password matching validation when signing in

gustaavik · gustaavik · commit 230de2f595d5 · 2024-12-18T11:26:34.000+01:00
diff --git a/src/main/java/com/zenfulcode/commercify/commercify/service/AuthenticationService.java b/src/main/java/com/zenfulcode/commercify/commercify/service/AuthenticationService.java
@@ -88,9 +88,12 @@ public UserDTO authenticate(LoginUserRequest login) {
                 )
         );
 
-        return userRepository.findByEmail(login.email())
-                .map(mapper)
-                .orElseThrow();
+        UserEntity user = userRepository.findByEmail(login.email()).orElseThrow();
+
+        if (passwordEncoder.matches(login.password(), user.getPassword()))
+            return null;
+
+        return mapper.apply(user);
     }
 
     @Transactional(readOnly = true)

Original file line number	Diff line number	Diff line change
`@@ -88,9 +88,12 @@ public UserDTO authenticate(LoginUserRequest login) {`
`88`	`88`	`)`
`89`	`89`	`);`
`90`	`90`
`91`		`- return userRepository.findByEmail(login.email())`
`92`		`- .map(mapper)`
`93`		`- .orElseThrow();`
	`91`	`+ UserEntity user = userRepository.findByEmail(login.email()).orElseThrow();`
	`92`	`+`
	`93`	`+ if (passwordEncoder.matches(login.password(), user.getPassword()))`
	`94`	`+ return null;`
	`95`	`+`
	`96`	`+ return mapper.apply(user);`
`94`	`97`	`}`
`95`	`98`
`96`	`99`	`@Transactional(readOnly = true)`