Fixing bug in loginbyusernameandanswers - Changing to only 1 minimum correct answer for value to be valid - Changing query that used the non-existent table auth.forgotpassword_questions_users_answers to a JOIN between user and forgotpassword_questions

3 years ago · 8636d21f55
2 changed files with 17 additions and 10 deletions
--- a/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java
@ -5,6 +5,7 @@ import org.springframework.data.jpa.repository.Query;
 import org.waterproofingdata.wpdauth.model.ForgotPasswordsQuestionsUsersAnswers;

 public interface ForgotPasswordsQuestionsUsersAnswersRepository extends JpaRepository<ForgotPasswordsQuestionsUsersAnswers, Integer> {
-	@Query(value = "SELECT fqua.* FROM auth.forgotpassword_questions_users_answers fqua WHERE fqua.forgotpassword_questions_id = ?1 AND fqua.users_id = ?2", nativeQuery = true)
+	@Query(value = "SELECT 1 as id, fpq.id as forgotpassword_questions_id, us.id as users_id, us.securityanswer as answer FROM  auth.forgotpassword_questions fpq INNER JOIN auth.users us on fpq.question = us.securityquestion WHERE fpq.id = ?1 and us.id = ?2", nativeQuery = true)
+	
 	ForgotPasswordsQuestionsUsersAnswers findByForgotPasswordQuestionsAndUserid(Integer forgotpasswordquestionsid, Integer usersid);
 }
--- a/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java
@ -109,23 +109,29 @@ public class ForgotPasswordsService {
 	
 	public String loginByUsernameAndAnswers(String username, List<ForgotPasswordsQuestionsUsersAnswers> answers) {
 		Users user = usersRepository.findByUsername(username);
+
 	    if (user == null) {
 	    	throw new CustomException("The username doesn't exist", HttpStatus.NOT_FOUND);
 	    }
 	    List<Roles> roles = user.getRoles();

-	    int correctAnswers = 0;
+
+		boolean correctAnswers = false;
+		
 	    for (ForgotPasswordsQuestionsUsersAnswers answer : answers) {
-	    	ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), answer.getUsersid());
+	    	ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), user.getId());
+						
 			if (answerComparison == null) {
 	    		throw new CustomException("The comparison answer doesn't exist", HttpStatus.NOT_FOUND);
 			}
 			
 	    	if (answer.getAnswer().equalsIgnoreCase(answerComparison.getAnswer())) {
-	    		correctAnswers++;
+				correctAnswers = true;
+				break;
 	    	}
 		}
-	    if (correctAnswers < 2) {
+		
+	    if (!correctAnswers) {
 	    	throw new CustomException("Invalid answers supplied to login. Must have at least 2 correct ones.", HttpStatus.UNPROCESSABLE_ENTITY);
 	    }