From 87b8c3ad4b112eb56a08485b3a9c39858ab09483 Mon Sep 17 00:00:00 2001
From: Danil Nikolaev <lischenkodev@gmail.com>
Date: Wed, 26 Jun 2024 01:46:08 +0300
Subject: [PATCH] authentication process improved

---
 .../kubsau/database/users/UserDaoImpl.kt      |  4 ++--
 .../com/meloda/kubsau/database/users/Users.kt |  2 +-
 .../kotlin/com/meloda/kubsau/model/User.kt    |  4 ++--
 .../kubsau/repository/UserRepository.kt       |  2 +-
 .../meloda/kubsau/route/auth/AuthRoutes.kt    | 21 ++++++-------------
 5 files changed, 12 insertions(+), 21 deletions(-)

diff --git a/src/main/kotlin/com/meloda/kubsau/database/users/UserDaoImpl.kt b/src/main/kotlin/com/meloda/kubsau/database/users/UserDaoImpl.kt
index fbea7cb..00ecdfd 100644
--- a/src/main/kotlin/com/meloda/kubsau/database/users/UserDaoImpl.kt
+++ b/src/main/kotlin/com/meloda/kubsau/database/users/UserDaoImpl.kt
@@ -42,7 +42,7 @@ class UserDaoImpl : UserDao {
     ): User? = dbQuery {
         Users.insert {
             it[Users.login] = login
-            it[Users.password] = password
+            it[Users.passwordHash] = password
             it[Users.employeeId] = employeeId
         }.resultedValues?.singleOrNull()?.let(::mapResultRow)
     }
@@ -50,7 +50,7 @@ class UserDaoImpl : UserDao {
     override suspend fun updateUser(userId: Int, login: String, password: String): Boolean = dbQuery {
         Users.update({ Users.id eq userId }) {
             it[Users.login] = login
-            it[Users.password] = password
+            it[Users.passwordHash] = password
         } > 0
     }
 
diff --git a/src/main/kotlin/com/meloda/kubsau/database/users/Users.kt b/src/main/kotlin/com/meloda/kubsau/database/users/Users.kt
index 402fb7d..1d1b1be 100644
--- a/src/main/kotlin/com/meloda/kubsau/database/users/Users.kt
+++ b/src/main/kotlin/com/meloda/kubsau/database/users/Users.kt
@@ -5,6 +5,6 @@ import org.jetbrains.exposed.dao.id.IntIdTable
 
 object Users : IntIdTable() {
     val login = text("login").uniqueIndex()
-    val password = text("password")
+    val passwordHash = text("password")
     val employeeId = integer("employeeId").references(Employees.id)
 }
diff --git a/src/main/kotlin/com/meloda/kubsau/model/User.kt b/src/main/kotlin/com/meloda/kubsau/model/User.kt
index 5ad3856..5c2ae24 100644
--- a/src/main/kotlin/com/meloda/kubsau/model/User.kt
+++ b/src/main/kotlin/com/meloda/kubsau/model/User.kt
@@ -6,7 +6,7 @@ import org.jetbrains.exposed.sql.ResultRow
 data class User(
     val id: Int,
     val login: String,
-    val password: String,
+    val passwordHash: String,
     val employeeId: Int
 ) {
 
@@ -15,7 +15,7 @@ data class User(
         fun mapResultRow(row: ResultRow): User = User(
             id = row[Users.id].value,
             login = row[Users.login],
-            password = row[Users.password],
+            passwordHash = row[Users.passwordHash],
             employeeId = row[Users.employeeId]
         )
     }
diff --git a/src/main/kotlin/com/meloda/kubsau/repository/UserRepository.kt b/src/main/kotlin/com/meloda/kubsau/repository/UserRepository.kt
index c7cf153..e5efec8 100644
--- a/src/main/kotlin/com/meloda/kubsau/repository/UserRepository.kt
+++ b/src/main/kotlin/com/meloda/kubsau/repository/UserRepository.kt
@@ -66,7 +66,7 @@ class UserRepositoryImpl(
     ): Boolean {
         val currentUser = userDao.singleUser(principal.user.id) ?: throw ContentNotFoundException
 
-        if (!checkPassword(currentPassword, currentUser.password)) {
+        if (!checkPassword(currentPassword, currentUser.passwordHash)) {
             throw WrongCurrentPasswordException
         }
 
diff --git a/src/main/kotlin/com/meloda/kubsau/route/auth/AuthRoutes.kt b/src/main/kotlin/com/meloda/kubsau/route/auth/AuthRoutes.kt
index e5d4378..721be44 100644
--- a/src/main/kotlin/com/meloda/kubsau/route/auth/AuthRoutes.kt
+++ b/src/main/kotlin/com/meloda/kubsau/route/auth/AuthRoutes.kt
@@ -11,7 +11,10 @@ import com.meloda.kubsau.database.employees.EmployeeDao
 import com.meloda.kubsau.database.employeesdepartments.EmployeeDepartmentDao
 import com.meloda.kubsau.database.employeesfaculties.EmployeeFacultyDao
 import com.meloda.kubsau.database.users.UserDao
-import com.meloda.kubsau.model.*
+import com.meloda.kubsau.model.AccessDeniedException
+import com.meloda.kubsau.model.ContentNotFoundException
+import com.meloda.kubsau.model.Department
+import com.meloda.kubsau.model.respondSuccess
 import com.meloda.kubsau.plugins.AUDIENCE
 import com.meloda.kubsau.plugins.ISSUER
 import io.ktor.server.application.*
@@ -43,23 +46,11 @@ private fun Route.addSession() {
         val login = parameters.getStringOrThrow("login")
         val password = parameters.getStringOrThrow("password")
 
-        val users = userDao.allUsers()
-
-        val logins = users.map(User::login)
-        val passwords = users.map(User::password)
-
-        if (login !in logins) {
+        val user = userDao.singleUser(login) ?: throw WrongCredentialsException
+        if (!checkPassword(password, user.passwordHash)) {
             throw WrongCredentialsException
         }
 
-        val loginIndex = logins.indexOf(login)
-
-        if (!checkPassword(password, passwords[loginIndex])) {
-            throw WrongCredentialsException
-        }
-
-        val user = users[loginIndex]
-
         val employee = employeeDao.singleEmployee(user.employeeId) ?: throw ContentNotFoundException
         val facultyId: Int? = if (employee.isAdmin()) {
             employeeFacultyDao.singleFacultyIdByEmployeeId(employee.id)