From bc0993f6bd5ca42316f5e4f06c2213eaa43721ec Mon Sep 17 00:00:00 2001
From: larousso <adelegue>
Date: Thu, 13 Sep 2018 07:00:50 +0200
Subject: [PATCH] Regression hashing password when creating user

fix #168
---
 izanami-clients/react/package-lock.json    | 2 +-
 izanami-server/app/domains/user/user.scala | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/izanami-clients/react/package-lock.json b/izanami-clients/react/package-lock.json
index 0a3549e04..2cacb0a25 100644
--- a/izanami-clients/react/package-lock.json
+++ b/izanami-clients/react/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "react-izanami",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/izanami-server/app/domains/user/user.scala b/izanami-server/app/domains/user/user.scala
index f652bc648..363744930 100644
--- a/izanami-server/app/domains/user/user.scala
+++ b/izanami-server/app/domains/user/user.scala
@@ -8,11 +8,11 @@ import com.auth0.jwt.interfaces.DecodedJWT
 import domains.events.EventStore
 import domains.user.User.UserKey
 import domains._
+import libs.crypto.Sha
 import libs.functional.EitherTSyntax
 import play.api.Logger
 import play.api.libs.json._
 import store.Result.Result
-
 import store._
 
 import scala.concurrent.ExecutionContext
@@ -98,7 +98,9 @@ class UserServiceImpl[F[_]: Effect](jsonStore: JsonDataStore[F], eventStore: Eve
   override def create(id: UserKey, data: User): F[Result[User]] = {
     // format: off
     val r: EitherT[F, AppErrors, User] = for {
-      created     <- jsonStore.create(id, UserInstances.format.writes(data))   |> liftFEither
+      pass        <- data.password                                             |> liftOption(AppErrors.error("password.missing"))
+      user        =  data.copy(password = Some(Sha.hexSha512(pass)))
+      created     <- jsonStore.create(id, UserInstances.format.writes(user))   |> liftFEither
       user        <- created.validate[User]                           |> liftJsResult{ handleJsError }
       _           <- eventStore.publish(UserCreated(id, user))        |> liftF[AppErrors, Done]
     } yield user
@@ -110,7 +112,8 @@ class UserServiceImpl[F[_]: Effect](jsonStore: JsonDataStore[F], eventStore: Eve
     // format: off
     val r: EitherT[F, AppErrors, User] = for {
       oldValue    <- getById(oldId)                                             |> liftFOption(AppErrors.error("error.data.missing", oldId.key))
-      updated     <- jsonStore.update(oldId, id, UserInstances.format.writes(data))      |> liftFEither
+      user =      data.copy(password = data.password.map(p => Sha.hexSha512(p)))
+      updated     <- jsonStore.update(oldId, id, UserInstances.format.writes(user))      |> liftFEither
       user        <- updated.validate[User]                                     |> liftJsResult{ handleJsError }
       _           <- eventStore.publish(UserUpdated(id, oldValue, user))        |> liftF[AppErrors, Done]
     } yield user