AndriDiki/smartproc-be
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix decrypt password

Browse Source
This commit is contained in:
dirgantarasiahaan
2023-05-28 17:36:28 +07:00
parent cab86cf8fa
commit c93f666056
77 changed files with 405 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/main/java/com/iconplus/smartproc/service/authentication/ForgotPasswordService.java
View File

@@ -6,7 +6,11 @@ import com.iconplus.smartproc.helper.model.EmptyResponse;
import com.iconplus.smartproc.helper.service.BaseService;
import com.iconplus.smartproc.model.request.ForgotPasswordRequest;
import com.iconplus.smartproc.repository.UsersRepository;
import com.iconplus.smartproc.service.CommonService;
import com.iconplus.smartproc.util.Constants;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
@Service
@@ -14,25 +18,47 @@ public class ForgotPasswordService implements BaseService<ForgotPasswordRequest,
private ApiContext apiContext;
private UsersRepository usersRepository;
private CommonService commonService;
public ForgotPasswordService(UsersRepository usersRepository,
ApiContext apiContext) {
ApiContext apiContext,
CommonService commonService) {
this.usersRepository = usersRepository;
this.apiContext = apiContext;
this.commonService = commonService;
}
@Override
public EmptyResponse execute(ForgotPasswordRequest input) {
Long id = Long.valueOf(apiContext.getUserId());
var users = usersRepository.findByIdAndIsDeleteFalse(id).orElseThrow(() -> new BusinessException("err", "err", "err"));
var users = usersRepository.findByIdAndIsDeleteFalse(id)
.orElseThrow(() -> new BusinessException(Constants.ERR_CODE_10001,
Constants.ERR_TTL_10001,
String.format(Constants.ERR_MSG_10001, "User", id)));
if (!StringUtils.equalsIgnoreCase(input.getCurrentPassword(), users.getPassword()) ||
StringUtils.equalsIgnoreCase(input.getNewPassword(), users.getPassword()) ||
!StringUtils.equalsIgnoreCase(input.getConfirmationPassword(), input.getNewPassword())) {
throw new BusinessException("err", "err", "err");
String password = commonService.getPassword(input.getCurrentPassword());
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
boolean isValidCurrentPassword = bCryptPasswordEncoder.matches(password, users.getPassword());
if (!isValidCurrentPassword) {
throw new BusinessException(HttpStatus.CONFLICT,
Constants.ERR_CODE_10009,
Constants.ERR_TTL_10009,
Constants.ERR_MSG_10009);
}
users.setPassword(input.getNewPassword());
String newPassword = commonService.getPassword(input.getNewPassword());
String confirmationPassword = commonService.getPassword(input.getNewPassword());
if (!StringUtils.equalsIgnoreCase(newPassword, confirmationPassword)) {
throw new BusinessException(HttpStatus.CONFLICT,
Constants.ERR_CODE_10007,
Constants.ERR_TTL_10007,
Constants.ERR_MSG_10007);
}
users.setPassword(bCryptPasswordEncoder.encode(newPassword));
usersRepository.save(users);
return new EmptyResponse();

12
src/main/java/com/iconplus/smartproc/service/authentication/LoginService.java
View File

@@ -14,6 +14,7 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -54,7 +55,11 @@ public class LoginService implements BaseService<LoginRequest, LoginResponse> {
Constants.ERR_TTL_10003,
String.format(Constants.ERR_MSG_10003, input.getEmail())));
if (!StringUtils.equalsIgnoreCase(input.getPassword(), userRoleView.getPassword())) {
String password = commonService.getPassword(input.getPassword());
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
boolean isValidPassword = bCryptPasswordEncoder.matches(password, userRoleView.getPassword());
if (!isValidPassword) {
throw new BusinessException(HttpStatus.CONFLICT,
Constants.ERR_CODE_10004,
Constants.ERR_TTL_10004,
@@ -84,7 +89,9 @@ public class LoginService implements BaseService<LoginRequest, LoginResponse> {
if (StringUtils.isBlank(accessToken) || StringUtils.isBlank(refreshToken)) {
log.error("token null");
throw new BusinessException("err", "err", "err");
throw new BusinessException(Constants.ERR_CODE_10008,
Constants.ERR_TTL_10008,
Constants.ERR_MSG_10008);
}
commonService.saveUserToken(TokenManagement.builder()
@@ -93,7 +100,6 @@ public class LoginService implements BaseService<LoginRequest, LoginResponse> {
.refreshToken(refreshToken)
.build(), accessTokenExp);
return LoginResponse.builder()
.accessToken(accessToken)
.validity(accessTokenExp * 60)

19
src/main/java/com/iconplus/smartproc/service/authentication/LogoutService.java
View File

@@ -7,18 +7,17 @@ import com.iconplus.smartproc.helper.model.EmptyResponse;
import com.iconplus.smartproc.helper.service.BaseService;
import com.iconplus.smartproc.model.entity.TokenManagement;
import com.iconplus.smartproc.repository.TokenManagementRepository;
import com.iconplus.smartproc.repository.UsersRepository;
import org.springframework.beans.factory.annotation.Autowired;
import com.iconplus.smartproc.util.Constants;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
public class LogoutService implements BaseService<EmptyRequest, EmptyResponse> {
private ApiContext apiContext;
private TokenManagementRepository tokenManagementRepository;
private LogoutService(ApiContext apiContext,
public LogoutService(ApiContext apiContext,
TokenManagementRepository tokenManagementRepository) {
this.apiContext = apiContext;
this.tokenManagementRepository = tokenManagementRepository;
@@ -35,10 +34,10 @@ public class LogoutService implements BaseService<EmptyRequest, EmptyResponse> {
}
private TokenManagement getTokenManagement(String accessToken) {
var tokenManagement = tokenManagementRepository.findByAccessTokenAndIsDeleteFalse(accessToken);
if (tokenManagement.isEmpty()) {
throw new BusinessException("err", "err", "err");
}
return tokenManagement.get();
return tokenManagementRepository.findByAccessTokenAndIsDeleteFalse(accessToken)
.orElseThrow(() -> new BusinessException(HttpStatus.CONFLICT,
Constants.ERR_CODE_40038,
Constants.ERR_TITLE_40038,
Constants.ERR_MESSAGE_40038));
}
}

1
src/main/java/com/iconplus/smartproc/service/authentication/PostCheckAccessTokenService.java
View File

@@ -6,7 +6,6 @@ import com.iconplus.smartproc.model.projection.TokenManagementView;
import com.iconplus.smartproc.model.request.PostAccessTokenRequest;
import com.iconplus.smartproc.model.response.PostAccessTokenResponse;
import com.iconplus.smartproc.repository.TokenManagementRepository;
import com.iconplus.smartproc.util.CommonUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;

29
src/main/java/com/iconplus/smartproc/service/authentication/TokenManagementService.java
View File

@@ -11,7 +11,9 @@ import com.iconplus.smartproc.model.token.TokenContent;
import com.iconplus.smartproc.repository.TokenManagementRepository;
import com.iconplus.smartproc.repository.UsersRepository;
import com.iconplus.smartproc.service.CommonService;
import com.iconplus.smartproc.util.Constants;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;
@@ -49,21 +51,24 @@ public class TokenManagementService implements BaseService<RefreshTokenRequest,
try {
jwtTokenUtil.validateTokenOnly(input.getRefreshToken());
} catch (Exception e) {
throw new BusinessException(HttpStatus.UNAUTHORIZED, "err", "err", "err");
throw new BusinessException(HttpStatus.UNAUTHORIZED,
Constants.ERR_CODE_40051,
Constants.TITLE_INVALID_NEXT_STEP,
Constants.REFRESH_TOKEN_EXPIRED);
}
var decodeToken = TokenUtils.decodeToken(input.getRefreshToken());
Long userId = Long.valueOf(decodeToken.get("userId"));
var tokenManagement1 = tokenManagementRepository.findByRefreshToken(input.getRefreshToken());
TokenManagement tokenManagement = tokenManagementRepository.findByRefreshToken(input.getRefreshToken())
.map(c -> verifyRefreshToken(c, userId))
.orElseThrow(() -> {
log.error("failed validate token to existing db");
return new BusinessException(
HttpStatus.UNAUTHORIZED, "err", "err",
"err");
HttpStatus.UNAUTHORIZED,
Constants.ERR_CODE_80007,
Constants.TITLE_INVALID_NEXT_STEP,
Constants.REFRESH_TOKEN_NOT_VALID);
});
var userRoleView = usersRepository.getUserByIdAndDeletedFase(userId).orElseThrow(() -> new BusinessException("err", "err", "err"));
@@ -83,6 +88,14 @@ public class TokenManagementService implements BaseService<RefreshTokenRequest,
final String accessToken = jwtTokenUtil.generateToken(String.valueOf(userRoleView.getId()), tokenContent, accessTokenExp * 60000);
if (StringUtils.isBlank(accessToken)) {
log.error("token null");
throw new BusinessException(HttpStatus.UNAUTHORIZED,
Constants.ERR_CODE_40042,
Constants.ERR_TTL_40042,
Constants.ERR_MSG_40042);
}
tokenManagement.setAccessToken(accessToken);
tokenManagement.setRefreshToken(input.getRefreshToken());
commonService.saveUserToken(tokenManagement, accessTokenExp);
@@ -97,9 +110,9 @@ public class TokenManagementService implements BaseService<RefreshTokenRequest,
private TokenManagement verifyRefreshToken(TokenManagement tokenManagement, Long userId) {
if (!Objects.equals(userId, tokenManagement.getUserId())) {
throw new BusinessException(HttpStatus.UNAUTHORIZED,
"err",
"err",
"err");
Constants.ERR_CODE_80007,
Constants.TITLE_INVALID_NEXT_STEP,
Constants.REFRESH_TOKEN_NOT_VALID);
}
return tokenManagement;
}