From bf986adcf3f619860d18bda9e0c96e93ab97b260 Mon Sep 17 00:00:00 2001
From: lonkaars <l.leblansch@gmail.com>
Date: Thu, 14 Jan 2021 21:31:22 +0100
Subject: login

---
 api/auth/login.py  | 34 ++++++++++++++++++++++++++++++++++
 api/auth/signup.py |  7 +++----
 api/auth/token.py  |  9 ++++++---
 3 files changed, 43 insertions(+), 7 deletions(-)
 create mode 100644 api/auth/login.py

(limited to 'api/auth')

diff --git a/api/auth/login.py b/api/auth/login.py
new file mode 100644
index 0000000..cc40ae3
--- /dev/null
+++ b/api/auth/login.py
@@ -0,0 +1,34 @@
+from flask import Blueprint, request
+from main import cursor, connection
+from randid import new_uuid
+import auth.token as token
+import passwords
+import time
+import json
+
+login = Blueprint('login', __name__)
+
+@login.route('/login', methods = ['POST'])
+def index():
+    data = request.get_json()
+
+    email = data.get("email") or ""
+    password = data.get("password") or ""
+
+    if not email or \
+       not password:
+           return "", 400
+    
+    user_id = None
+    user_id = user_id or cursor.execute("select user_id from users where email = ?", [email]).fetchone()
+    user_id = user_id or cursor.execute("select user_id from users where username = ?", [email]).fetchone()
+    if user_id == None: return "", 401
+
+    passwd = cursor.execute("select password_hash from users where user_id = ?", [user_id[0]]).fetchone()
+    check = passwords.check_password(password, passwd[0])
+    if not check: return "", 401
+
+    new_token = token.generate_token()
+    token.add_token(user_id[0], token.hash_token(new_token))
+
+    return new_token, 200
diff --git a/api/auth/signup.py b/api/auth/signup.py
index d82105a..fee879d 100644
--- a/api/auth/signup.py
+++ b/api/auth/signup.py
@@ -28,12 +28,11 @@ def index():
         return {"error": "email_taken"}, 403
 
     user_id = new_uuid()
-    password_salt = passwords.salt()
-    password_hash = passwords.password_hash(password, password_salt)
+    password_hash = passwords.password_hash(password)
     registered = int( time.time() * 1000 )
 
-    cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ",
-            (user_id, username, email, password_salt, password_hash, registered))
+    cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ",
+            (user_id, username, email, password_hash, registered))
     connection.commit()
 
     new_token = token.generate_token()
diff --git a/api/auth/token.py b/api/auth/token.py
index 52600ca..529af32 100644
--- a/api/auth/token.py
+++ b/api/auth/token.py
@@ -1,4 +1,4 @@
-from main import cursor
+from main import cursor, connection
 import hashlib
 import secrets
 import json
@@ -15,6 +15,7 @@ def modify_tokens(user_id, formatted_token, remove):
     temp_tokens = valid_tokens(user_id)
     temp_tokens.remove(formatted_token) if remove else temp_tokens.append(formatted_token)
     cursor.execute("update users set valid_tokens = ? where user_id = ?", [json.dumps(temp_tokens), user_id])
+    connection.commit()
 
 def add_token(user_id, formatted_token):
     modify_tokens(user_id, formatted_token, False)
@@ -23,8 +24,10 @@ def revoke_token(user_id, formatted_token):
     modify_tokens(user_id, formatted_token, True)
 
 def hash_token(token):
-    token["token"] = hashlib.sha256(str(token["token"]).encode()).hexdigest()
-    return token
+    return {
+            "token": hashlib.sha256(str(token["token"]).encode()).hexdigest(),
+            "expirationDate": token["expirationDate"]
+            }
 
 def generate_token():
     return {
-- 
cgit v1.2.3