diff --git a/lib/api/api.dart b/lib/api/api.dart index d44b78b..3fc9cbd 100644 --- a/lib/api/api.dart +++ b/lib/api/api.dart @@ -59,14 +59,14 @@ class API { final body = await bodyToJson(req); if (await checkRequiredFields(required, body)) { - // List twofa = body[required[3]]; try { - await AccountsToPostgres.createAccount(body[required[0]], - body[required[1]], body[required[2]] /*, twofa*/); + await AccountsToPostgres.createAccount( + body[required[0]], body[required[1]], body[required[2]]); } catch (e) { return Response(409, body: 'Account already existing'); // 409 (Conflict) } + print("✅ Account succesfully created"); return Response(201, body: 'Account successfully created'); // 201 (Created) } else { @@ -81,12 +81,20 @@ class API { if (await checkRequiredFields(required, body)) { try { - await AccountsToPostgres.deleteAccount( - body[required[0]], body[required[1]]); - } catch (e) { + if (await checkAuthentication(body[required[0]], body[required[1]])) { + await AccountsToPostgres.deleteAccount(body[required[0]]); + } else { + return Response(403, + body: + 'You haven\'t provided the good password or mail'); // 403 (Forbidden) + } + } catch (e, s) { + print("Exception $e"); + print("Stacktrace $s"); return Response(409, body: 'There was a problem with deletion'); // 409 (Conflict) } + print("✅ Account succesfully deleted"); return Response(200, body: 'Account successfully deleted'); // 200 (OK) } else { return Response.badRequest(body: 'Bad request'); // 400 (Bad Request) @@ -176,6 +184,44 @@ class API { return json.decode(tmp); } + static Future checkAuthentication( + String givedMail, String givedPassword) async { + try { + if (!await checkMail(givedMail)) return false; + } catch (e) { + // catch if there is nothing in result of checkMail + return false; + } + if (!await checkPassword(givedMail, givedPassword)) return false; + print("authentication successed !!!"); + return true; + } + + static Future checkPassword( + String givedMail, String givedPassword) async { + print("check hash..."); + var hash = await AccountsToPostgres.selectHashByMail(givedMail); + + if (hash == givedPassword) { + print("hash is good"); + return true; + } + print("hash is bad"); + return false; + } + + static Future checkMail(String givedMail) async { + print("check mail..."); + var mail = await AccountsToPostgres.selectMailByMail(givedMail); + + if (mail == givedMail) { + print("mail is good"); + return true; + } + print("mail is bad"); + return false; + } + // // ADMIN // diff --git a/lib/database/accounts_to_postgres.dart b/lib/database/accounts_to_postgres.dart index 8e2e7eb..79832b4 100644 --- a/lib/database/accounts_to_postgres.dart +++ b/lib/database/accounts_to_postgres.dart @@ -58,28 +58,17 @@ class AccountsToPostgres { print("🟦 Account Table Created"); } - // TODO: Add support for twoFa if needed // Create user account static Future createAccount( - String mail, String hash, String salt /*, List twoFaStr*/) async { - await checkMailAlreadyExist(mail); // TODO: throw execption if != null + String mail, String hash, String salt) async { await connection.query( "INSERT INTO \"Account\" VALUES(nextval('plus1id'),@mail,@hash,@salt)", - substitutionValues: { - "mail": mail, - "hash": hash, - "salt": salt /*, - "twofa": twoFaStr*/ - }); - print("✅ Account succesfully created"); + substitutionValues: {"mail": mail, "hash": hash, "salt": salt}); } - static Future deleteAccount(String mail, String hash) async { - await checkMailAlreadyExist(mail); // TODO: throw execption if != null - // TODO: check authentication + static Future deleteAccount(String mail) async { await connection.query("DELETE FROM \"Account\" WHERE mail=@mail", substitutionValues: {"mail": mail}); - print("✅ Account succesfully deleted"); } // get user passord hash by mail @@ -92,13 +81,12 @@ class AccountsToPostgres { } // check if mail is already used in database - static Future checkMailAlreadyExist(String mail) async { + static Future selectMailByMail(String mail) async { List> results = await connection.query( - "SELECT id FROM \"Account\" WHERE mail=@mail", + "SELECT mail FROM \"Account\" WHERE mail=@mail", substitutionValues: {"mail": mail}); - print(results[0][0]); - return; + return results[0][0]; } // Update user password