From d91d31ca3e2513cb242a2831095919c75957ef5c Mon Sep 17 00:00:00 2001
From: "Joseph.Roy" <Joseph.Roy@PSV-JOSEPHR-LAP>
Date: Wed, 13 Dec 2023 09:06:34 +0000
Subject: [PATCH] add ability to check if user exists, and to reject if not.
 Also add the ability to input username and password on test program

---
 auth/Gemfile.lock        |  2 ++
 auth/auth.rb             |  6 ++++++
 auth/database_queries.rb | 10 ++++++++++
 auth/post.rb             | 10 ++++++++--
 4 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/auth/Gemfile.lock b/auth/Gemfile.lock
index 034e13d..25e79a7 100644
--- a/auth/Gemfile.lock
+++ b/auth/Gemfile.lock
@@ -1,6 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
+    bcrypt (3.1.20)
     jwt (2.7.1)
     mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
@@ -21,6 +22,7 @@ PLATFORMS
   x64-mingw-ucrt
 
 DEPENDENCIES
+  bcrypt
   jwt
   sinatra
   sqlite3
diff --git a/auth/auth.rb b/auth/auth.rb
index fbd4d0f..edc814f 100644
--- a/auth/auth.rb
+++ b/auth/auth.rb
@@ -25,6 +25,12 @@ post '/auth/login' do
   username = params[:username]
   password = params[:password]
 
+  unless check_if_user_exists username
+    status 401
+    
+    return { jwt: "Unuthorized Access" }.to_json
+  end
+
   user_id = get_user_id username
 
   unless check_password_for_user(user_id, password)
diff --git a/auth/database_queries.rb b/auth/database_queries.rb
index 19ea04e..bc05621 100644
--- a/auth/database_queries.rb
+++ b/auth/database_queries.rb
@@ -10,7 +10,17 @@ def create_new_user(username, password)
     ', [username, create_password_for_user(password)])
 end
 
+def check_if_user_exists(username)
+    db = SQLite3::Database.new('./database/auth.db')
 
+    result = db.get_first_value('SELECT COUNT(*) FROM users WHERE username = ?', username)
+
+    if result > 0
+        return true
+    else
+        return false
+    end
+end
 
 def get_user_id(username)
     db = SQLite3::Database.new('./database/auth.db')
diff --git a/auth/post.rb b/auth/post.rb
index 9391862..9750a11 100644
--- a/auth/post.rb
+++ b/auth/post.rb
@@ -13,8 +13,14 @@ http = Net::HTTP.new(url.host, url.port)
 # Create a new Net::HTTP::Post request with the desired path
 request = Net::HTTP::Post.new(url.path)
 
+puts 'Enter username:'
+username = gets.strip!
+puts 'Enter password'
+password = gets.strip!
+
 # Set the request body with the data you want to send
-request.body = 'username=admin&password=pass1re23'
+request.body = "username=#{username}&password=#{password}"
+#request.body = "username=admin&password=pass123"
 
 # Set the 'Content-Type' header if needed
 request['Content-Type'] = 'application/x-www-form-urlencoded'
@@ -24,4 +30,4 @@ response = http.request(request)
 
 # Output the response
 puts "Response Code: #{response.code}"
-puts "Response Body: #{response.body}"
+puts "Response Body: #{response.body}"
\ No newline at end of file