Merge pull request #11 from hokkung/hok/change-password

change password

src/main/java/com/leo/user/common/exception/InvalidValueException.java

@@ -0,0 +1,8 @@
+package com.leo.user.common.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(code = HttpStatus.BAD_REQUEST)
+public class InvalidValueException extends IllegalArgumentException {
+}

src/main/java/com/leo/user/config/JpaAuditConfig.java → src/main/java/com/leo/user/config/JpaConfig.java

@@ -2,8 +2,10 @@
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
+import org.springframework.transaction.annotation.EnableTransactionManagement;
 
 @Configuration
 @EnableJpaAuditing
-public class JpaAuditConfig {
+@EnableTransactionManagement
+public class JpaConfig {
 }

src/main/java/com/leo/user/config/SecurityConfig.java

@@ -71,7 +71,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                     auth.requestMatchers("api/v1/auth/**").permitAll();
                     auth.anyRequest().authenticated();
                 })
-                .oauth2ResourceServer(configure -> configure.jwt(Customizer.withDefaults()))
+                .oauth2ResourceServer(configure -> {
+                    configure.jwt(Customizer.withDefaults());
+                })
                 .sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
         return http.build();

src/main/java/com/leo/user/controller/user/UserController.java

@@ -3,13 +3,17 @@
 import com.leo.user.common.exception.EntityNotFoundException;
 import com.leo.user.domain.user.User;
 import com.leo.user.mapper.user.UserMapper;
+import com.leo.user.model.auth.ChangePasswordRequest;
 import com.leo.user.model.user.CreateOrUpdateUserForm;
 import com.leo.user.model.user.UserDto;
 import com.leo.user.service.user.UserCrudService;
+import com.leo.user.service.user.UserService;
 import lombok.Setter;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
+import java.security.Principal;
 import java.util.Optional;
 
 @RestController
@@ -20,6 +24,9 @@ public class UserController {
     @Autowired
     private UserCrudService userCrudService;
 
+    @Autowired
+    private UserService userService;
+
     @GetMapping("/{id}")
     public UserDto get(@PathVariable long id) {
         Optional<User> optionalUser = userCrudService.get(id);
@@ -47,4 +54,10 @@ public UserDto update(@PathVariable long id, @RequestBody CreateOrUpdateUserForm
         User user = userCrudService.update(id, form);
         return UserMapper.INSTANCE.toUserDTO(user);
     }
+
+    @PostMapping("/change-password")
+    public ResponseEntity<?> changePassword(@RequestBody ChangePasswordRequest request, Principal user) {
+        userService.changePassword(request, user);
+        return ResponseEntity.ok().build();
+    }
 }

src/main/java/com/leo/user/model/auth/ChangePasswordRequest.java

@@ -0,0 +1,6 @@
+package com.leo.user.model.auth;
+
+public record ChangePasswordRequest(
+        String currentPassword,
+        String newPassword
+) {}

src/main/java/com/leo/user/service/user/UserService.java

@@ -2,10 +2,14 @@
 
 import com.leo.user.controller.user.UserFilter;
 import com.leo.user.domain.user.User;
+import com.leo.user.model.auth.ChangePasswordRequest;
 
+import java.security.Principal;
 import java.util.List;
 
 public interface UserService {
     List<User> getUsers();
     List<User> getUsers(UserFilter filter);
+
+    void changePassword(ChangePasswordRequest request, Principal user);
 }

src/main/java/com/leo/user/service/user/UserServiceImpl.java

@@ -1,16 +1,23 @@
 package com.leo.user.service.user;
 
+import com.leo.user.common.exception.EntityNotFoundException;
+import com.leo.user.common.exception.InvalidValueException;
 import com.leo.user.controller.user.UserFilter;
 import com.leo.user.domain.user.User;
+import com.leo.user.model.auth.ChangePasswordRequest;
 import com.leo.user.repository.user.UserRepository;
 import lombok.Setter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 
+import java.security.Principal;
 import java.util.List;
+import java.util.Optional;
 
 
 @Setter
@@ -20,6 +27,9 @@ public class UserServiceImpl implements UserService, UserDetailsService {
     @Autowired
     private UserRepository userRepository;
 
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+
     @Override
     public List<User> getUsers() {
         return userRepository.findAll();
@@ -30,6 +40,22 @@ public List<User> getUsers(UserFilter filter) {
         return userRepository.findByNameFirstName(filter.getFirstName());
     }
 
+    @Transactional
+    @Override
+    public void changePassword(ChangePasswordRequest request, Principal principal) {
+        Optional<User> opUser = userRepository.findByEmail(principal.getName());
+        if (opUser.isEmpty()) {
+            throw new EntityNotFoundException();
+        }
+
+        User user = opUser.get();
+        if (!passwordEncoder.matches(request.currentPassword(), user.getPassword())) {
+            throw new InvalidValueException();
+        }
+
+        user.setPassword(passwordEncoder.encode(request.newPassword()));
+    }
+
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         return  userRepository.findByEmail(username).orElseThrow();