change user password func

2023-10-25 17:09:07 +02:00 · 2023-10-25 17:09:07 +02:00 · c14a360418
commit c14a360418
parent dabea47437
6 changed files with 87 additions and 46 deletions
--- a/goodchain/src/classes/Signature.py
+++ b/goodchain/src/classes/Signature.py
@ -1,34 +0,0 @@
-from cryptography.exceptions import *
-from cryptography.hazmat.primitives.asymmetric import rsa
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import serialization
-
-class Signature:
-    def generate_keys():
-        private_key = rsa.generate_private_key(public_exponent=65537,key_size=2048)
-        public_key = private_key.public_key()
-
-        return private_key, public_key
-    
-    def keys_to_bytes(private_key, public_key):
-        prv_ser = private_key.private_bytes(
-            encoding=serialization.Encoding.PEM,
-            format=serialization.PrivateFormat.TraditionalOpenSSL,
-            encryption_algorithm=serialization.NoEncryption())
-        
-        pbc_ser = public_key.public_bytes(
-            encoding=serialization.Encoding.PEM,
-            format=serialization.PublicFormat.SubjectPublicKeyInfo)
-        
-        return prv_ser, pbc_ser
-    
-    def bytes_to_keys(private_ser, public_ser):
-        private_key = serialization.load_pem_private_key(
-            private_ser,
-            password=None
-        )
-        public_key = serialization.load_pem_public_key(
-            public_ser
-        )
-        return private_key, public_key
--- a/goodchain/src/classes/User.py
+++ b/goodchain/src/classes/User.py
@ -1,5 +1,6 @@
 from getpass import getpass
-from classes.Signature import Signature
+from helpers import SignatureHelper as Signature
+from helpers import UtilityHelper

 class User:
    def __init__(self, db, private_key=None, public_key=None, username=None, password=None):
@ -13,11 +14,13 @@ class User:
        input_username = input("Username: ")
        input_password = getpass("Password: ")

-        user = self.db.loginUser(input_username, input_password)
+        hashed_password = UtilityHelper.computeHash(input_password)
+
+        user = self.db.loginUser(input_username, hashed_password)

        # check if user exists
        if user:
-            private_key, public_key = Signature.bytes_to_keys(user[0], user[1])
+            private_key, public_key = Signature.bytesToKeys(user[0], user[1])
            self.private_key = private_key
            self.public_key = public_key
            self.username = user[2]
@ -28,15 +31,17 @@ class User:
        input_username = input("Username: ")
        input_password = getpass("Password: ")

+        hashed_password = UtilityHelper.computeHash(input_password)
+
        # check if username is already taken
        if self.db.fetchUserByUsername(input_username):
            return False

        # create sig for user
-        private_key, public_key = Signature.generate_keys()
-        private_ser, public_ser = Signature.keys_to_bytes(private_key, public_key)
+        private_key, public_key = Signature.generateKeys()
+        private_ser, public_ser = Signature.keysToBytes(private_key, public_key)
        # register user
-        if self.db.createUser( private_ser, public_ser, input_username, input_password):
+        if self.db.createUser( private_ser, public_ser, input_username, hashed_password):
            self.private_key = private_key
            self.public_key = public_key
            self.username = input_username
@ -48,3 +53,23 @@ class User:
        self.public_key = None
        self.username = None
        return True
+    
+    def updatePassword(self):
+        # Get new password
+        new_password = getpass('Enter your new password: ')
+        check_new_password = getpass('Enter your new password again: ')
+        while new_password != check_new_password:
+            print('Passwords do not match')
+            new_password = getpass('Enter your new password: ')
+            check_new_password = getpass('Enter your new password again: ')
+
+        old_password = getpass('Enter your old password: ')
+        hashed_new_password = UtilityHelper.computeHash(new_password)
+        hashed_old_password = UtilityHelper.computeHash(old_password)
+
+        private_key_bytes = Signature.privateKeyToBytes(self.private_key)
+
+        if self.db.changePassword(private_key_bytes, hashed_old_password, hashed_new_password) == True:
+            print('Password updated')
+        else:
+            print('Something went wrong while trying to update password..')
--- a/goodchain/src/helpers/DatabaseHelper.py
+++ b/goodchain/src/helpers/DatabaseHelper.py
@ -62,12 +62,12 @@ class DatabaseHelper:
            print(error)
            return False

-    def changePasswordUser(self, user_privatekey, password):
+    def changePassword(self, user_privatekey, old_password, password):
        if not self.conn:
            return None

        try:
-            self.cursor.execute("UPDATE `users` SET `password` = ? WHERE `private_key` = ?", (password, user_privatekey,))
+            self.cursor.execute("UPDATE `users` SET `password` = ? WHERE (`private_key` = ? AND `password` = ?)", (password, user_privatekey, old_password,))
            self.commit()

            return True
--- a/goodchain/src/helpers/MenuHelper.py
+++ b/goodchain/src/helpers/MenuHelper.py
@ -44,7 +44,7 @@ class MenuHelper:
        self.user_settings_menu[1] = "View account info"
        self.user_settings_menu[2] = "Change username"
        self.user_settings_menu[3] = "Change password"
-        self.user_settings_menu[3] = "DELETE ACCOUNT"
+        self.user_settings_menu[4] = "DELETE ACCOUNT"

        self.opened_logs = False

@ -106,7 +106,7 @@ class MenuHelper:
                    user = None

                case "User Settings":
-                    print(user.private_key)
+                    self.runUserSettingsMenu(user)

                case "Blockchain":
                    self.runUserBlockchainMenu(user)
@ -167,7 +167,7 @@ class MenuHelper:
                    print("TODO")

                case "Change password":
-                    print("TODO")
+                    user.updatePassword()

                case "DELETE ACCOUNT":
                    print("TODO")
--- a/goodchain/src/helpers/SignatureHelper.py
+++ b/goodchain/src/helpers/SignatureHelper.py
@ -0,0 +1,40 @@
+from cryptography.exceptions import *
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import serialization
+
+def generateKeys():
+    private_key = rsa.generate_private_key(public_exponent=65537,key_size=2048)
+    public_key = private_key.public_key()
+
+    return private_key, public_key
+
+def keysToBytes(private_key, public_key):
+    prv_ser = privateKeyToBytes(private_key)
+    pbc_ser = publicKeyToBytes(public_key)
+    
+    return prv_ser, pbc_ser
+
+def publicKeyToBytes(public_key):
+    pbc_ser = public_key.public_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PublicFormat.SubjectPublicKeyInfo)
+    
+    return pbc_ser
+
+def privateKeyToBytes(private_key):
+    prv_ser = private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.TraditionalOpenSSL,
+        encryption_algorithm=serialization.NoEncryption())
+    
+    return prv_ser
+
+def bytesToKeys(private_ser, public_ser):
+    private_key = serialization.load_pem_private_key(
+        private_ser,
+        password=None
+    )
+    public_key = serialization.load_pem_public_key(
+        public_ser
+    )
+    return private_key, public_key
--- a/goodchain/src/helpers/UtilityHelper.py
+++ b/goodchain/src/helpers/UtilityHelper.py
@ -0,0 +1,10 @@
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+
+import hashlib
+
+def computeHash(data):
+    hash = hashlib.sha256()
+    data = str(data).encode()
+    hash.update(data)
+    return hash.hexdigest()