api

ad71e2c6 · Jan Hrabal · db503a46 · ad71e2c6 · ad71e2c6
Commit ad71e2c6 authored Aug 26, 2019 by Jan Hrabal
Showing with 11 additions and 8 deletions

AuthApiController.java ...main/java/com/jh/boot/security/api/AuthApiController.java +1 -1

AppUserAuthService.java ...java/com/jh/boot/security/service/AppUserAuthService.java +10 -7

No files found.
--- a/src/main/java/com/jh/boot/security/api/AuthApiController.java
+++ b/src/main/java/com/jh/boot/security/api/AuthApiController.java
@@ -179,7 +179,7 @@ public class AuthApiController {
    	Utils.sleep(250);
    	String token = resetPassword.getToken();
    	if (!StringUtils.hasText(token)) {
-    		return new ResponseEntity<>(Collections.singletonList(new AuthError(null, "NO_TOKEN")), HttpStatus.BAD_REQUEST);
+    		return new ResponseEntity<>(Collections.singletonList(new AuthError(null, "AUTH.NO_TOKEN")), HttpStatus.BAD_REQUEST);
    	}
    	List<ErrorMessage> errors = new ArrayList<>();

--- a/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
+++ b/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
@@ -41,10 +41,10 @@ public class AppUserAuthService implements AuthService {
 	public Authentication authenticate(String login, String password) throws BadCredentialsException {
 		AppUser user = appUserRepository.fetchByLoginDetached(login);
 		if (user == null) {
-			throw new BadCredentialsException("User not found");
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
 		}
 		if (!PasswordUtils.checkPassword(password, user.getPassword(), user.getPasswordSalt())) {
-			throw new BadCredentialsException("Bad password");
+			throw new BadCredentialsException("AUTH.BAD_PASSWORD");
 		}
 		//sanitize object
@@ -64,10 +64,13 @@ public class AppUserAuthService implements AuthService {
 	public void register(String login, String password) throws AuthenticationException {
 		AppUser user = appUserRepository.findByLogin(login);
 		if (user != null) {
-			throw new BadCredentialsException("User already exists");
+			throw new BadCredentialsException("AUTH.USER_ALREADY_EXISTS");
 		}
 		if (!StringUtils.hasText(login) || !StringUtils.hasText(password)) {
-			throw new BadCredentialsException("Bad username or password");
+			throw new BadCredentialsException("AUTH.BAD_USERNAME_OR_PASSWORD");
+		}
+		if (!PasswordUtils.validatePassword(password)) {
+			throw new BadCredentialsException("AUTH.BAD_PASSWORD");
 		}
 		AppUser appUser = appUserRepository.registerUser(login, password);
@@ -81,7 +84,7 @@ public class AppUserAuthService implements AuthService {
 	public String generateResetToken(String login) {
 		AppUser user = appUserRepository.findByLogin(login);
 		if (user == null) {
-			throw new BadCredentialsException("User does not exist");
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
 		}
 		ResetPasswordToken token = new ResetPasswordToken(login, new Date(), UUID.randomUUID().toString());
@@ -100,12 +103,12 @@ public class AppUserAuthService implements AuthService {
 	public void resetPassword(String login, String token, String newPassword) throws AuthenticationException {
 		ResetPasswordToken rpt = appUserRepository.findResetPasswordToken(login, token);
 		if (rpt == null) {
-			throw new BadCredentialsException("Invalid token");
+			throw new BadCredentialsException("AUTH.INVALID_TOKEN");
 		}
 		AppUser user = appUserRepository.findByLogin(login);
 		if (user == null) {
-			throw new BadCredentialsException("User does not exist");
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
 		}
 		PasswordHash hash = PasswordUtils.hashPassword(newPassword);