AnthonMS
commented
5 years ago DONE - login should handle sql injections.
DONE - checkToken should handle sql injections.
DONE - getUser should also handle sql injections.
DONE - getUsers should also handle sql injections.
DONE - updateUser should check if an email is already in the database. And handle sql injections.
DONE - updateUsers should also check for email in database and sql injections.
DONE - deleteUser should handle sql injections.
DONE- createUser should check for email and username. It should also handle sql injections.
DONE - checkUsername should handle sql injections.
Time Estimate: 10 Hours In all the services, we need to check some stuff and make it more secure to SQL injection. for example some of the functions where there is created users, we do not check whether or not that email or username exist in the database. We could also upgrade login to accept usernames as login credentials. We also need to check if mail or phone exist when updating user or users. Rework: When creating user, we should check how many users the company already have. Because they should only be able to create users until their licenseQuantity has been reached.