diff options
| -rw-r--r-- | api/auth/login.py | 34 | ||||
| -rw-r--r-- | api/auth/signup.py | 7 | ||||
| -rw-r--r-- | api/auth/token.py | 9 | ||||
| -rw-r--r-- | api/main.py | 2 | ||||
| -rw-r--r-- | api/passwords.py | 11 | ||||
| -rwxr-xr-x | api/tests.sh | 16 | ||||
| -rw-r--r-- | database/init_db.sql | 1 |
7 files changed, 63 insertions, 17 deletions
diff --git a/api/auth/login.py b/api/auth/login.py new file mode 100644 index 0000000..cc40ae3 --- /dev/null +++ b/api/auth/login.py @@ -0,0 +1,34 @@ +from flask import Blueprint, request +from main import cursor, connection +from randid import new_uuid +import auth.token as token +import passwords +import time +import json + +login = Blueprint('login', __name__) + +@login.route('/login', methods = ['POST']) +def index(): + data = request.get_json() + + email = data.get("email") or "" + password = data.get("password") or "" + + if not email or \ + not password: + return "", 400 + + user_id = None + user_id = user_id or cursor.execute("select user_id from users where email = ?", [email]).fetchone() + user_id = user_id or cursor.execute("select user_id from users where username = ?", [email]).fetchone() + if user_id == None: return "", 401 + + passwd = cursor.execute("select password_hash from users where user_id = ?", [user_id[0]]).fetchone() + check = passwords.check_password(password, passwd[0]) + if not check: return "", 401 + + new_token = token.generate_token() + token.add_token(user_id[0], token.hash_token(new_token)) + + return new_token, 200 diff --git a/api/auth/signup.py b/api/auth/signup.py index d82105a..fee879d 100644 --- a/api/auth/signup.py +++ b/api/auth/signup.py @@ -28,12 +28,11 @@ def index(): return {"error": "email_taken"}, 403 user_id = new_uuid() - password_salt = passwords.salt() - password_hash = passwords.password_hash(password, password_salt) + password_hash = passwords.password_hash(password) registered = int( time.time() * 1000 ) - cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ", - (user_id, username, email, password_salt, password_hash, registered)) + cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ", + (user_id, username, email, password_hash, registered)) connection.commit() new_token = token.generate_token() diff --git a/api/auth/token.py b/api/auth/token.py index 52600ca..529af32 100644 --- a/api/auth/token.py +++ b/api/auth/token.py @@ -1,4 +1,4 @@ -from main import cursor +from main import cursor, connection import hashlib import secrets import json @@ -15,6 +15,7 @@ def modify_tokens(user_id, formatted_token, remove): temp_tokens = valid_tokens(user_id) temp_tokens.remove(formatted_token) if remove else temp_tokens.append(formatted_token) cursor.execute("update users set valid_tokens = ? where user_id = ?", [json.dumps(temp_tokens), user_id]) + connection.commit() def add_token(user_id, formatted_token): modify_tokens(user_id, formatted_token, False) @@ -23,8 +24,10 @@ def revoke_token(user_id, formatted_token): modify_tokens(user_id, formatted_token, True) def hash_token(token): - token["token"] = hashlib.sha256(str(token["token"]).encode()).hexdigest() - return token + return { + "token": hashlib.sha256(str(token["token"]).encode()).hexdigest(), + "expirationDate": token["expirationDate"] + } def generate_token(): return { diff --git a/api/main.py b/api/main.py index bbdb341..ce53f19 100644 --- a/api/main.py +++ b/api/main.py @@ -12,8 +12,10 @@ cursor = connection.cursor() from status import status from user.info import info from auth.signup import signup +from auth.login import login app.register_blueprint(status, url_prefix='/api') app.register_blueprint(info, url_prefix='/api/user') app.register_blueprint(signup, url_prefix='/api/auth') +app.register_blueprint(login, url_prefix='/api/auth') diff --git a/api/passwords.py b/api/passwords.py index 58b712d..011400e 100644 --- a/api/passwords.py +++ b/api/passwords.py @@ -3,11 +3,8 @@ import bcrypt def enc(string): return string.encode('utf-8') -def salt(): - return bcrypt.gensalt() +def check_password(password, password_hash): + return bcrypt.checkpw(enc(password), password_hash) -def check_password(password, salt, password_hash): - return bcrypt.checkpw(enc(password)+salt, enc(password_hash)) - -def password_hash(password, salt): - return bcrypt.hashpw(enc(password), salt); +def password_hash(password): + return bcrypt.hashpw(enc(password), bcrypt.gensalt()); diff --git a/api/tests.sh b/api/tests.sh index 391aa0f..2c73156 100755 --- a/api/tests.sh +++ b/api/tests.sh @@ -4,9 +4,21 @@ signup () { curl -X POST \ -H "Content-Type: application/json" \ -d '{ - "username": "test", - "email": "test@example.com", + "username": "gert", + "email": "gert@example.com", "password": "password123" }' \ localhost:5000/api/auth/signup } + +login () { + curl -X POST \ + -H "Content-Type: application/json" \ + -d '{ + "email": "gert@example.com", + "password": "password123" + }' \ + localhost:5000/api/auth/login +} + +login diff --git a/database/init_db.sql b/database/init_db.sql index cf26f7b..7603254 100644 --- a/database/init_db.sql +++ b/database/init_db.sql @@ -5,7 +5,6 @@ create table users ( username varchar(35) not null, email text not null, country text, - password_salt text not null, password_hash text not null, registered integer not null, valid_tokens text, |