added password update route

NIAEFEUP · Feb 20, 2023 · 36812a3 · 36812a3
1 parent b838bc2
commit 36812a3
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 2 deletions.
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AccountController.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AccountController.kt
@@ -3,9 +3,11 @@ package pt.up.fe.ni.website.backend.controller
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.PutMapping
 import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
+import pt.up.fe.ni.website.backend.dto.auth.PassRecoveryDto
 import pt.up.fe.ni.website.backend.dto.entity.AccountDto
 import pt.up.fe.ni.website.backend.service.AccountService
 
@@ -20,4 +22,8 @@ class AccountController(private val service: AccountService) {
 
     @PostMapping("/new")
     fun createAccount(@RequestBody dto: AccountDto) = service.createAccount(dto)
+
+    @PutMapping("/recoverPassword/{recoveryToken}")
+    fun recoverPassword(@RequestBody dto: PassRecoveryDto, @PathVariable recoveryToken: String) =
+        service.recoverPassword(recoveryToken, dto)
 }
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt
@@ -31,7 +31,8 @@ class AuthController(val authService: AuthService) {
     @PostMapping("/recoverPassword/{id}")
     fun generateRecoveryToken(@PathVariable id: Long): Map<String, String> {
         val recoveryToken = authService.generateRecoveryToken(id)
-        return mapOf("recovery_token" to recoveryToken)
+        // TODO: Change URL Later
+        return mapOf("recovery_url" to "localhost:8080/accounts/recoverPassword/$recoveryToken")
     }
 
     @GetMapping

diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/dto/auth/PassRecoveryDto.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/dto/auth/PassRecoveryDto.kt
@@ -0,0 +1,5 @@
+package pt.up.fe.ni.website.backend.dto.auth
+
+data class PassRecoveryDto(
+    val password: String
+)
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/service/AccountService.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/service/AccountService.kt
@@ -2,13 +2,21 @@ package pt.up.fe.ni.website.backend.service
 
 import org.springframework.data.repository.findByIdOrNull
 import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.security.oauth2.jwt.JwtDecoder
+import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException
 import org.springframework.stereotype.Service
+import pt.up.fe.ni.website.backend.dto.auth.PassRecoveryDto
 import pt.up.fe.ni.website.backend.dto.entity.AccountDto
 import pt.up.fe.ni.website.backend.model.Account
 import pt.up.fe.ni.website.backend.repository.AccountRepository
+import java.time.Instant
 
 @Service
-class AccountService(private val repository: AccountRepository, private val encoder: PasswordEncoder) {
+class AccountService(
+    private val repository: AccountRepository,
+    private val encoder: PasswordEncoder,
+    private val jwtDecoder: JwtDecoder
+) {
     fun getAllAccounts(): List<Account> = repository.findAll().toList()
 
     fun createAccount(dto: AccountDto): Account {
@@ -28,4 +36,20 @@ class AccountService(private val repository: AccountRepository, private val enco
 
     fun getAccountByEmail(email: String): Account = repository.findByEmail(email)
         ?: throw NoSuchElementException(ErrorMessages.emailNotFound(email))
+
+    fun recoverPassword(recoveryToken: String, dto: PassRecoveryDto): Account {
+        val jwt =
+            try {
+                jwtDecoder.decode(recoveryToken)
+            } catch (e: Exception) {
+                throw InvalidBearerTokenException(ErrorMessages.invalidRecoveryToken)
+            }
+        if (jwt.expiresAt?.isBefore(Instant.now()) != false) {
+            throw InvalidBearerTokenException(ErrorMessages.expiredRecoveryToken)
+        }
+        val account = getAccountByEmail(jwt.subject)
+
+        account.password = encoder.encode(dto.password)
+        return repository.save(account)
+    }
 }
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/service/ErrorMessages.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/service/ErrorMessages.kt
@@ -11,6 +11,10 @@ object ErrorMessages {
 
     const val expiredRefreshToken = "refresh token has expired"
 
+    const val invalidRecoveryToken = "invalid password recovery token"
+
+    const val expiredRecoveryToken = "password recovery token has expired"
+
     fun postNotFound(postId: Long): String = "post not found with id $postId"
 
     fun postNotFound(postSlug: String): String = "post not found with slug $postSlug"