diff --git a/backend/backend_tests/test_views.txt b/backend/backend_tests/test_views.txt index 4b41eb8..7ab3779 100644 --- a/backend/backend_tests/test_views.txt +++ b/backend/backend_tests/test_views.txt @@ -31,7 +31,7 @@ "login": "A" } #"[addNewUserView][Error] Nie podano hasła" - +################################################################ 127.0.0.1:3000/api/updateUserPointsView { @@ -53,5 +53,20 @@ #"[updateUserPointsView][Error] Brak uzytkownika w bazie" +################################################################ +127.0.0.1:3000/api/loginUserView + +{ + "login": "B2", + "password": "B", + "test": "test" +} +#true +{ + "login": "B2", + "password": "B2", + "test": "test" +} +#false \ No newline at end of file diff --git a/backend/connector_mysql.go b/backend/connector_mysql.go index 9ea7969..415c6c5 100644 --- a/backend/connector_mysql.go +++ b/backend/connector_mysql.go @@ -5,6 +5,7 @@ import ( "fmt" _ "github.com/go-sql-driver/mysql" + "golang.org/x/crypto/bcrypt" ) func connectMysql() (*sql.DB, error) { @@ -20,13 +21,18 @@ func addUser(_login string, _password string, _userDescription string) error { //do rejestracji uzytkownika // Insert do bazy Mysql Nowego użytkownika - db, err := connectMysql() + password := []byte(_password) //zamiana stringa na bajty dla funckji hashujacej + db, err := connectMysql() if err != nil { panic(err.Error()) return err } + // Hashing the password with the default cost of 10 + hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost) + encryptedPassword := string(hashedPassword) + queryInsert := fmt.Sprintf(`INSERT INTO users ( login, password, @@ -37,7 +43,7 @@ func addUser(_login string, _password string, _userDescription string) error { "%s", "%s", "%d" - )`, _login, _password, _userDescription, 0) //przy rejestracji kzdy ma 0 punktow + )`, _login, encryptedPassword, _userDescription, 0) //przy rejestracji kzdy ma 0 punktow fmt.Printf(queryInsert) insert, err := db.Query(queryInsert) @@ -118,7 +124,8 @@ func checkLoginExists(_login string) (bool, error) { func loginUser(_login string, _password string) (bool, error) { //do logowanie w bazie db, err := connectMysql() - querySelect := fmt.Sprintf(`SELECT login FROM users WHERE login='%s' AND password='%s' ;`, _login, _password) + + querySelect := fmt.Sprintf(`SELECT password FROM users WHERE login='%s' ;`, _login) result, err := db.Query(querySelect) if err != nil { @@ -127,15 +134,17 @@ func loginUser(_login string, _password string) (bool, error) { } for result.Next() { - var userLogin string + var hashedPassword string - err = result.Scan(&userLogin) + err = result.Scan(&hashedPassword) if err != nil { panic(err.Error()) return false, err } - if userLogin != "" { + // Comparing the password with the hash + err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(_password)) + if err == nil { // nil means it is a match return true, nil } } diff --git a/backend/main.exe b/backend/main.exe index 8562614..a4d9318 100644 Binary files a/backend/main.exe and b/backend/main.exe differ diff --git a/backend/views.go b/backend/views.go index 47c904b..1db5b76 100644 --- a/backend/views.go +++ b/backend/views.go @@ -5,6 +5,7 @@ import ( "net/http" "github.com/gin-gonic/gin" + // go get "golang.org/x/crypto/bcrypt" ) func getUsersView(c *gin.Context) { @@ -62,14 +63,20 @@ func addNewUserView(c *gin.Context) { if isExists { c.JSON(http.StatusOK, "Login zajęty") return - } else { - err = addUser(_login, _password, _userDescription) - - if err != nil { - c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna dodac do bazy") - return - } } + + if err != nil { + c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna zaszyfrowac hasla") + return + } + + err = addUser(_login, _password, _userDescription) + + if err != nil { + c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna dodac do bazy") + return + } + c.Header("Content-Type", "application/json") c.JSON(http.StatusOK, "[addNewUserView] Dodano uzytkownika do bazy") }