diff --git a/misc/add_user.py b/misc/add_user.py new file mode 100644 index 0000000..0835382 --- /dev/null +++ b/misc/add_user.py @@ -0,0 +1,32 @@ +import mysql.connector +import os +import json +import bcrypt + +config_path = '../src/server/BreCal/connection_data.json' +print (os.getcwd()) +if not os.path.exists(config_path): + print ('cannot find ' + config_path) + exit(1) + +f = open(config_path); +connection_data = json.load(f) +mydb = mysql.connector.connect(host=connection_data["host"], user=connection_data["user"], + password = connection_data["password"], database=connection_data["database"]) +print(mydb) + +# insert a new user +participant_id = 1 +first_name = "Londo" +last_name = "Mollari" +user_name = "Londo" +user_email = "l.mollari@centauri.gov" +user_phone = "+01 555 324 2313" +password = "Hallowach" +password_hash = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt( 12 )).decode('utf8') + +query = "INSERT INTO user (participant_id, first_name, last_name, user_name, user_email, user_phone, password_hash) VALUES (" + str(participant_id) + ",\"" + first_name + "\",\"" + last_name + "\",\"" + user_name + "\",\"" + user_email + "\",\"" + user_phone + "\",\"" + password_hash + "\")" +with mydb.cursor() as cursor: + cursor.execute(query) + mydb.commit() + diff --git a/misc/create_schema.sql b/misc/create_schema.sql index c576605..9978bb2 100644 --- a/misc/create_schema.sql +++ b/misc/create_schema.sql @@ -19,6 +19,8 @@ CREATE TABLE `user` ( `first_name` varchar(45) DEFAULT NULL, `last_name` varchar(45) DEFAULT NULL, `user_name` varchar(45) DEFAULT NULL, + `user_email` varchar(128) DEFAULT NULL, + `user_phone` varchar(128) DEFAULT NULL, `password_hash` varchar(128) DEFAULT NULL, `api_key` varchar(256) DEFAULT NULL, `created` DATETIME NULL DEFAULT current_timestamp(), diff --git a/src/server/BreCal/__init__.py b/src/server/BreCal/__init__.py index c8e5362..f61244f 100644 --- a/src/server/BreCal/__init__.py +++ b/src/server/BreCal/__init__.py @@ -12,6 +12,7 @@ from .api import times from .api import notifications from .api import berths from .api import ships +from .api import login sessions = dict() @@ -40,6 +41,7 @@ def create_app(test_config=None): app.register_blueprint(notifications.bp) app.register_blueprint(berths.bp) app.register_blueprint(ships.bp) + app.register_blueprint(login.bp) logging.basicConfig(filename='brecal.log', level=logging.DEBUG, format='%(asctime)s | %(name)s | %(levelname)s | %(message)s') local_db.initPool() diff --git a/src/server/BreCal/api/login.py b/src/server/BreCal/api/login.py new file mode 100644 index 0000000..ad20787 --- /dev/null +++ b/src/server/BreCal/api/login.py @@ -0,0 +1,16 @@ +from flask import Blueprint, request +from flask_jwt_extended import create_access_token +from webargs.flaskparser import parser +from ..schemas import model +from .. import impl +import json +import logging + +bp = Blueprint('login', __name__) + + +@bp.route('/login', methods=['post']) +def Logon(): + + options = request.get_json(force=True) + return impl.login.GetUser(options) diff --git a/src/server/BreCal/impl/__init__.py b/src/server/BreCal/impl/__init__.py index 1e4e005..946e70b 100644 --- a/src/server/BreCal/impl/__init__.py +++ b/src/server/BreCal/impl/__init__.py @@ -5,3 +5,4 @@ from . import shipcalls from . import times from . import verify from . import ships +from . import login diff --git a/src/server/BreCal/impl/login.py b/src/server/BreCal/impl/login.py new file mode 100644 index 0000000..38c2f17 --- /dev/null +++ b/src/server/BreCal/impl/login.py @@ -0,0 +1,40 @@ +import json +import logging +import pydapper +import bcrypt + +from ..schemas import model +from .. import local_db + +def GetUser(options): + + try: + if "password" in options and "username" in options: + hash = bcrypt.hashpw(options["password"].encode('utf-8'), bcrypt.gensalt( 12 )).decode('utf8') + + commands = pydapper.using(local_db.connection_pool) + data = commands.query("SELECT id, participant_id, first_name, last_name, user_name, user_email, user_phone, password_hash, api_key FROM user WHERE user_name = ?username? OR user_email = ?username?", + model=model.User, param={"username" : options["username"]}) + print(data) + if len(data) == 1: + if bcrypt.checkpw(options["password"].encode("utf-8"), bytes(data[0].password_hash, "utf-8")): + return json.dumps({ "id": data[0].id, + "participant_id": data[0].participant_id, + "first_name": data[0].first_name, + "last_name": data[0].last_name, + "user_name": data[0].user_name, + "user_phone": data[0].user_phone}), 200 + + if len(data) > 1: + return json.dumps("credential lookup mismatch"), 500 + + return json.dumps("invalid credentials"), 403 + + except Exception as ex: + logging.error(ex) + print(ex) + return json.dumps("call failed"), 500 + +# $2b$12$uWLE0r32IrtCV30WkMbVwOdltgeibymZyYAf4ZnQb2Bip8hrkGGwG +# $2b$12$.vEapj9xU8z0RK0IpIGeYuRIl0ktdMt4XdJQBhVn.3K2hmvm7qD3y +# $2b$12$yL3PiseU70ciwEuMVM4OtuMwR6tNuIT9vvBiBG/uyMrPxa16E2Zqu \ No newline at end of file diff --git a/src/server/BreCal/local_db.py b/src/server/BreCal/local_db.py index 7c38aeb..fd2b83f 100644 --- a/src/server/BreCal/local_db.py +++ b/src/server/BreCal/local_db.py @@ -22,7 +22,7 @@ def initPool(): connection_pool = mysql.connector.connect(**connection_data) commands = pydapper.using(connection_pool) - data = commands.query_single("SELECT id from `user`") + data = commands.query("SELECT id from `user`") print("DB connection successful") except mysql.connector.PoolError as e: diff --git a/src/server/BreCal/schemas/model.py b/src/server/BreCal/schemas/model.py index 4d1f27a..3899bdc 100644 --- a/src/server/BreCal/schemas/model.py +++ b/src/server/BreCal/schemas/model.py @@ -142,7 +142,18 @@ class Times: created: datetime modified: datetime - +@dataclass +class User: + + id: int + participant_id: int + first_name: str + last_name: str + user_name: str + user_email: str + user_phone: str + password_hash: str + api_key: str @dataclass class Ship(Schema): @@ -173,12 +184,3 @@ class Shipcalls(Shipcall): class TimesList(Times): pass - -class User(Schema): - id = fields.Int() - participant_id = fields.Int() - first_name = fields.String() - last_name = fields.String() - user_name = fields.String() - password_hash = fields.String() - api_key = fields.String()