Fixes #11

Avdhesh-Varshney · Jun 10, 2024 · 926142e · 926142e
1 parent f3c662e
commit 926142e
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 9 deletions.
diff --git a/database/data.db b/database/data.db
diff --git a/database/sql.py b/database/sql.py
@@ -1,6 +1,8 @@
 import sqlite3
 import re
 
+from page.auth.encrypt import check_password
+
 ######################### Checking validations #########################
 def valid_username(username):
     return re.match(r'^[a-zA-Z0-9]+$', username) is not None
@@ -36,11 +38,29 @@ def add_userdata(conn, username, name, role, gender, age, email, password):
 
 def login_user(conn, text, password):
     c = conn.cursor()
+    hashed_password = get_password(c, text)
+    try:
+        correct_pwd = check_password(password, hashed_password)
+    except:
+        return None
     if valid_email(text):
-        c.execute('SELECT * FROM users_data WHERE email = ? AND password = ?', (text, password))
+        c.execute('SELECT * FROM users_data WHERE email = ? AND password = ?', (text, hashed_password))
     elif valid_username(text):
-        c.execute('SELECT * FROM users_data WHERE username = ? AND password = ?', (text, password))
-    data = c.fetchall()
+        c.execute('SELECT * FROM users_data WHERE username = ? AND password = ?', (text, hashed_password))
+    if correct_pwd:
+        data = c.fetchall()
+        return data
+
+def get_password(conn, text):
+    c = conn
+    if valid_email(text):
+        res = c.execute('SELECT password FROM users_data WHERE email = ?', (text,))
+    elif valid_username(text):
+        res = c.execute('SELECT password FROM users_data WHERE username = ?', (text,))
+    try:
+        data = res.fetchone()[0]
+    except:
+        data = b""
     return data
 
 def check_user(conn, text):

diff --git a/page/auth/encrypt.py b/page/auth/encrypt.py
@@ -0,0 +1,13 @@
+from argon2 import PasswordHasher
+
+def secure_password(password):
+    ph = PasswordHasher()
+    return ph.hash(password)
+
+
+def check_password(password, hashed_password):
+    ph = PasswordHasher()
+    try:
+        return ph.verify(hashed_password, password)
+    except:
+        return False
diff --git a/page/auth/login.py b/page/auth/login.py
@@ -6,7 +6,7 @@
 def login():
     st.sidebar.subheader("Login")
     text = st.sidebar.text_input("Username/Email:")
-    password = st.sidebar.text_input("Password:", type="password")
+    password = str(st.sidebar.text_input("Password:", type="password"))
     if st.sidebar.checkbox("Login"):
         conn = create_connection()
         create_usertable(conn)

diff --git a/page/auth/signup.py b/page/auth/signup.py
@@ -1,3 +1,4 @@
+from page.auth.encrypt import check_password, secure_password
 import streamlit as st
 import os
 from database.sql import valid_email, valid_username, create_connection, create_usertable, add_userdata, check_user
@@ -27,9 +28,10 @@ def signup():
     st.markdown("## Password")
     col3, col4 = st.columns(2)
     with col3:
-        new_password = st.text_input("🔑 Enter password:", type='password')
+        new_password = str(st.text_input("🔑 Enter password:", type='password'))
+        new_password_hashed = secure_password(new_password)
     with col4:
-        new_repeat_password = st.text_input('🔑 Re-type your password:', type='password')
+        new_repeat_password = str(st.text_input('🔑 Re-type your password:', type='password'))
 
     admin_key = os.environ.get("ADMIN_KEY")
     super_admin_key = os.environ.get("SUPER_ADMIN_KEY")
@@ -48,13 +50,13 @@ def signup():
 
     st.markdown("---")
     if st.button("Signup"):
-        if new_password == new_repeat_password:
+        if check_password(new_repeat_password, new_password_hashed):
             if valid_email(new_email):
                 if valid_username(new_user):
                     conn = create_connection()
                     create_usertable(conn)
-                    if check_user(conn, new_email) is None:
-                        if check_user(conn, new_user) is None:
+                    if check_user(conn, new_email) != None:
+                        if check_user(conn, new_user) != None:
                             add_userdata(conn, new_user, new_name, new_roles, new_gender, new_age, new_email, new_password)
                             st.success("You have successfully created a valid account!", icon="✅")
                             st.info("Go to Login Menu to login!", icon="ℹ️")

diff --git a/page/dashboard.py b/page/dashboard.py
@@ -20,6 +20,7 @@ def dashboard():
 		### Required Libraries
 	''')
     st.code('''
+        Argon2
 		Pyttsx3
 		Speech Recognition
 		Datetime

diff --git a/requirements.txt b/requirements.txt