Added password hashing and verifying

3 files changed, 19 insertions, 11 deletions

diff --git a/build.gradle b/build.gradle
index b3f570a..1eee8c8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -29,6 +29,7 @@ dependencies {
     compile "org.xerial:sqlite-jdbc:3.21.0.1"
     compile "org.thymeleaf:thymeleaf:3.0.9.RELEASE"
     compile group: 'com.fizzed', name: 'rocker-compiler', version: '1.2.1'
+    compile group: 'at.favre.lib', name: 'bcrypt', version: '0.7.0'
 }
 
 compileKotlin {
diff --git a/src/main/kotlin/App.kt b/src/main/kotlin/App.kt
index 34bdc4b..2869525 100644
--- a/src/main/kotlin/App.kt
+++ b/src/main/kotlin/App.kt
@@ -57,7 +57,7 @@ fun main() {
  * Sets up the roles with the database and declares the handling of roles
  */
 fun setupRoles(handler: Handler, ctx: Context, permittedRoles: Set<Role>) {
-    val userRole = databaseController.getUser("melvin")[0].second
+    val userRole = databaseController.getRole("melvin")
     when {
         permittedRoles.contains(userRole) -> handler.handle(ctx)
         ctx.host()!!.contains("localhost") -> handler.handle(ctx)
diff --git a/src/main/kotlin/DatabaseController.kt b/src/main/kotlin/DatabaseController.kt
index 86d20a8..0a7026c 100644
--- a/src/main/kotlin/DatabaseController.kt
+++ b/src/main/kotlin/DatabaseController.kt
@@ -1,5 +1,6 @@
 package space.anity
 
+import at.favre.lib.crypto.bcrypt.*
 import org.jetbrains.exposed.sql.*
 import org.jetbrains.exposed.sql.transactions.*
 import java.sql.*
@@ -22,7 +23,7 @@ class DatabaseController(dbFileLocation: String = "main.db") {
      */
     object UserData : Table() {
         val id = integer("id").autoIncrement().primaryKey()
-        val username = varchar("username", 24)
+        val username = varchar("username", 24).uniqueIndex()
         val password = varchar("password", 64)
         val role = varchar("role", 64).default("USER")
     }
@@ -47,31 +48,37 @@ class DatabaseController(dbFileLocation: String = "main.db") {
     /**
      * Creates the user in the database using username, password and the role
      */
-    fun createUser(usernameString: String, passwordHash: String, roleString: String) {
+    fun createUser(usernameString: String, passwordString: String, roleString: String) {
         transaction {
             try {
                 UserData.insert {
                     it[username] = usernameString
-                    it[password] = passwordHash
+                    it[password] = BCrypt.withDefaults().hashToString(12, passwordString.toCharArray())
                     it[role] = roleString
                 }
             } catch (_: org.jetbrains.exposed.exceptions.ExposedSQLException) {
                 log.warning("User already exists!")
             }
-
         }
     }
 
     /**
-     * Returns a list of the username paired with the corresponding role using [usernameString]
+     * Tests whether the password [passwordString] of the user [usernameString] is correct
      */
-    fun getUser(usernameString: String): List<Pair<String, Roles>> {
+    fun checkUser(usernameString: String, passwordString: String): Boolean {
         return transaction {
-            return@transaction UserData.select { UserData.username eq usernameString }.map {
-                it[UserData.username] to (if (it[UserData.role] == "ADMIN") Roles.ADMIN else Roles.USER)
-            }
+            val passwordHash = UserData.select { UserData.username eq usernameString }.map { it[UserData.password] }[0]
+            BCrypt.verifyer().verify(passwordString.toCharArray(), passwordHash).verified
         }
     }
 
-    // TODO: Add more functions for database interaction
+    /**
+     * Returns the corresponding role using [usernameString]
+     */
+    fun getRole(usernameString: String): Roles {
+        return transaction {
+            val role = UserData.select { UserData.username eq usernameString }.map { it[UserData.role] }[0]
+            if (role == "ADMIN") Roles.ADMIN else Roles.USER
+        }
+    }
 }