added password hashing

2026-04-29 10:56:09 +02:00
parent 1ec130c11e
commit e2b4852e0d
1 changed files with 15 additions and 5 deletions
--- a/account.js
+++ b/account.js
@@ -22,7 +22,7 @@ function normalizeUser(user) {
        firstName: user.firstName || "",
        lastName: user.lastName || "",
        email: user.email || "",
-        password: user.password || "",
+        hashedPassword: user.hashedPassword || "",
        orders: Array.isArray(user.orders) ? user.orders : [],
        paymentMethods: Array.isArray(user.paymentMethods) ? user.paymentMethods : []
    };
@@ -70,7 +70,14 @@ if (currentUser && currentUser.email) {
    }
 }

-function registerUser() {
+async function hashMessage(message) {
+  const msgBuffer = new TextEncoder().encode(message); // Encode as UTF-8
+  const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer); // Hash
+  const hashArray = Array.from(new Uint8Array(hashBuffer)); // Convert to bytes
+  return hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); // Hex string
+}
+
+async function registerUser() {
    const firstName = document.getElementById("reg-firstname")?.value.trim() || "";
    const lastName = document.getElementById("reg-lastname")?.value.trim() || "";
    const email = (document.getElementById("reg-email")?.value.trim() || "").toLowerCase();
@@ -92,11 +99,13 @@ function registerUser() {
        return;
    }

+    const hashedPassword = await hashMessage(password);
+
    const newUser = {
        firstName,
        lastName,
        email,
-        password,
+        hashedPassword,
        orders: [],
        paymentMethods: []
    };
@@ -113,12 +122,13 @@ function registerUser() {
    openAccountDashboard();
 }

-function loginUser() {
+async function loginUser() {
    const email = (document.getElementById("login-email")?.value.trim() || "").toLowerCase();
    const password = document.getElementById("login-password")?.value || "";
+    const hashedPassword = await hashMessage(password);

    const user = users.find(
-        (entry) => entry.email.toLowerCase() === email && entry.password === password
+        (entry) => entry.email.toLowerCase() === email && entry.hashedPassword === hashedPassword
    );

    if (!user) {