From b0ca9dd13689e87fd7b6ed8c7eb729f116b42a87 Mon Sep 17 00:00:00 2001
From: anhefti <andreas.hefti@let.ethz.ch>
Date: Wed, 20 Nov 2019 16:57:07 +0100
Subject: [PATCH] SEBSERV-55 fixed

---
 .../sebserver/gbl/model/user/PasswordChange.java   |  7 ++++---
 .../weblayer/api/UserAccountController.java        | 14 +++++++++++---
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
index 08a6ec70..42dc2e01 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
@@ -8,6 +8,7 @@
 
 package ch.ethz.seb.sebserver.gbl.model.user;
 
+import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 
@@ -29,16 +30,16 @@ public class PasswordChange implements Entity {
     @JsonProperty(USER.ATTR_UUID)
     public final String userId;
 
-    @NotNull(message = "user:password:notNull")
+    @NotEmpty(message = "user:password:notNull")
     @JsonProperty(ATTR_NAME_PASSWORD)
     private final String password;
 
-    @NotNull(message = "user:newPassword:notNull")
+    @NotEmpty(message = "user:newPassword:notNull")
     @Size(min = 8, max = 255, message = "user:newPassword:size:{min}:{max}:${validatedValue}")
     @JsonProperty(ATTR_NAME_NEW_PASSWORD)
     private final String newPassword;
 
-    @NotNull(message = "user:confirmNewPassword:notNull")
+    @NotEmpty(message = "user:confirmNewPassword:notNull")
     @JsonProperty(ATTR_NAME_CONFIRM_NEW_PASSWORD)
     private final String confirmNewPassword;
 
diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/UserAccountController.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/UserAccountController.java
index aeb2c860..c934cf75 100644
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/UserAccountController.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/UserAccountController.java
@@ -8,6 +8,8 @@
 
 package ch.ethz.seb.sebserver.webservice.weblayer.api;
 
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.EnumSet;
 import java.util.List;
 
@@ -215,24 +217,30 @@ public class UserAccountController extends ActivatableEntityController<UserInfo,
                 .getCurrentUser().getUsername())
                 .getOrThrow();
 
+        final Collection<APIMessage> errors = new ArrayList<>();
+
         if (!this.userPasswordEncoder.matches(passwordChange.getPassword(), currentUser.getPassword())) {
 
-            throw new APIMessageException(APIMessage.fieldValidationError(
+            errors.add(APIMessage.fieldValidationError(
                     new FieldError(
                             "passwordChange",
                             PasswordChange.ATTR_NAME_PASSWORD,
-                            "user:oldPassword:password.wrong")));
+                            "user:password:password.wrong")));
         }
 
         if (!passwordChange.newPasswordMatch()) {
 
-            throw new APIMessageException(APIMessage.fieldValidationError(
+            errors.add(APIMessage.fieldValidationError(
                     new FieldError(
                             "passwordChange",
                             PasswordChange.ATTR_NAME_CONFIRM_NEW_PASSWORD,
                             "user:confirmNewPassword:password.mismatch")));
         }
 
+        if (!errors.isEmpty()) {
+            throw new APIMessageException(errors);
+        }
+
         return info;
 
     }