From 7047f7c7e87032e1a66ac44abd39af8bde96c8e3 Mon Sep 17 00:00:00 2001 From: "Manuel Weiser (aider)" Date: Mon, 2 Sep 2024 10:43:07 +0200 Subject: [PATCH] feat: implement password hashing for user authentication and storage --- game_collection/models.py | 12 ++++++------ game_collection/user_management.py | 16 ++++++++-------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/game_collection/models.py b/game_collection/models.py index 1c8141d..b7f7d88 100644 --- a/game_collection/models.py +++ b/game_collection/models.py @@ -3,18 +3,18 @@ from flask_sqlalchemy import SQLAlchemy db = SQLAlchemy() class Game(db.Model): - __tablename__ = 'games' # Ensure the table name is set to 'games' + __tablename__ = 'games' id = db.Column(db.Integer, primary_key=True) image = db.Column(db.String(255)) title = db.Column(db.String(100), nullable=False) - date = db.Column(db.String(10), nullable=False) # Ensure date is not nullable + date = db.Column(db.String(10), nullable=False) buyer = db.Column(db.String(100)) owned = db.Column(db.Boolean, nullable=False) class User(db.Model): - __tablename__ = 'users' # Ensure the table name is set to 'users' + __tablename__ = 'users' id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(100), nullable=False, unique=True) - password = db.Column(db.String(100), nullable=False) - role = db.Column(db.String(10), nullable=False) # 'user' or 'admin' - last_login = db.Column(db.String(20), nullable=True) # Last login timestamp + password = db.Column(db.String(128), nullable=False) # Increased length for hashed passwords + role = db.Column(db.String(10), nullable=False) + last_login = db.Column(db.String(20), nullable=True) diff --git a/game_collection/user_management.py b/game_collection/user_management.py index 4ddd7c6..5329314 100644 --- a/game_collection/user_management.py +++ b/game_collection/user_management.py @@ -1,23 +1,22 @@ from flask import Blueprint, request, jsonify, g from models import db, User from datetime import datetime +from werkzeug.security import generate_password_hash, check_password_hash user_bp = Blueprint('user', __name__) def authenticate(): - # Hier wird die Authentifizierung überprüft (z.B. durch Token oder Session) username = request.headers.get('X-Username') password = request.headers.get('X-Password') if username and password: - user = User.query.filter_by(username=username, password=password).first() - if user: + user = User.query.filter_by(username=username).first() + if user and check_password_hash(user.password, password): g.user = user return True return False @user_bp.before_request def before_request(): - # Überprüfen, ob der Benutzer angemeldet ist, außer bei Login if request.endpoint not in ['user.login_user']: if not authenticate(): return jsonify({'message': 'Unauthorized access!'}), 401 @@ -25,10 +24,11 @@ def before_request(): @user_bp.route('/users', methods=['POST']) def create_user(): data = request.json + hashed_password = generate_password_hash(data['password']) new_user = User( username=data['username'], - password=data['password'], - role=data.get('role', 'user'), # Default role is 'user' + password=hashed_password, + role=data.get('role', 'user'), last_login=None ) db.session.add(new_user) @@ -38,8 +38,8 @@ def create_user(): @user_bp.route('/users/login', methods=['POST']) def login_user(): data = request.json - user = User.query.filter_by(username=data['username'], password=data['password']).first() - if user: + user = User.query.filter_by(username=data['username']).first() + if user and check_password_hash(user.password, data['password']): user.last_login = datetime.now().strftime('%Y-%m-%d %H:%M:%S') db.session.commit() return jsonify({'message': 'Login successful!', 'role': user.role}), 200