From d7e26c89325193673f8e3d406915cfa9b88c58dd Mon Sep 17 00:00:00 2001 From: Lucas Evard Date: Wed, 18 Oct 2023 16:28:18 +0200 Subject: [PATCH] :sparkles: Ajout du chiffrement des mots de passe --- Sources/pom.xml | 5 +++++ Sources/src/main/kotlin/allin/model/User.kt | 2 +- .../src/main/kotlin/allin/routing/UserRouter.kt | 7 +++++-- .../src/main/kotlin/allin/utils/CryptManager.kt | 15 +++++++++++++++ 4 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 Sources/src/main/kotlin/allin/utils/CryptManager.kt diff --git a/Sources/pom.xml b/Sources/pom.xml index dd83b7a..f556046 100644 --- a/Sources/pom.xml +++ b/Sources/pom.xml @@ -22,6 +22,11 @@ + + org.mindrot + jbcrypt + 0.4 + io.ktor ktor-server-core-jvm diff --git a/Sources/src/main/kotlin/allin/model/User.kt b/Sources/src/main/kotlin/allin/model/User.kt index 418c230..bb99d21 100644 --- a/Sources/src/main/kotlin/allin/model/User.kt +++ b/Sources/src/main/kotlin/allin/model/User.kt @@ -3,7 +3,7 @@ package allin.model import kotlinx.serialization.Serializable @Serializable -data class User(val username: String, val email: String, val password: String, var nbCoins: Int = 1000, var token: String? = null) +data class User(val username: String, val email: String, var password: String, var nbCoins: Int = 1000, var token: String? = null) @Serializable data class CheckUser(val login: String,val password: String) \ No newline at end of file diff --git a/Sources/src/main/kotlin/allin/routing/UserRouter.kt b/Sources/src/main/kotlin/allin/routing/UserRouter.kt index 473de5e..2b6de86 100644 --- a/Sources/src/main/kotlin/allin/routing/UserRouter.kt +++ b/Sources/src/main/kotlin/allin/routing/UserRouter.kt @@ -3,6 +3,7 @@ package allin.routing import allin.dto.* import allin.model.CheckUser import allin.model.User +import allin.utils.CryptManager import com.typesafe.config.ConfigFactory import io.ktor.http.* import io.ktor.server.application.* @@ -18,6 +19,7 @@ import allin.utils.TokenManager val users = mutableListOf() val tokenManager= TokenManager(HoconApplicationConfig(ConfigFactory.load())) val RegexChecker= RegexChecker() +val CryptManager= CryptManager() fun Application.UserRouter() { routing { @@ -29,8 +31,9 @@ fun Application.UserRouter() { } val user = users.find { it.username == TempUser.username || it.email == TempUser.email } if(user == null) { + CryptManager.passwordCrypt(TempUser) users.add(TempUser) - call.respond(HttpStatusCode.Created, convertUserToUserDTO(TempUser)) + call.respond(HttpStatusCode.Created, TempUser) } call.respond(HttpStatusCode.Conflict,"Mail or/and username already exist") } @@ -40,7 +43,7 @@ fun Application.UserRouter() { post { val checkUser = call.receive() val user = users.find { it.username == checkUser.login || it.email == checkUser.login } - if (user != null && user.password == checkUser.password) { + if (user != null && CryptManager.passwordDecrypt(user,checkUser.password)) { user.token=tokenManager.generateOrReplaceJWTToken(user) call.respond(HttpStatusCode.OK, convertUserToUserDTOToken(user)) } else { diff --git a/Sources/src/main/kotlin/allin/utils/CryptManager.kt b/Sources/src/main/kotlin/allin/utils/CryptManager.kt new file mode 100644 index 0000000..216e733 --- /dev/null +++ b/Sources/src/main/kotlin/allin/utils/CryptManager.kt @@ -0,0 +1,15 @@ +package allin.utils + +import allin.model.User +import org.mindrot.jbcrypt.BCrypt + +class CryptManager { + val salt=BCrypt.gensalt() + fun passwordCrypt(user: User){ + user.password=BCrypt.hashpw(user.password,salt) + + } + fun passwordDecrypt(user: User, password: String): Boolean{ + return BCrypt.hashpw(password,salt)==user.password + } +} \ No newline at end of file