diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/IUserService.java b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/IUserService.java index 50466449a1..7ec07e9488 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/IUserService.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/IUserService.java @@ -32,4 +32,6 @@ public interface IUserService { User getUserByID(long id); void changeUserPassword(User user, String password); + + boolean checkIfValidOldPassword(User user, String password); } diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java index b9509f4f3a..fafe52953f 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java @@ -120,6 +120,11 @@ public class UserService implements IUserService { repository.save(user); } + @Override + public boolean checkIfValidOldPassword(final User user, final String oldPassword) { + return passwordEncoder.matches(oldPassword, user.getPassword()); + } + private boolean emailExist(final String email) { final User user = repository.findByEmail(email); if (user != null) { diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java b/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java index 30a7b31202..d5adf74992 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java @@ -49,6 +49,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter { registry.addViewController("/successRegister.html"); registry.addViewController("/forgetPassword.html"); registry.addViewController("/updatePassword.html"); + registry.addViewController("/changePassword.html"); } @Override diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java b/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java index 10f2c64bc5..ab8d3feb66 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java @@ -14,6 +14,7 @@ import org.baeldung.persistence.service.IUserService; import org.baeldung.persistence.service.UserDto; import org.baeldung.registration.OnRegistrationCompleteEvent; import org.baeldung.validation.EmailExistsException; +import org.baeldung.web.error.InvalidOldPasswordException; import org.baeldung.web.error.UserAlreadyExistException; import org.baeldung.web.error.UserNotFoundException; import org.baeldung.web.util.GenericResponse; @@ -133,7 +134,6 @@ public class RegistrationController { final String appUrl = "http://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath(); final SimpleMailMessage email = constructResetTokenEmail(appUrl, request.getLocale(), token, user); mailSender.send(email); - return new GenericResponse(messages.getMessage("message.resetPasswordEmail", null, request.getLocale())); } @@ -168,6 +168,19 @@ public class RegistrationController { return new GenericResponse(messages.getMessage("message.resetPasswordSuc", null, locale)); } + // change user password + + @RequestMapping(value = "/user/updatePassword", method = RequestMethod.POST) + @ResponseBody + public GenericResponse changeUserPassword(final Locale locale, @RequestParam("password") final String password, @RequestParam("oldpassword") final String oldPassword) { + final User user = userService.findUserByEmail(SecurityContextHolder.getContext().getAuthentication().getName()); + if (!userService.checkIfValidOldPassword(user, oldPassword)) { + throw new InvalidOldPasswordException(); + } + userService.changeUserPassword(user, password); + return new GenericResponse(messages.getMessage("message.updatePasswordSuc", null, locale)); + } + // NON-API private final SimpleMailMessage constructResendVerificationTokenEmail(final String contextPath, final Locale locale, final VerificationToken newToken, final User user) { diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/web/error/InvalidOldPasswordException.java b/spring-security-login-and-registration/src/main/java/org/baeldung/web/error/InvalidOldPasswordException.java new file mode 100644 index 0000000000..74b4e04c1a --- /dev/null +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/web/error/InvalidOldPasswordException.java @@ -0,0 +1,23 @@ +package org.baeldung.web.error; + +public final class InvalidOldPasswordException extends RuntimeException { + + private static final long serialVersionUID = 5861310537366287163L; + + public InvalidOldPasswordException() { + super(); + } + + public InvalidOldPasswordException(final String message, final Throwable cause) { + super(message, cause); + } + + public InvalidOldPasswordException(final String message) { + super(message); + } + + public InvalidOldPasswordException(final Throwable cause) { + super(cause); + } + +} diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java b/spring-security-login-and-registration/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java index 58c089a733..c74cf25c2b 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java @@ -29,7 +29,7 @@ public class RestResponseEntityExceptionHandler extends ResponseEntityExceptionH // 400 @Override - protected ResponseEntity handleBindException(BindException ex, HttpHeaders headers, HttpStatus status, WebRequest request) { + protected ResponseEntity handleBindException(final BindException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) { logger.error("400 Status Code", ex); final BindingResult result = ex.getBindingResult(); final GenericResponse bodyOfResponse = new GenericResponse(result.getFieldErrors(), result.getGlobalErrors()); @@ -44,6 +44,13 @@ public class RestResponseEntityExceptionHandler extends ResponseEntityExceptionH return handleExceptionInternal(ex, bodyOfResponse, new HttpHeaders(), HttpStatus.BAD_REQUEST, request); } + @ExceptionHandler({ InvalidOldPasswordException.class }) + public ResponseEntity handleInvalidOldPassword(final RuntimeException ex, final WebRequest request) { + logger.error("400 Status Code", ex); + final GenericResponse bodyOfResponse = new GenericResponse(messages.getMessage("message.invalidOldPassword", null, request.getLocale()), "InvalidOldEmail"); + return handleExceptionInternal(ex, bodyOfResponse, new HttpHeaders(), HttpStatus.BAD_REQUEST, request); + } + // 404 @ExceptionHandler({ UserNotFoundException.class }) public ResponseEntity handleUserNotFound(final RuntimeException ex, final WebRequest request) { diff --git a/spring-security-login-and-registration/src/main/resources/messages_en.properties b/spring-security-login-and-registration/src/main/resources/messages_en.properties index f3ad8d2307..74fd761c69 100644 --- a/spring-security-login-and-registration/src/main/resources/messages_en.properties +++ b/spring-security-login-and-registration/src/main/resources/messages_en.properties @@ -64,4 +64,9 @@ message.accountVerified=Your account verified successfully message.resetPasswordSuc=Password reset successfully message.resetYourPassword=Reset your password message.resetPasswordEmail=You should receive an Password Reset Email shortly -message.error=Error Occurred \ No newline at end of file +message.error=Error Occurred +message.updatePasswordSuc=Password updated successfully +message.changePassword=Change Password +message.invalidOldPassword=Invalid Old Password +label.user.newPassword=New Password +label.user.oldPassword=Old Password \ No newline at end of file diff --git a/spring-security-login-and-registration/src/main/resources/messages_es_ES.properties b/spring-security-login-and-registration/src/main/resources/messages_es_ES.properties index 0830f94336..b6cef686ca 100644 --- a/spring-security-login-and-registration/src/main/resources/messages_es_ES.properties +++ b/spring-security-login-and-registration/src/main/resources/messages_es_ES.properties @@ -64,4 +64,9 @@ message.accountVerified=Su cuenta verificada con message.resetPasswordSuc=Contraseña reajusta correctamente message.resetYourPassword=Restablecer su contraseña message.resetPasswordEmail=Te enviaremos un correo electrónico para restablecer su contraseña -message.error=Se produjo un error \ No newline at end of file +message.error=Se produjo un error +message.updatePasswordSuc=Contraseña actualizado correctamente +message.changePassword=Cambiar La Contraseña +message.invalidOldPassword=Inválida contraseña antigua +label.user.newPassword=Nueva Contraseña +label.user.oldPassword=Contraseña Anterior \ No newline at end of file