[rejestracja] [logowanie] szyfrowanie hasel jak w django

2019-01-09 06:33:30 +01:00 · 2019-01-09 06:33:30 +01:00 · 2f58eb4542
commit 2f58eb4542
parent 196dfca658
4 changed files with 45 additions and 14 deletions
--- a/backend/backend_tests/test_views.txt
+++ b/backend/backend_tests/test_views.txt
@ -31,7 +31,7 @@
 	"login": "A"
 }
 #"[addNewUserView][Error] Nie podano hasła"
-
+################################################################
 127.0.0.1:3000/api/updateUserPointsView
 {
@ -53,5 +53,20 @@
 #"[updateUserPointsView][Error] Brak uzytkownika w bazie"
 ################################################################
 127.0.0.1:3000/api/loginUserView
 {
 	"login": "B2",
 	"password": "B",
 	"test": "test"
 }
 #true
 {
 	"login": "B2",
 	"password": "B2",
 	"test": "test"
 }
 #false
--- a/backend/connector_mysql.go
+++ b/backend/connector_mysql.go
@ -5,6 +5,7 @@ import (
 	"fmt"
 	_ "github.com/go-sql-driver/mysql"
 	"golang.org/x/crypto/bcrypt"
 )
 func connectMysql() (*sql.DB, error) {
@ -20,13 +21,18 @@ func addUser(_login string, _password string, _userDescription string) error {
 	//do rejestracji uzytkownika
 	// Insert do bazy Mysql Nowego użytkownika
-	db, err := connectMysql()
+	password := []byte(_password) //zamiana stringa na bajty dla funckji hashujacej
 	db, err := connectMysql()
 	if err != nil {
 		panic(err.Error())
 		return err
 	}
 	// Hashing the password with the default cost of 10
 	hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
 	encryptedPassword := string(hashedPassword)
 	queryInsert := fmt.Sprintf(`INSERT INTO users (
 			login,
 			password,
@ -37,7 +43,7 @@ func addUser(_login string, _password string, _userDescription string) error {
 			"%s",
 			"%s",
 			"%d"
-		)`, _login, _password, _userDescription, 0) //przy rejestracji kzdy ma 0 punktow
+		)`, _login, encryptedPassword, _userDescription, 0) //przy rejestracji kzdy ma 0 punktow
 	fmt.Printf(queryInsert)
 	insert, err := db.Query(queryInsert)
@ -118,7 +124,8 @@ func checkLoginExists(_login string) (bool, error) {
 func loginUser(_login string, _password string) (bool, error) {
 	//do logowanie w bazie
 	db, err := connectMysql()
-	querySelect := fmt.Sprintf(`SELECT login FROM users WHERE login='%s' AND password='%s' ;`, _login, _password)
+
 	querySelect := fmt.Sprintf(`SELECT password FROM users WHERE login='%s' ;`, _login)
 	result, err := db.Query(querySelect)
 	if err != nil {
@ -127,15 +134,17 @@ func loginUser(_login string, _password string) (bool, error) {
 	}
 	for result.Next() {
-		var userLogin string
+		var hashedPassword string
-		err = result.Scan(&userLogin)
+		err = result.Scan(&hashedPassword)
 		if err != nil {
 			panic(err.Error())
 			return false, err
 		}
-		if userLogin != "" {
+		// Comparing the password with the hash
 		err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(_password))
 		if err == nil { // nil means it is a match
 			return true, nil
 		}
 	}
--- a/backend/main.exe
+++ b/backend/main.exe
--- a/backend/views.go
+++ b/backend/views.go
@ -5,6 +5,7 @@ import (
 	"net/http"
 	"github.com/gin-gonic/gin"
 	// go get "golang.org/x/crypto/bcrypt"
 )
 func getUsersView(c *gin.Context) {
@ -62,14 +63,20 @@ func addNewUserView(c *gin.Context) {
 	if isExists {
 		c.JSON(http.StatusOK, "Login zajęty")
 		return
 	} else {
 		err = addUser(_login, _password, _userDescription)
 		if err != nil {
 			c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna dodac do bazy")
 			return
 		}
 	}
 	if err != nil {
 		c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna zaszyfrowac hasla")
 		return
 	}
 	err = addUser(_login, _password, _userDescription)
 	if err != nil {
 		c.JSON(http.StatusOK, "[addNewUserView][Error] Nie mozna dodac do bazy")
 		return
 	}
 	c.Header("Content-Type", "application/json")
 	c.JSON(http.StatusOK, "[addNewUserView] Dodano uzytkownika do bazy")
 }