From 1563e9ed4352f92eaff4cb57f016f1acadcd97e6 Mon Sep 17 00:00:00 2001
From: Florian <florian.thierry@netapsys.fr>
Date: Sun, 13 May 2018 15:11:19 +0200
Subject: [PATCH] Minor corrections for account route.

---
 .../org/codiki/account/AccountController.java | 42 ++++++++++++++++---
 .../org/codiki/account/AccountService.java    | 22 +++++-----
 2 files changed, 49 insertions(+), 15 deletions(-)

diff --git a/src/main/java/org/codiki/account/AccountController.java b/src/main/java/org/codiki/account/AccountController.java
index c217811..c894004 100644
--- a/src/main/java/org/codiki/account/AccountController.java
+++ b/src/main/java/org/codiki/account/AccountController.java
@@ -1,5 +1,7 @@
 package org.codiki.account;
 
+import java.io.IOException;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -27,21 +29,51 @@ public class AccountController {
 	@Autowired
 	private TokenService tokenService;
 	
-
+	/**
+	 * Log in the user in request body.
+	 * 
+	 * @param pUser
+	 *            The user to connect.
+	 * @param response
+	 *            The reponse injected by Spring.
+	 * @return The connected user object.
+	 * @throws IOException
+	 *             If credentials are bad.
+	 */
 	@PostMapping("/login")
-	public UserDTO login(@RequestBody UserDTO pUser, HttpServletResponse response) {
+	public UserDTO login(@RequestBody UserDTO pUser, HttpServletResponse response) throws IOException {
 		return accountService.checkCredentials(response, pUser);
 	}
 	
+	/**
+	 * Log out the user.
+	 * 
+	 * @param pRequest
+	 *            The request injected by Spring.
+	 */
 	@GetMapping("/logout")
 	public void logout(HttpServletRequest pRequest) {
 		tokenService.removeUser(pRequest.getHeader(HEADER_TOKEN));
 	}
 	
+	/**
+	 * Updates the user password.
+	 * 
+	 * @param pPasswordWrapper
+	 *            The object which contains the old password for verification and
+	 *            the new password to set to the user.
+	 * @param pRequest
+	 *            The request injected by Spring.
+	 * @param pResponse
+	 *            The reponse injected by Spring.
+	 * @throws IOException
+	 *             If the old password doesn't match to the user password in
+	 *             database.
+	 */
 	@PutMapping("/changePassword")
-	public boolean changePassword(@RequestBody final PasswordWrapperDTO pPasswordWrapper,
+	public void changePassword(@RequestBody final PasswordWrapperDTO pPasswordWrapper,
 			final HttpServletRequest pRequest,
-			final HttpServletResponse pResponse) {
-		return accountService.changePassword(tokenService.getAuthenticatedUserByToken(pRequest), pPasswordWrapper, pResponse);
+			final HttpServletResponse pResponse) throws IOException {
+		accountService.changePassword(tokenService.getAuthenticatedUserByToken(pRequest), pPasswordWrapper, pResponse);
 	}
 }
diff --git a/src/main/java/org/codiki/account/AccountService.java b/src/main/java/org/codiki/account/AccountService.java
index eaf3760..32e568e 100644
--- a/src/main/java/org/codiki/account/AccountService.java
+++ b/src/main/java/org/codiki/account/AccountService.java
@@ -1,5 +1,6 @@
 package org.codiki.account;
 
+import java.io.IOException;
 import java.util.Optional;
 
 import javax.naming.AuthenticationException;
@@ -29,10 +30,12 @@ public class AccountService {
 	 * @param pUser
 	 *            The user sent from client.
 	 * @return The user populated with the generated token.
+	 * @throws IOException
+	 *             If the credentials are bad.
 	 * @throws AuthenticationException
 	 *             If the credentials are wrong.
 	 */
-	public UserDTO checkCredentials(HttpServletResponse pResponse, UserDTO pUser) {
+	public UserDTO checkCredentials(HttpServletResponse pResponse, UserDTO pUser) throws IOException {
 		UserDTO result = null;
 		
 		Optional<User> user = userRepository.findByEmail(pUser.getEmail());
@@ -41,29 +44,28 @@ public class AccountService {
 			tokenService.addUser(user.get());
 			result = new UserDTO(user.get(), true);
 		} else {
-			pResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+			pResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
 		}
 		
 		return result;
 	}
 	
-	public boolean changePassword(final User pUser, final PasswordWrapperDTO pPasswordWrapper,
-			final HttpServletResponse pResponse) {
-		boolean result = false;
-		
+	public void changePassword(final User pUser, final PasswordWrapperDTO pPasswordWrapper,
+			final HttpServletResponse pResponse) throws IOException {
 		if(pPasswordWrapper.getNewPassword().equals(pPasswordWrapper.getConfirmPassword())) {
 			// We fetch the connected user from database to get his hashed password
 			final Optional<User> userFromDb = userRepository.findById(pUser.getId());
 			if(userFromDb.isPresent() && StringUtils.compareHash(pPasswordWrapper.getOldPassword(),
 					userFromDb.get().getPassword())) {
-				result = true;
 				userFromDb.get().setPassword(StringUtils.hashPassword(pPasswordWrapper.getNewPassword()));
 				userRepository.save(userFromDb.get());
 			} else {
-				pResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+				pResponse.sendError(HttpServletResponse.SC_FORBIDDEN,
+						"Le mot de passe saisi ne correspond pas au votre.");
 			}
+		} else {
+			pResponse.sendError(HttpServletResponse.SC_BAD_REQUEST,
+					"Le mot de passe saisi ne correspond pas au votre.");
 		}
-		
-		return result;
 	}
 }