From bf986adcf3f619860d18bda9e0c96e93ab97b260 Mon Sep 17 00:00:00 2001
From: lonkaars <l.leblansch@gmail.com>
Date: Thu, 14 Jan 2021 21:31:22 +0100
Subject: login

---
 api/auth/login.py  | 34 ++++++++++++++++++++++++++++++++++
 api/auth/signup.py |  7 +++----
 api/auth/token.py  |  9 ++++++---
 api/main.py        |  2 ++
 api/passwords.py   | 11 ++++-------
 api/tests.sh       | 16 ++++++++++++++--
 6 files changed, 63 insertions(+), 16 deletions(-)
 create mode 100644 api/auth/login.py

(limited to 'api')

diff --git a/api/auth/login.py b/api/auth/login.py
new file mode 100644
index 0000000..cc40ae3
--- /dev/null
+++ b/api/auth/login.py
@@ -0,0 +1,34 @@
+from flask import Blueprint, request
+from main import cursor, connection
+from randid import new_uuid
+import auth.token as token
+import passwords
+import time
+import json
+
+login = Blueprint('login', __name__)
+
+@login.route('/login', methods = ['POST'])
+def index():
+    data = request.get_json()
+
+    email = data.get("email") or ""
+    password = data.get("password") or ""
+
+    if not email or \
+       not password:
+           return "", 400
+    
+    user_id = None
+    user_id = user_id or cursor.execute("select user_id from users where email = ?", [email]).fetchone()
+    user_id = user_id or cursor.execute("select user_id from users where username = ?", [email]).fetchone()
+    if user_id == None: return "", 401
+
+    passwd = cursor.execute("select password_hash from users where user_id = ?", [user_id[0]]).fetchone()
+    check = passwords.check_password(password, passwd[0])
+    if not check: return "", 401
+
+    new_token = token.generate_token()
+    token.add_token(user_id[0], token.hash_token(new_token))
+
+    return new_token, 200
diff --git a/api/auth/signup.py b/api/auth/signup.py
index d82105a..fee879d 100644
--- a/api/auth/signup.py
+++ b/api/auth/signup.py
@@ -28,12 +28,11 @@ def index():
         return {"error": "email_taken"}, 403
 
     user_id = new_uuid()
-    password_salt = passwords.salt()
-    password_hash = passwords.password_hash(password, password_salt)
+    password_hash = passwords.password_hash(password)
     registered = int( time.time() * 1000 )
 
-    cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ",
-            (user_id, username, email, password_salt, password_hash, registered))
+    cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ",
+            (user_id, username, email, password_hash, registered))
     connection.commit()
 
     new_token = token.generate_token()
diff --git a/api/auth/token.py b/api/auth/token.py
index 52600ca..529af32 100644
--- a/api/auth/token.py
+++ b/api/auth/token.py
@@ -1,4 +1,4 @@
-from main import cursor
+from main import cursor, connection
 import hashlib
 import secrets
 import json
@@ -15,6 +15,7 @@ def modify_tokens(user_id, formatted_token, remove):
     temp_tokens = valid_tokens(user_id)
     temp_tokens.remove(formatted_token) if remove else temp_tokens.append(formatted_token)
     cursor.execute("update users set valid_tokens = ? where user_id = ?", [json.dumps(temp_tokens), user_id])
+    connection.commit()
 
 def add_token(user_id, formatted_token):
     modify_tokens(user_id, formatted_token, False)
@@ -23,8 +24,10 @@ def revoke_token(user_id, formatted_token):
     modify_tokens(user_id, formatted_token, True)
 
 def hash_token(token):
-    token["token"] = hashlib.sha256(str(token["token"]).encode()).hexdigest()
-    return token
+    return {
+            "token": hashlib.sha256(str(token["token"]).encode()).hexdigest(),
+            "expirationDate": token["expirationDate"]
+            }
 
 def generate_token():
     return {
diff --git a/api/main.py b/api/main.py
index bbdb341..ce53f19 100644
--- a/api/main.py
+++ b/api/main.py
@@ -12,8 +12,10 @@ cursor = connection.cursor()
 from status import status
 from user.info import info
 from auth.signup import signup
+from auth.login import login
 
 app.register_blueprint(status, url_prefix='/api')
 app.register_blueprint(info, url_prefix='/api/user')
 app.register_blueprint(signup, url_prefix='/api/auth')
+app.register_blueprint(login, url_prefix='/api/auth')
 
diff --git a/api/passwords.py b/api/passwords.py
index 58b712d..011400e 100644
--- a/api/passwords.py
+++ b/api/passwords.py
@@ -3,11 +3,8 @@ import bcrypt
 def enc(string):
     return string.encode('utf-8')
 
-def salt():
-    return bcrypt.gensalt()
+def check_password(password, password_hash):
+    return bcrypt.checkpw(enc(password), password_hash)
 
-def check_password(password, salt, password_hash):
-    return bcrypt.checkpw(enc(password)+salt, enc(password_hash))
-
-def password_hash(password, salt):
-    return bcrypt.hashpw(enc(password), salt);
+def password_hash(password):
+    return bcrypt.hashpw(enc(password), bcrypt.gensalt());
diff --git a/api/tests.sh b/api/tests.sh
index 391aa0f..2c73156 100755
--- a/api/tests.sh
+++ b/api/tests.sh
@@ -4,9 +4,21 @@ signup () {
 	curl -X POST \
 		-H "Content-Type: application/json" \
 		-d '{
-		"username": "test",
-		"email": "test@example.com",
+		"username": "gert",
+		"email": "gert@example.com",
 		"password": "password123"
 		}' \
 		localhost:5000/api/auth/signup
 }
+
+login () {
+	curl -X POST \
+		-H "Content-Type: application/json" \
+		-d '{
+		"email": "gert@example.com",
+		"password": "password123"
+		}' \
+		localhost:5000/api/auth/login
+}
+
+login
-- 
cgit v1.2.3