From 4c94a346c3336aa1b0a385610e2f79198dc80f51 Mon Sep 17 00:00:00 2001 From: Andrew Lalis Date: Fri, 3 Feb 2023 17:15:09 +0100 Subject: [PATCH] Added endpoint for updating user's password. --- .../auth/controller/AuthController.java | 24 +++++++++++++++++++ .../auth/dto/PasswordUpdatePayload.java | 3 +++ .../domains/auth/service/UserService.java | 20 ++++++++++++---- 3 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/dto/PasswordUpdatePayload.java diff --git a/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/controller/AuthController.java b/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/controller/AuthController.java index 883841e..b01b801 100644 --- a/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/controller/AuthController.java +++ b/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/controller/AuthController.java @@ -79,12 +79,36 @@ public class AuthController { return new UserResponse(user); } + /** + * Endpoint for updating one's own password. + * @param user The user that's updating their password. + * @param payload The payload with the new password. + * @return An empty 200 OK response. + */ + @PostMapping(path = "/auth/me/password") + public ResponseEntity updateMyPassword(@AuthenticationPrincipal User user, @RequestBody PasswordUpdatePayload payload) { + userService.updatePassword(user.getId(), payload); + return ResponseEntity.ok().build(); + } + + /** + * Public endpoint for requesting a reset code to be sent + * to an account with the given email address. + * @param email The email address. + * @return An empty 200 OK response. + */ @GetMapping(path = "/auth/reset-password") public ResponseEntity generatePasswordResetCode(@RequestParam String email) { userService.generatePasswordResetCode(email); return ResponseEntity.ok().build(); } + /** + * Public endpoint for resetting one's password using a + * reset code obtained from an email. + * @param payload The payload containing the code and new password. + * @return An empty 200 OK response. + */ @PostMapping(path = "/auth/reset-password") public ResponseEntity resetPassword(@RequestBody PasswordResetPayload payload) { userService.resetUserPassword(payload); diff --git a/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/dto/PasswordUpdatePayload.java b/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/dto/PasswordUpdatePayload.java new file mode 100644 index 0000000..742ce7c --- /dev/null +++ b/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/dto/PasswordUpdatePayload.java @@ -0,0 +1,3 @@ +package nl.andrewlalis.gymboard_api.domains.auth.dto; + +public record PasswordUpdatePayload(String newPassword) {} diff --git a/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/service/UserService.java b/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/service/UserService.java index cfc979c..9913d87 100644 --- a/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/service/UserService.java +++ b/gymboard-api/src/main/java/nl/andrewlalis/gymboard_api/domains/auth/service/UserService.java @@ -3,10 +3,7 @@ package nl.andrewlalis.gymboard_api.domains.auth.service; import jakarta.mail.MessagingException; import jakarta.mail.internet.MimeMessage; import nl.andrewlalis.gymboard_api.domains.auth.dao.PasswordResetCodeRepository; -import nl.andrewlalis.gymboard_api.domains.auth.dto.PasswordResetPayload; -import nl.andrewlalis.gymboard_api.domains.auth.dto.UserActivationPayload; -import nl.andrewlalis.gymboard_api.domains.auth.dto.UserCreationPayload; -import nl.andrewlalis.gymboard_api.domains.auth.dto.UserResponse; +import nl.andrewlalis.gymboard_api.domains.auth.dto.*; import nl.andrewlalis.gymboard_api.domains.auth.dao.UserActivationCodeRepository; import nl.andrewlalis.gymboard_api.domains.auth.dao.UserRepository; import nl.andrewlalis.gymboard_api.domains.auth.model.PasswordResetCode; @@ -192,7 +189,20 @@ public class UserService { // TODO: Validate password. - code.getUser().setPasswordHash(passwordEncoder.encode(payload.newPassword())); + User user = code.getUser(); + user.setPasswordHash(passwordEncoder.encode(payload.newPassword())); + userRepository.save(user); passwordResetCodeRepository.delete(code); } + + @Transactional + public void updatePassword(String id, PasswordUpdatePayload payload) { + User user = userRepository.findById(id) + .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND)); + + // TODO: Validate password. + + user.setPasswordHash(passwordEncoder.encode(payload.newPassword())); + userRepository.save(user); + } }