✨ Ajout du chiffrement des mots de passe

2 years ago · d7e26c8932
parent 3e0e3fa9cb
commit d7e26c8932
4 changed files with 26 additions and 3 deletions
--- a/Sources/pom.xml
+++ b/Sources/pom.xml
@ -22,6 +22,11 @@
    <repositories>
    </repositories>
    <dependencies>
+        <dependency>
+            <groupId>org.mindrot</groupId>
+            <artifactId>jbcrypt</artifactId>
+            <version>0.4</version>
+        </dependency>
        <dependency>
            <groupId>io.ktor</groupId>
            <artifactId>ktor-server-core-jvm</artifactId>
--- a/Sources/src/main/kotlin/allin/model/User.kt
+++ b/Sources/src/main/kotlin/allin/model/User.kt
@ -3,7 +3,7 @@ package allin.model
 import kotlinx.serialization.Serializable

@Serializable
-data class User(val username: String, val email: String, val password: String, var nbCoins: Int = 1000, var token: String? = null)
+data class User(val username: String, val email: String, var password: String, var nbCoins: Int = 1000, var token: String? = null)

@Serializable
 data class CheckUser(val login: String,val password: String)
--- a/Sources/src/main/kotlin/allin/routing/UserRouter.kt
+++ b/Sources/src/main/kotlin/allin/routing/UserRouter.kt
@ -3,6 +3,7 @@ package allin.routing
 import allin.dto.*
 import allin.model.CheckUser
 import allin.model.User
+import allin.utils.CryptManager
 import com.typesafe.config.ConfigFactory
 import io.ktor.http.*
 import io.ktor.server.application.*
@ -18,6 +19,7 @@ import allin.utils.TokenManager
 val users = mutableListOf<User>()
 val tokenManager= TokenManager(HoconApplicationConfig(ConfigFactory.load()))
 val RegexChecker= RegexChecker()
+val CryptManager= CryptManager()
 fun Application.UserRouter() {

    routing {
@ -29,8 +31,9 @@ fun Application.UserRouter() {
                }
                val user = users.find { it.username == TempUser.username || it.email == TempUser.email }
                if(user == null) {
+                    CryptManager.passwordCrypt(TempUser)
                    users.add(TempUser)
-                    call.respond(HttpStatusCode.Created, convertUserToUserDTO(TempUser))
+                    call.respond(HttpStatusCode.Created, TempUser)
                }
                call.respond(HttpStatusCode.Conflict,"Mail or/and username already exist")
            }
@ -40,7 +43,7 @@ fun Application.UserRouter() {
            post {
                val checkUser = call.receive<CheckUser>()
                val user = users.find { it.username == checkUser.login || it.email == checkUser.login }
-                if (user != null && user.password == checkUser.password) {
+                if (user != null && CryptManager.passwordDecrypt(user,checkUser.password)) {
                    user.token=tokenManager.generateOrReplaceJWTToken(user)
                    call.respond(HttpStatusCode.OK, convertUserToUserDTOToken(user))
                } else {
--- a/Sources/src/main/kotlin/allin/utils/CryptManager.kt
+++ b/Sources/src/main/kotlin/allin/utils/CryptManager.kt
@ -0,0 +1,15 @@
+package allin.utils
+
+import allin.model.User
+import org.mindrot.jbcrypt.BCrypt
+
+class CryptManager {
+    val salt=BCrypt.gensalt()
+    fun passwordCrypt(user: User){
+        user.password=BCrypt.hashpw(user.password,salt)
+
+    }
+    fun passwordDecrypt(user: User, password: String): Boolean{
+        return BCrypt.hashpw(password,salt)==user.password
+    }
+}