fix: apply requested changes

Author: Edamijueda

src/main/java/com/digitalsanctuary/spring/user/service/UserService.java

@@ -220,8 +220,6 @@ public String getValue() {
 
 	private final PasswordHistoryRepository passwordHistoryRepository;
 
-	// private final PasswordEncoder passwordEncoder;
-
 	/** The send registration verification email flag. */
 	@Value("${user.registration.sendVerificationEmail:false}")
 	private boolean sendRegistrationVerificationEmail;
@@ -243,16 +241,17 @@ public String getValue() {
 	public User registerNewUserAccount(final UserDto newUserDto) {
 		TimeLogger timeLogger = new TimeLogger(log, "UserService.registerNewUserAccount");
 		log.debug("UserService.registerNewUserAccount: called with userDto: {}", newUserDto);
-		
+
 		// Validate password match only if both are provided
-		if (newUserDto.getPassword() != null && newUserDto.getMatchingPassword() != null 
+		if (newUserDto.getPassword() != null && newUserDto.getMatchingPassword() != null
 				&& !newUserDto.getPassword().equals(newUserDto.getMatchingPassword())) {
 			throw new IllegalArgumentException("Passwords do not match");
 		}
-		
+
 		if (emailExists(newUserDto.getEmail())) {
 			log.debug("UserService.registerNewUserAccount: email already exists: {}", newUserDto.getEmail());
-			throw new UserAlreadyExistException("There is an account with that email address: " + newUserDto.getEmail());
+			throw new UserAlreadyExistException(
+					"There is an account with that email address: " + newUserDto.getEmail());
 		}
 
 		// Create a new User entity
@@ -287,7 +286,6 @@ public User saveRegisteredUser(final User user) {
 	}
 
 	private void savePasswordHistory(User user, String encodedPassword) {
-		log.info("landed in savePasswordHistory");
 		if (user == null || !StringUtils.hasText(encodedPassword)) {
 			log.warn("Cannot save password history: user or password is null/empty.");
 			return;

src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -128,57 +128,57 @@
     {
       "name": "user.security.password.enabled",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.enabled'"
+      "description": "Enable/disable password policy enforcement"
     },
     {
       "name": "user.security.password.min-length",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.min-length'"
+      "description": "Minimum password length"
     },
     {
       "name": "user.security.password.max-length",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.max-length'"
+      "description": "Maximum password length"
     },
      {
       "name": "user.security.password.require-uppercase",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.require-uppercase'"
+      "description": "Require at least one uppercase character"
     },
      {
       "name": "user.security.password.require-lowercase",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.require-lowercase'"
+      "description": "Require at least one lowercase character"
     },
      {
       "name": "user.security.password.require-digit",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.require-digit'"
+      "description": "Require at least one digit"
     },
      {
       "name": "user.security.password.require-special",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.require-special'"
+      "description": "Require at least one special character"
     },
      {
       "name": "user.security.password.special-chars",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.special-chars'"
+      "description": "Allowed special characters"
     },
      {
       "name": "user.security.password.prevent-common-passwords",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.prevent-common-passwords'"
+      "description": "Prevent use of common passwords (dictionary check)"
     },
      {
       "name": "user.security.password.history-count",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.history-count'"
+      "description": "Number of previous passwords to prevent reuse"
     },
      {
       "name": "user.security.password.similarity-threshold",
       "type": "java.lang.String",
-      "description": "A description for 'user.security.password.similarity-threshold'"
+      "description": "Percentage of similarity allowed with username/email"
     },
     {
       "name": "hibernate.globally_quoted_identifiers",

src/test/java/com/digitalsanctuary/spring/user/service/UserServiceTest.java

@@ -80,42 +80,20 @@ public class UserServiceTest {
     private DSUserDetailsService dsUserDetailsService;
     @Mock
     private ApplicationEventPublisher eventPublisher;
-
     @Mock
     private AuthorityService authorityService;
-
-    @InjectMocks
     @Mock
     private PasswordHistoryRepository passwordHistoryRepository;
+    @InjectMocks
     private UserService userService;
     private User testUser;
     private UserDto testUserDto;
 
     @BeforeEach
     void setUp() {
-        testUser = new User();
-        testUser.setEmail("test@example.com");
-        testUser.setFirstName("testFirstName");
-        testUser.setLastName("testLastName");
-        testUser.setPassword("testPassword");
-        testUser.setRoles(Collections.singletonList(new Role("ROLE_USER")));
-        testUser.setEnabled(true);
-
-        testUserDto = new UserDto();
-        testUserDto.setEmail("test@example.com");
-        testUserDto.setFirstName("testFirstName");
-        testUserDto.setLastName("testLastName");
-        testUserDto.setPassword("testPassword");
-        testUserDto.setRole(1);
-
         // Use centralized test fixtures for consistent test data
         testUser = TestFixtures.Users.standardUser();
         testUserDto = TestFixtures.DTOs.validUserRegistration();
-
-        userService = new UserService(userRepository, tokenRepository, passwordTokenRepository, passwordEncoder,
-                roleRepository, sessionRegistry,
-                userEmailService, userVerificationService, authorityService, dsUserDetailsService, eventPublisher,
-                passwordHistoryRepository);
     }
 
     @Test
@@ -147,7 +125,8 @@ void registerNewUserAccount_throwsExceptionWhenUserExist() {
         when(userRepository.findByEmail(testUser.getEmail())).thenReturn(testUser);
 
         // When & Then
-        assertThatThrownBy(() -> userService.registerNewUserAccount(testUserDto)).isInstanceOf(UserAlreadyExistException.class)
+        assertThatThrownBy(() -> userService.registerNewUserAccount(testUserDto))
+                .isInstanceOf(UserAlreadyExistException.class)
                 .hasMessageContaining("There is an account with that email address");
     }
 
@@ -307,7 +286,8 @@ class PasswordResetTokenTests {
         void getPasswordResetToken_returnsTokenWhenExists() {
             // Given
             String tokenString = "test-token-123";
-            PasswordResetToken token = TokenTestDataBuilder.aPasswordResetToken().withToken(tokenString).forUser(testUser).build();
+            PasswordResetToken token = TokenTestDataBuilder.aPasswordResetToken().withToken(tokenString)
+                    .forUser(testUser).build();
             when(passwordTokenRepository.findByToken(tokenString)).thenReturn(token);
 
             // When
@@ -324,7 +304,8 @@ void getPasswordResetToken_returnsTokenWhenExists() {
         void getUserByPasswordResetToken_returnsUserWhenTokenValid() {
             // Given
             String tokenString = "valid-token";
-            PasswordResetToken token = TokenTestDataBuilder.aPasswordResetToken().withToken(tokenString).forUser(testUser).build();
+            PasswordResetToken token = TokenTestDataBuilder.aPasswordResetToken().withToken(tokenString)
+                    .forUser(testUser).build();
             when(passwordTokenRepository.findByToken(tokenString)).thenReturn(token);
 
             // When
@@ -340,7 +321,8 @@ void getUserByPasswordResetToken_returnsUserWhenTokenValid() {
         void validatePasswordResetToken_returnsValidForFreshToken() {
             // Given
             String tokenString = "fresh-token";
-            PasswordResetToken token = TokenTestDataBuilder.aValidPasswordResetToken().withToken(tokenString).expiringInHours(1).build();
+            PasswordResetToken token = TokenTestDataBuilder.aValidPasswordResetToken().withToken(tokenString)
+                    .expiringInHours(1).build();
             when(passwordTokenRepository.findByToken(tokenString)).thenReturn(token);
 
             // When
@@ -370,7 +352,8 @@ void validatePasswordResetToken_returnsInvalidForNullToken() {
         void validatePasswordResetToken_returnsExpiredForOldToken() {
             // Given
             String tokenString = "expired-token";
-            PasswordResetToken token = TokenTestDataBuilder.anExpiredPasswordResetToken().withToken(tokenString).expiredMinutesAgo(120).build();
+            PasswordResetToken token = TokenTestDataBuilder.anExpiredPasswordResetToken().withToken(tokenString)
+                    .expiredMinutesAgo(120).build();
             when(passwordTokenRepository.findByToken(tokenString)).thenReturn(token);
 
             // When
@@ -431,9 +414,12 @@ void getUsersFromSessionRegistry_returnsActiveUserEmails() {
             List<Object> principals = Arrays.asList(user1, user2, stringPrincipal);
 
             when(sessionRegistry.getAllPrincipals()).thenReturn(principals);
-            when(sessionRegistry.getAllSessions(user1, false)).thenReturn(Arrays.asList(mock(SessionInformation.class)));
-            when(sessionRegistry.getAllSessions(user2, false)).thenReturn(Arrays.asList(mock(SessionInformation.class)));
-            when(sessionRegistry.getAllSessions(stringPrincipal, false)).thenReturn(Arrays.asList(mock(SessionInformation.class)));
+            when(sessionRegistry.getAllSessions(user1, false))
+                    .thenReturn(Arrays.asList(mock(SessionInformation.class)));
+            when(sessionRegistry.getAllSessions(user2, false))
+                    .thenReturn(Arrays.asList(mock(SessionInformation.class)));
+            when(sessionRegistry.getAllSessions(stringPrincipal, false))
+                    .thenReturn(Arrays.asList(mock(SessionInformation.class)));
 
             // When
             List<String> result = userService.getUsersFromSessionRegistry();
@@ -450,7 +436,8 @@ void getUsersFromSessionRegistry_filtersOutInactiveSessions() {
             User inactiveUser = UserTestDataBuilder.aUser().withEmail("inactive@example.com").build();
 
             when(sessionRegistry.getAllPrincipals()).thenReturn(Arrays.asList(activeUser, inactiveUser));
-            when(sessionRegistry.getAllSessions(activeUser, false)).thenReturn(Arrays.asList(mock(SessionInformation.class)));
+            when(sessionRegistry.getAllSessions(activeUser, false))
+                    .thenReturn(Arrays.asList(mock(SessionInformation.class)));
             when(sessionRegistry.getAllSessions(inactiveUser, false)).thenReturn(Collections.emptyList());
 
             // When
@@ -483,7 +470,8 @@ void authWithoutPassword_authenticatesValidUser() {
             when(mockRequest.getSession(true)).thenReturn(mockSession);
 
             try (MockedStatic<RequestContextHolder> mockedHolder = mockStatic(RequestContextHolder.class);
-                    MockedStatic<SecurityContextHolder> mockedSecurityHolder = mockStatic(SecurityContextHolder.class)) {
+                    MockedStatic<SecurityContextHolder> mockedSecurityHolder = mockStatic(
+                            SecurityContextHolder.class)) {
 
                 mockedHolder.when(RequestContextHolder::getRequestAttributes).thenReturn(attrs);
                 SecurityContext securityContext = mock(SecurityContext.class);
@@ -494,7 +482,8 @@ void authWithoutPassword_authenticatesValidUser() {
 
                 // Then
                 verify(securityContext)
-                        .setAuthentication(argThat(auth -> auth.getPrincipal().equals(userDetails) && auth.getAuthorities().equals(authorities)));
+                        .setAuthentication(argThat(auth -> auth.getPrincipal().equals(userDetails)
+                                && auth.getAuthorities().equals(authorities)));
                 verify(mockSession).setAttribute(eq("SPRING_SECURITY_CONTEXT"), eq(securityContext));
             }
         }
@@ -528,7 +517,8 @@ void authWithoutPassword_handlesUserWithNullEmail() {
         @DisplayName("authWithoutPassword - handles user not found")
         void authWithoutPassword_handlesUserNotFound() {
             // Given
-            when(dsUserDetailsService.loadUserByUsername(testUser.getEmail())).thenThrow(new UsernameNotFoundException("User not found"));
+            when(dsUserDetailsService.loadUserByUsername(testUser.getEmail()))
+                    .thenThrow(new UsernameNotFoundException("User not found"));
 
             // When
             userService.authWithoutPassword(testUser);
@@ -548,7 +538,8 @@ void authWithoutPassword_handlesNoRequestContext() {
             when(authorityService.getAuthoritiesFromUser(testUser)).thenReturn((Collection) authorities);
 
             try (MockedStatic<RequestContextHolder> mockedHolder = mockStatic(RequestContextHolder.class);
-                    MockedStatic<SecurityContextHolder> mockedSecurityHolder = mockStatic(SecurityContextHolder.class)) {
+                    MockedStatic<SecurityContextHolder> mockedSecurityHolder = mockStatic(
+                            SecurityContextHolder.class)) {
 
                 mockedHolder.when(RequestContextHolder::getRequestAttributes).thenReturn(null);
                 SecurityContext securityContext = mock(SecurityContext.class);