change_password

1728610e · MaximeOLIVA · e3908ab3 · 1728610e · 1728610e · 1728610e
Commit 1728610e authored 2 years ago by MaximeOLIVA
--- a/Lab2/__pycache__/database_helper.cpython-310.pyc
+++ b/Lab2/__pycache__/database_helper.cpython-310.pyc
--- a/Lab2/__pycache__/server.cpython-310.pyc
+++ b/Lab2/__pycache__/server.cpython-310.pyc
--- a/Lab2/database.db
+++ b/Lab2/database.db
--- a/Lab2/database_helper.py
+++ b/Lab2/database_helper.py
@@ -76,6 +76,17 @@ def tokenToEmail(token):
        return None
+def tokenToPassword(token):
+    try:
+        email = tokenToEmail(token)
+        cursor = get_db().cursor()
+        cursor.execute("SELECT PASSWORD FROM USERS WHERE EMAIL=?;", [email])
+        password = cursor.fetchone()[0]
+        return password
+    except:
+        return None
 def is_online(token):
    try:
        cursor = get_db().cursor()
@@ -103,26 +114,27 @@ def get_data_email(email):
        return None
 def change_password(email, newpassword):
    try:
-        sql = "UPDATE USERS SET password = 'newpassword1' WHERE email = 'cbdgsdsd11mail.com';"
+        sql = "UPDATE USERS SET PASSWORD = ? WHERE EMAIL = ?;"
-        get_db().execute(sql)
+        get_db().execute(sql, (newpassword, email))
        get_db().commit()
        return True
    except:
        return False
 def check_email_exists(email):
    cursor = get_db().cursor()
    cursor.execute("SELECT email FROM USERS WHERE email=?", (email,))
    result = cursor.fetchone()
    return True if result else False
 def postMessage(email_sender, email_recipient, message):
    try:
        get_db().execute("INSERT into MESSAGES (EMAIL_RECIPIENT, EMAIL_SENDER, MESSAGE) values(?, ?, ?)", [email_recipient, email_sender, message])
        get_db().commit()
        return True
    except:
        return False
\ No newline at end of file
--- a/Lab2/server.py
+++ b/Lab2/server.py
@@ -81,13 +81,21 @@ def sign_out():
 def change_password():
    data = request.get_json()
    if('token' in data and 'oldPassword' in data and 'newPassword' in data):
-        if database_helper.is_online(data['token']):
+        if(len(data['oldPassword']) > 5 and len(data['newPassword']) > 5):
-            email = database_helper.tokenToEmail(data['token'])
+            if database_helper.is_online(data['token']):
-            #check old password is good
+                email = database_helper.tokenToEmail(data['token'])
-            if database_helper.change_password(email, data['newPassword']):
+                password = database_helper.tokenToPassword(data['token'])
-                return "", 204
+                if(data['oldPassword'] == password):
+                    if database_helper.change_password(email, data['newPassword']):
+                        return "", 204
+                    else:
+                        return "", 400
+                else:
+                    return "", 403
+            else:
+                return "", 401
        else:
-            return "", 401
+            return "", 406
    else:
        return "", 400
@@ -123,7 +131,7 @@ def get_user_data_email(token, email):
 @app.route("/account/post_message", methods = ['POST'])
 def post_message():
    data = request.get_json()
-    if('token' in data 
+    if('token' in data
        and 'message' in data
        and 'email_recipient' in data):
        email_sender = database_helper.tokenToEmail(data['token'])
@@ -137,10 +145,10 @@ def post_message():
            else:
                return "", 404
        else:
-            return "", 404
+            return "", 403
    else:
-        return "", 401
+        return "", 400
 def generate_token():
    characters = string.ascii_letters + string.digits