From 53bdf10f85e53fbe1cf9acc90164ed4bc6b38532 Mon Sep 17 00:00:00 2001 From: Marvin Borner Date: Sun, 7 Apr 2019 13:32:37 +0200 Subject: Added password hashing and verifying --- src/main/kotlin/App.kt | 2 +- src/main/kotlin/DatabaseController.kt | 27 +++++++++++++++++---------- 2 files changed, 18 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/main/kotlin/App.kt b/src/main/kotlin/App.kt index 34bdc4b..2869525 100644 --- a/src/main/kotlin/App.kt +++ b/src/main/kotlin/App.kt @@ -57,7 +57,7 @@ fun main() { * Sets up the roles with the database and declares the handling of roles */ fun setupRoles(handler: Handler, ctx: Context, permittedRoles: Set) { - val userRole = databaseController.getUser("melvin")[0].second + val userRole = databaseController.getRole("melvin") when { permittedRoles.contains(userRole) -> handler.handle(ctx) ctx.host()!!.contains("localhost") -> handler.handle(ctx) diff --git a/src/main/kotlin/DatabaseController.kt b/src/main/kotlin/DatabaseController.kt index 86d20a8..0a7026c 100644 --- a/src/main/kotlin/DatabaseController.kt +++ b/src/main/kotlin/DatabaseController.kt @@ -1,5 +1,6 @@ package space.anity +import at.favre.lib.crypto.bcrypt.* import org.jetbrains.exposed.sql.* import org.jetbrains.exposed.sql.transactions.* import java.sql.* @@ -22,7 +23,7 @@ class DatabaseController(dbFileLocation: String = "main.db") { */ object UserData : Table() { val id = integer("id").autoIncrement().primaryKey() - val username = varchar("username", 24) + val username = varchar("username", 24).uniqueIndex() val password = varchar("password", 64) val role = varchar("role", 64).default("USER") } @@ -47,31 +48,37 @@ class DatabaseController(dbFileLocation: String = "main.db") { /** * Creates the user in the database using username, password and the role */ - fun createUser(usernameString: String, passwordHash: String, roleString: String) { + fun createUser(usernameString: String, passwordString: String, roleString: String) { transaction { try { UserData.insert { it[username] = usernameString - it[password] = passwordHash + it[password] = BCrypt.withDefaults().hashToString(12, passwordString.toCharArray()) it[role] = roleString } } catch (_: org.jetbrains.exposed.exceptions.ExposedSQLException) { log.warning("User already exists!") } - } } /** - * Returns a list of the username paired with the corresponding role using [usernameString] + * Tests whether the password [passwordString] of the user [usernameString] is correct */ - fun getUser(usernameString: String): List> { + fun checkUser(usernameString: String, passwordString: String): Boolean { return transaction { - return@transaction UserData.select { UserData.username eq usernameString }.map { - it[UserData.username] to (if (it[UserData.role] == "ADMIN") Roles.ADMIN else Roles.USER) - } + val passwordHash = UserData.select { UserData.username eq usernameString }.map { it[UserData.password] }[0] + BCrypt.verifyer().verify(passwordString.toCharArray(), passwordHash).verified } } - // TODO: Add more functions for database interaction + /** + * Returns the corresponding role using [usernameString] + */ + fun getRole(usernameString: String): Roles { + return transaction { + val role = UserData.select { UserData.username eq usernameString }.map { it[UserData.role] }[0] + if (role == "ADMIN") Roles.ADMIN else Roles.USER + } + } } -- cgit v1.2.3