diff --git a/auth/auth.rb b/auth/auth.rb index 7b9ddc4..fbd4d0f 100644 --- a/auth/auth.rb +++ b/auth/auth.rb @@ -19,34 +19,20 @@ decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' } initialize_database -# Define a simple API endpoint -get '/api/greeting' do - content_type :json - { greeting: 'Hello, World!' }.to_json -end - -get '/api/greeting/:name' do - get_claims params[:name] - content_type :json - { greeting: "Hello, #{params[:name]}!" }.to_json -end - post '/auth/login' do + content_type :json + username = params[:username] password = params[:password] - request_hashed_password = hash_password password user_id = get_user_id username - hashed_password = get_user_hashed_password user_id - puts hashed_password - puts request_hashed_password - unless hashed_password == request_hashed_password + unless check_password_for_user(user_id, password) status 401 - 'Unauthorized Access' + + return { jwt: "Unuthorized Access" }.to_json end - content_type :json { jwt: "Logged in" }.to_json end diff --git a/auth/cryptography.rb b/auth/cryptography.rb index 91862eb..e3f87db 100644 --- a/auth/cryptography.rb +++ b/auth/cryptography.rb @@ -1,7 +1,15 @@ require 'bcrypt' -def hash_password(password) - # Hash the password without using a salt - hashed_password = BCrypt::Password.create(password, salt: 'hello') - return hashed_password - end \ No newline at end of file +def create_password_for_user(password) + return BCrypt::Password.create(password) +end + +def check_password_for_user(user_id, entered_password) + hashed_password = get_user_hashed_password(user_id) + + if BCrypt::Password.new(hashed_password) == entered_password + return true + else + return false + end +end \ No newline at end of file diff --git a/auth/database_queries.rb b/auth/database_queries.rb index 4153f23..19ea04e 100644 --- a/auth/database_queries.rb +++ b/auth/database_queries.rb @@ -1,5 +1,17 @@ require 'sqlite3' + +def create_new_user(username, password) + db = SQLite3::Database.new('./database/auth.db') + + db.execute(' + INSERT INTO users (username, hashed_password) + VALUES (?, ?) + ', [username, create_password_for_user(password)]) +end + + + def get_user_id(username) db = SQLite3::Database.new('./database/auth.db') @@ -26,15 +38,12 @@ def get_user_hashed_password(user_id) return password_hash end -def get_user_salt(user_id) +def update_user_password(user_id, password) db = SQLite3::Database.new('./database/auth.db') - salt = db.get_first_value(' - SELECT salt - FROM users U - WHERE U.id = ? - - ', [user_id]) - - return salt + db.execute(' + UPDATE users + SET hashed_password = ?, salt = ? + WHERE id = ? + ', [hash_password, salt, user_id]) end \ No newline at end of file diff --git a/auth/initialize_database.rb b/auth/initialize_database.rb index 7227898..63c9c89 100644 --- a/auth/initialize_database.rb +++ b/auth/initialize_database.rb @@ -23,9 +23,9 @@ def initialize_database result = db.get_first_value('SELECT COUNT(*) FROM users') if result == 0 - hashed_password = hash_password 'pass123' puts 'Default admin user added.' - db.execute('INSERT INTO users (username, hashed_password) VALUES (?, ?)', ['admin', hashed_password]) + + create_new_user('admin', 'pass123') else puts 'Table already contains data. Skipping default user creation.' end diff --git a/auth/post.rb b/auth/post.rb index b79cf3a..9391862 100644 --- a/auth/post.rb +++ b/auth/post.rb @@ -14,7 +14,7 @@ http = Net::HTTP.new(url.host, url.port) request = Net::HTTP::Post.new(url.path) # Set the request body with the data you want to send -request.body = 'username=admin&password=pass123' +request.body = 'username=admin&password=pass1re23' # Set the 'Content-Type' header if needed request['Content-Type'] = 'application/x-www-form-urlencoded'