From 8636d21f55079f841bc3588ec4da3174367d72be Mon Sep 17 00:00:00 2001 From: GabrielTrettel Date: Thu, 17 Feb 2022 17:13:56 -0300 Subject: [PATCH] Fixing bug in loginbyusernameandanswers - Changing to only 1 minimum correct answer for value to be valid - Changing query that used the non-existent table auth.forgotpassword_questions_users_answers to a JOIN between user and forgotpassword_questions --- ...swordsQuestionsUsersAnswersRepository.java | 3 ++- .../service/ForgotPasswordsService.java | 24 ++++++++++++------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java b/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java index ee1719f..d9d4f6e 100644 --- a/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java +++ b/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java @@ -5,6 +5,7 @@ import org.springframework.data.jpa.repository.Query; import org.waterproofingdata.wpdauth.model.ForgotPasswordsQuestionsUsersAnswers; public interface ForgotPasswordsQuestionsUsersAnswersRepository extends JpaRepository { - @Query(value = "SELECT fqua.* FROM auth.forgotpassword_questions_users_answers fqua WHERE fqua.forgotpassword_questions_id = ?1 AND fqua.users_id = ?2", nativeQuery = true) + @Query(value = "SELECT 1 as id, fpq.id as forgotpassword_questions_id, us.id as users_id, us.securityanswer as answer FROM auth.forgotpassword_questions fpq INNER JOIN auth.users us on fpq.question = us.securityquestion WHERE fpq.id = ?1 and us.id = ?2", nativeQuery = true) + ForgotPasswordsQuestionsUsersAnswers findByForgotPasswordQuestionsAndUserid(Integer forgotpasswordquestionsid, Integer usersid); } diff --git a/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java b/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java index a3f0bdd..0d88eca 100644 --- a/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java +++ b/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java @@ -109,23 +109,29 @@ public class ForgotPasswordsService { public String loginByUsernameAndAnswers(String username, List answers) { Users user = usersRepository.findByUsername(username); + if (user == null) { throw new CustomException("The username doesn't exist", HttpStatus.NOT_FOUND); } List roles = user.getRoles(); - - int correctAnswers = 0; + + + boolean correctAnswers = false; + for (ForgotPasswordsQuestionsUsersAnswers answer : answers) { - ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), answer.getUsersid()); - if (answerComparison == null) { + ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), user.getId()); + + if (answerComparison == null) { throw new CustomException("The comparison answer doesn't exist", HttpStatus.NOT_FOUND); - } - + } + if (answer.getAnswer().equalsIgnoreCase(answerComparison.getAnswer())) { - correctAnswers++; + correctAnswers = true; + break; } - } - if (correctAnswers < 2) { + } + + if (!correctAnswers) { throw new CustomException("Invalid answers supplied to login. Must have at least 2 correct ones.", HttpStatus.UNPROCESSABLE_ENTITY); }