Improving ForgotPwd structure

db/sys_config.sql

@@ -3,4 +3,13 @@ BEGIN
     INSERT INTO roles(name, active) VALUES ('ROLE_ADMIN', 1);
     INSERT INTO roles(name, active) VALUES ('ROLE_INSTITUTION', 1);
     INSERT INTO roles(name, active) VALUES ('ROLE_CLIENT', 1);
+
+    INSERT INTO forgotpassword_questions(question, active) VALUES ('Qual a sua cor predileta?', 1);
+    INSERT INTO forgotpassword_questions(question, active) VALUES ('Qual foi o seu livro predileto?', 1);
+    INSERT INTO forgotpassword_questions(question, active) VALUES ('Qual o nome da rua em que você cresceu?', 1);
+    INSERT INTO forgotpassword_questions(question, active) VALUES ('Qual o nome do seu bicho de estimação predileto?', 1);
+    INSERT INTO forgotpassword_questions(question, active) VALUES ('Qual a sua comida predileta?', 1);
+    INSERT INTO forgotpassword_questions(question, active) VALUES ('Qual cidade você nasceu?', 1);
+    INSERT INTO forgotpassword_questions(question, active) VALUES ('Qual é o seu país preferido?', 1);
+    INSERT INTO forgotpassword_questions(question, active) VALUES ('Qual é a sua marca de carro predileto?', 1);
 END $$;

src/main/java/org/waterproofingdata/wpdauth/controller/ForgotPasswordController.java

@@ -1,10 +1,19 @@
 package org.waterproofingdata.wpdauth.controller;
 
+import java.util.List;
+
+import org.modelmapper.ModelMapper;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.waterproofingdata.wpdauth.dto.ForgotPasswordQuestionsResponseDTO;
+import org.waterproofingdata.wpdauth.dto.ForgotPasswordQuestionsUsersAnswersRequestDTO;
+import org.waterproofingdata.wpdauth.model.ForgotPasswordQuestionsUsersAnswers;
+import org.waterproofingdata.wpdauth.dto.CustomMapper;
 import org.waterproofingdata.wpdauth.service.ForgotPasswordService;
 
 import io.swagger.annotations.Api;
@@ -12,6 +21,7 @@ import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Authorization;
 
 @RestController
 @RequestMapping("/forgotpassword")
@@ -39,4 +49,48 @@ public class ForgotPasswordController {
 	      @ApiParam("Key") @RequestParam String key) {
 	    return forgotPasswordService.loginByEmailAndKey(email, key);
 	  }
+	  
+	  @PostMapping("/passwordupdatebyemail")
+	  @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')")
+	  @ApiOperation(value = "${ForgotPasswordController.passwordupdatebyemail}", authorizations = { @Authorization(value="apiKey") })
+	  @ApiResponses(value = {//
+	      @ApiResponse(code = 400, message = "Something went wrong"), //
+	      @ApiResponse(code = 403, message = "Access denied"), //
+	      @ApiResponse(code = 404, message = "The user doesn't exist"), //
+	      @ApiResponse(code = 500, message = "Expired or invalid JWT token")})
+	  public void passwordupdatebyemail(@ApiParam("Email") @RequestParam String email, @ApiParam("NewPassword") @RequestParam String newPassword) {
+	    forgotPasswordService.passwordUpdateByEmail(email, newPassword);
+	  }	
+	  
+	  @PostMapping("/findallforgotpasswordquestions")
+	  @ApiOperation(value = "${ForgotPasswordController.findallforgotpasswordquestions}")
+	  @ApiResponses(value = {//
+	      @ApiResponse(code = 400, message = "Something went wrong")})
+	  public List<ForgotPasswordQuestionsResponseDTO> findallforgotpasswordquestions() {
+		  return CustomMapper.mapAll(forgotPasswordService.findAllForgotPasswordQuestions(), ForgotPasswordQuestionsResponseDTO.class);
+	  }	 
+	  
+	  @PostMapping("/saveforgotpasswordquestionsusersanswers")
+	  @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')")
+	  @ApiOperation(value = "${ForgotPasswordController.saveforgotpasswordquestionsusersanswers}", authorizations = { @Authorization(value="apiKey") })
+	  @ApiResponses(value = {//
+	      @ApiResponse(code = 400, message = "Something went wrong"), //
+	      @ApiResponse(code = 403, message = "Access denied"), //
+	      @ApiResponse(code = 404, message = "The user or forgot password questions don't exist"), //
+	      @ApiResponse(code = 500, message = "Expired or invalid JWT token")})
+	  public void saveforgotpasswordquestionsusersanswers(@ApiParam("Forgot Password Questions Users Answers") @RequestBody ForgotPasswordQuestionsUsersAnswersRequestDTO answer) {
+		forgotPasswordService.saveForgotPasswordQuestionsUsersAnswers(CustomMapper.map(answer, ForgotPasswordQuestionsUsersAnswers.class));
+	  }	 
+	  
+	  @PostMapping("/loginbyemailandanswers")
+	  @ApiOperation(value = "${ForgotPasswordController.loginbyemailandanswers}")
+	  @ApiResponses(value = {//
+	      @ApiResponse(code = 400, message = "Something went wrong"), //
+	      @ApiResponse(code = 404, message = "The user or answer don't exist"), //
+	      @ApiResponse(code = 422, message = "Invalid answers supplied to login. Must have at least 2 correct ones.")})
+	  public String loginbyemailandanswers(//
+	      @ApiParam("Email") @RequestParam String email, //
+	      @ApiParam("Answers") @RequestParam List<ForgotPasswordQuestionsUsersAnswersRequestDTO> answers) {
+	    return forgotPasswordService.loginByEmailAndAnswers(email, CustomMapper.mapAll(answers, ForgotPasswordQuestionsUsersAnswers.class));
+	  }	  
 }

src/main/java/org/waterproofingdata/wpdauth/dto/ForgotPasswordQuestionsResponseDTO.java

@@ -0,0 +1,18 @@
+package org.waterproofingdata.wpdauth.dto;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class ForgotPasswordQuestionsResponseDTO {
+	@ApiModelProperty(position = 0)
+    private Integer id;
+
+	@ApiModelProperty(position = 1)
+    private String question;
+
+	@ApiModelProperty(position = 2)
+    private Integer active;
+}

src/main/java/org/waterproofingdata/wpdauth/dto/ForgotPasswordQuestionsUsersAnswersRequestDTO.java

@@ -0,0 +1,22 @@
+package org.waterproofingdata.wpdauth.dto;
+
+import io.swagger.annotations.ApiModelProperty;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class ForgotPasswordQuestionsUsersAnswersRequestDTO {
+    @ApiModelProperty(position = 0)
+    private Integer id;
+
+    @ApiModelProperty(position = 1)
+    private Integer forgotpasswordquestionsid;
+
+    @ApiModelProperty(position = 2)    
+    private Integer usersid;
+
+    @ApiModelProperty(position = 3)
+    private String answer;
+}

src/test/java/org/waterproofingdata/wpdauth/integrationtest/ForgotPasswordServiceIntegrationTest.java

@@ -0,0 +1,24 @@
+package org.waterproofingdata.wpdauth.integrationtest;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.util.List;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.waterproofingdata.wpdauth.model.ForgotPasswordQuestions;
+import org.waterproofingdata.wpdauth.service.ForgotPasswordService;
+
+@SpringBootTest
+public class ForgotPasswordServiceIntegrationTest {
+	@Autowired
+	private ForgotPasswordService forgotPasswordService;
+	
+	@Test
+	public void testFindAllForgotPasswordQuestions() {
+		List<ForgotPasswordQuestions> r = forgotPasswordService.findAllForgotPasswordQuestions();
+		assertTrue(r.size() > 0);
+	}
+	
+}

src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java

@@ -0,0 +1,37 @@
+package org.waterproofingdata.wpdauth.integrationtest;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.HttpStatus;
+import org.waterproofingdata.wpdauth.exception.CustomException;
+import org.waterproofingdata.wpdauth.service.UsersService;
+
+@SpringBootTest
+public class UsersServiceIntegrationTest {
+	@Autowired
+	private UsersService usersService;
+	
+	@Test
+	public void testInvalidLogin() {
+		CustomException thrown = assertThrows(
+				CustomException.class,
+			() -> usersService.login("xpto", "xpto"),
+			"Expected usersService.login(xpto, xpto) to throw, but it didn't"
+		);
+		
+		assertTrue(thrown.getMessage().contains("Invalid username/password supplied"));
+		assertEquals(HttpStatus.UNPROCESSABLE_ENTITY, thrown.getHttpStatus());
+	}
+	
+	@Test
+	public void testAdmUserLogin() {
+		String login = usersService.login("admin", "admin");
+		assertNotNull(login, "Login token returned from usersService.login() should not be null");
+	}
+}