zervo/seb-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBSERV-55 fixed

Browse source
This commit is contained in:
anhefti 2019-11-20 16:57:07 +01:00
parent ae43518ab8
commit b0ca9dd136
2 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
View file

@ -8,6 +8,7 @@
package ch.ethz.seb.sebserver.gbl.model.user; package ch.ethz.seb.sebserver.gbl.model.user;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
@ -29,16 +30,16 @@ public class PasswordChange implements Entity {
@JsonProperty(USER.ATTR_UUID) @JsonProperty(USER.ATTR_UUID)
public final String userId; public final String userId;
@NotNull(message = "user:password:notNull") @NotEmpty(message = "user:password:notNull")
@JsonProperty(ATTR_NAME_PASSWORD) @JsonProperty(ATTR_NAME_PASSWORD)
private final String password; private final String password;
@NotNull(message = "user:newPassword:notNull") @NotEmpty(message = "user:newPassword:notNull")
@Size(min = 8, max = 255, message = "user:newPassword:size:{min}:{max}:${validatedValue}") @Size(min = 8, max = 255, message = "user:newPassword:size:{min}:{max}:${validatedValue}")
@JsonProperty(ATTR_NAME_NEW_PASSWORD) @JsonProperty(ATTR_NAME_NEW_PASSWORD)
private final String newPassword; private final String newPassword;
@NotNull(message = "user:confirmNewPassword:notNull") @NotEmpty(message = "user:confirmNewPassword:notNull")
@JsonProperty(ATTR_NAME_CONFIRM_NEW_PASSWORD) @JsonProperty(ATTR_NAME_CONFIRM_NEW_PASSWORD)
private final String confirmNewPassword; private final String confirmNewPassword;

14
src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/UserAccountController.java
View file

@ -8,6 +8,8 @@
package ch.ethz.seb.sebserver.webservice.weblayer.api; package ch.ethz.seb.sebserver.webservice.weblayer.api;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumSet; import java.util.EnumSet;
import java.util.List; import java.util.List;
@ -215,24 +217,30 @@ public class UserAccountController extends ActivatableEntityController<UserInfo,
.getCurrentUser().getUsername()) .getCurrentUser().getUsername())
.getOrThrow(); .getOrThrow();
final Collection<APIMessage> errors = new ArrayList<>();
if (!this.userPasswordEncoder.matches(passwordChange.getPassword(), currentUser.getPassword())) { if (!this.userPasswordEncoder.matches(passwordChange.getPassword(), currentUser.getPassword())) {
throw new APIMessageException(APIMessage.fieldValidationError( errors.add(APIMessage.fieldValidationError(
new FieldError( new FieldError(
"passwordChange", "passwordChange",
PasswordChange.ATTR_NAME_PASSWORD, PasswordChange.ATTR_NAME_PASSWORD,
"user:oldPassword:password.wrong"))); "user:password:password.wrong")));
} }
if (!passwordChange.newPasswordMatch()) { if (!passwordChange.newPasswordMatch()) {
throw new APIMessageException(APIMessage.fieldValidationError( errors.add(APIMessage.fieldValidationError(
new FieldError( new FieldError(
"passwordChange", "passwordChange",
PasswordChange.ATTR_NAME_CONFIRM_NEW_PASSWORD, PasswordChange.ATTR_NAME_CONFIRM_NEW_PASSWORD,
"user:confirmNewPassword:password.mismatch"))); "user:confirmNewPassword:password.mismatch")));
} }
if (!errors.isEmpty()) {
throw new APIMessageException(errors);
}
return info; return info;
} }