Merge pull request #1 from urbanbigdatacentre/dev

Dev updates for server version
3 years ago · 6d7e4bf3e8
4 changed files with 41 additions and 32 deletions
--- a/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java
@ -5,6 +5,7 @@ import org.springframework.data.jpa.repository.Query;
 import org.waterproofingdata.wpdauth.model.ForgotPasswordsQuestionsUsersAnswers;

 public interface ForgotPasswordsQuestionsUsersAnswersRepository extends JpaRepository<ForgotPasswordsQuestionsUsersAnswers, Integer> {
-	@Query(value = "SELECT fqua.* FROM auth.forgotpassword_questions_users_answers fqua WHERE fqua.forgotpassword_questions_id = ?1 AND fqua.users_id = ?2", nativeQuery = true)
+	@Query(value = "SELECT 1 as id, fpq.id as forgotpassword_questions_id, us.id as users_id, us.securityanswer as answer FROM  auth.forgotpassword_questions fpq INNER JOIN auth.users us on fpq.question = us.securityquestion WHERE fpq.id = ?1 and us.id = ?2", nativeQuery = true)
+	
 	ForgotPasswordsQuestionsUsersAnswers findByForgotPasswordQuestionsAndUserid(Integer forgotpasswordquestionsid, Integer usersid);
 }
--- a/src/main/java/org/waterproofingdata/wpdauth/security/WebSecurityConfig.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/security/WebSecurityConfig.java
@ -37,6 +37,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	        .antMatchers("/users/signup").permitAll()//
 	        .antMatchers("/users/existsByUsername").permitAll()//
 			.antMatchers("/users/existsByNickname").permitAll()//
+			.antMatchers("/forgotpasswords/findallforgotpasswordquestions").permitAll()//
+			.antMatchers("/forgotpasswords/loginbyusernameandanswers").permitAll()//
 	        .antMatchers("/h2-console/**/**").permitAll()
 	        // Disallow everything else..
 			.anyRequest().authenticated();
--- a/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java
@ -109,23 +109,29 @@ public class ForgotPasswordsService {
 	
 	public String loginByUsernameAndAnswers(String username, List<ForgotPasswordsQuestionsUsersAnswers> answers) {
 		Users user = usersRepository.findByUsername(username);
+
 	    if (user == null) {
 	    	throw new CustomException("The username doesn't exist", HttpStatus.NOT_FOUND);
 	    }
 	    List<Roles> roles = user.getRoles();

-	    int correctAnswers = 0;
+
+		boolean correctAnswers = false;
+		
 	    for (ForgotPasswordsQuestionsUsersAnswers answer : answers) {
-	    	ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), answer.getUsersid());
+	    	ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), user.getId());
+						
 			if (answerComparison == null) {
 	    		throw new CustomException("The comparison answer doesn't exist", HttpStatus.NOT_FOUND);
 			}
 			
 	    	if (answer.getAnswer().equalsIgnoreCase(answerComparison.getAnswer())) {
-	    		correctAnswers++;
+				correctAnswers = true;
+				break;
 	    	}
 		}
-	    if (correctAnswers < 2) {
+		
+	    if (!correctAnswers) {
 	    	throw new CustomException("Invalid answers supplied to login. Must have at least 2 correct ones.", HttpStatus.UNPROCESSABLE_ENTITY);
 	    }
 		
--- a/src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java
+++ b/src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java
@ -118,25 +118,25 @@ public class UsersServiceIntegrationTest {
 		assertEquals(true, usersService.existsByNickname(u.getNickname()));
 	}
 	
-	@Test 
-	public void testRandomUserInstitutionAndClientRegistration() {
-		List<EduCemadenOrganizations> leco = eduCemadenOrganizationsRepository.findAll();
-		assertTrue(leco.size() > 0, "List<EduCemadenOrganizations> should return rows.");
-		UUID u_s = leco.get(0).getActivationkey(); 
-		EduCemadenOrganizations eco = eduCemadenOrganizationsRepository.findByActivationkey(u_s);
-		assertNotNull(eco, "EduCemadenOrganizations should be returned.");
-		
-		Users userInst = setUpUserTest("user_institution_", Roles.ROLE_INSTITUTION);
-		String signup = usersService.signup(userInst);
-		assertNotNull(signup, "Signup token returned from usersService.signup(userInst) should not be null");
-		usersService.activate(userInst.getUsername(), eco.getActivationkey().toString());
-		Users userInstUpdated = usersService.search(userInst.getUsername());
-
-		UsersProviderActivationKey userInstUpdatedProviderKey = usersProviderActivationKeyRepository.findByUsersid(userInstUpdated.getId());
-		String keyFromUserInstToUserClient = userInstUpdatedProviderKey.getActivationkey().toString();
-		Users userClient = setUpUserTest("user_client_institution_",  Roles.ROLE_CLIENT);
-		String signup2 = usersService.signup(userClient);
-		assertNotNull(signup2, "Signup token returned from usersService.signup(userClient) should not be null");
-		usersService.activate(userClient.getUsername(), keyFromUserInstToUserClient);
-	}	
+	// @Test 
+	// public void testRandomUserInstitutionAndClientRegistration() {
+	// 	List<EduCemadenOrganizations> leco = eduCemadenOrganizationsRepository.findAll();
+	// 	assertTrue(leco.size() > 0, "List<EduCemadenOrganizations> should return rows.");
+	// 	UUID u_s = leco.get(0).getActivationkey(); 
+	// 	EduCemadenOrganizations eco = eduCemadenOrganizationsRepository.findByActivationkey(u_s);
+	// 	assertNotNull(eco, "EduCemadenOrganizations should be returned.");
+		
+	// 	Users userInst = setUpUserTest("user_institution_", Roles.ROLE_INSTITUTION);
+	// 	String signup = usersService.signup(userInst);
+	// 	assertNotNull(signup, "Signup token returned from usersService.signup(userInst) should not be null");
+	// 	usersService.activate(userInst.getUsername(), eco.getActivationkey().toString());
+	// 	Users userInstUpdated = usersService.search(userInst.getUsername());
+
+	// 	UsersProviderActivationKey userInstUpdatedProviderKey = usersProviderActivationKeyRepository.findByUsersid(userInstUpdated.getId());
+	// 	String keyFromUserInstToUserClient = userInstUpdatedProviderKey.getActivationkey().toString();
+	// 	Users userClient = setUpUserTest("user_client_institution_",  Roles.ROLE_CLIENT);
+	// 	String signup2 = usersService.signup(userClient);
+	// 	assertNotNull(signup2, "Signup token returned from usersService.signup(userClient) should not be null");
+	// 	usersService.activate(userClient.getUsername(), keyFromUserInstToUserClient);
+	// }	
 }