client side hashing, shared via JSON, password reset working

application/account.py

@@ -12,6 +12,7 @@ from connection import get_transactions, format_balance, get_account, generate_o
 description_entry = None
 notes_entry = None
 otp_entry = None
+notes_text = None
 
 #################
 ### Functions ###
@@ -64,6 +65,8 @@ def display_account_info(account_id):
         label_value = customtkinter.CTkLabel(info_frame, text=value, font=("Helvetica", 14))
         label_key.grid(row=0, column=i*2, sticky='w', padx=10)
         label_value.grid(row=0, column=i*2+1, sticky='w', padx=10)
+    global notes_text
+    notes_text.configure(text=account.get('notes', ''))  # Use config instead of configuration
 
 def on_transaction_double_click(event):
     """Handles double-click event on a transaction in the table."""
@@ -157,7 +160,7 @@ def save_details():
 root = customtkinter.CTk()
 root.title(f"Transactions for: {account_description}")
 root.iconbitmap("application/luxbank.ico")
-root.geometry("800x400")
+root.geometry("800x450")
 
 if CONFIG["preferences"]["dark_theme"] == "dark":  # Check if dark mode is enabled
     customtkinter.set_appearance_mode("dark")  # Set the style for dark mode
@@ -168,6 +171,12 @@ else:
 welcome_label = customtkinter.CTkLabel(root, text=f"Transactions for: {account_description}", font=("Helvetica", 24))
 welcome_label.pack(pady=10)
 
+# Create the notes label and text box
+notes_label = customtkinter.CTkLabel(root, text="Notes:", font=("Helvetica", 14))
+notes_label.pack(pady=10)
+notes_text = customtkinter.CTkLabel(root, height=4, width=50, wraplength=400)  # Use CTkLabel instead of CTkTextbox
+notes_text.pack(pady=10, fill=tk.BOTH, expand=True)  # Add fill and expand options
+
 # Display account information
 info_frame = customtkinter.CTkFrame(root)
 info_frame.pack(fill=tk.X)

application/app.ini

@@ -9,5 +9,5 @@ theme = dark-blue
 
 [client]
 default_id = d18e5ae0
-default_password = Happymeal1
+default_password = KFCKrusher1
 

application/connection.py

@@ -1,10 +1,11 @@
 # Lucas Mathews - Fontys Student ID: 5023572
 # Banking System Connection Page
 
+import json
 import requests
+import hashlib
 from requests.models import Response
 from config import CONFIG
-import json
 from tkinter import messagebox
 
 ##############
@@ -15,22 +16,25 @@ def format_balance(balance):
     """Formats the balance as a currency string with comma separators."""
     return f"€{balance:,.2f}"
 
+def hash_password(password:str):
+    """Hashes a password using the SHA-512 algorithm and returns the hexadecimal representation of the hash."""
+    return hashlib.sha512(password.encode()).hexdigest()
+
 #####################
 ### API Functions ###
 #####################
 
-def authenticate_client(client_id, client_password):
-    """Authenticates a client with the given client_id and client_password."""
+def authenticate_client(client_id, client_hash):
+    """Authenticates a client with the given client_id and client_hash."""
     try:
-        response = requests.post(CONFIG["server"]["url"] + "/Client/Login", params={'client_id': client_id, 'password': client_password})
+        response = requests.post(CONFIG["server"]["url"] + "/Client/Login", json={'client_id': client_id, 'client_hash': client_hash})
+        response.raise_for_status()
+        if response.status_code == 401:
+            return {'success': False, 'message': "Incorrect password."}
         return response
     except requests.exceptions.RequestException as e:
-        print(f"RequestException: {e}")
-        response = Response()
-        response.status_code = 500
-        response._content = b'{"success": false, "message": "Could not connect to the server. Please try again later."}'
-        return response
-    
+        raise e  # Re-raise the exception to handle it in the login function
+
 def logout_client():
     """Logs out the current client."""
     try:
@@ -175,4 +179,41 @@ def generate_otp():
             response.raise_for_status()
     except requests.exceptions.RequestException as e:
         print(f"RequestException: {e}")
-        messagebox.showerror("Error", f"Could not generate OTP: {e}")
+        messagebox.showerror("Error", f"Could not generate OTP: {e}")
+
+def change_password(client_id, old_password, new_password, otp_code):
+    """Changes the password for the given client_id."""
+    hash_old_password = hash_password(old_password)
+    hash_new_password = hash_password(new_password)
+    try:
+        otp_code = int(otp_code)  # Ensure otp_code is an integer
+    except ValueError:
+        return {'success': False, 'message': "Invalid OTP code format: must be an integer."}
+    
+    try:
+        with open('application\\session_data.json', 'r') as f:
+            session_data = json.load(f)
+        payload = { # Prepare the payload to be sent in the request body
+            'client_id': client_id,
+            'hash_old_password': hash_old_password,
+            'hash_new_password': hash_new_password,
+            'otp_code': otp_code
+        } 
+        response = requests.put( # Send the PUT request with the payload in the body
+            CONFIG["server"]["url"] + "/Client/Password",
+            cookies=session_data['session_cookie'],
+            json=payload  # use json to send the data in the request body
+        )
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.HTTPError as e:
+        if response.status_code == 400:
+            return {'success': False, 'message': response.json().get('message', 'Invalid request.')}
+        elif response.status_code == 401:
+            return {'success': False, 'message': response.json().get('message', 'Unauthorised action.')}
+        elif response.status_code == 404:
+            return {'success': False, 'message': response.json().get('message', 'Client not found.')}
+        else:
+            return {'success': False, 'message': "An error occurred. Please try again later."}
+    except requests.exceptions.RequestException as e:
+        return {'success': False, 'message': "Could not connect to the server. Please try again later."}

application/dashboard.py

@@ -6,7 +6,7 @@ import customtkinter
 import json
 import os
 from config import CONFIG
-from connection import logout_client, get_client, update_client, get_accounts, format_balance, generate_otp
+from connection import logout_client, get_client, update_client, get_accounts, format_balance, generate_otp, change_password
 
 
 # Global variables
@@ -112,7 +112,7 @@ def edit_details():
     otp_label.pack()
     otp_entry.pack()
 
-    save_button = customtkinter.CTkButton(edit_window, text="Verify OTP and Save", command=save_details)
+    save_button = customtkinter.CTkButton(edit_window, text="Verify OTP and Save", command=change_password_save)
     save_button.pack()
     edit_window.lift()
 
@@ -186,6 +186,82 @@ def reload_info_and_accounts():
     display_client_info()
     populate_table()
 
+def change_password_box():
+    """Opens a new window for changing the client's password."""
+    global edit_window,password_entry, old_password_entry, confirm_password_entry, otp_entry
+    edit_window = customtkinter.CTkToplevel(root)
+    edit_window.title("Change Password")
+    edit_window.iconbitmap("application/luxbank.ico")
+    edit_window.geometry("300x350")
+    edit_window.attributes('-topmost', True)
+
+    old_password_label = customtkinter.CTkLabel(edit_window, text="Old Password: ")
+    old_password_entry = customtkinter.CTkEntry(edit_window, show="*")
+    old_password_label.pack()
+    old_password_entry.pack()
+
+    customtkinter.CTkLabel(edit_window, text=" ").pack()  # Add space under the old password box
+
+    password_label = customtkinter.CTkLabel(edit_window, text="New Password: ")
+    password_entry = customtkinter.CTkEntry(edit_window, show="*")
+    password_label.pack()
+    password_entry.pack()
+
+    confirm_password_label = customtkinter.CTkLabel(edit_window, text="Confirm Password: ")
+    confirm_password_entry = customtkinter.CTkEntry(edit_window, show="*")
+    confirm_password_label.pack()
+    confirm_password_entry.pack()
+
+    customtkinter.CTkLabel(edit_window, text=" ").pack()  # Add space under the confirm password box
+
+    otp_button = customtkinter.CTkButton(edit_window, text="Get OTP Code", command=generate_otp)
+    otp_button.pack()
+
+    otp_label = customtkinter.CTkLabel(edit_window, text="OTP Code: ")
+    otp_entry = customtkinter.CTkEntry(edit_window)
+    otp_label.pack()
+    otp_entry.pack()
+
+    save_button = customtkinter.CTkButton(edit_window, text="Verify OTP and Save", command=change_password_save)
+    save_button.pack()
+    edit_window.lift()
+
+def change_password_save():
+    """Saves the updated client password."""
+    global edit_window, otp_entry, password_entry, old_password_entry, confirm_password_entry
+    old_password = old_password_entry.get()
+    new_password = password_entry.get()
+    confirm_password = confirm_password_entry.get()
+    otp_code = otp_entry.get()
+
+    if not otp_code:
+        messagebox.showerror("Error", "OTP code must be entered.")
+        return
+
+    if not new_password or not confirm_password:
+        messagebox.showerror("Error", "New password and confirm password must be entered.")
+        return
+
+    if new_password != confirm_password:
+        messagebox.showerror("Error", "New password and confirm password do not match.")
+        return
+
+    with open('application\\session_data.json', 'r') as f:
+        session_data = json.load(f)
+    client_id = session_data['client_id']
+
+    if not messagebox.askyesno("Confirmation", "Are you sure you want to change the password?"):
+        return
+
+    try:
+        response = change_password(client_id, old_password, new_password, otp_code)
+        if response['success']:
+            messagebox.showinfo("Success", "Password changed successfully.")
+            edit_window.destroy()
+        else:
+            messagebox.showerror("Error", f"Could not change password: {response['message']}")
+    except Exception as e:
+        messagebox.showerror("Error", f"Could not change password: {str(e)}")
 
 ##############
 ### Layout ###
@@ -215,13 +291,17 @@ otp_button.grid(row=0, column=0, padx=5)
 reload_button = customtkinter.CTkButton(button_frame, text="Reload", command=reload_info_and_accounts)
 reload_button.grid(row=0, column=1, padx=5)
 
+# Create reset password button
+password_button = customtkinter.CTkButton(button_frame, text="Reset Password", command=change_password_box)
+password_button.grid(row=0, column=2, padx=5)
+
 # Create the logout button
 logout_button = customtkinter.CTkButton(button_frame, text="Logout", command=logout)
-logout_button.grid(row=0, column=2, padx=5)
+logout_button.grid(row=0, column=3, padx=5)
 
 # Create the exit button
 exit_button = customtkinter.CTkButton(button_frame, text="Exit", command=exit_application)
-exit_button.grid(row=0, column=3, padx=5)
+exit_button.grid(row=0, column=4, padx=5)
 
 # Display client info after creating the buttons
 frame = customtkinter.CTkFrame(root)

application/login.py

@@ -4,7 +4,7 @@ import customtkinter
 import os
 import json
 import requests
-from connection import authenticate_client
+from connection import authenticate_client, hash_password
 from config import CONFIG
 import configparser, sys
 
@@ -17,10 +17,11 @@ def login():
     """Authenticate the client and open the dashboard if successful."""
     client_id = entry_username.get() if entry_username.get() else CONFIG["client"]["default_id"]
     client_password = entry_password.get() if entry_password.get() else CONFIG["client"]["default_password"]
+    client_hash = hash_password(client_password)  # Hash the password on the client-side
     try:
-        response = authenticate_client(client_id, client_password)  # Authenticate the client
+        response = authenticate_client(client_id, client_hash)  # Authenticate the client
         json_response = response.json()  # Convert the response content to JSON
-        if json_response["success"]:  # If the authentication is successful, open the dashboard
+        if response.status_code == 200 and json_response.get("success"):  # If the authentication is successful, open the dashboard
             session_data = {
                 'session_cookie': response.cookies.get_dict(),
                 'client_id': client_id
@@ -29,10 +30,14 @@ def login():
                 json.dump(session_data, f)
             root.destroy()
             os.system("python application/dashboard.py")
+        elif response.status_code == 401:
+                messagebox.showerror("Login failed", "Invalid client ID or password.")
         else:
-            messagebox.showerror("Login failed", json_response["message"]) 
-    except requests.exceptions.RequestException as e:
-        messagebox.showerror("Login failed", f"Could not connect to the server. Please try again later. Error: {str(e)}")
+                messagebox.showerror("Login failed", json_response.get("message", "Unknown error"))
+    except requests.exceptions.HTTPError:
+        messagebox.showerror("Login failed", "Invalid client ID or password.")
+    except requests.exceptions.ConnectionError:
+        messagebox.showerror("Connection Error", "Could not connect to the server.")
 
 def change_dark_theme():
     """Change the theme between dark and light."""

application/session_data.json

@@ -1 +1 @@
-{"session_cookie": {"session": "nwHUYOr9vg2nOaZmrYNmWgjMgJ47QLIz71_dX_kFH_o"}, "client_id": "d18e5ae0"}
+{"session_cookie": {"session": "HHymBLOCpW9YTcajilxYA_B9aVPJ1FyS75TAz2995jk"}, "client_id": "d18e5ae0"}

application/transaction.py

@@ -14,8 +14,6 @@ import sys
 
 
 
-
-
 ##############
 ### Layout ###
 ##############