SEBSERV-55 fixed

2019-11-20 16:57:07 +01:00 · 2019-11-20 16:57:07 +01:00 · b0ca9dd136
commit b0ca9dd136
parent ae43518ab8
2 changed files with 15 additions and 6 deletions
--- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
@ -8,6 +8,7 @@

 package ch.ethz.seb.sebserver.gbl.model.user;

+import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;

@ -29,16 +30,16 @@ public class PasswordChange implements Entity {
    @JsonProperty(USER.ATTR_UUID)
    public final String userId;

-    @NotNull(message = "user:password:notNull")
+    @NotEmpty(message = "user:password:notNull")
    @JsonProperty(ATTR_NAME_PASSWORD)
    private final String password;

-    @NotNull(message = "user:newPassword:notNull")
+    @NotEmpty(message = "user:newPassword:notNull")
    @Size(min = 8, max = 255, message = "user:newPassword:size:{min}:{max}:${validatedValue}")
    @JsonProperty(ATTR_NAME_NEW_PASSWORD)
    private final String newPassword;

-    @NotNull(message = "user:confirmNewPassword:notNull")
+    @NotEmpty(message = "user:confirmNewPassword:notNull")
    @JsonProperty(ATTR_NAME_CONFIRM_NEW_PASSWORD)
    private final String confirmNewPassword;

--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/UserAccountController.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/UserAccountController.java
@ -8,6 +8,8 @@

 package ch.ethz.seb.sebserver.webservice.weblayer.api;

+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.EnumSet;
 import java.util.List;

@ -215,24 +217,30 @@ public class UserAccountController extends ActivatableEntityController<UserInfo,
                .getCurrentUser().getUsername())
                .getOrThrow();

+        final Collection<APIMessage> errors = new ArrayList<>();
+
        if (!this.userPasswordEncoder.matches(passwordChange.getPassword(), currentUser.getPassword())) {

-            throw new APIMessageException(APIMessage.fieldValidationError(
+            errors.add(APIMessage.fieldValidationError(
                    new FieldError(
                            "passwordChange",
                            PasswordChange.ATTR_NAME_PASSWORD,
-                            "user:oldPassword:password.wrong")));
+                            "user:password:password.wrong")));
        }

        if (!passwordChange.newPasswordMatch()) {

-            throw new APIMessageException(APIMessage.fieldValidationError(
+            errors.add(APIMessage.fieldValidationError(
                    new FieldError(
                            "passwordChange",
                            PasswordChange.ATTR_NAME_CONFIRM_NEW_PASSWORD,
                            "user:confirmNewPassword:password.mismatch")));
        }

+        if (!errors.isEmpty()) {
+            throw new APIMessageException(errors);
+        }
+
        return info;

    }