feat: bcrypt hasher

97794f84 · impfundev · e5d825d5 · 97794f84 · 97794f84 · 97794f84
Commit 97794f84 authored Jul 05, 2024 by impfundev
Showing with 68 additions and 25 deletions

utils.py authentications/utils.py +22 -0

views.py authentications/views.py +29 -22

pagination.html dashboards/templates/pagination.html +9 -0

views.py librarians/views.py +8 -3

No files found.
--- a/authentications/utils.py
+++ b/authentications/utils.py
 import jwt
+import bcrypt
 from django.conf import settings


 def create_auth_session(request, payload):
    token = jwt.encode(payload, settings.JWT_SECRET, algorithm="HS256")
    request.session["auth_session"] = token
+
+
+class Hasher:
+    def encode(password: str):
+        hashed_password = bcrypt.hashpw(
+            password.encode("utf-8"), bcrypt.gensalt(rounds=8)
+        )
+        return hashed_password
+
+    def verify(password: str, encoded: str):
+        hashed_password = encoded[2:].replace("'", "").encode("utf-8")
+        password_encode = password.encode("utf-8")
+
+        print(hashed_password)
+        print(password_encode)
+
+        is_verified = bcrypt.checkpw(
+            password=password_encode, hashed_password=hashed_password
+        )
+
+        return is_verified
--- a/authentications/views.py
+++ b/authentications/views.py
@@ -5,7 +5,7 @@ from django.shortcuts import render

 from authentications.forms import LoginForm, SignUpForm, ForgotPassword
 from librarians.models import Librarians, LoginHistory
-from authentications.utils import create_auth_session
+from authentications.utils import create_auth_session, Hasher


 class AuthView(TemplateView):
@@ -15,31 +15,36 @@ class AuthView(TemplateView):
        if request.method == "POST":
            form = LoginForm(request.POST)
            if form.is_valid():
-                account = librarian.filter(
-                    email=form.data["email"], password=form.data["password"]
-                )
+                account = librarian.filter(email=form.data["email"])
+                password = form.data["password"]

                if account.exists():
-                    librarian = librarian.get(
-                        email=form.data["email"],
-                        password=form.data["password"],
-                    )
-
-                    expiration_time = datetime.now() + timedelta(hours=2)
-                    payload = {
-                        "exp": expiration_time.timestamp(),
-                        "librarian_id": librarian.id,
-                        "name": librarian.name,
-                        "email": librarian.email,
-                    }
+                    librarian = librarian.get(email=form.data["email"])

-                    create_auth_session(request, payload)
+                    verified = Hasher.verify(
+                        password=password, encoded=librarian.password
+                    )

-                    LoginHistory.objects.create(librarian_id=librarian.id)
-                    return HttpResponseRedirect("/dashboard/")
+                    if not verified:
+                        context["error_message"] = (
+                            "Password invalid, please enter valid data or Sign Up first"
+                        )
+                    else:
+                        expiration_time = datetime.now() + timedelta(hours=2)
+                        payload = {
+                            "exp": expiration_time.timestamp(),
+                            "librarian_id": librarian.id,
+                            "name": librarian.name,
+                            "email": librarian.email,
+                        }
+
+                        create_auth_session(request, payload)
+
+                        LoginHistory.objects.create(librarian_id=librarian.id)
+                        return HttpResponseRedirect("/dashboard/")
                else:
                    context["error_message"] = (
-                        "Email or Password invalid, please enter valid data or Sign Up first"
+                        "Email invalid, please enter valid data or Sign Up first"
                    )
        else:
            form = LoginForm()
@@ -59,15 +64,17 @@ class AuthView(TemplateView):
                        "Email was already exist, please use different email"
                    )
                else:
+                    password = form.data["password"]
+                    hashed_password = Hasher.encode(password=password)
                    librarian.create(
                        name=form.data["name"],
                        email=form.data["email"],
-                        password=form.data["password"],
+                        password=hashed_password,
                    )
+
                    new_librarian = librarian.get(
                        name=form.data["name"],
                        email=form.data["email"],
-                        password=form.data["password"],
                    )

                    expiration_time = datetime.now() + timedelta(minutes=30)

--- a/dashboards/templates/pagination.html
+++ b/dashboards/templates/pagination.html
+<nav aria-label="Page navigation example">
+  <ul class="pagination">
+    <li class="page-item"><a class="page-link" href="#">Previous</a></li>
+    <li class="page-item"><a class="page-link" href="#">1</a></li>
+    <li class="page-item"><a class="page-link" href="#">2</a></li>
+    <li class="page-item"><a class="page-link" href="#">3</a></li>
+    <li class="page-item"><a class="page-link" href="#">Next</a></li>
+  </ul>
+</nav>
--- a/librarians/views.py
+++ b/librarians/views.py
+from authentications.utils import create_auth_session, Hasher
 from django.shortcuts import get_object_or_404, render
 from django.core.cache import cache
 from django.http import HttpResponseRedirect
@@ -18,8 +19,9 @@ def index(request):
            name = form.data["name"]
            email = form.data["email"]
            password = form.data["password"]
+            hashed_password = Hasher.encode(password=password)

-            Librarians.objects.create(name=name, email=email, password=password)
+            Librarians.objects.create(name=name, email=email, password=hashed_password)
            cache.clear()

    if request.method == "GET":
@@ -52,7 +54,6 @@ def update(request, id):
    initial = {
        "name": librarian.name,
        "email": librarian.email,
-        "password": librarian.password,
    }
    form = LibrarianForm(request.POST or None, initial=initial)

@@ -61,10 +62,14 @@ def update(request, id):
            name = form.data["name"]
            email = form.data["email"]
            password = form.data["password"]
+            hashed_password = Hasher.encode(password=password)
            librarian = Librarians.objects.filter(id=id)

            librarian.update(
-                name=name, email=email, password=password, updated_at=datetime.now()
+                name=name,
+                email=email,
+                password=hashed_password,
+                updated_at=datetime.now(),
            )
            cache.clear()
            return HttpResponseRedirect("/dashboard/librarians")