🔒 add authenticationCheck function
continuous-integration/drone/push Build is passing Details

master
remrem 2 years ago
parent 3325f8679c
commit 35ceacf978

@ -59,14 +59,14 @@ class API {
final body = await bodyToJson(req); final body = await bodyToJson(req);
if (await checkRequiredFields(required, body)) { if (await checkRequiredFields(required, body)) {
// List<String> twofa = body[required[3]];
try { try {
await AccountsToPostgres.createAccount(body[required[0]], await AccountsToPostgres.createAccount(
body[required[1]], body[required[2]] /*, twofa*/); body[required[0]], body[required[1]], body[required[2]]);
} catch (e) { } catch (e) {
return Response(409, return Response(409,
body: 'Account already existing'); // 409 (Conflict) body: 'Account already existing'); // 409 (Conflict)
} }
print("✅ Account succesfully created");
return Response(201, return Response(201,
body: 'Account successfully created'); // 201 (Created) body: 'Account successfully created'); // 201 (Created)
} else { } else {
@ -81,12 +81,20 @@ class API {
if (await checkRequiredFields(required, body)) { if (await checkRequiredFields(required, body)) {
try { try {
await AccountsToPostgres.deleteAccount( if (await checkAuthentication(body[required[0]], body[required[1]])) {
body[required[0]], body[required[1]]); await AccountsToPostgres.deleteAccount(body[required[0]]);
} catch (e) { } else {
return Response(403,
body:
'You haven\'t provided the good password or mail'); // 403 (Forbidden)
}
} catch (e, s) {
print("Exception $e");
print("Stacktrace $s");
return Response(409, return Response(409,
body: 'There was a problem with deletion'); // 409 (Conflict) body: 'There was a problem with deletion'); // 409 (Conflict)
} }
print("✅ Account succesfully deleted");
return Response(200, body: 'Account successfully deleted'); // 200 (OK) return Response(200, body: 'Account successfully deleted'); // 200 (OK)
} else { } else {
return Response.badRequest(body: 'Bad request'); // 400 (Bad Request) return Response.badRequest(body: 'Bad request'); // 400 (Bad Request)
@ -176,6 +184,44 @@ class API {
return json.decode(tmp); return json.decode(tmp);
} }
static Future<bool> checkAuthentication(
String givedMail, String givedPassword) async {
try {
if (!await checkMail(givedMail)) return false;
} catch (e) {
// catch if there is nothing in result of checkMail
return false;
}
if (!await checkPassword(givedMail, givedPassword)) return false;
print("authentication successed !!!");
return true;
}
static Future<bool> checkPassword(
String givedMail, String givedPassword) async {
print("check hash...");
var hash = await AccountsToPostgres.selectHashByMail(givedMail);
if (hash == givedPassword) {
print("hash is good");
return true;
}
print("hash is bad");
return false;
}
static Future<bool> checkMail(String givedMail) async {
print("check mail...");
var mail = await AccountsToPostgres.selectMailByMail(givedMail);
if (mail == givedMail) {
print("mail is good");
return true;
}
print("mail is bad");
return false;
}
// //
// ADMIN // ADMIN
// //

@ -58,28 +58,17 @@ class AccountsToPostgres {
print("🟦 Account Table Created"); print("🟦 Account Table Created");
} }
// TODO: Add support for twoFa if needed
// Create user account // Create user account
static Future<void> createAccount( static Future<void> createAccount(
String mail, String hash, String salt /*, List<String> twoFaStr*/) async { String mail, String hash, String salt) async {
await checkMailAlreadyExist(mail); // TODO: throw execption if != null
await connection.query( await connection.query(
"INSERT INTO \"Account\" VALUES(nextval('plus1id'),@mail,@hash,@salt)", "INSERT INTO \"Account\" VALUES(nextval('plus1id'),@mail,@hash,@salt)",
substitutionValues: { substitutionValues: {"mail": mail, "hash": hash, "salt": salt});
"mail": mail,
"hash": hash,
"salt": salt /*,
"twofa": twoFaStr*/
});
print("✅ Account succesfully created");
} }
static Future<void> deleteAccount(String mail, String hash) async { static Future<void> deleteAccount(String mail) async {
await checkMailAlreadyExist(mail); // TODO: throw execption if != null
// TODO: check authentication
await connection.query("DELETE FROM \"Account\" WHERE mail=@mail", await connection.query("DELETE FROM \"Account\" WHERE mail=@mail",
substitutionValues: {"mail": mail}); substitutionValues: {"mail": mail});
print("✅ Account succesfully deleted");
} }
// get user passord hash by mail // get user passord hash by mail
@ -92,13 +81,12 @@ class AccountsToPostgres {
} }
// check if mail is already used in database // check if mail is already used in database
static Future<void> checkMailAlreadyExist(String mail) async { static Future<String> selectMailByMail(String mail) async {
List<List<dynamic>> results = await connection.query( List<List<dynamic>> results = await connection.query(
"SELECT id FROM \"Account\" WHERE mail=@mail", "SELECT mail FROM \"Account\" WHERE mail=@mail",
substitutionValues: {"mail": mail}); substitutionValues: {"mail": mail});
print(results[0][0]);
return; return results[0][0];
} }
// Update user password // Update user password

Loading…
Cancel
Save