Merge pull request #59 from Zenfulcode/patch-password-validation

gustaavik · web-flow · commit a7ee8349cec3 · 2024-12-18T12:39:23.000+01:00
Patch password validation
diff --git a/src/main/java/com/zenfulcode/commercify/commercify/config/SecurityConfig.java b/src/main/java/com/zenfulcode/commercify/commercify/config/SecurityConfig.java
@@ -36,7 +36,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                                 "/api/v1/auth/**",
                                 "/api/v1/products/active",
                                 "/api/v1/products/{id}").permitAll()
-                        .requestMatchers("/admin/**").hasRole("ADMIN")
                         .anyRequest().authenticated()
                 )
                 .sessionManagement(smc -> smc.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
diff --git a/src/main/java/com/zenfulcode/commercify/commercify/service/AuthenticationService.java b/src/main/java/com/zenfulcode/commercify/commercify/service/AuthenticationService.java
@@ -88,9 +88,12 @@ public UserDTO authenticate(LoginUserRequest login) {
                 )
         );
 
-        return userRepository.findByEmail(login.email())
-                .map(mapper)
-                .orElseThrow();
+        UserEntity user = userRepository.findByEmail(login.email()).orElseThrow();
+
+        if (passwordEncoder.matches(login.password(), user.getPassword()))
+            return null;
+
+        return mapper.apply(user);
     }
 
     @Transactional(readOnly = true)

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti`
`36`	`36`	`"/api/v1/auth/**",`
`37`	`37`	`"/api/v1/products/active",`
`38`	`38`	`"/api/v1/products/{id}").permitAll()`
`39`		`- .requestMatchers("/admin/**").hasRole("ADMIN")`
`40`	`39`	`.anyRequest().authenticated()`
`41`	`40`	`)`
`42`	`41`	`.sessionManagement(smc -> smc.sessionCreationPolicy(SessionCreationPolicy.STATELESS))`
Original file line number	Diff line number	Diff line change
`@@ -88,9 +88,12 @@ public UserDTO authenticate(LoginUserRequest login) {`
`88`	`88`	`)`
`89`	`89`	`);`
`90`	`90`
`91`		`- return userRepository.findByEmail(login.email())`
`92`		`- .map(mapper)`
`93`		`- .orElseThrow();`
	`91`	`+ UserEntity user = userRepository.findByEmail(login.email()).orElseThrow();`
	`92`	`+`
	`93`	`+ if (passwordEncoder.matches(login.password(), user.getPassword()))`
	`94`	`+ return null;`
	`95`	`+`
	`96`	`+ return mapper.apply(user);`
`94`	`97`	`}`
`95`	`98`
`96`	`99`	`@Transactional(readOnly = true)`