CHANGE: added encrypted password auth, TODO: add change and add passwd functions

2025-02-22 13:37:20 +01:00
parent 04f9eb33d4
commit 9987cc226d
7 changed files with 53 additions and 11 deletions
--- a/Backend/endpoints/time.go
+++ b/Backend/endpoints/time.go
@@ -103,11 +103,12 @@ func updateBooking(w http.ResponseWriter, r *http.Request){
 				log.Println("Error getting booking!", err)
 				continue
 			}
-			parsedTime, err := time.Parse("15:04", possibleBooking[0])
+			parsedTime, err := time.ParseInLocation("15:04", possibleBooking[0], time.Local)
 			if(err != nil){
 				log.Println("Error parsing time!", err)
 				continue
 			}
+			log.Println("Parsing time", parsedTime)
 			booking.UpdateTime(parsedTime)
 		}
 	}
--- a/Backend/models/booking.go
+++ b/Backend/models/booking.go
@@ -215,7 +215,7 @@ func (b *Booking) UpdateTime(newTime time.Time){
 	// TODO: add check for time overlap

 	var newBooking Booking
-	newBooking.Timestamp =  time.Date(b.Timestamp.Year(), b.Timestamp.Month(), b.Timestamp.Day(), hour, minute, 0, 0, time.Local).UTC()
+	newBooking.Timestamp =  time.Date(b.Timestamp.Year(), b.Timestamp.Month(), b.Timestamp.Day(), hour, minute, 0, 0, time.Local)
 	if(b.CheckInOut < 3){
 		newBooking.CheckInOut = b.CheckInOut + 2
 	}
--- a/Backend/models/user.go
+++ b/Backend/models/user.go
@@ -2,7 +2,7 @@ package models

 import (
 	"fmt"
-	"strings"
+	"log"
 )

 type User struct {
@@ -94,6 +94,19 @@ func (u *User) GetByPersonalNummer (personalNummer int) (User, error) {
 }

 func (u *User) Login(password string) bool {
-	userPassword := strings.ToLower(fmt.Sprintf("%s_%s", u.Vorname, u.Name)) //temp password: "max_mustermann"
-	return userPassword == password
+	var loginSuccess bool
+	qStr, err := DB.Prepare((`SELECT (pass_hash = crypt($2, pass_hash)) AS pass_hash FROM user_password WHERE personal_nummer = $1;`))
+	if err != nil {
+		log.Println("Error preparing db statement", err)
+		return false
+	}
+	defer qStr.Close()
+	err = qStr.QueryRow(u.PersonalNummer, password).Scan(&loginSuccess)
+	if err != nil {
+		log.Println("Error queriing db", err)
+		return false
+	}
+	return loginSuccess
+	// userPassword := strings.ToLower(fmt.Sprintf("%s_%s", u.Vorname, u.Name)) //temp password: "max_mustermann"
+	// return userPassword == password
 }
--- a/Backend/templates/timeComponents.templ
+++ b/Backend/templates/timeComponents.templ
@@ -123,7 +123,7 @@ templ bookingComponent(booking models.Booking) {
 	<div>
 		<p class="text-neutral-500">
 		<span class="text-neutral-700 group-[.edit]:hidden inline">{booking.Timestamp.Format("15:04")}</span>
-		<input name={"booking_" + strconv.Itoa(booking.CounterId)} class="text-neutral-700 group-[.edit]:inline hidden bg-neutral-100 text-sm border border-neutral-200 rounded-md px-3 py-2 transition duration-300 ease focus:outline-none focus:border-neutral-400 hover:border-neutral-300" type="time" value={booking.Timestamp.Local().Format("15:04")} />
+		<input name={"booking_" + strconv.Itoa(booking.CounterId)} type="time" value={booking.Timestamp.Format("15:04")} class="text-neutral-700 group-[.edit]:inline hidden bg-neutral-100 text-sm border border-neutral-200 rounded-md px-3 py-2 transition duration-300 ease focus:outline-none focus:border-neutral-400 hover:border-neutral-300"  />
 		{booking.GetBookingType()}</p>
 	</div>
 }
--- a/Backend/templates/timeComponents_templ.go
+++ b/Backend/templates/timeComponents_templ.go
@@ -451,20 +451,20 @@ func bookingComponent(booking models.Booking) templ.Component {
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
-		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 29, "\" class=\"text-neutral-700 group-[.edit]:inline hidden bg-neutral-100 text-sm border border-neutral-200 rounded-md px-3 py-2 transition duration-300 ease focus:outline-none focus:border-neutral-400 hover:border-neutral-300\" type=\"time\" value=\"")
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 29, "\" type=\"time\" value=\"")
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
 		var templ_7745c5c3_Var22 string
-		templ_7745c5c3_Var22, templ_7745c5c3_Err = templ.JoinStringErrs(booking.Timestamp.Local().Format("15:04"))
+		templ_7745c5c3_Var22, templ_7745c5c3_Err = templ.JoinStringErrs(booking.Timestamp.Format("15:04"))
 		if templ_7745c5c3_Err != nil {
-			return templ.Error{Err: templ_7745c5c3_Err, FileName: `templates/timeComponents.templ`, Line: 126, Col: 342}
+			return templ.Error{Err: templ_7745c5c3_Err, FileName: `templates/timeComponents.templ`, Line: 126, Col: 113}
 		}
 		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var22))
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
-		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 30, "\"> ")
+		templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 30, "\" class=\"text-neutral-700 group-[.edit]:inline hidden bg-neutral-100 text-sm border border-neutral-200 rounded-md px-3 py-2 transition duration-300 ease focus:outline-none focus:border-neutral-400 hover:border-neutral-300\"> ")
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
--- a/DB/initdb/01_create_tables.sql
+++ b/DB/initdb/01_create_tables.sql
@@ -34,6 +34,34 @@ CREATE TABLE "personal_daten" (
 );
 COMMENT ON COLUMN "personal_daten"."geschlecht" IS '1==weiblich, 2==maennlich, 3==divers';

+DROP TABLE IF EXISTS "user_password";
+CREATE TABLE "user_password" (
+    "personal_nummer" int4 NOT NULL PRIMARY KEY,
+    "pass_hash" TEXT,
+    "zuletzt_geandert" timestamp(6) DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE OR REPLACE FUNCTION update_zuletzt_geandert()
+RETURNS TRIGGER AS $$
+BEGIN
+    -- Nur wenn hash geändert wurde
+    IF NEW.pass_hash IS DISTINCT FROM OLD.pass_hash THEN
+        NEW.zuletzt_geandert = now();
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER pass_hash_update
+BEFORE UPDATE ON user_password
+FOR EACH ROW
+EXECUTE FUNCTION update_zuletzt_geandert();
+
+-- Adds crypto extension
+
+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
+
 -- Insert into personal_daten

 INSERT INTO "personal_daten" ("personal_nummer", "aktiv_beschaeftigt", "vorname", "nachname", "geburtsdatum", "plz", "adresse", "geschlecht", "card_uid", "hauptbeschaeftigungs_ort", "arbeitszeit_per_tag", "arbeitszeit_min_start", "arbeitszeit_max_ende", "vorgesetzter_pers_nr") VALUES
--- a/DB/initdb/02_create_user.sh
+++ b/DB/initdb/02_create_user.sh
@@ -7,7 +7,7 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-E
    CREATE USER $POSTGRES_API_USER WITH ENCRYPTED PASSWORD '$POSTGRES_API_PASSWORD';
    GRANT CONNECT ON DATABASE $POSTGRES_DB TO $POSTGRES_API_USER;
    GRANT USAGE ON SCHEMA public TO $POSTGRES_API_USER;
-    GRANT SELECT, INSERT, UPDATE ON ALL TABLES IN SCHEMA public TO $POSTGRES_API_USER;
+    GRANT SELECT, INSERT, UPDATE ON anwesenheit, personal_daten, user_password TO $POSTGRES_API_USER;
    GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO $POSTGRES_API_USER;
 EOSQL