feat: implement password reset functionality with expiration handling and logging

Author: mjabascal10

backend/src/main/java/com/park/utmstack/domain/application_events/enums/ApplicationEventType.java

@@ -46,5 +46,7 @@ public enum ApplicationEventType {
     MODULE_ACTIVATION_SUCCESS,
     API_KEY_ACCESS_SUCCESS,
     API_KEY_ACCESS_FAILURE,
+    RESET_USER_PASSWORD_ATTEMPT,
+    RESET_USER_PASSWORD_SUCCESS,
     UNDEFINED
 }

backend/src/main/java/com/park/utmstack/service/UserService.java

@@ -14,6 +14,7 @@
 import com.park.utmstack.util.exceptions.CurrentUserLoginNotFoundException;
 import com.park.utmstack.web.rest.errors.BadRequestAlertException;
 import com.park.utmstack.web.rest.errors.InvalidPasswordException;
+import com.park.utmstack.web.rest.errors.ResetKeyExpiredException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.event.ApplicationReadyEvent;
@@ -79,15 +80,32 @@ public void init() {
         }
     }
 
-    public Optional<User> completePasswordReset(String newPassword, String key) {
-        log.debug("Reset user password for reset key {}", key);
-        return userRepository.findOneByResetKey(key).filter(
-            user -> user.getResetDate().isAfter(Instant.now().minusSeconds(86400))).map(user -> {
-            user.setPassword(passwordEncoder.encode(newPassword));
-            user.setResetKey(null);
-            user.setResetDate(null);
-            return user;
-        });
+    public User completePasswordReset(String newPassword, String key) {
+        final String ctx = CLASS_NAME + ".completePasswordReset";
+        log.debug("{}: Processing password reset with key: {}", ctx, key);
+
+        Optional<User> userOptional = userRepository.findOneByResetKey(key);
+
+        if (userOptional.isEmpty()) {
+            log.info("{}: No user found with reset key", ctx);
+            throw new CurrentUserLoginNotFoundException("No user found with reset key");
+        }
+
+        User user = userOptional.get();
+        Instant resetDeadline = Instant.now().minusSeconds(86400);
+
+        if (!user.getResetDate().isAfter(resetDeadline)) {
+            log.error("{}: Reset key expired for user: {}", ctx, user.getLogin());
+            throw new ResetKeyExpiredException(String.format("Reset key expired for user: %s", user.getLogin()));
+        }
+
+        user.setPassword(passwordEncoder.encode(newPassword));
+        user.setResetKey(null);
+        user.setResetDate(null);
+        user.setActivated(true);
+
+        log.info("{}: Password reset completed successfully for user: {}", ctx, user.getLogin());
+        return user;
     }
 
     public Optional<User> requestPasswordReset(String mail) {

backend/src/main/java/com/park/utmstack/util/exceptions/CurrentUserLoginNotFoundException.java

@@ -1,7 +1,9 @@
 package com.park.utmstack.util.exceptions;
 
-public class CurrentUserLoginNotFoundException extends RuntimeException {
+import org.springframework.http.HttpStatus;
+
+public class CurrentUserLoginNotFoundException extends ApiException {
     public CurrentUserLoginNotFoundException(String message) {
-        super(message);
+        super(message, HttpStatus.NOT_FOUND);
     }
 }

backend/src/main/java/com/park/utmstack/web/rest/AccountResource.java

@@ -1,6 +1,8 @@
 package com.park.utmstack.web.rest;
 
 
+import com.park.utmstack.aop.logging.AuditEvent;
+import com.park.utmstack.aop.logging.Loggable;
 import com.park.utmstack.domain.User;
 import com.park.utmstack.domain.application_events.enums.ApplicationEventType;
 import com.park.utmstack.repository.UserRepository;
@@ -70,7 +72,7 @@ public ResponseEntity<String> isAuthenticated(HttpServletRequest request) {
             log.error(msg);
             applicationEventService.createEvent(msg, ApplicationEventType.ERROR);
             return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).headers(
-                HeaderUtil.createFailureAlert("", "", msg)).body(null);
+                    HeaderUtil.createFailureAlert("", "", msg)).body(null);
         }
     }
 
@@ -85,8 +87,8 @@ public UserDTO getAccount() {
         final String ctx = CLASSNAME + ".getAccount";
         try {
             return userService.getUserWithAuthorities()
-                .map(UserDTO::new)
-                .orElseThrow(() -> new InternalServerErrorException("User could not be found"));
+                    .map(UserDTO::new)
+                    .orElseThrow(() -> new InternalServerErrorException("User could not be found"));
         } catch (InternalServerErrorException e) {
             String msg = ctx + ": " + e.getMessage();
             log.error(msg);
@@ -116,7 +118,7 @@ public void saveAccount(@Valid @RequestBody UserDTO userDTO) {
                 throw new InternalServerErrorException("User could not be found");
 
             userService.updateUser(userDTO.getFirstName(), userDTO.getLastName(), userDTO.getEmail(),
-                userDTO.getLangKey(), userDTO.getImageUrl());
+                    userDTO.getLangKey(), userDTO.getImageUrl());
         } catch (Exception e) {
             String msg = ctx + ": " + e.getMessage();
             log.error(msg);
@@ -156,8 +158,8 @@ public void requestPasswordReset(@RequestBody String mail) {
         final String ctx = CLASSNAME + ".requestPasswordReset";
         try {
             mailService.sendPasswordResetMail(
-                userService.requestPasswordReset(mail)
-                    .orElseThrow(EmailNotFoundException::new));
+                    userService.requestPasswordReset(mail)
+                            .orElseThrow(EmailNotFoundException::new));
         } catch (Exception e) {
             String msg = ctx + ": " + e.getMessage();
             log.error(msg);
@@ -166,34 +168,23 @@ public void requestPasswordReset(@RequestBody String mail) {
         }
     }
 
-    /**
-     * POST   /account/reset-password/finish : Finish to reset the password of the user
-     *
-     * @param keyAndPassword the generated key and the new password
-     * @throws InvalidPasswordException 400 (Bad Request) if the password is incorrect
-     * @throws RuntimeException         500 (Internal Server Error) if the password could not be reset
-     */
+    @AuditEvent(
+            attemptType = ApplicationEventType.RESET_USER_PASSWORD_ATTEMPT,
+            attemptMessage = "Attempt to reset user password initiated",
+            successType = ApplicationEventType.RESET_USER_PASSWORD_SUCCESS,
+            successMessage = "User password reset successfully"
+    )
     @PostMapping(path = "/account/reset-password/finish")
     public void finishPasswordReset(@RequestBody KeyAndPasswordVM keyAndPassword) {
-        final String ctx = CLASSNAME + ".finishPasswordReset";
-        try {
-            validatePasswordLength(keyAndPassword.getNewPassword());
-            Optional<User> user =
-                userService.completePasswordReset(keyAndPassword.getNewPassword(), keyAndPassword.getKey());
 
-            if (user.isEmpty())
-                throw new InternalServerErrorException("No user was found for this reset key");
-        } catch (Exception e) {
-            String msg = ctx + ": " + e.getMessage();
-            log.error(msg);
-            applicationEventService.createEvent(msg, ApplicationEventType.ERROR);
-            throw new RuntimeException(msg);
-        }
+        validatePasswordLength(keyAndPassword.getNewPassword());
+        userService.completePasswordReset(keyAndPassword.getNewPassword(), keyAndPassword.getKey());
+
     }
 
     private void validatePasswordLength(String password) {
         if (!StringUtils.hasText(password) || password.length() < ManagedUserVM.PASSWORD_MIN_LENGTH ||
-            password.length() > ManagedUserVM.PASSWORD_MAX_LENGTH)
+                password.length() > ManagedUserVM.PASSWORD_MAX_LENGTH)
             throw new InvalidPasswordException();
     }
 }

backend/src/main/java/com/park/utmstack/web/rest/errors/ResetKeyExpiredException.java

@@ -0,0 +1,11 @@
+package com.park.utmstack.web.rest.errors;
+
+import com.park.utmstack.util.exceptions.ApiException;
+import org.springframework.http.HttpStatus;
+
+public class ResetKeyExpiredException extends ApiException {
+
+    public ResetKeyExpiredException(String message) {
+        super(message, HttpStatus.BAD_REQUEST);
+    }
+}