diff --git a/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java b/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java index ee1719f..d9d4f6e 100644 --- a/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java +++ b/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java @@ -5,6 +5,7 @@ import org.springframework.data.jpa.repository.Query; import org.waterproofingdata.wpdauth.model.ForgotPasswordsQuestionsUsersAnswers; public interface ForgotPasswordsQuestionsUsersAnswersRepository extends JpaRepository { - @Query(value = "SELECT fqua.* FROM auth.forgotpassword_questions_users_answers fqua WHERE fqua.forgotpassword_questions_id = ?1 AND fqua.users_id = ?2", nativeQuery = true) + @Query(value = "SELECT 1 as id, fpq.id as forgotpassword_questions_id, us.id as users_id, us.securityanswer as answer FROM auth.forgotpassword_questions fpq INNER JOIN auth.users us on fpq.question = us.securityquestion WHERE fpq.id = ?1 and us.id = ?2", nativeQuery = true) + ForgotPasswordsQuestionsUsersAnswers findByForgotPasswordQuestionsAndUserid(Integer forgotpasswordquestionsid, Integer usersid); } diff --git a/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java b/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java index a3f0bdd..0d88eca 100644 --- a/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java +++ b/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java @@ -109,23 +109,29 @@ public class ForgotPasswordsService { public String loginByUsernameAndAnswers(String username, List answers) { Users user = usersRepository.findByUsername(username); + if (user == null) { throw new CustomException("The username doesn't exist", HttpStatus.NOT_FOUND); } List roles = user.getRoles(); - - int correctAnswers = 0; + + + boolean correctAnswers = false; + for (ForgotPasswordsQuestionsUsersAnswers answer : answers) { - ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), answer.getUsersid()); - if (answerComparison == null) { + ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), user.getId()); + + if (answerComparison == null) { throw new CustomException("The comparison answer doesn't exist", HttpStatus.NOT_FOUND); - } - + } + if (answer.getAnswer().equalsIgnoreCase(answerComparison.getAnswer())) { - correctAnswers++; + correctAnswers = true; + break; } - } - if (correctAnswers < 2) { + } + + if (!correctAnswers) { throw new CustomException("Invalid answers supplied to login. Must have at least 2 correct ones.", HttpStatus.UNPROCESSABLE_ENTITY); }