add ability to check if user exists, and to reject if not. Also add the ability to input username and password on test program

This commit is contained in:
Joseph.Roy 2023-12-13 09:06:34 +00:00
parent c9dfdc6946
commit d91d31ca3e
4 changed files with 26 additions and 2 deletions

View File

@ -1,6 +1,7 @@
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
bcrypt (3.1.20)
jwt (2.7.1) jwt (2.7.1)
mustermann (3.0.0) mustermann (3.0.0)
ruby2_keywords (~> 0.0.1) ruby2_keywords (~> 0.0.1)
@ -21,6 +22,7 @@ PLATFORMS
x64-mingw-ucrt x64-mingw-ucrt
DEPENDENCIES DEPENDENCIES
bcrypt
jwt jwt
sinatra sinatra
sqlite3 sqlite3

View File

@ -25,6 +25,12 @@ post '/auth/login' do
username = params[:username] username = params[:username]
password = params[:password] password = params[:password]
unless check_if_user_exists username
status 401
return { jwt: "Unuthorized Access" }.to_json
end
user_id = get_user_id username user_id = get_user_id username
unless check_password_for_user(user_id, password) unless check_password_for_user(user_id, password)

View File

@ -10,7 +10,17 @@ def create_new_user(username, password)
', [username, create_password_for_user(password)]) ', [username, create_password_for_user(password)])
end end
def check_if_user_exists(username)
db = SQLite3::Database.new('./database/auth.db')
result = db.get_first_value('SELECT COUNT(*) FROM users WHERE username = ?', username)
if result > 0
return true
else
return false
end
end
def get_user_id(username) def get_user_id(username)
db = SQLite3::Database.new('./database/auth.db') db = SQLite3::Database.new('./database/auth.db')

View File

@ -13,8 +13,14 @@ http = Net::HTTP.new(url.host, url.port)
# Create a new Net::HTTP::Post request with the desired path # Create a new Net::HTTP::Post request with the desired path
request = Net::HTTP::Post.new(url.path) request = Net::HTTP::Post.new(url.path)
puts 'Enter username:'
username = gets.strip!
puts 'Enter password'
password = gets.strip!
# Set the request body with the data you want to send # Set the request body with the data you want to send
request.body = 'username=admin&password=pass1re23' request.body = "username=#{username}&password=#{password}"
#request.body = "username=admin&password=pass123"
# Set the 'Content-Type' header if needed # Set the 'Content-Type' header if needed
request['Content-Type'] = 'application/x-www-form-urlencoded' request['Content-Type'] = 'application/x-www-form-urlencoded'