From 88d954e23c847ede8124fa0c585b109d42af32cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luc=C3=A0s?= Date: Wed, 22 Mar 2023 17:52:22 +0100 Subject: [PATCH] Fix hash password Took 30 minutes --- src/components/form/RegisterForm.tsx | 10 ++++------ src/lib/PasswordTools.ts | 13 +++++++++++++ src/pages/api/auth/[...nextauth].ts | 6 +++++- src/pages/api/user/index.ts | 10 +++++++--- 4 files changed, 29 insertions(+), 10 deletions(-) create mode 100644 src/lib/PasswordTools.ts diff --git a/src/components/form/RegisterForm.tsx b/src/components/form/RegisterForm.tsx index 8900005..63db622 100644 --- a/src/components/form/RegisterForm.tsx +++ b/src/components/form/RegisterForm.tsx @@ -25,18 +25,16 @@ export default function RegisterForm() { }; const handleSubmit = () => { - const {password, confirmPassword} = registerData; + let {email, firstName, lastName, password, confirmPassword} = registerData; if (password !== confirmPassword) setInvalidInput(true); fetch('/api/user', { method: 'PUT', headers: {'Content-Type': 'application/json'}, - body: JSON.stringify(registerData), + body: JSON.stringify({email, firstName, lastName, password}), }).then(() => { - const {email, password} = registerData; - - signIn('credentials', - {email, password, redirect: false}).then((res) => { + signIn('credentials', {email, password, redirect: false}) + .then((res) => { const {ok: connexionSuccess} = res as SignInResponse; // TODO If success -> goto interactive form else login diff --git a/src/lib/PasswordTools.ts b/src/lib/PasswordTools.ts new file mode 100644 index 0000000..480fd14 --- /dev/null +++ b/src/lib/PasswordTools.ts @@ -0,0 +1,13 @@ +import bcrypt from "bcrypt"; + +export async function hashPassword(unHashedPassword: string): Promise { + return await bcrypt.hash(unHashedPassword, 10).then((hash: string) => hash); +} + +export async function isSamePassword( + unHashedPassword: string, + hashedPassword: string +): Promise { + return await bcrypt.compare(unHashedPassword, hashedPassword). + then((result: boolean) => result); +} \ No newline at end of file diff --git a/src/pages/api/auth/[...nextauth].ts b/src/pages/api/auth/[...nextauth].ts index 29a6af3..fac533d 100644 --- a/src/pages/api/auth/[...nextauth].ts +++ b/src/pages/api/auth/[...nextauth].ts @@ -3,6 +3,7 @@ import CredentialsProvider from "next-auth/providers/credentials"; import {PrismaClient} from '@prisma/client'; import {NextApiRequest, NextApiResponse} from 'next'; import {LoginData} from '@/models/form/LoginData'; +import {isSamePassword} from '@/lib/PasswordTools'; const prisma = new PrismaClient(); @@ -24,7 +25,10 @@ export default async function auth(req: NextApiRequest, res: NextApiResponse) { }); // Vérification de la connexion - if (user && user.password === password) return user; + if (user && await isSamePassword(password, user.password)) { + return user; + } + return null; }, }) diff --git a/src/pages/api/user/index.ts b/src/pages/api/user/index.ts index f182558..b9c0ff9 100644 --- a/src/pages/api/user/index.ts +++ b/src/pages/api/user/index.ts @@ -2,6 +2,9 @@ import type {NextApiRequest, NextApiResponse} from 'next'; import CRUD from '@/utils/CRUD'; import {CreateUserQuery} from '@/models/api/user'; import {PrismaClient} from '@prisma/client'; +import {LoginData} from '@/models/form/LoginData'; +import {RegisterData} from '@/models/form/RegisterData'; +import {hashPassword} from '@/lib/PasswordTools'; export default function handler( req: NextApiRequest, @@ -10,7 +13,6 @@ export default function handler( switch (req.method) { case CRUD.CREATE: return createUser(req, res); case CRUD.READ: return readUser(req, res); - // case CRUD.DELETE: return deleteUser(req, res); default: return help(res); } } @@ -27,8 +29,10 @@ async function createUser(req: NextApiRequest, res: NextApiResponse) { if (!email || !password || !firstName || !lastName) return res.status(400).send({message: req.body}); + const hashedPassword = await hashPassword(password) + const newUser = await prisma.user.create({ - data: {...req.body}, + data: {...req.body, password: hashedPassword}, }); return res.status(201).send({message: 'createUser', newUser}); @@ -36,7 +40,7 @@ async function createUser(req: NextApiRequest, res: NextApiResponse) { async function readUser(req: NextApiRequest, res: NextApiResponse) { const {id} = req.query as {id: string} - + const user = (req.query.id) ? await prisma.user.findUnique({where: {id}}) : await prisma.user.findMany()