diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index ac36b70..1cbd27c 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -17,6 +17,10 @@ return digParameter('passwordHash') end + def getToken + return digParameter('token') + end + def getUser return nil if !@username = getUsername @user = User.where(["username = ?", params[:username]]).first @@ -49,24 +53,35 @@ render :json => @result end - def getToken - return digParameter('token') - end - - def checkToken - return if !@token = getToken - @jwt = JWT.new(@token) - @data = @token[0..@token.rindex('.')-1] - p @data + def isTokenValid(token, user) + @jwt = JWT.new(token) + @data = token[0..token.rindex('.')-1] p @jwt.signature Authority.all.each do |authority| if @jwt.data['iss'] == authority.name && @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), authority.signature, @data).tr('=', '') - render :json => { 'success' => true, 'valid' => true } - return + return true end end - render :json => { 'success' => true, 'valid' => false } + renderError + return false + end + + def checkToken + return if !@user = getUser + return if !@token = getToken + return if !isTokenValid(@token, @user) + render :json => { 'success' => true, 'valid' => true } + end + + def changePassword + return if !@user = getUser + return if !@token = getToken + return if !isTokenValid(@token, @user) + return if !@passwordHash = digParameter('passwordHash') + @user.passwordHash = Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) + @user.save() + render :json => { 'success' => true } end end diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index ac36b70..1cbd27c 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -17,6 +17,10 @@ return digParameter('passwordHash') end + def getToken + return digParameter('token') + end + def getUser return nil if !@username = getUsername @user = User.where(["username = ?", params[:username]]).first @@ -49,24 +53,35 @@ render :json => @result end - def getToken - return digParameter('token') - end - - def checkToken - return if !@token = getToken - @jwt = JWT.new(@token) - @data = @token[0..@token.rindex('.')-1] - p @data + def isTokenValid(token, user) + @jwt = JWT.new(token) + @data = token[0..token.rindex('.')-1] p @jwt.signature Authority.all.each do |authority| if @jwt.data['iss'] == authority.name && @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), authority.signature, @data).tr('=', '') - render :json => { 'success' => true, 'valid' => true } - return + return true end end - render :json => { 'success' => true, 'valid' => false } + renderError + return false + end + + def checkToken + return if !@user = getUser + return if !@token = getToken + return if !isTokenValid(@token, @user) + render :json => { 'success' => true, 'valid' => true } + end + + def changePassword + return if !@user = getUser + return if !@token = getToken + return if !isTokenValid(@token, @user) + return if !@passwordHash = digParameter('passwordHash') + @user.passwordHash = Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) + @user.save() + render :json => { 'success' => true } end end diff --git a/config/routes.rb b/config/routes.rb index 3fea316..9631e44 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -3,4 +3,5 @@ post @root+'users/authenticate' post @root+'users/presalt' post @root+'users/checkToken' + post @root+'users/changePassword' end diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index ac36b70..1cbd27c 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -17,6 +17,10 @@ return digParameter('passwordHash') end + def getToken + return digParameter('token') + end + def getUser return nil if !@username = getUsername @user = User.where(["username = ?", params[:username]]).first @@ -49,24 +53,35 @@ render :json => @result end - def getToken - return digParameter('token') - end - - def checkToken - return if !@token = getToken - @jwt = JWT.new(@token) - @data = @token[0..@token.rindex('.')-1] - p @data + def isTokenValid(token, user) + @jwt = JWT.new(token) + @data = token[0..token.rindex('.')-1] p @jwt.signature Authority.all.each do |authority| if @jwt.data['iss'] == authority.name && @jwt.signature == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), authority.signature, @data).tr('=', '') - render :json => { 'success' => true, 'valid' => true } - return + return true end end - render :json => { 'success' => true, 'valid' => false } + renderError + return false + end + + def checkToken + return if !@user = getUser + return if !@token = getToken + return if !isTokenValid(@token, @user) + render :json => { 'success' => true, 'valid' => true } + end + + def changePassword + return if !@user = getUser + return if !@token = getToken + return if !isTokenValid(@token, @user) + return if !@passwordHash = digParameter('passwordHash') + @user.passwordHash = Digest::SHA256.hexdigest(@passwordHash + @user.secretSalt) + @user.save() + render :json => { 'success' => true } end end diff --git a/config/routes.rb b/config/routes.rb index 3fea316..9631e44 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -3,4 +3,5 @@ post @root+'users/authenticate' post @root+'users/presalt' post @root+'users/checkToken' + post @root+'users/changePassword' end diff --git a/lib/JWT.rb b/lib/JWT.rb index 86b41ef..badee27 100644 --- a/lib/JWT.rb +++ b/lib/JWT.rb @@ -7,7 +7,6 @@ @header = JSON.parse Base64.urlsafe_decode64(@parts[0]) @data = JSON.parse Base64.urlsafe_decode64(@parts[1]) @signature = @parts[2] - p @signature else @header = defaultHeader @data = data