From 4342da67498a61fe87e6dfb7846dcef4f476524b Mon Sep 17 00:00:00 2001
From: simplonco <simplonco@simplonco.co>
Date: Sun, 15 Jan 2023 02:11:45 +0100
Subject: [PATCH] modify password ok

---
 README.md                                     |   2 +-
 .../api_back/src/chat/chat.controller.ts      |  55 ++++++++-
 .../nestjs/api_back/src/chat/chat.service.ts  | 105 +++++++++---------
 .../src/pieces/chat/Chat_layouts.svelte       |   3 +
 .../src/pieces/chat/Layout_password.svelte    |  22 +++-
 .../src/pieces/chat/Layout_room_set.svelte    |   2 +-
 .../src/pieces/chat/Request_rooms.ts          |  46 +++++++-
 .../api_front/src/pieces/chat/Types_chat.ts   |   2 +-
 8 files changed, 171 insertions(+), 66 deletions(-)

diff --git a/README.md b/README.md
index df043e84..300c2d9d 100644
--- a/README.md
+++ b/README.md
@@ -81,7 +81,7 @@
 - [/] leave room
 - [/] leave direct impossible
 - [/] protect room with password
-- [ ] add and change password in room
+- [/] add, change, and remove password in room
 - [ ] make admin
 - [ ] ban
 - [ ] mute
diff --git a/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts b/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts
index 4f789b25..a2570d8d 100644
--- a/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts
+++ b/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts
@@ -140,8 +140,11 @@ export class ChatController {
 
 		if (room.protection)
 		{
+			let message = `${req.user.username} changed the password`;
+			room.allowed_users = [req.user.username];
+			await this.chatService.setPassword(req.user.username, message, room);
 			let socket: socketDto = this.chatGateway.sockets.get(req.user.username);
-			await this.chatService.addPassword(req.user.username, room, socket);
+			await socket.to(socket.room).emit('message', "SERVER", message);
 		}
 
 		const ret_room = this.format_room(room);
@@ -255,8 +258,56 @@ export class ChatController {
 	{
 		printCaller("- in ");
 
+		let message = `${req.user.username} changed the password`;
+		room.allowed_users = [req.user.username];
+		room.protection = true;
+		await this.chatService.setPassword(req.user.username, message, room, old_password);
+
+		// inform other connected users
 		let socket: socketDto = this.chatGateway.sockets.get(req.user.username);
-		await this.chatService.addPassword(req.user.username, room, socket, old_password);
+		await socket.to(socket.room).emit('message', "SERVER", message);
+
+		const ret_room = this.format_room(room);
+		res.status(HttpStatus.OK).json({ room: ret_room });
+		printCaller("- out ");
+	}
+
+	@UseGuards(AuthenticateGuard)
+	@UseGuards(TwoFactorGuard)
+	@Post('addpassword')
+	async addPassword(@Body() room: roomDto, @Req() req, @Res() res): Promise<void>
+	{
+		printCaller("- in ");
+
+		let message = `${req.user.username} added a password`;
+		room.allowed_users = [req.user.username];
+		room.protection = true;
+		await this.chatService.setPassword(req.user.username, message, room);
+
+		// inform other connected users
+		let socket: socketDto = this.chatGateway.sockets.get(req.user.username);
+		await socket.to(socket.room).emit('message', "SERVER", message);
+
+		const ret_room = this.format_room(room);
+		res.status(HttpStatus.OK).json({ room: ret_room });
+		printCaller("- out ");
+	}
+
+	@UseGuards(AuthenticateGuard)
+	@UseGuards(TwoFactorGuard)
+	@Delete('removepassword')
+	async removePassword(@Body() room: roomDto, @Req() req, @Res() res): Promise<void>
+	{
+		printCaller("- in ");
+
+		let message = `${req.user.username} removed a new password`;
+		room.allowed_users = [];
+		room.protection = false;
+		await this.chatService.setPassword(req.user.username, message, room);
+
+		// inform other connected users
+		let socket: socketDto = this.chatGateway.sockets.get(req.user.username);
+		await socket.to(socket.room).emit('message', "SERVER", message);
 
 		const ret_room = this.format_room(room);
 		res.status(HttpStatus.OK).json({ room: ret_room });
diff --git a/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts b/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts
index d6001b6d..e094920f 100644
--- a/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts
+++ b/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts
@@ -206,6 +206,60 @@ export class ChatService {
 		await this.chatroomRepository.save(room_db);
 	}
 
+	async setPassword(username: string, message: string, room: roomDto, old_password?: string): Promise<void>
+	{
+		printCaller("-- in ");
+
+		if (room.type === 'direct')
+		{
+			console.log("throw error: error: true, code: 'DIRECT_PASSWORD_FORBIDDEN', message: 'you cannot set a password in a direct message room'");
+			throw new HttpException({ error: true, code: 'DIRECT_PASSWORD_FORBIDDEN', message: `you cannot set a password in a direct message room` }, HttpStatus.FORBIDDEN);
+		}
+
+		const current_room = await this.getRoomByName(room.name);
+
+		if (!room.password)
+		{
+			console.log("throw error: error: true, code: 'NO_PASSWORD', message: 'this room has no password protection'");
+			throw new HttpException({ error: true, code: 'NO_PASSWORD', message: `this room has no password protection` }, HttpStatus.FORBIDDEN);
+		}
+		if (current_room.protection)
+		{
+			if (room.protection && !old_password)
+			{
+				console.log("throw error: error: true, code: 'MISSING_OLD_PASSWORD', message: 'you need to provide the old password to set a new one'");
+				throw new HttpException({ error: true, code: 'MISSING_OLD_PASSWORD', message: `you need to provide the old password to set a new one` }, HttpStatus.FORBIDDEN);
+			}
+			if (old_password)
+			{
+				const is_match = await bcrypt.compare(old_password, current_room.hash);
+				if (!is_match)
+				{
+					printCaller(`throw error: error: true, code: 'BAD_PASSWORD', message: 'you provided a bad password'`);
+					throw new HttpException({ error: true, code: 'BAD_PASSWORD', message: `you provided a bad password` }, HttpStatus.BAD_REQUEST);
+				}
+			}
+		}
+
+		const saltOrRounds = 10;
+		const password = room.password;
+		let hash: string;
+		if (room.protection)
+			hash = await bcrypt.hash(password, saltOrRounds);
+
+		// add password to chatroom
+		current_room.allowed_users = room.allowed_users;
+		current_room.protection = room.protection;
+		if (room.protection)
+			current_room.hash = hash;
+		else
+			delete current_room.hash;
+		current_room.messages.push({ name: "SERVER", message: message });
+		await this.chatroomRepository.save(current_room);
+
+		printCaller("-- out ");
+	}
+
 
 	/* ADDERS *************************************************
 	*/
@@ -252,57 +306,6 @@ export class ChatService {
 		return room;
 	}
 
-	async addPassword(username: string, room: roomDto, socket:socketDto, old_password?: string): Promise<void>
-	{
-		printCaller("-- in ");
-
-		if (room.type === 'direct')
-		{
-			console.log("throw error: error: true, code: 'DIRECT_PASSWORD_FORBIDDEN', message: 'you cannot set a password in a direct message room'");
-			throw new HttpException({ error: true, code: 'DIRECT_PASSWORD_FORBIDDEN', message: `you cannot set a password in a direct message room` }, HttpStatus.FORBIDDEN);
-		}
-
-		const current_room = await this.getRoomByName(room.name);
-
-		let message = `${username} set a new password`;
-
-		if (current_room.protection)
-		{
-			if (!old_password)
-			{
-				console.log("throw error: error: true, code: 'MISSING_OLD_PASSWORD', message: 'you need to provide the old password to set a new one'");
-				throw new HttpException({ error: true, code: 'MISSING_OLD_PASSWORD', message: `you need to provide the old password to set a new one` }, HttpStatus.FORBIDDEN);
-			}
-			const is_match = await bcrypt.compare(old_password, current_room.hash);
-			if (!is_match)
-			{
-				printCaller(`throw error: error: true, code: 'BAD_PASSWORD', message: 'you provided a bad password'`);
-				throw new HttpException({ error: true, code: 'BAD_PASSWORD', message: `you provided a bad password` }, HttpStatus.BAD_REQUEST);
-			}
-		}
-
-		const saltOrRounds = 10;
-		const password = room.password;
-		let hash = await bcrypt.hash(password, saltOrRounds);
-
-		// add password to chatroom
-		if (!current_room.allowed_users.includes(username))
-			current_room.allowed_users.push(username);
-		current_room.protection = true;
-		current_room.hash = hash;
-		current_room.messages.push({ name: "SERVER", message: message });
-		await this.chatroomRepository.save(current_room);
-
-		console.log("current_room:", current_room);
-		const all_rooms = await this.getAllRooms();
-		console.log("all_rooms:", all_rooms);
-
-		// inform other connected users
-		await socket.to(socket.room).emit('message', "SERVER", message);
-
-		printCaller("-- out ");
-	}
-
 	async addMessageToRoom(room_name: string, username: string, message: string): Promise<void>
 	{
 		printCaller("-- in ");
diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Chat_layouts.svelte b/srcs/requirements/svelte/api_front/src/pieces/chat/Chat_layouts.svelte
index 68f4fe16..55ae3216 100644
--- a/srcs/requirements/svelte/api_front/src/pieces/chat/Chat_layouts.svelte
+++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Chat_layouts.svelte
@@ -67,6 +67,9 @@
 		<RoomsetLayout back={layouts[1]} />
 
 	{:else if $layout === "password"}
+		<PasswordLayout back={layouts[1]} />
+
+	{:else if $layout === "add_password"}
 		<PasswordLayout back={layouts[1]} mode="add" />
 
 	{:else if $layout === "change_password"}
diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_password.svelte b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_password.svelte
index 95524f5e..d2d87f92 100644
--- a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_password.svelte
+++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_password.svelte
@@ -1,13 +1,13 @@
 <script lang="ts">
 
 	import { layout, current_room } from './Store_chat';
-	import { change_room, send_password } from './Request_rooms';
+	import { change_room, validate_password, change_password, add_password, remove_password } from './Request_rooms';
 	import { FetchResponse } from './Types_chat';
 	import Button from './Element_button.svelte';
 	import Warning from './Element_warning.svelte';
 
 	export let back = "";
-	export let mode = "add";
+	export let mode = "validate";
 
 	let password_state = "";
 	if (mode === 'change')
@@ -16,6 +16,7 @@
 		password_state = "current";
 
 	let room_password: string;
+	let room_old_password: string;
 	let response: FetchResponse;
 	let show_error = false;
 
@@ -31,12 +32,21 @@
 		let room = {
 			name: $current_room.name,
 			type: $current_room.type,
-			protection: true,
 			password: room_password,
 		};
+		room.protection = true;
+		if (mode === 'remove')
+			room.protection = false;
 
 		// send password
-		response = await send_password(room);
+		if (mode === 'validate')
+			response = await validate_password(room);
+		if (mode === 'add')
+			response = await add_password(room);
+		if (mode === 'change')
+			response = await change_password(room, room_old_password);
+		if (mode === 'remove')
+			response = await remove_password(room);
 
 		// go to room
 		if (response.status >= 300 || response.error)
@@ -72,8 +82,8 @@
 				<Warning content={response.message}/>
 			{/if}
 			{#if mode === 'change'}
-				<label for="chat_pswd"><p>enter old password :</p></label>
-				<input  id="chat_pswd" bind:value={room_password} type="password" placeholder="minimum 8 characters" minlength="8" name="password" required>
+				<label for="chat_old_pswd"><p>enter old password :</p></label>
+				<input  id="chat_old_pswd" bind:value={room_old_password} type="password" placeholder="minimum 8 characters" minlength="8" name="old_password" required>
 			{/if}
 			<label for="chat_pswd"><p>enter {password_state} password :</p></label>
 			<input  id="chat_pswd" bind:value={room_password} type="password" placeholder="minimum 8 characters" minlength="8" name="password" required>
diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_room_set.svelte b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_room_set.svelte
index c8c07cf5..07f1c1ae 100644
--- a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_room_set.svelte
+++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_room_set.svelte
@@ -60,7 +60,7 @@
 				remove password
 			</Button>
 		{:else}
-			<Button new_layout="password">
+			<Button new_layout="add_password">
 				add password
 			</Button>
 		{/if}
diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Request_rooms.ts b/srcs/requirements/svelte/api_front/src/pieces/chat/Request_rooms.ts
index 5f48740c..36b98d4c 100644
--- a/srcs/requirements/svelte/api_front/src/pieces/chat/Request_rooms.ts
+++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Request_rooms.ts
@@ -60,14 +60,52 @@ console.log("room returned from change:", response.room);
 	layout.set("room");
 }
 
+export async function validate_password(room: Room)
+{
+	console.log("in validate_password");
 
-export async function send_password(room: Room)
+console.log("room sent to validate password:", room);
+	let response: FetchResponse = await fetch_chat_request('passwordauth', FetchMethod.POST, room);
+console.log("room returned from validate password:", response.room);
+
+	return response;
+}
+
+export async function add_password(room: Room)
+{
+	console.log("in add_password");
+
+console.log("room sent to add password:", room);
+	let response: FetchResponse = await fetch_chat_request('addpassword', FetchMethod.POST, room);
+console.log("room returned from add password:", response.room);
+
+	return response;
+}
+
+export async function change_password(room: Room, old_password: string)
 {
 	console.log("in send_password");
 
-console.log("room sent to set password:", room);
-	let response: FetchResponse = await fetch_chat_request('passwordauth', FetchMethod.POST, room);
-console.log("room returned from set password:", response.room);
+	let request_body =
+	{
+		room: room,
+		old_password: old_password,
+	}
+
+console.log("room sent to change password:", room);
+	let response: FetchResponse = await fetch_chat_request('changepassword', FetchMethod.POST, request_body);
+console.log("room returned from change password:", response.room);
+
+	return response;
+}
+
+export async function remove_password(room: Room)
+{
+	console.log("in send_password");
+
+console.log("room sent to remove password:", room);
+	let response: FetchResponse = await fetch_chat_request('removepassword', FetchMethod.DELETE, room);
+console.log("room returned from remove password:", response.room);
 
 	return response;
 }
diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Types_chat.ts b/srcs/requirements/svelte/api_front/src/pieces/chat/Types_chat.ts
index a484a42c..82f5c419 100644
--- a/srcs/requirements/svelte/api_front/src/pieces/chat/Types_chat.ts
+++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Types_chat.ts
@@ -28,6 +28,6 @@ export enum FetchMethod
 {
 	POST = 'POST',
 	GET = 'GET',
-	LEAVE = 'LEAVE',
+	DELETE = 'DELETE',
 }