From c14a360418a88115cf752cadf3cb3c9e9ca2ecb1 Mon Sep 17 00:00:00 2001
From: Spekulaas <“ryan@aterve.nl”>
Date: Wed, 25 Oct 2023 17:09:07 +0200
Subject: [PATCH] change user password func

---
 goodchain/src/classes/Signature.py       | 34 --------------------
 goodchain/src/classes/User.py            | 39 ++++++++++++++++++-----
 goodchain/src/helpers/DatabaseHelper.py  |  4 +--
 goodchain/src/helpers/MenuHelper.py      |  6 ++--
 goodchain/src/helpers/SignatureHelper.py | 40 ++++++++++++++++++++++++
 goodchain/src/helpers/UtilityHelper.py   | 10 ++++++
 6 files changed, 87 insertions(+), 46 deletions(-)
 delete mode 100644 goodchain/src/classes/Signature.py
 create mode 100644 goodchain/src/helpers/SignatureHelper.py
 create mode 100644 goodchain/src/helpers/UtilityHelper.py

diff --git a/goodchain/src/classes/Signature.py b/goodchain/src/classes/Signature.py
deleted file mode 100644
index 828db26..0000000
--- a/goodchain/src/classes/Signature.py
+++ /dev/null
@@ -1,34 +0,0 @@
-from cryptography.exceptions import *
-from cryptography.hazmat.primitives.asymmetric import rsa
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import serialization
-
-class Signature:
-    def generate_keys():
-        private_key = rsa.generate_private_key(public_exponent=65537,key_size=2048)
-        public_key = private_key.public_key()
-
-        return private_key, public_key
-    
-    def keys_to_bytes(private_key, public_key):
-        prv_ser = private_key.private_bytes(
-            encoding=serialization.Encoding.PEM,
-            format=serialization.PrivateFormat.TraditionalOpenSSL,
-            encryption_algorithm=serialization.NoEncryption())
-        
-        pbc_ser = public_key.public_bytes(
-            encoding=serialization.Encoding.PEM,
-            format=serialization.PublicFormat.SubjectPublicKeyInfo)
-        
-        return prv_ser, pbc_ser
-    
-    def bytes_to_keys(private_ser, public_ser):
-        private_key = serialization.load_pem_private_key(
-            private_ser,
-            password=None
-        )
-        public_key = serialization.load_pem_public_key(
-            public_ser
-        )
-        return private_key, public_key
\ No newline at end of file
diff --git a/goodchain/src/classes/User.py b/goodchain/src/classes/User.py
index b2eacd9..9c09827 100644
--- a/goodchain/src/classes/User.py
+++ b/goodchain/src/classes/User.py
@@ -1,5 +1,6 @@
 from getpass import getpass
-from classes.Signature import Signature
+from helpers import SignatureHelper as Signature
+from helpers import UtilityHelper
 
 class User:
     def __init__(self, db, private_key=None, public_key=None, username=None, password=None):
@@ -13,11 +14,13 @@ class User:
         input_username = input("Username: ")
         input_password = getpass("Password: ")
 
-        user = self.db.loginUser(input_username, input_password)
+        hashed_password = UtilityHelper.computeHash(input_password)
+
+        user = self.db.loginUser(input_username, hashed_password)
 
         # check if user exists
         if user:
-            private_key, public_key = Signature.bytes_to_keys(user[0], user[1])
+            private_key, public_key = Signature.bytesToKeys(user[0], user[1])
             self.private_key = private_key
             self.public_key = public_key
             self.username = user[2]
@@ -28,15 +31,17 @@ class User:
         input_username = input("Username: ")
         input_password = getpass("Password: ")
 
+        hashed_password = UtilityHelper.computeHash(input_password)
+
         # check if username is already taken
         if self.db.fetchUserByUsername(input_username):
             return False
 
         # create sig for user
-        private_key, public_key = Signature.generate_keys()
-        private_ser, public_ser = Signature.keys_to_bytes(private_key, public_key)
+        private_key, public_key = Signature.generateKeys()
+        private_ser, public_ser = Signature.keysToBytes(private_key, public_key)
         # register user
-        if self.db.createUser( private_ser, public_ser, input_username, input_password):
+        if self.db.createUser( private_ser, public_ser, input_username, hashed_password):
             self.private_key = private_key
             self.public_key = public_key
             self.username = input_username
@@ -47,4 +52,24 @@ class User:
         self.private_key = None
         self.public_key = None
         self.username = None
-        return True
\ No newline at end of file
+        return True
+    
+    def updatePassword(self):
+        # Get new password
+        new_password = getpass('Enter your new password: ')
+        check_new_password = getpass('Enter your new password again: ')
+        while new_password != check_new_password:
+            print('Passwords do not match')
+            new_password = getpass('Enter your new password: ')
+            check_new_password = getpass('Enter your new password again: ')
+
+        old_password = getpass('Enter your old password: ')
+        hashed_new_password = UtilityHelper.computeHash(new_password)
+        hashed_old_password = UtilityHelper.computeHash(old_password)
+
+        private_key_bytes = Signature.privateKeyToBytes(self.private_key)
+
+        if self.db.changePassword(private_key_bytes, hashed_old_password, hashed_new_password) == True:
+            print('Password updated')
+        else:
+            print('Something went wrong while trying to update password..')
diff --git a/goodchain/src/helpers/DatabaseHelper.py b/goodchain/src/helpers/DatabaseHelper.py
index d323ee8..2726289 100644
--- a/goodchain/src/helpers/DatabaseHelper.py
+++ b/goodchain/src/helpers/DatabaseHelper.py
@@ -62,12 +62,12 @@ class DatabaseHelper:
             print(error)
             return False
 
-    def changePasswordUser(self, user_privatekey, password):
+    def changePassword(self, user_privatekey, old_password, password):
         if not self.conn:
             return None
 
         try:
-            self.cursor.execute("UPDATE `users` SET `password` = ? WHERE `private_key` = ?", (password, user_privatekey,))
+            self.cursor.execute("UPDATE `users` SET `password` = ? WHERE (`private_key` = ? AND `password` = ?)", (password, user_privatekey, old_password,))
             self.commit()
 
             return True
diff --git a/goodchain/src/helpers/MenuHelper.py b/goodchain/src/helpers/MenuHelper.py
index 666f255..62384a4 100644
--- a/goodchain/src/helpers/MenuHelper.py
+++ b/goodchain/src/helpers/MenuHelper.py
@@ -44,7 +44,7 @@ class MenuHelper:
         self.user_settings_menu[1] = "View account info"
         self.user_settings_menu[2] = "Change username"
         self.user_settings_menu[3] = "Change password"
-        self.user_settings_menu[3] = "DELETE ACCOUNT"
+        self.user_settings_menu[4] = "DELETE ACCOUNT"
 
         self.opened_logs = False
 
@@ -106,7 +106,7 @@ class MenuHelper:
                     user = None
 
                 case "User Settings":
-                    print(user.private_key)
+                    self.runUserSettingsMenu(user)
 
                 case "Blockchain":
                     self.runUserBlockchainMenu(user)
@@ -167,7 +167,7 @@ class MenuHelper:
                     print("TODO")
 
                 case "Change password":
-                    print("TODO")
+                    user.updatePassword()
 
                 case "DELETE ACCOUNT":
                     print("TODO")
diff --git a/goodchain/src/helpers/SignatureHelper.py b/goodchain/src/helpers/SignatureHelper.py
new file mode 100644
index 0000000..2ae51b6
--- /dev/null
+++ b/goodchain/src/helpers/SignatureHelper.py
@@ -0,0 +1,40 @@
+from cryptography.exceptions import *
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import serialization
+
+def generateKeys():
+    private_key = rsa.generate_private_key(public_exponent=65537,key_size=2048)
+    public_key = private_key.public_key()
+
+    return private_key, public_key
+
+def keysToBytes(private_key, public_key):
+    prv_ser = privateKeyToBytes(private_key)
+    pbc_ser = publicKeyToBytes(public_key)
+    
+    return prv_ser, pbc_ser
+
+def publicKeyToBytes(public_key):
+    pbc_ser = public_key.public_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PublicFormat.SubjectPublicKeyInfo)
+    
+    return pbc_ser
+
+def privateKeyToBytes(private_key):
+    prv_ser = private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.TraditionalOpenSSL,
+        encryption_algorithm=serialization.NoEncryption())
+    
+    return prv_ser
+
+def bytesToKeys(private_ser, public_ser):
+    private_key = serialization.load_pem_private_key(
+        private_ser,
+        password=None
+    )
+    public_key = serialization.load_pem_public_key(
+        public_ser
+    )
+    return private_key, public_key
\ No newline at end of file
diff --git a/goodchain/src/helpers/UtilityHelper.py b/goodchain/src/helpers/UtilityHelper.py
new file mode 100644
index 0000000..1470242
--- /dev/null
+++ b/goodchain/src/helpers/UtilityHelper.py
@@ -0,0 +1,10 @@
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+
+import hashlib
+
+def computeHash(data):
+    hash = hashlib.sha256()
+    data = str(data).encode()
+    hash.update(data)
+    return hash.hexdigest()