From 6ca1f6b13c68da3bff5c606b955740ddbd9a47fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Y=C3=BBki=20Vachot?= Date: Wed, 5 Jan 2022 09:21:42 +0100 Subject: [PATCH] Update: Remove 1 error message --- backend/application/api_functions.py | 45 +++++++--------------------- backend/application/routes.py | 2 -- backend/application/users_model.py | 6 ---- backend/config.py | 2 +- 4 files changed, 12 insertions(+), 43 deletions(-) diff --git a/backend/application/api_functions.py b/backend/application/api_functions.py index 5cb4974..26e4157 100644 --- a/backend/application/api_functions.py +++ b/backend/application/api_functions.py @@ -7,38 +7,31 @@ from .logs_model import Logs def hash_password(salt, password): - return hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000) + return hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000) def db_login(ip, email, password): user = Users.query.filter( Users.email == email ).first() - if not user: - message = f'Email or password invalid' + + # Check User and Hash Pass + if user and user.hash_pass == hash_password(user.salt, password): + message = 'User authenticated.' log = Logs( date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'), - id_user=None, + id_user=user.id, ip=ip, table='users', action='login', message=message, - has_succeeded=False, - status_code=1 + has_succeeded=True, + status_code=0 ) db.session.add(log) db.session.commit() - return {'status': 1, 'message': message} # User does not exist - - # Check Hash Pass - salt = user.get_salt() - hash_pass = hash_password(salt, password) - - user = Users.query\ - .filter(Users.email == email, Users.hash_pass == hash_pass)\ - .first() - - if not user: + return {'status': 0, 'message': message, 'data': user.json()} + else: message = f'Email or password invalid' log = Logs( date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'), @@ -52,22 +45,7 @@ def db_login(ip, email, password): ) db.session.add(log) db.session.commit() - return {'status': 2, 'message': message} # Email or password invalid - else: - message = 'User authenticated.' - log = Logs( - date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'), - id_user=user.get_id(), - ip=ip, - table='users', - action='login', - message=message, - has_succeeded=True, - status_code=0 - ) - db.session.add(log) - db.session.commit() - return {'status': 0, 'message': message, 'data': user.json()} + return {'status': 1, 'message': message} # Email or password invalid def db_register(ip, email, password, is_admin): @@ -92,7 +70,6 @@ def db_register(ip, email, password, is_admin): # Salt Hash Pass with SHA256 salt = os.urandom(32) - print('salt: ', salt) hash_pass = hash_password(salt, password) user = Users( diff --git a/backend/application/routes.py b/backend/application/routes.py index 0241068..3a1f1b8 100644 --- a/backend/application/routes.py +++ b/backend/application/routes.py @@ -17,8 +17,6 @@ def login(): if res['status'] == 0: return send_message(res['message'], res['data']) elif res['status'] == 1: - return send_error(500, res['message']) - elif res['status'] == 2: return send_error(404, res['message']) else: return send_error(400, 'POST Request Error : Need email, password fields.') diff --git a/backend/application/users_model.py b/backend/application/users_model.py index bdf19d5..97d27e6 100644 --- a/backend/application/users_model.py +++ b/backend/application/users_model.py @@ -36,12 +36,6 @@ class Users(db.Model): 'is_admin': self.is_admin } - def get_id(self): - return self.id - - def get_salt(self): - return self.salt - def auth_token(self): try: time = datetime.now().strftime('%Y-%m-%dT%H:%M:%S') diff --git a/backend/config.py b/backend/config.py index c84488c..2f816c1 100644 --- a/backend/config.py +++ b/backend/config.py @@ -8,7 +8,7 @@ class Config(object): TESTING = False CSRF_ENABLED = True - SECRET_KEY = os.environ.get('SECRET_KEY', None) + SECRET_KEY = os.environ.get('SECRET_KEY', 'default_secret_key') FLASK_APP = os.environ.get('FLASK_APP', None) FLASK_ENV = os.environ.get('FLASK_ENV', None)