From 86e9b5a22aca821464a1b8d807a21439e2ebbb53 Mon Sep 17 00:00:00 2001 From: "dmit.b" Date: Thu, 25 Jun 2026 11:56:08 +0300 Subject: [PATCH] remove MD5 hashing, send plaintext secret key for bcrypt verification --- lib/providers/auth_provider.dart | 4 ++-- lib/screens/login_screen.dart | 18 +++++++----------- lib/services/auth_service.dart | 15 +++++++++------ pubspec.yaml | 2 -- 4 files changed, 18 insertions(+), 21 deletions(-) diff --git a/lib/providers/auth_provider.dart b/lib/providers/auth_provider.dart index c62080e..637ed1a 100644 --- a/lib/providers/auth_provider.dart +++ b/lib/providers/auth_provider.dart @@ -41,14 +41,14 @@ class AuthProvider with ChangeNotifier { Future register( String login, String password, - String secretKeyHash, + String secretKey, ) async { _isLoading = true; _error = ''; notifyListeners(); try { - await _authService.register(login, password, secretKeyHash); + await _authService.register(login, password, secretKey); notifyListeners(); } catch (e) { _error = e.toString(); diff --git a/lib/screens/login_screen.dart b/lib/screens/login_screen.dart index 02ba574..0fe7a56 100644 --- a/lib/screens/login_screen.dart +++ b/lib/screens/login_screen.dart @@ -1,7 +1,5 @@ import 'dart:convert'; -import 'package:convert/convert.dart'; -import 'package:crypto/crypto.dart'; import 'package:flutter/foundation.dart'; import 'package:flutter/material.dart'; import 'package:geolocator/geolocator.dart'; @@ -46,8 +44,6 @@ class _LoginScreenState extends State super.dispose(); } - static const String _secretKey = 'FtracKer*1405.'; - @override Widget build(BuildContext context) { final authProvider = context.watch(); @@ -178,19 +174,19 @@ class _LoginScreenState extends State // Error is handled by provider } } else { - if (_secretKeyController.text != _secretKey) { - authProvider.setError('Invalid secret key'); + if (_loginController.text.length <= 4) { + authProvider.setError('Login must be more than 4 characters'); + return; + } + if (_passwordController.text.length <= 8) { + authProvider.setError('Password must be more than 8 characters'); return; } - Digest digest = md5.convert( - utf8.encode(_secretKeyController.text), - ); - String secretKeyHash = hex.encode(digest.bytes); try { await authProvider.register( _loginController.text, _passwordController.text, - secretKeyHash, + _secretKeyController.text, ); } catch (e) { // Error is handled by provider diff --git a/lib/services/auth_service.dart b/lib/services/auth_service.dart index ac83754..36025dd 100644 --- a/lib/services/auth_service.dart +++ b/lib/services/auth_service.dart @@ -24,20 +24,23 @@ class AuthService { Future register( String login, String password, - String secretKeyHash, + String secretKey, ) async { + var data = jsonEncode({ + 'login': login, + 'password': password, + 'secret_key': secretKey, + }); final response = await _client.post( Uri.parse(ApiConfig.regUrl), headers: {'Content-Type': 'application/json'}, - body: jsonEncode({ - 'login': login, - 'password': password, - 'secret_key_hash': secretKeyHash, - }), + body: data, ); if (response.statusCode != 201) { throw Exception('Registration failed'); } } + + int rnLength()=>"\r\n".length; } diff --git a/pubspec.yaml b/pubspec.yaml index 47d75a6..1736805 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -38,8 +38,6 @@ dependencies: cupertino_icons: ^1.0.8 provider: ^6.1.1 http: ^1.2.0 - crypto: ^3.0.3 - convert: ^3.1.1 flutter_map: ^6.1.0 latlong2: ^0.9.1 geolocator: ^14.0.2