diff --git a/Lab2/__pycache__/database_helper.cpython-310.pyc b/Lab2/__pycache__/database_helper.cpython-310.pyc
index 3550a2af235fb8d1abfe683389d03be3c07d2c65..2521f7a2f640d7d312631b2237ca65301146cc25 100644
Binary files a/Lab2/__pycache__/database_helper.cpython-310.pyc and b/Lab2/__pycache__/database_helper.cpython-310.pyc differ
diff --git a/Lab2/__pycache__/server.cpython-310.pyc b/Lab2/__pycache__/server.cpython-310.pyc
index 82e18c8df79c6d8b9169717568d9d4daa15f5fab..b5132ee498d8e00d6aa1e48821d75a3350b8b256 100644
Binary files a/Lab2/__pycache__/server.cpython-310.pyc and b/Lab2/__pycache__/server.cpython-310.pyc differ
diff --git a/Lab2/database.db b/Lab2/database.db
index 879c356c93d13a5af64b630499fc883bd6de459a..1b858e61be87b732faaf70f226460eae399e4454 100644
Binary files a/Lab2/database.db and b/Lab2/database.db differ
diff --git a/Lab2/database_helper.py b/Lab2/database_helper.py
index 99a97b0efc89df57dd6c42758d5709790a9c2faf..a14e796cb258278b33ca566cacc9c69e303de055 100644
--- a/Lab2/database_helper.py
+++ b/Lab2/database_helper.py
@@ -76,6 +76,17 @@ def tokenToEmail(token):
return None
+def tokenToPassword(token):
+ try:
+ email = tokenToEmail(token)
+ cursor = get_db().cursor()
+ cursor.execute("SELECT PASSWORD FROM USERS WHERE EMAIL=?;", [email])
+ password = cursor.fetchone()[0]
+ return password
+ except:
+ return None
+
+
def is_online(token):
try:
cursor = get_db().cursor()
@@ -103,26 +114,27 @@ def get_data_email(email):
return None
-
def change_password(email, newpassword):
try:
- sql = "UPDATE USERS SET password = 'newpassword1' WHERE email = 'cbdgsdsd11mail.com';"
- get_db().execute(sql)
+ sql = "UPDATE USERS SET PASSWORD = ? WHERE EMAIL = ?;"
+ get_db().execute(sql, (newpassword, email))
get_db().commit()
return True
except:
return False
+
def check_email_exists(email):
cursor = get_db().cursor()
cursor.execute("SELECT email FROM USERS WHERE email=?", (email,))
result = cursor.fetchone()
return True if result else False
+
def postMessage(email_sender, email_recipient, message):
try:
get_db().execute("INSERT into MESSAGES (EMAIL_RECIPIENT, EMAIL_SENDER, MESSAGE) values(?, ?, ?)", [email_recipient, email_sender, message])
get_db().commit()
return True
except:
- return False
\ No newline at end of file
+ return False
diff --git a/Lab2/server.py b/Lab2/server.py
index 28abb6e10f0b47268d50aaa3e184799c5fdf957b..471f7d0589a41139443e0f9e6e863652def808be 100644
--- a/Lab2/server.py
+++ b/Lab2/server.py
@@ -81,13 +81,21 @@ def sign_out():
def change_password():
data = request.get_json()
if('token' in data and 'oldPassword' in data and 'newPassword' in data):
- if database_helper.is_online(data['token']):
- email = database_helper.tokenToEmail(data['token'])
- #check old password is good
- if database_helper.change_password(email, data['newPassword']):
- return "", 204
+ if(len(data['oldPassword']) > 5 and len(data['newPassword']) > 5):
+ if database_helper.is_online(data['token']):
+ email = database_helper.tokenToEmail(data['token'])
+ password = database_helper.tokenToPassword(data['token'])
+ if(data['oldPassword'] == password):
+ if database_helper.change_password(email, data['newPassword']):
+ return "", 204
+ else:
+ return "", 400
+ else:
+ return "", 403
+ else:
+ return "", 401
else:
- return "", 401
+ return "", 406
else:
return "", 400
@@ -123,7 +131,7 @@ def get_user_data_email(token, email):
@app.route("/account/post_message", methods = ['POST'])
def post_message():
data = request.get_json()
- if('token' in data
+ if('token' in data
and 'message' in data
and 'email_recipient' in data):
email_sender = database_helper.tokenToEmail(data['token'])
@@ -137,10 +145,10 @@ def post_message():
else:
return "", 404
else:
- return "", 404
+ return "", 403
else:
- return "", 401
-
+ return "", 400
+
def generate_token():
characters = string.ascii_letters + string.digits