Phase 4: Add password clearing in UserAPI controllers

Copilot · devondragon · Copilot · commit 5ca30641b752 · 2025-10-26T19:30:22.000Z
Co-authored-by: devondragon &lt;1254537+devondragon@users.noreply.github.com&gt;
diff --git a/src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java b/src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java
@@ -103,6 +103,11 @@ public ResponseEntity<JSONResponse> registerUserAccount(@Valid @RequestBody User
 			log.error("Unexpected error during registration.", ex);
 			logAuditEvent("Registration", "Failure", ex.getMessage(), null, request);
 			return buildErrorResponse("System Error!", 5, HttpStatus.INTERNAL_SERVER_ERROR);
+		} finally {
+			// Clear sensitive password data from memory
+			if (userDto != null) {
+				userDto.clearPasswords();
+			}
 		}
 	}
 
@@ -244,6 +249,11 @@ public ResponseEntity<JSONResponse> savePassword(@Valid @RequestBody SavePasswor
 			log.error("Unexpected error during password reset.", ex);
 			logAuditEvent("PasswordReset", "Failure", ex.getMessage(), null, request);
 			return buildErrorResponse("System Error!", 5, HttpStatus.INTERNAL_SERVER_ERROR);
+		} finally {
+			// Clear sensitive password data from memory
+			if (savePasswordDto != null) {
+				savePasswordDto.clearPasswords();
+			}
 		}
 	}
 
@@ -293,6 +303,11 @@ public ResponseEntity<JSONResponse> updatePassword(@AuthenticationPrincipal DSUs
 			log.error("Unexpected error during password update.", ex);
 			logAuditEvent("PasswordUpdate", "Failure", ex.getMessage(), user, request);
 			return buildErrorResponse("System Error!", 5, HttpStatus.INTERNAL_SERVER_ERROR);
+		} finally {
+			// Clear sensitive password data from memory
+			if (passwordDto != null) {
+				passwordDto.clearPasswords();
+			}
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,11 @@ public ResponseEntity<JSONResponse> registerUserAccount(@Valid @RequestBody User`
`103`	`103`	`log.error("Unexpected error during registration.", ex);`
`104`	`104`	`logAuditEvent("Registration", "Failure", ex.getMessage(), null, request);`
`105`	`105`	`return buildErrorResponse("System Error!", 5, HttpStatus.INTERNAL_SERVER_ERROR);`
	`106`	`+ } finally {`
	`107`	`+ // Clear sensitive password data from memory`
	`108`	`+ if (userDto != null) {`
	`109`	`+ userDto.clearPasswords();`
	`110`	`+ }`
`106`	`111`	`}`
`107`	`112`	`}`
`108`	`113`
`@@ -244,6 +249,11 @@ public ResponseEntity<JSONResponse> savePassword(@Valid @RequestBody SavePasswor`
`244`	`249`	`log.error("Unexpected error during password reset.", ex);`
`245`	`250`	`logAuditEvent("PasswordReset", "Failure", ex.getMessage(), null, request);`
`246`	`251`	`return buildErrorResponse("System Error!", 5, HttpStatus.INTERNAL_SERVER_ERROR);`
	`252`	`+ } finally {`
	`253`	`+ // Clear sensitive password data from memory`
	`254`	`+ if (savePasswordDto != null) {`
	`255`	`+ savePasswordDto.clearPasswords();`
	`256`	`+ }`
`247`	`257`	`}`
`248`	`258`	`}`
`249`	`259`
`@@ -293,6 +303,11 @@ public ResponseEntity<JSONResponse> updatePassword(@AuthenticationPrincipal DSUs`
`293`	`303`	`log.error("Unexpected error during password update.", ex);`
`294`	`304`	`logAuditEvent("PasswordUpdate", "Failure", ex.getMessage(), user, request);`
`295`	`305`	`return buildErrorResponse("System Error!", 5, HttpStatus.INTERNAL_SERVER_ERROR);`
	`306`	`+ } finally {`
	`307`	`+ // Clear sensitive password data from memory`
	`308`	`+ if (passwordDto != null) {`
	`309`	`+ passwordDto.clearPasswords();`
	`310`	`+ }`
`296`	`311`	`}`
`297`	`312`	`}`
`298`	`313`