diff --git a/modules/api/auth.py b/modules/api/auth.py index 67eaeb8..6c33911 100644 --- a/modules/api/auth.py +++ b/modules/api/auth.py @@ -256,7 +256,8 @@ class auth: user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, jwt) user = user_validation['data'] loggorilla.prcss(APIADDR, "Get dependency data") - self.cursor.execute("call sp_auth_login(%s);", (user['profile']['username'],) ) + self.cursor.execute("CALL sp_auth_login(%s, @o_count, @o_token, @o_id, @o_username, @o_password)", (user['profile']['username'],) ) + self.cursor.execute("SELECT @o_count, @o_token, @o_id, @o_username, @o_password") result_login = self.cursor.fetchone() self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' ; ", (email,) ) result_email = self.cursor.fetchone() @@ -269,7 +270,7 @@ class auth: loggorilla.prcss(APIADDR, "Giving response") response["status" ] = "failed" response["desc" ] = "Invitation roles is not allowed" - elif not bcrypt.checkpw(password.encode(), result_login['password'].decode().encode() ): + elif not bcrypt.checkpw(password.encode(), result_login['@o_password'].decode().encode() ): loggorilla.accss(APIADDR, f"{user['profile']['username']} put a wrong password for send invitation") loggorilla.prcss(APIADDR, "Giving response") response["status" ] = "failed" @@ -413,14 +414,15 @@ class auth: self.cursor.execute("BEGIN;") try: loggorilla.prcss(APIADDR, "Get dependency data") - self.cursor.execute("call sp_auth_login(%s);", (username,) ) + self.cursor.execute("CALL sp_auth_login(%s, @o_count, @o_token, @o_id, @o_username, @o_password)", (username,)) + self.cursor.execute("SELECT @o_count, @o_token, @o_id, @o_username, @o_password") result_login = self.cursor.fetchone() - self.cursor.execute("SELECT `profile`, `type`, `verified` FROM auth_profile_verification WHERE `type` = 'email' AND `profile` = %s ; ", (result_login['id'],) ) + self.cursor.execute("SELECT `profile`, `type`, `verified` FROM auth_profile_verification WHERE `type` = 'email' AND `profile` = %s ; ", (result_login['@o_id'],) ) result_verification = self.cursor.fetchone() loggorilla.prcss(APIADDR, "Validation") - if result_login['count'] == 1 and result_verification['verified'] == 1 and bcrypt.checkpw(password.encode(), result_login['password'].decode().encode() ) : + if result_login['@o_count'] == 1 and result_verification['verified'] == 1 and bcrypt.checkpw(password.encode(), result_login['@o_password'].decode().encode() ) : loggorilla.prcss(APIADDR, "Add session") - self.cursor.execute(f"INSERT INTO `auth_session` VALUES (DEFAULT, %s, NOW(), NOW() + INTERVAL 60 DAY)", ( result_login['token'], ) ) + self.cursor.execute(f"INSERT INTO `auth_session` VALUES (DEFAULT, %s, NOW(), NOW() + INTERVAL 60 DAY)", ( result_login['@o_token'], ) ) session_last_id = self.cursor.lastrowid self.cursor.execute(f"SELECT `id`, `start`, `end` FROM `auth_session` WHERE id = %s ; ", ( session_last_id, ) ) session = self.cursor.fetchone() diff --git a/sql/auth.sql b/sql/auth.sql index d15f20f..b650447 100644 --- a/sql/auth.sql +++ b/sql/auth.sql @@ -109,7 +109,12 @@ DELIMITER ; DELIMITER // CREATE PROCEDURE sp_auth_login( - IN p_username varchar(36) + IN p_username VARCHAR(36), + OUT o_count INT(11), + OUT o_token BINARY(40), + OUT o_id INT(11), + OUT o_username VARCHAR(36), + OUT o_password BINARY(60) ) BEGIN SELECT @@ -118,6 +123,12 @@ BEGIN auth_profile.id, auth_profile.username, auth.password + INTO + o_count, + o_token, + o_id, + o_username, + o_password FROM auth_profile INNER JOIN auth ON auth.token = auth_profile.token WHERE auth_profile.username = p_username ;