|
34 | 34 | import lombok.extern.slf4j.Slf4j; |
35 | 35 |
|
36 | 36 | /** |
37 | | - * Service class for managing users. It includes methods for user authentication, registration, deletion, password management, role assignment, and |
38 | | - * related operations. This class also interacts with the user repository and session registry to perform its tasks. |
| 37 | + * Service class for managing users. Provides methods for user registration, authentication, password management, and user-related operations. This |
| 38 | + * class is transactional and uses various repositories and services for its operations. |
39 | 39 | * |
40 | 40 | * <p> |
41 | 41 | * This class is transactional, meaning that any failure causes the entire operation to roll back to the previous state. |
42 | | - * |
43 | | - * @author Devon Hillard |
44 | | - */ |
45 | | -/** |
46 | | - * Service class for managing users. Provides methods for user registration, authentication, password management, and user-related operations. This |
47 | | - * class is transactional and uses various repositories and services for its operations. |
| 42 | + * </p> |
48 | 43 | * |
49 | 44 | * <p> |
50 | 45 | * Dependencies: |
|
112 | 107 | * <li>{@link Transactional}: Indicates that the class or methods should be transactional.</li> |
113 | 108 | * <li>{@link Value}: Injects property values.</li> |
114 | 109 | * </ul> |
| 110 | + * |
| 111 | + * @author Devon Hillard |
115 | 112 | */ |
116 | 113 | @Slf4j |
117 | 114 | @Service |
@@ -199,10 +196,13 @@ public String getValue() { |
199 | 196 | private boolean sendRegistrationVerificationEmail; |
200 | 197 |
|
201 | 198 | /** |
202 | | - * Register new user account. |
| 199 | + * Registers a new user account with the provided user data. |
| 200 | + * If the email already exists, throws a UserAlreadyExistException. |
| 201 | + * If sendRegistrationVerificationEmail is false, the user is enabled immediately. |
203 | 202 | * |
204 | | - * @param newUserDto the new user dto |
205 | | - * @return the user |
| 203 | + * @param newUserDto the data transfer object containing the user registration information |
| 204 | + * @return the newly created user entity |
| 205 | + * @throws UserAlreadyExistException if an account with the same email already exists |
206 | 206 | */ |
207 | 207 | public User registerNewUserAccount(final UserDto newUserDto) { |
208 | 208 | TimeLogger timeLogger = new TimeLogger(log, "UserService.registerNewUserAccount"); |
@@ -371,12 +371,15 @@ public List<String> getUsersFromSessionRegistry() { |
371 | 371 | } |
372 | 372 |
|
373 | 373 | /** |
374 | | - * Authenticates the given user without a password. The user is authenticated by loading their details, generating their authorities from their |
375 | | - * roles and privileges, and storing these details in the security context and session. This is a potentially dangerous method to call, as it will |
376 | | - * authenticate the user without requiring a password!!! We are using it here to allow us to authenticate a user after they have registered, |
377 | | - * without requiring them to log in again. |
| 374 | + * Authenticates the given user without requiring a password. This method loads the user's details, |
| 375 | + * generates their authorities from their roles and privileges, and stores these details in the |
| 376 | + * security context and session. |
| 377 | + * |
| 378 | + * <p><strong>SECURITY WARNING:</strong> This is a potentially dangerous method as it authenticates |
| 379 | + * a user without password verification. This method should only be used in specific controlled scenarios, |
| 380 | + * such as after successful email verification or OAuth authentication.</p> |
378 | 381 | * |
379 | | - * @param user The user to authenticate. |
| 382 | + * @param user The user to authenticate without password verification |
380 | 383 | */ |
381 | 384 | public void authWithoutPassword(User user) { |
382 | 385 | log.debug("UserService.authWithoutPassword: authenticating user: {}", user); |
|
0 commit comments