remove MD5 hashing, send plaintext secret key for bcrypt verification
This commit is contained in:
dmit.b
@@ -41,14 +41,14 @@ class AuthProvider with ChangeNotifier {
|
||||
Future<void> register(
|
||||
String login,
|
||||
String password,
|
||||
String secretKeyHash,
|
||||
String secretKey,
|
||||
) async {
|
||||
_isLoading = true;
|
||||
_error = '';
|
||||
notifyListeners();
|
||||
|
||||
try {
|
||||
await _authService.register(login, password, secretKeyHash);
|
||||
await _authService.register(login, password, secretKey);
|
||||
notifyListeners();
|
||||
} catch (e) {
|
||||
_error = e.toString();
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
import 'dart:convert';
|
||||
|
||||
import 'package:convert/convert.dart';
|
||||
import 'package:crypto/crypto.dart';
|
||||
import 'package:flutter/foundation.dart';
|
||||
import 'package:flutter/material.dart';
|
||||
import 'package:geolocator/geolocator.dart';
|
||||
@@ -46,8 +44,6 @@ class _LoginScreenState extends State<LoginScreen>
|
||||
super.dispose();
|
||||
}
|
||||
|
||||
static const String _secretKey = 'FtracKer*1405.';
|
||||
|
||||
@override
|
||||
Widget build(BuildContext context) {
|
||||
final authProvider = context.watch<AuthProvider>();
|
||||
@@ -178,19 +174,19 @@ class _LoginScreenState extends State<LoginScreen>
|
||||
// Error is handled by provider
|
||||
}
|
||||
} else {
|
||||
if (_secretKeyController.text != _secretKey) {
|
||||
authProvider.setError('Invalid secret key');
|
||||
if (_loginController.text.length <= 4) {
|
||||
authProvider.setError('Login must be more than 4 characters');
|
||||
return;
|
||||
}
|
||||
if (_passwordController.text.length <= 8) {
|
||||
authProvider.setError('Password must be more than 8 characters');
|
||||
return;
|
||||
}
|
||||
Digest digest = md5.convert(
|
||||
utf8.encode(_secretKeyController.text),
|
||||
);
|
||||
String secretKeyHash = hex.encode(digest.bytes);
|
||||
try {
|
||||
await authProvider.register(
|
||||
_loginController.text,
|
||||
_passwordController.text,
|
||||
secretKeyHash,
|
||||
_secretKeyController.text,
|
||||
);
|
||||
} catch (e) {
|
||||
// Error is handled by provider
|
||||
|
||||
@@ -24,20 +24,23 @@ class AuthService {
|
||||
Future<void> register(
|
||||
String login,
|
||||
String password,
|
||||
String secretKeyHash,
|
||||
String secretKey,
|
||||
) async {
|
||||
var data = jsonEncode({
|
||||
'login': login,
|
||||
'password': password,
|
||||
'secret_key': secretKey,
|
||||
});
|
||||
final response = await _client.post(
|
||||
Uri.parse(ApiConfig.regUrl),
|
||||
headers: {'Content-Type': 'application/json'},
|
||||
body: jsonEncode({
|
||||
'login': login,
|
||||
'password': password,
|
||||
'secret_key_hash': secretKeyHash,
|
||||
}),
|
||||
body: data,
|
||||
);
|
||||
|
||||
if (response.statusCode != 201) {
|
||||
throw Exception('Registration failed');
|
||||
}
|
||||
}
|
||||
|
||||
int rnLength()=>"\r\n".length;
|
||||
}
|
||||
|
||||
@@ -38,8 +38,6 @@ dependencies:
|
||||
cupertino_icons: ^1.0.8
|
||||
provider: ^6.1.1
|
||||
http: ^1.2.0
|
||||
crypto: ^3.0.3
|
||||
convert: ^3.1.1
|
||||
flutter_map: ^6.1.0
|
||||
latlong2: ^0.9.1
|
||||
geolocator: ^14.0.2
|
||||
|
||||
Reference in New Issue
Block a user