **kwargs):
+    def __init__(self, key, params, **kwargs):
         self.ipaddr = ipaddress.ip_address('0.0.0.0')
         if 'ipaddr' in kwargs:
             try:
@@ -130,7 +126,6 @@ def __init__(self, key, sfn, params, **kwargs):
         self._response = Response()
         self.params = dict(params)
         self.key = key
-        self.sfn = sfn
         self.admin = False
 
         #set initial state 
@@ -499,7 +494,6 @@ def finalize(self, **kwargs):
         #add to response object
         r.addParam('nut', nutstr)
         r.addParam('qry', qry)
-        r.addParam('sfn', depad(urlsafe_b64encode(self.sfn.encode('utf-8')).decode('utf-8')))
 
         #return response object
         return r
@@ -522,7 +516,7 @@ def _check_well_formedness(self):
         """
 
         #required params
-        for req in ['nut', 'sfn', 'client', 'server', 'ids']:
+        for req in ['nut', 'client', 'server', 'ids']:
             if req not in self.params:
                 return False
 
@@ -572,7 +566,6 @@ def _check_validity(self):
 
             ``sigs`` : One or more signatures were invalid.
             ``hmac`` : The HMAC didn't match.
-            ``sfn`` : The SFN doesn't match what you advertise
             ``nut`` : The nut failed fundamental decryption checks.
             ``ip`` : The ip addresses didn't match. Request confirmation.
             ``time`` : The nut is stale. Request confirmation.
@@ -604,30 +597,25 @@ def _check_validity(self):
                     errs.append('hmac')
 
             if validmac:
-                validsfn = True
-                if self.params['sfn'] != depad(urlsafe_b64encode(self.sfn.encode('utf-8')).decode('utf-8')):
-                    validsfn = False
-                    errs.append('sfn')
-                if validsfn:
-                    # Validate nut 
-                    validnut = True
-                    nut = Nut(self.key)
-                    try:
-                        nut = nut.load(self.params['nut']).validate(self.ipaddr, self.ttl, maxcounter=self.maxcounter, mincounter=self.mincounter)
-                    except nacl.exceptions.CryptoError:
-                        validnut = False
-                    if not validnut:
-                        errs.append('nut')
-
-                    if validnut:
-                        if not nut.ipmatch:
-                            errs.append('ip')
-                        else:
-                            self._response.tifOn(0x04)
-                        if not nut.fresh:
-                            errs.append('time')
-                        if not nut.countersane:
-                            errs.append('counter')
+                # Validate nut 
+                validnut = True
+                nut = Nut(self.key)
+                try:
+                    nut = nut.load(self.params['nut']).validate(self.ipaddr, self.ttl, maxcounter=self.maxcounter, mincounter=self.mincounter)
+                except nacl.exceptions.CryptoError:
+                    validnut = False
+                if not validnut:
+                    errs.append('nut')
+
+                if validnut:
+                    if not nut.ipmatch:
+                        errs.append('ip')
+                    else:
+                        self._response.tifOn(0x04)
+                    if not nut.fresh:
+                        errs.append('time')
+                    if not nut.countersane:
+                        errs.append('counter')
 
         return errs
 

sqrlserver/url.py

@@ -12,18 +12,15 @@ class Url(object):
             client will contact to authenticate. Includes the username,
             password, domain, and port. See RFC 3986, Jan 2005, section
             3.2 (https://tools.ietf.org/html/rfc3986#section-3.2)
-        sfn (string) : The "server friendly name" the SQRL client will
-            use to identify you to the user.
         secure (bool) : If True, uses the ``sqrl`` scheme, otherwise
             it uses ``qrl``. Defaults to True.
 
     Returns:
         Url : The initial Url object
     """
 
-    def __init__(self, authority, sfn, secure=True):
+    def __init__(self, authority, secure=True):
         self.authority = authority
-        self.sfn = sfn
         self.secure = secure
 
     def generate(self, path, **kwargs):
@@ -92,7 +89,6 @@ def generate(self, path, **kwargs):
             query = kwargs['query']
         if ( ('ext' in kwargs) and (kwargs['ext'] is not None) and (kwargs['ext'] > 0) ):
             query.insert(0, ('x', kwargs['ext']))
-        query.insert(0, ('sfn', depad(urlsafe_b64encode(self.sfn.encode('utf-8')).decode('utf-8'))))
         query.insert(0, ('nut', nutstr))
 
         #build