diff --git a/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java b/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java index ecaf9a48..3ee707c2 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java @@ -181,6 +181,10 @@ public class UserDao { log.info("Password reset attempt for non-existent user: {}", resetPasswordReq.getEmail()); throw new ResourceNotFoundException(Status.NOT_FOUND, Translator.toLocale(GepafinConstant.USER_NOT_FOUND_MSG)); } + if (!resetPasswordReq.getNewPassword().equals(resetPasswordReq.getConfirmPassword())) { + log.info("User creation failed: Passwords do not match for email {}", user.getEmail()); + throw new CustomValidationException(Status.VALIDATION_ERROR, Translator.toLocale(GepafinConstant.PASSWORD_DOESNT_MATCH)); + } String dbToken = user.getResetPasswordToken(); if (dbToken == null || !dbToken.equals(resetPasswordReq.getToken())) { diff --git a/src/main/java/net/gepafin/tendermanagement/model/request/ResetPasswordReq.java b/src/main/java/net/gepafin/tendermanagement/model/request/ResetPasswordReq.java index 7a46596a..019ca582 100644 --- a/src/main/java/net/gepafin/tendermanagement/model/request/ResetPasswordReq.java +++ b/src/main/java/net/gepafin/tendermanagement/model/request/ResetPasswordReq.java @@ -7,5 +7,7 @@ public class ResetPasswordReq { private String email; private String token; private String newPassword; + private String confirmPassword; + } diff --git a/src/main/java/net/gepafin/tendermanagement/web/rest/api/UserApi.java b/src/main/java/net/gepafin/tendermanagement/web/rest/api/UserApi.java index 2dda7d21..c60cef58 100644 --- a/src/main/java/net/gepafin/tendermanagement/web/rest/api/UserApi.java +++ b/src/main/java/net/gepafin/tendermanagement/web/rest/api/UserApi.java @@ -104,7 +104,7 @@ public interface UserApi { method = RequestMethod.POST) ResponseEntity> login( @Parameter(description = "Login request object", required = true) @Valid @RequestBody LoginReq loginReq); - @Operation(summary = "Api to initiate password reset", + @Operation(summary = "Api to initiate password reset request", responses = { @ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(mediaType = MediaType.APPLICATION_JSON_VALUE, examples = { @@ -155,7 +155,7 @@ public interface UserApi { ResponseEntity> logoutUser( @Parameter(description = "The request object is not needed for logout", required = false) HttpServletRequest request, @Parameter(description = "The response object is not needed for logout", required = false) HttpServletResponse response); - @Operation(summary = "API to update user active/deactive status", + @Operation(summary = "Api to update user active/deactive status", responses = { @ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(mediaType = MediaType.APPLICATION_JSON_VALUE, examples = { @@ -168,6 +168,7 @@ public interface UserApi { @RequestMapping(value = "/{userId}/status", produces = {"application/json"}, method = RequestMethod.PUT) + @PreAuthorize("hasRole('ROLE_SUPER_ADMIN')") default ResponseEntity> updateUserStatus( @Parameter(description = "The user id", required = true) @PathVariable("userId") Long userId, @Parameter(description = "status", required = true)@RequestParam(value = "status", required = true) UserStatusEnum status) {