From 3277d97eaeb7fc2e5094b02cf1cc055c3b7165a8 Mon Sep 17 00:00:00 2001
From: Mathieu Benoit <mathben963@gmail.com>
Date: Sun, 25 Mar 2018 08:42:47 -0400
Subject: [PATCH] [#83] Login: remove user_password and email_password. -
 Replace it with single password

---
 src/web/handlers.py         | 18 +++++++-----------
 src/web/partials/login.html |  8 ++++++--
 src/web/py_class/db.py      | 25 +++++++++----------------
 3 files changed, 22 insertions(+), 29 deletions(-)

diff --git a/src/web/handlers.py b/src/web/handlers.py
index 80c4884a..d36827af 100644
--- a/src/web/handlers.py
+++ b/src/web/handlers.py
@@ -101,9 +101,9 @@ def post(self):
             return
 
         # Login
-        if self.get_argument("username_or_email", ""):
+        if self.get_argument("username_or_email", default=""):
 
-            username_or_email = self.get_argument("username_or_email", "")
+            username_or_email = self.get_argument("username_or_email", default="")
             if not username_or_email:
                 print("Email or Username is empty.", file=sys.stderr)
                 self.redirect("/login?invalid=username_or_email")
@@ -127,8 +127,8 @@ def post(self):
                 return
 
         # Sign Up
-        elif self.get_argument("username"):
-            name = self.get_argument("username")
+        elif self.get_argument("username", default=""):
+            name = self.get_argument("username", default="")
             if not name:
                 print("Username is empty from %s" % self.request.remote_ip, file=sys.stderr)
                 self.redirect("/login?invalid=username")
@@ -136,19 +136,15 @@ def post(self):
 
             email = self.get_argument("email", default=None)
 
-            password_mail = self.get_argument("pwconfirm")
-            if not password_mail:
-                print("Password is empty from %s" % self.request.remote_ip, file=sys.stderr)
-                self.redirect("/login?invalid=password")
-                return
-
-            if self._db.create_user(name, email, password, password_mail):
+            if self._db.create_user(name, email=email, password=password):
                 self.redirect("/login")
                 return
             else:
                 self.redirect("/login?invalid=signup")
                 return
 
+        self.redirect("/login")
+
 
 class GoogleOAuth2LoginHandler(base_handler.BaseHandler, tornado.auth.GoogleOAuth2Mixin):
     @tornado.gen.coroutine
diff --git a/src/web/partials/login.html b/src/web/partials/login.html
index 9840b1b6..7d470cf1 100644
--- a/src/web/partials/login.html
+++ b/src/web/partials/login.html
@@ -74,7 +74,9 @@ <h3 class="omb_authTitle"><b>Connexion</b> ou <a href="#" ng-click="show_login=f
 
           <!-- TODO need to be binded in angularjs model -->
           <button class="btn btn-lg btn-primary btn-block" type="submit"
-                  onclick="if(username_or_email.value && loginForm.password.value){password.value=hashSha256(password.value, username_or_email.value);};">
+                  onclick="if(username_or_email.value && loginForm.password.value) {
+                    password.value=hashSha256(password.value);
+                  };">
             Se connecter
           </button>
         </form>
@@ -161,7 +163,9 @@ <h3 class="omb_authTitle"><a href="#" ng-click="show_login=true;" style="text-de
           <br/>
 
           <button class="btn btn-lg btn-primary btn-block" type="submit" ng-disabled="signUpForm.$invalid || signUpForm.$pending"
-                  onclick="var tempPW=password.value; password.value=hashSha256(tempPW, username.value);pwconfirm.value=hashSha256(tempPW, email.value);">Créer un compte
+                  onclick="password.value=hashSha256(password.value);
+                    // TODO empty pwconfirm
+                    pwconfirm.value=password.value;">Créer un compte
           </button>
         </form>
       </div>
diff --git a/src/web/py_class/db.py b/src/web/py_class/db.py
index a2d3d19a..7352ade3 100644
--- a/src/web/py_class/db.py
+++ b/src/web/py_class/db.py
@@ -34,8 +34,10 @@ def compare_password(user_password, hash_password):
             return False
         return bcrypt.checkpw(user_password.encode('utf-8'), hash_password.encode('utf-8'))
 
-    def create_user(self, name, email=None, password_name=None, password_mail=None, google_id=None, facebook_id=None,
-                    twitter_id=None, permission="Joueur"):
+    def create_user(self, name, email=None, password=None, google_id=None, facebook_id=None, twitter_id=None,
+                    permission="Joueur"):
+
+        # Validate no duplicate user
         if self._db_user.contains(self._query_user.name == name):
             print("Cannot create user %s, already exist." % name, file=sys.stderr)
             return
@@ -48,19 +50,10 @@ def create_user(self, name, email=None, password_name=None, password_mail=None,
         while self._db_user.contains(self._query_user.user_id == user_id):
             user_id = uuid.uuid4().hex
 
-        if password_name:
-            secure_pass_name = self.generate_password(password_name)
-        else:
-            secure_pass_name = None
-
-        if password_mail:
-            secure_pass_mail = self.generate_password(password_mail)
-        else:
-            secure_pass_mail = None
+        secure_pass = self.generate_password(password) if password else None
 
-        data = {"email": email, "name": name, "password_name": secure_pass_name, "password_mail": secure_pass_mail,
-                "user_id": user_id, "google_id": google_id, "facebook_id": facebook_id, "twitter_id": twitter_id,
-                "permission": permission}
+        data = {"email": email, "name": name, "password": secure_pass, "user_id": user_id, "google_id": google_id,
+                "facebook_id": facebook_id, "twitter_id": twitter_id, "permission": permission}
 
         eid = self._db_user.insert(data)
         return self._db_user.get(eid=eid)
@@ -78,7 +71,7 @@ def get_user(self, name=None, email=None, password=None, id_type="user", user_id
             _user = self._db_user.get(self._query_user.name == name)
             if _user:
                 # Validate password
-                ddb_password = _user.get("password_name")
+                ddb_password = _user.get("password")
                 if password and ddb_password and self.compare_password(password, ddb_password):
                     return _user
 
@@ -88,7 +81,7 @@ def get_user(self, name=None, email=None, password=None, id_type="user", user_id
             if _user:
                 if not force_email_no_password:
                     # Validate password
-                    ddb_password = _user.get("password_mail")
+                    ddb_password = _user.get("password")
                     if password and ddb_password and self.compare_password(password, ddb_password):
                         return _user
                 else: