Merge branch 'develop' of Software_Engineering_I/greenvironment-server into master

pull/5/head
Trivernis 5 years ago
commit 3bbcd03fef

@ -65,6 +65,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- sendRequest allowing duplicates - sendRequest allowing duplicates
- upload throwing an error when the old picture doesn't exist - upload throwing an error when the old picture doesn't exist
- extension of uploaded videos doesn't have a dot - extension of uploaded videos doesn't have a dot
- registration with empty username or password is possible
## [0.9] - 2019-10-29 ## [0.9] - 2019-10-29

@ -29,8 +29,9 @@ const scrKeyLength = 64;
/** /**
* Creates a random salt. * Creates a random salt.
*/ */
function generateSalt(): Buffer { function generateSalt(): string {
return crypto.randomBytes(32); const salt = crypto.randomBytes(32);
return Buffer.from(salt).toString("hex");
} }
/** /**
@ -58,11 +59,11 @@ function sha512HashPassword(password: string) {
* Generates a new handle from the username and a base64 string of the current time. * Generates a new handle from the username and a base64 string of the current time.
* @param username * @param username
*/ */
async function generateHandle(username: string) { async function generateHandle(username: string): Promise<string> {
username = username.toLowerCase().replace(/\s/g, "_"); username = username.toLowerCase().replace(/\s/g, "_");
const count = await models.User.count({where: {handle: {[sqz.Op.like]: `%${username}%`}}}); const count = await models.User.count({where: {handle: {[sqz.Op.like]: `%${username}%`}}});
if (count > 0) { if (count > 0) {
return `${username}${count}`; return await generateHandle(`${username}${count}`);
} else { } else {
return username; return username;
} }
@ -149,19 +150,18 @@ namespace dataaccess {
*/ */
export async function getUserByLogin(email: string, password: string): Promise<models.User> { export async function getUserByLogin(email: string, password: string): Promise<models.User> {
const user = await models.User.findOne({where: {email}}); const user = await models.User.findOne({where: {email}});
if (!user.salt) {
const hashPassword = sha512HashPassword(password);
if (hashPassword === user.password) {
const salt = generateSalt();
user.salt = Buffer.from(salt).toString("hex");
user.password = await scryptHashPassword(password, Buffer.from(user.salt));
await user.save();
password = user.password;
}
} else {
password = await scryptHashPassword(password, Buffer.from(user.salt));
}
if (user) { if (user) {
if (!user.salt) {
const hashPassword = sha512HashPassword(password);
if (hashPassword === user.password) {
user.salt = generateSalt();
user.password = await scryptHashPassword(password, Buffer.from(user.salt));
await user.save();
password = user.password;
}
} else {
password = await scryptHashPassword(password, Buffer.from(user.salt));
}
if (user.password === password) { if (user.password === password) {
return user; return user;
} else { } else {
@ -191,13 +191,12 @@ namespace dataaccess {
if (blacklisted.length > 0) { if (blacklisted.length > 0) {
throw new BlacklistedError(blacklisted.map((p) => p.phrase), "username"); throw new BlacklistedError(blacklisted.map((p) => p.phrase), "username");
} }
const hash = crypto.createHash("sha512");
hash.update(password);
password = hash.digest("hex");
const existResult = !!(await models.User.findOne({where: {email}})); const existResult = !!(await models.User.findOne({where: {email}}));
const handle = await generateHandle(username); const handle = await generateHandle(username);
if (!existResult) { if (!existResult) {
return models.User.create({username, email, password, handle}); const salt = generateSalt();
password = await scryptHashPassword(password, Buffer.from(salt));
return models.User.create({username, email, password, handle, salt});
} else { } else {
throw new EmailAlreadyRegisteredError(email); throw new EmailAlreadyRegisteredError(email);
} }

@ -312,7 +312,7 @@ export class User extends Model<User> {
* The total number of the users friends. * The total number of the users friends.
*/ */
public async friendCount(): Promise<number> { public async friendCount(): Promise<number> {
return await this.$count("rFriends") + await this.$count("rFriendOf"); return this.$count("rFriends");
} }
/** /**

@ -31,6 +31,7 @@ import {
} from "../../lib/models"; } from "../../lib/models";
import {Report} from "../../lib/models"; import {Report} from "../../lib/models";
import {ReportReason} from "../../lib/models"; import {ReportReason} from "../../lib/models";
import {is} from "../../lib/regex";
import {UploadManager} from "../../lib/UploadManager"; import {UploadManager} from "../../lib/UploadManager";
import {BaseResolver} from "./BaseResolver"; import {BaseResolver} from "./BaseResolver";
@ -99,7 +100,10 @@ export class MutationResolver extends BaseResolver {
*/ */
public async register({username, email, passwordHash}: { username: string, email: string, passwordHash: string }, public async register({username, email, passwordHash}: { username: string, email: string, passwordHash: string },
request: any): Promise<User> { request: any): Promise<User> {
let mailValid = isEmail(email); if (username?.length === 0 || email?.length === 0 || passwordHash?.length === 0) {
throw new GraphQLError("No username or email or password given.");
}
let mailValid = is.email(email);
if (mailValid) { if (mailValid) {
try { try {
mailValid = (await legit(email)).isValid; mailValid = (await legit(email)).isValid;

@ -17,7 +17,7 @@ import {
Post, Post,
Report, ReportReason, Report, ReportReason,
Request, Request,
User User,
} from "../../lib/models"; } from "../../lib/models";
import {BlacklistedResult} from "./BlacklistedResult"; import {BlacklistedResult} from "./BlacklistedResult";
import {MutationResolver} from "./MutationResolver"; import {MutationResolver} from "./MutationResolver";

Loading…
Cancel
Save