Add person existence check in login procedure (#14)

Vianpyro · web-flow · commit d9f540997f42 · 2025-01-12T10:49:22.000-05:00
* Add login procedures with person existence check and retrieval of hashed password

* Refine error messages in update_person procedure for clarity
diff --git a/functions/person_exists.sql b/functions/person_exists.sql
@@ -0,0 +1,22 @@
+-- Use the database
+USE smartcooking;
+
+DELIMITER //
+
+CREATE OR REPLACE FUNCTION person_exists(
+    IN p_person_id INT,
+    IN p_email VARCHAR(100)
+) RETURNS BOOLEAN
+BEGIN
+    DECLARE v_exists BOOLEAN;
+
+    SELECT EXISTS (
+        SELECT 1
+        FROM person
+        WHERE (person_id = p_person_id OR email = p_email)
+    ) INTO v_exists;
+
+    RETURN v_exists;
+END //
+
+DELIMITER ;
diff --git a/procedures/auth.sql b/procedures/auth.sql
@@ -44,22 +44,41 @@ BEGIN
 END //
 
 CREATE OR REPLACE PROCEDURE login_person(
+    IN p_person_id INT,
     IN p_email VARCHAR(100)
 )
 BEGIN
+    DECLARE v_person_id INT;
+    DECLARE v_hashed_password VARCHAR(100);
+    DECLARE v_salt BINARY(16);
+
     -- Check if the person exists
-    IF NOT EXISTS (
-        SELECT 1
-        FROM person
-        WHERE email = p_email
-    ) THEN
+    IF NOT person_exists(p_person_id, p_email) THEN
         SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'User not found';
     END IF;
 
-    -- Retrieve the hashed password and salt as a result set
+    -- Retrieve the person_id, hashed password, and salt
     SELECT person_id, hashed_password, salt
+    INTO v_person_id, v_hashed_password, v_salt
     FROM person
-    WHERE email = p_email;
+    WHERE (person_id = p_person_id OR email = p_email);
+
+    -- Return the result set
+    SELECT v_person_id AS person_id, v_hashed_password AS hashed_password, v_salt AS salt;
+END //
+
+CREATE OR REPLACE PROCEDURE login_person_by_id(
+    IN p_person_id INT
+)
+BEGIN
+    CALL login_person(p_person_id, NULL);
+END //
+
+CREATE OR REPLACE PROCEDURE login_person_by_email(
+    IN p_email VARCHAR(100)
+)
+BEGIN
+    CALL login_person(NULL, p_email);
 END //
 
 DELIMITER ;
diff --git a/procedures/update/person.sql b/procedures/update/person.sql
@@ -33,11 +33,11 @@ BEGIN
     FROM person;
 
     IF name_exists > 0 THEN
-        SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'User name already exists for another record';
+        SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'User name already exists';
     END IF;
 
     IF email_exists > 0 THEN
-        SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Email already exists for another record';
+        SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Email already exists';
     END IF;
 
     -- Retrieve the language ID if provided
