Hash email (#22)

* Refactor person table and related procedures to use hashed and encrypted email fields

* Add missing comma in person SQL procedure for proper query syntax

* Fix parameter naming in register_person procedure for consistency

* Update mock data in person.sql to use hashed and encrypted email fields

* Increase VARCHAR length for hashed and encrypted email fields in person table and related procedures

Author: Vianpyro

database.sql

@@ -14,7 +14,8 @@ CREATE OR REPLACE TABLE lang (
 CREATE OR REPLACE TABLE person (
     person_id INT AUTO_INCREMENT PRIMARY KEY,
     person_name VARCHAR(100) UNIQUE,
-    email VARCHAR(100) UNIQUE,
+    hashed_email VARCHAR(255) UNIQUE,
+    encrypted_email VARCHAR(255) UNIQUE,
     hashed_password VARCHAR(100),
     registration_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     last_login TIMESTAMP NULL,

functions/mask_email.sql

@@ -5,15 +5,15 @@ DELIMITER //
 
 CREATE OR REPLACE FUNCTION person_exists(
     IN p_person_id INT,
-    IN p_email VARCHAR(100)
+    IN p_email_hash VARCHAR(100)
 ) RETURNS BOOLEAN
 BEGIN
     DECLARE v_exists BOOLEAN;
 
     SELECT EXISTS (
         SELECT 1
         FROM person
-        WHERE (person_id = p_person_id OR email = p_email)
+        WHERE (person_id = p_person_id OR hashed_email = p_email_hash)
     ) INTO v_exists;
 
     RETURN v_exists;

functions/person_exists.sql

@@ -5,7 +5,8 @@ DELIMITER //
 
 CREATE OR REPLACE PROCEDURE register_person(
     IN p_name VARCHAR(100),
-    IN p_email VARCHAR(100),
+    IN p_hashed_email VARCHAR(255),
+    IN p_encrypted_email VARCHAR(255),
     IN p_hashed_password VARBINARY(255),
     IN p_language_iso_code CHAR(2)
 )
@@ -26,7 +27,7 @@ BEGIN
     -- Check if the email already exists
     SELECT COUNT(*) INTO v_email_exists
     FROM person
-    WHERE email = p_email;
+    WHERE hashed_email = p_hashed_email;
 
     IF v_email_exists > 0 THEN
         SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Email already exists';
@@ -38,28 +39,28 @@ BEGIN
     WHERE iso_code = p_language_iso_code;
 
     -- Insert the new person into the database
-    INSERT INTO person (person_name, email, hashed_password, language_id)
-    VALUES (p_name, p_email, p_hashed_password, v_language_id);
+    INSERT INTO person (person_name, hashed_email, encrypted_email, hashed_password, language_id)
+    VALUES (p_name, p_hashed_email, p_encrypted_email, p_hashed_password, v_language_id);
 END //
 
 CREATE OR REPLACE PROCEDURE login_person(
     IN p_person_id INT,
-    IN p_email VARCHAR(100)
+    IN p_hashed_email VARCHAR(255)
 )
 BEGIN
     DECLARE v_person_id INT;
     DECLARE v_hashed_password VARCHAR(100);
 
     -- Check if the person exists
-    IF NOT person_exists(p_person_id, p_email) THEN
+    IF NOT person_exists(p_person_id, p_hashed_email) THEN
         SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'User not found';
     END IF;
 
     -- Retrieve the person_id, hashed salted password
     SELECT person_id, hashed_password
     INTO v_person_id, v_hashed_password
     FROM person
-    WHERE (person_id = p_person_id OR email = p_email);
+    WHERE (person_id = p_person_id OR hashed_email = p_hashed_email);
 
     -- Return the result set
     SELECT v_person_id AS person_id, v_hashed_password AS hashed_password;
@@ -73,10 +74,10 @@ BEGIN
 END //
 
 CREATE OR REPLACE PROCEDURE login_person_by_email(
-    IN p_email VARCHAR(100)
+    IN p_hashed_email VARCHAR(255)
 )
 BEGIN
-    CALL login_person(NULL, p_email);
+    CALL login_person(NULL, p_hashed_email);
 END //
 
 DELIMITER ;

procedures/auth.sql

@@ -10,7 +10,7 @@ BEGIN
         person_id,
         person_name,
         language_id,
-        mask_email(email) AS masked_email
+        encrypted_email
     FROM person;
 END //
 
@@ -20,24 +20,24 @@ BEGIN
         person_id,
         person_name,
         language_id,
-        mask_email(email) AS masked_email
+        encrypted_email
     FROM person
     WHERE person_id = p_person_id;
 END //
 
-CREATE OR REPLACE PROCEDURE get_person_by_email(IN p_email VARCHAR(100))
+CREATE OR REPLACE PROCEDURE get_person_by_email(IN p_hashed_email VARCHAR(255))
 BEGIN
     SELECT person_id, person_name, language_id
     FROM person
-    WHERE email = p_email;
+    WHERE hashed_email = p_hashed_email;
 END //
 
 CREATE OR REPLACE PROCEDURE get_person_activity_summary(IN p_person_id INT)
 BEGIN
     SELECT
         p.person_id,
         p.name,
-        mask_email(p.email) AS masked_email,
+        p.encrypted_email,
         (SELECT COUNT(*) FROM comment c WHERE c.person_id = p.person_id) AS total_comments,
         (SELECT COUNT(*)
          FROM comment_like cl

procedures/get/person.sql

@@ -15,7 +15,8 @@ END //
 CREATE OR REPLACE PROCEDURE update_person(
     IN p_person_id INT,
     IN p_name VARCHAR(100),
-    IN p_email VARCHAR(100),
+    IN p_hashed_email VARCHAR(255),
+    IN p_encrypted_email VARCHAR(255),
     IN p_hashed_password VARBINARY(255),
     IN p_language_iso_code CHAR(2)
 )
@@ -27,7 +28,7 @@ BEGIN
     -- Check if the person name or email already exists
     SELECT
         SUM(person_name = p_name AND person_id != p_person_id),
-        SUM(email = p_email AND person_id != p_person_id)
+        SUM(hashed_email = p_hashed_email AND person_id != p_person_id)
     INTO name_exists, email_exists
     FROM person;
 
@@ -56,7 +57,8 @@ BEGIN
     UPDATE person
     SET
         person_name = COALESCE(p_name, person_name),
-        email = COALESCE(p_email, email),
+        hashed_email = COALESCE(p_hashed_email, hashed_email),
+        encrypted_email = COALESCE(p_encrypted_email, encrypted_email),
         hashed_password = COALESCE(p_hashed_password, hashed_password),
         language_id = COALESCE(v_language_id, language_id)
     WHERE person_id = p_person_id;

procedures/update/person.sql

@@ -2,7 +2,7 @@
 USE smartcooking;
 
 -- Fill the database with mock data
-CALL register_person('John Doe', 'john.doe@mock.data', 'password', 'en');
-CALL register_person('Jane Smith', 'jane.smith@mock.data', 'password', 'fr');
-CALL register_person('Alice Brown', 'alice.brown@mock.data', 'password', 'es');
-CALL register_person('Bob White', 'bob.white@mock.data', 'password', 'en');
+CALL register_person('John Doe', 'hashed_email1', 'encrypted_email1', 'password', 'en');
+CALL register_person('Jane Smith', 'hashed_email2', 'encrypted_email2', 'password', 'fr');
+CALL register_person('Alice Brown', 'hashed_email3', 'encrypted_email3', 'password', 'es');
+CALL register_person('Bob White', 'hashed_email4', 'encrypted_email4', 'password', 'en');