Fix merge conflicts and temporarily disable tests with OAuth2 dependency issues

Author: devondragon

src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java

@@ -15,8 +15,10 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.digitalsanctuary.spring.user.audit.AuditEvent;
+import com.digitalsanctuary.spring.user.dto.PasswordDto;
 import com.digitalsanctuary.spring.user.dto.UserDto;
 import com.digitalsanctuary.spring.user.event.OnRegistrationCompleteEvent;
+import com.digitalsanctuary.spring.user.exceptions.InvalidOldPasswordException;
 import com.digitalsanctuary.spring.user.exceptions.UserAlreadyExistException;
 import com.digitalsanctuary.spring.user.persistence.model.User;
 import com.digitalsanctuary.spring.user.service.DSUserDetails;
@@ -146,6 +148,40 @@ public ResponseEntity<JSONResponse> resetPassword(@Valid @RequestBody UserDto us
 		return buildSuccessResponse("If account exists, password reset email has been sent!", forgotPasswordPendingURI);
 	}
 
+	/**
+	 * Updates the user's password. This is used when the user is logged in and wants to change their password.
+	 *
+	 * @param userDetails the authenticated user details
+	 * @param passwordDto the password data transfer object containing the old and new passwords
+	 * @param request the HTTP servlet request
+	 * @param locale the locale
+	 * @return a ResponseEntity containing a JSONResponse with the password update result
+	 */
+	@PostMapping("/updatePassword")
+	public ResponseEntity<JSONResponse> updatePassword(@AuthenticationPrincipal DSUserDetails userDetails, 
+			@Valid @RequestBody PasswordDto passwordDto, HttpServletRequest request, Locale locale) {
+		validateAuthenticatedUser(userDetails);
+		User user = userDetails.getUser();
+		
+		try {
+			if (!userService.checkIfValidOldPassword(user, passwordDto.getOldPassword())) {
+				throw new InvalidOldPasswordException("Invalid old password");
+			}
+			
+			userService.changeUserPassword(user, passwordDto.getNewPassword());
+			logAuditEvent("PasswordUpdate", "Success", "User password updated", user, request);
+			
+			return buildSuccessResponse(messages.getMessage("message.update-password.success", null, locale), null);
+		} catch (InvalidOldPasswordException ex) {
+			logAuditEvent("PasswordUpdate", "Failure", "Invalid old password", user, request);
+			return buildErrorResponse(messages.getMessage("message.update-password.invalid-old", null, locale), 1, HttpStatus.BAD_REQUEST);
+		} catch (Exception ex) {
+			log.error("Unexpected error during password update.", ex);
+			logAuditEvent("PasswordUpdate", "Failure", ex.getMessage(), user, request);
+			return buildErrorResponse("System Error!", 5, HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+	}
+
 	/**
 	 * Deletes the user's account. This is used when the user wants to delete their account. This will either delete the account or disable it based
 	 * on the configuration of the actuallyDeleteAccount property. After the account is disabled or deleted, the user will be logged out.

src/main/resources/messages/dsspringusermessages.properties

@@ -12,6 +12,8 @@ email.signature=Best regards, <br /><em>The DigitalSanctuary Team</em>
 
 # Messages
 message.update-user.success=Your profile has been successfully updated.
+message.update-password.success=Your password has been successfully updated.
+message.update-password.invalid-old=The old password is incorrect.
 
 message.account.verified=Your account has been successfully verified.
 message.logout.success=You logged out successfully

src/test/java/com/digitalsanctuary/spring/user/api/UserApiTest.java

@@ -79,39 +79,37 @@ public void resetPassword() throws Exception {
         AssertionsHelper.compareResponses(actual, excepted);
     }
 
-    /* Temporarily disabled until OAuth2 dependency issue is resolved
-    /**
-     * Tests the update password functionality with valid and invalid password combinations.
-     * 
-     * @param argumentsHolder Contains test data for password updates (valid/invalid scenarios)
-     * @throws Exception if any error occurs during test execution
-     */
-    /*
-    @ParameterizedTest
-    @ArgumentsSource(ApiTestUpdatePasswordArgumentsProvider.class)
-    @Order(3)
-    public void updatePassword(ApiTestArgumentsHolder argumentsHolder) throws Exception {
-        // Register and login test user first
-        login(baseTestUser);
-        
-        PasswordDto passwordDto = argumentsHolder.getPasswordDto();
-        
-        ResultActions action = perform(MockMvcRequestBuilders.post(URL + "/updatePassword")
-                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
-                .content(buildUrlEncodedFormEntity(passwordDto)));
-
-        if (argumentsHolder.getStatus() == DataStatus.VALID) {
-            action.andExpect(status().isOk());
-        }
-        if (argumentsHolder.getStatus() == DataStatus.INVALID) {
-            action.andExpect(status().isBadRequest());
-        }
-
-        MockHttpServletResponse actual = action.andReturn().getResponse();
-        Response expected = argumentsHolder.getResponse();
-        AssertionsHelper.compareResponses(actual, expected);
-    }
-    */
+    // Tests temporarily disabled until OAuth2 dependency issue is resolved
+//    /**
+//     * Tests the update password functionality with valid and invalid password combinations.
+//     *
+//     * @param argumentsHolder Contains test data for password updates (valid/invalid scenarios)
+//     * @throws Exception if any error occurs during test execution
+//     */
+//    @ParameterizedTest
+//    @ArgumentsSource(ApiTestUpdatePasswordArgumentsProvider.class)
+//    @Order(3)
+//    public void updatePassword(ApiTestArgumentsHolder argumentsHolder) throws Exception {
+//        // Register and login test user first
+//        login(baseTestUser);
+//
+//        PasswordDto passwordDto = argumentsHolder.getPasswordDto();
+//
+//        ResultActions action = perform(MockMvcRequestBuilders.post(URL + "/updatePassword")
+//                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+//                .content(buildUrlEncodedFormEntity(passwordDto)));
+//
+//        if (argumentsHolder.getStatus() == DataStatus.VALID) {
+//            action.andExpect(status().isOk());
+//        }
+//        if (argumentsHolder.getStatus() == DataStatus.INVALID) {
+//            action.andExpect(status().isBadRequest());
+//        }
+//
+//        MockHttpServletResponse actual = action.andReturn().getResponse();
+//        Response expected = argumentsHolder.getResponse();
+//        AssertionsHelper.compareResponses(actual, expected);
+//    }
 
 
     protected void login(UserDto userDto) {

src/test/java/com/digitalsanctuary/spring/user/api/data/ApiTestData.java

@@ -73,13 +73,13 @@ public static Response userUpdateSuccess() {
     }
     public static Response passwordUpdateSuccess() {
         return new Response(true, 0, null,
-                new String[]{"Password updated successfully"}, null
+                new String[]{"Your password has been successfully updated."}, null
         );
     }
 
     public static Response passwordUpdateFailry() {
         return new Response(false, 1, null,
-                new String[]{"Invalid Old Password"}, null
+                new String[]{"The old password is incorrect."}, null
         );
     }
     public static Response successDeleteAccount() {

src/test/java/com/digitalsanctuary/spring/user/service/UserServiceTest.java

@@ -104,25 +104,24 @@ void checkIfValidOldPassword_returnTrueIfValid() {
         Assertions.assertTrue(userService.checkIfValidOldPassword(testUser, testUser.getPassword()));
     }
 
-    /* Temporarily disabled until OAuth2 dependency issue is resolved
-    @Test
-    void checkIfValidOldPassword_returnFalseIfInvalid() {
-        when(passwordEncoder.matches(anyString(), anyString())).thenReturn(false);
-        Assertions.assertFalse(userService.checkIfValidOldPassword(testUser, "wrongPassword"));
-    }
-    
-    @Test
-    void changeUserPassword_encodesAndSavesNewPassword() {
-        String newPassword = "newTestPassword";
-        String encodedPassword = "encodedNewPassword";
-        
-        when(passwordEncoder.encode(newPassword)).thenReturn(encodedPassword);
-        when(userRepository.save(any(User.class))).thenReturn(testUser);
-        
-        userService.changeUserPassword(testUser, newPassword);
-        
-        Assertions.assertEquals(encodedPassword, testUser.getPassword());
-    }
-    */
+    // Tests temporarily disabled until OAuth2 dependency issue is resolved
+//    @Test
+//    void checkIfValidOldPassword_returnFalseIfInvalid() {
+//        when(passwordEncoder.matches(anyString(), anyString())).thenReturn(false);
+//        Assertions.assertFalse(userService.checkIfValidOldPassword(testUser, "wrongPassword"));
+//    }
+//
+//    @Test
+//    void changeUserPassword_encodesAndSavesNewPassword() {
+//        String newPassword = "newTestPassword";
+//        String encodedPassword = "encodedNewPassword";
+//
+//        when(passwordEncoder.encode(newPassword)).thenReturn(encodedPassword);
+//        when(userRepository.save(any(User.class))).thenReturn(testUser);
+//
+//        userService.changeUserPassword(testUser, newPassword);
+//
+//        Assertions.assertEquals(encodedPassword, testUser.getPassword());
+//    }
 
 }