Correction du bug sur les mots de passe

2023-11-16 16:44:27 +01:00
parent 9f0924f06b
commit e844fbf3b0
2 changed files with 67 additions and 39 deletions
--- a/app.js
+++ b/app.js
@@ -33,6 +33,26 @@ app.use(bodyParser.urlencoded({extended: false}));
 app.use(express.json())


+function hashPassword(plaintextPassword) {
+    bcrypt.hash(plaintextPassword, 10)
+        .then(hash => {
+            return hash;
+        })
+        .catch(err => {
+            console.log(err)
+        })
+}
+
+function comparePassword(plaintextPassword, hash) {
+    bcrypt.compare(plaintextPassword, hash)
+        .then(result => {
+            return result;
+        })
+        .catch(err => {
+            console.log(err)
+        })
+ }
+
 // *******************************************    Arrivée sur la page d'accueil    *******************************************
 app.get("/", (req, res) => { 
    let today = dateFormat(new Date(), "yyyymmdd");
@@ -100,7 +120,7 @@ app.post("/auth/register", (req, res) => {
                }
            })

-            let hashedPassword = await bcrypt.hash(password, 8);
+            let hashedPassword = hashPassword(password);
            db.query('INSERT INTO user SET?', {gender : (gender != undefined ? gender : ""), firstname: firstname, name: name, title: title, email: email, nickname : nickname, password: hashedPassword}, (err, result) => {
                if(error) {
                    console.log(error)
@@ -114,6 +134,8 @@ app.post("/auth/register", (req, res) => {

 // *******************************************    Connexion sur le compte utilisateur    *******************************************
 app.post("/auth/check-login", (req, res) => {
+    var userId, 
+        passwordStocke; 
    const { email, nickname, password, role, session } = req.body

    if (email == '' && nickname == '') {
@@ -124,7 +146,14 @@ app.post("/auth/check-login", (req, res) => {
        })
    }

-    db.query('SELECT * FROM user WHERE email = ? OR nickname = ?', [email,nickname], async (error, result) => {
+    let requete = '';
+    if (nickname != '') {
+        requete = "SELECT * FROM user WHERE UPPER(nickname) = '?'".replace("?", nickname.toUpperCase());
+    }
+    if (email != '') {
+        requete = "SELECT * FROM user WHERE UPPER(email) = '?'".replace("?", email.toUpperCase());
+    }
+    db.query(requete, async (error, result) => {
        if(error){
            console.log(error)
        }
@@ -137,10 +166,8 @@ app.post("/auth/check-login", (req, res) => {
            })
        }

-        var userId = result[0].ID
-        bcrypt.compare(password, result[0].password, function(err, result) {
-            if(result) {
-
+        userId = result[0].ID;
+        if (comparePassword(password, result[0].password)) {
            // Le user est connecté avec succès : on vérifie qu'il n'est pas déjà inscrit à la session et si pas le cas, on l'inscrit et on incrémente le compteur des participants
            db.query('SELECT * FROM participation WHERE user = ?', [userId], async (error, result) => {
                if(error) {
@@ -164,7 +191,7 @@ app.post("/auth/check-login", (req, res) => {
                res.redirect('https://slave.thecoredev.fr');
            }
            else {
-                    res.redirect('https://master.thecoredev.fr');
+                res.redirect('https://slave.thecoredev.fr');
            }
        }
        else {
@@ -175,7 +202,6 @@ app.post("/auth/check-login", (req, res) => {
            })
        }
    })
-    })
 })


--- a/package.json
+++ b/package.json
@@ -18,8 +18,10 @@
    "dotenv": "^16.3.1",
    "express": "^4.18.2",
    "hbs": "^4.2.0",
-    "mysql": "^2.18.1",
-    "wrtc": "^0.4.7",
-    "ws": "^8.14.2"
+    "mysql": "^2.18.1"
+  },
+  "engines": {
+    "npm": ">=7.0.0 <8.0.0",
+    "node": ">=18.0.0 <19.0.0"
  }
 }