Passwords are saved as bcrypt hash

Reorganized some code
nerdakademie · Aug 9, 2016 · 0ded079 · 0ded079
1 parent e65e007
commit 0ded079
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 28 deletions.
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License
 
-Copyright (C) 2015 Otto (GmbH & Co KG)
+Copyright (C) 2016 Nerdakademie
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

diff --git a/package.json b/package.json
@@ -1,12 +1,11 @@
 {
-  "name": "turing-microservice",
-  "description": "Node.js microservice template",
+  "name": "KadseBot",
+  "description": "Telegram Bot with Client UI, based on turing-microservice by Benedikt Stemmildt",
   "version": "0.4.0",
   "private": false,
   "author": {
-    "name": "Benedikt Stemmildt",
-    "email": "[email protected]",
-    "url": "https://github.com/benestem"
+    "name": "Nerdakademie",
+    "url": "https://github.com/nerdakademie"
   },
   "main": "bin/server.js",
   "scripts": {
@@ -22,7 +21,7 @@
     ]
   },
   "dependencies": {
-    "node-telegram-bot-api": "0.20.1",
+    "node-telegram-bot-api": "0.23.3",
     "body-parser": "1.15.0",
     "compression": "1.6.1",
     "config": "1.19.0",
@@ -34,6 +33,7 @@
     "debug": "2.2.0",
     "express": "4.13.4",
     "moment": "2.13.0",
+    "bcrypt": "0.8.7",
     "extract-text-webpack-plugin": "1.0.1",
     "mongoose": "4.4.4",
     "morgan": "1.7.0",
@@ -83,13 +83,13 @@
   "engines": {
     "node": "5.4.1"
   },
-  "homepage": "https://github.com/otto-de/turing-microservice#readme",
+  "homepage": "https://github.com/nerdakademie/KadseBot_nodejs/#readme",
   "repository": {
     "type": "git",
-    "url": "[email protected]:otto-de/turing-microservice.git"
+    "url": "[email protected]:nerdakademie/KadseBot_nodejs.git"
   },
   "bugs": {
-    "url": "https://github.com/otto-de/turing-microservice/issues"
+    "url": "https://github.com/nerdakademie/KadseBot_nodejs/issues"
   },
   "license": "MIT"
 }
diff --git a/src/server/controller/api/cis/cisApiController.js b/src/server/controller/api/cis/cisApiController.js
@@ -60,8 +60,8 @@ module.exports = (() => {
     }
     requestmodule(url, function(error, request_response, html) {
       if (!error && request_response.statusCode === 200) {
-        const $ = cheerio.load(html);
-        response.json(speiseplanHelper.getMeals($));
+        const speisePlanPage = cheerio.load(html);
+        response.json(speiseplanHelper.getMeals(speisePlanPage));
         response.end();
       } else{
         response.end();

diff --git a/src/server/controller/api/user/loginApiController.js b/src/server/controller/api/user/loginApiController.js
@@ -13,7 +13,7 @@ module.exports = (() => {
         if (user == null) {
           response.json({success: false});
         }
-        else if (user.nak_pass === request.body.password) {
+        else if(userHelper.isPasswordCorrect(user,request.body.password)) {
           request.session.user = user.nak_user;
           response.json({success: true});
         } else {

diff --git a/src/server/controller/api/user/userApiController.js b/src/server/controller/api/user/userApiController.js
@@ -1,24 +1,13 @@
 const User = require('mongoose').model('User');
 const $ = require('jquery');
+const userHelper = require('../../../helper/userHelper');
 
 module.exports = (() => {
 
   function register(request, response) {
     const user = new User(request.body);
-    User.count({nak_user: request.body.nak_user}, function(err, count) {
-      if (count > 0) {
-        response.json({status: 'failed'});
-      } else {
-        // TODO Login überprüfen
-        user.save((error) => {
-          if (error) {
-            response.json({status: 'error'});
-          } else {
-            response.json({status: 'success'});
-          }
-        });
-      }
-    });
+    //TODO check if user is actually a nak user
+    userHelper.registerUser(user);
   }
 
   return {

diff --git a/src/server/helper/userHelper.js b/src/server/helper/userHelper.js
@@ -1,4 +1,6 @@
 const User = require('mongoose').model('User');
+const bcrypt = require('bcrypt');
+const saltRounds = 12;
 
 module.exports = (() => {
   function getUserBySession(request, callback) {
@@ -13,8 +15,53 @@ module.exports = (() => {
     });
   }
 
+  function getHashFromPassword(password) {
+      bcrypt.hash(password, saltRounds, function(err, hash) {
+        if(err){
+          return "";
+        }else{
+          return hash;
+        }
+      });
+    }
+
+  function isPasswordCorrect(user,password) {
+    bcrypt.compare(password, user.nak_pass, function(err, res) {
+      if(err){
+        return false;
+      }else{
+        return res;
+      }
+    });
+  }
+
+  function registerUser(user){
+    User.count({nak_user: user.nak_user}, function(err, count) {
+      if(err){
+        response.json({status: 'failed'});
+      }else{
+        if (count > 0) {
+          response.json({status: 'failed'});
+        } else {
+          user.nak_pass = getHashFromPassword(user.nak_pass);
+          user.save((error) => {
+            if (error) {
+              response.json({status: 'error'});
+            } else {
+              response.json({status: 'success'});
+            }
+          });
+        }
+      }
+    });
+  }
+
+
   return {
     getUserBySession,
-    getUserByName
+    getUserByName,
+    getHashFromPassword,
+    isPasswordCorrect,
+    registerUser
   };
 })();