From 8d593865881a5aa0ea4f5cd13ec6b60bafd25a00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jukka-Pekka=20Sirki=C3=A4?= <jukkapekka.sirkia@gmail.com>
Date: Thu, 12 Dec 2019 22:39:15 +0200
Subject: [PATCH] Changed the way user authentication parameters are sent

---
 README.md                               | 11 ++++++++++-
 src/controllers/controllers.js          |  3 ++-
 src/requests/getUserAuthentication.rest |  7 +------
 src/utils/hashing.js                    |  3 ++-
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index a9c9245..b9c1966 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,12 @@
 # Secure password hashing server
 
-This is a Node.js application implementing a secure password hashing server. The application is created for the fourth weekly exercise on the course DTEK8102 Privacy and Security for Software Systems.
\ No newline at end of file
+This is a Node.js application implementing a secure password hashing server. The application is created for the fourth weekly exercise on the course DTEK8102 Privacy and Security for Software Systems.
+
+## How to use?
+
+The steps are:
+- Install [Node.js](https://nodejs.org/en/)
+- ```npm install```
+- ```npm run watch```
+- The server is now running at *localhost:8000*
+- Send HTTP requests and see how the server responds. Example requests are in the folder *src/requests*. Use the POST request first since the database initializes itself every time the server is started, and hence the database is empty. After the POST request send a GET request to authenticate the user (use the same username and password as in the POST request to see a successful authentication, or change the username/password to see it fail).
\ No newline at end of file
diff --git a/src/controllers/controllers.js b/src/controllers/controllers.js
index 7d741f9..4456cbf 100644
--- a/src/controllers/controllers.js
+++ b/src/controllers/controllers.js
@@ -9,7 +9,8 @@ const storeUsernameAndPassword = (req, res) => {
 };
 
 const authenticateUser = (req, res) => {
-  userDataServices.authenticateUser(req.body.username, req.body.password, (err, result) => {
+  const [username, password] = req.headers.authorization.split(' ')[1].split(':');
+  userDataServices.authenticateUser(username, password, (err, result) => {
     if (err) return res.status(404).send('User not found.');
 
     if (!result) return res.status(401).send('Authentication failed.');
diff --git a/src/requests/getUserAuthentication.rest b/src/requests/getUserAuthentication.rest
index b16d4e8..7029e39 100644
--- a/src/requests/getUserAuthentication.rest
+++ b/src/requests/getUserAuthentication.rest
@@ -1,7 +1,2 @@
 get http://localhost:8000/api/v1/userData
-content-type: application/json
-
-{
-  "username": "Superuser",
-  "password": "StrongPassword"
-}
\ No newline at end of file
+authorization: Basic Superuser:StrongPassword
\ No newline at end of file
diff --git a/src/utils/hashing.js b/src/utils/hashing.js
index ea11db7..5a3c6a3 100644
--- a/src/utils/hashing.js
+++ b/src/utils/hashing.js
@@ -14,9 +14,10 @@ const getSalt = callback => {
 // Create a password hash based on the scrypt function.
 const getHash = (password, salt, callback) => {
   let options = {
-    N: 16384,
+    N: 1048576, // 2^20
     r: 8,
     p: 1,
+    maxmem: 1024 * 1024 * 1024 * 2
   };
   crypto.scrypt(password, salt, 64, options, (err, hash) => {
     if (err) {
-- 
GitLab