diff --git a/app/backend/src/main/java/com/app/gamereview/controller/AuthController.java b/app/backend/src/main/java/com/app/gamereview/controller/AuthController.java index e0d90f42..35dc9150 100644 --- a/app/backend/src/main/java/com/app/gamereview/controller/AuthController.java +++ b/app/backend/src/main/java/com/app/gamereview/controller/AuthController.java @@ -3,6 +3,7 @@ import com.app.gamereview.dto.request.LoginUserRequestDto; import com.app.gamereview.dto.request.ChangeUserPasswordRequestDto; import com.app.gamereview.dto.request.RegisterUserRequestDto; +import com.app.gamereview.dto.request.VerifyResetCodeRequestDto; import com.app.gamereview.dto.response.LoginUserResponseDto; import com.app.gamereview.model.ResetCode; import com.app.gamereview.model.User; @@ -10,12 +11,14 @@ import com.app.gamereview.service.AuthService; import com.app.gamereview.service.EmailService; import com.app.gamereview.service.UserService; +import com.app.gamereview.util.JwtUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import java.util.Date; +import java.util.Optional; import java.util.UUID; @RestController @@ -72,6 +75,32 @@ public ResponseEntity forgotPassword(@RequestParam String email) { return ResponseEntity.ok("Reset code sent successfully"); } + + @PostMapping("/verify-reset-code") + public ResponseEntity verifyResetCode(@RequestBody VerifyResetCodeRequestDto request) { + Optional resetCodeOptional = resetCodeRepository.findByCode(request.getResetCode()); + if (resetCodeOptional.isEmpty() || resetCodeOptional.get().getExpirationDate().before(new Date())) { + // Invalid or expired reset code + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid or expired reset code"); + } + + ResetCode resetCode = resetCodeOptional.get(); + + // Check if the reset code matches the user + String userEmail = userService.getUserById(resetCode.getUserId()).getEmail(); + if (!userEmail.equals(request.getUserEmail())) { + // Reset code does not match the user + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(userEmail+ " " + request.getUserEmail()); + } + + // Reset code is valid, generate a JWT token for the user + String token = JwtUtil.generateToken(userService.getUserById(resetCode.getUserId()).getEmail()); + + // Clear the reset code after generating the token + resetCodeRepository.deleteByUserId(resetCode.getUserId()); + + return ResponseEntity.ok(token); + } private String generateResetCode(String userId) { // Check if a reset code exists for the user ResetCode existingResetCode = resetCodeRepository.findByUserId(userId); diff --git a/app/backend/src/main/java/com/app/gamereview/dto/request/VerifyResetCodeRequestDto.java b/app/backend/src/main/java/com/app/gamereview/dto/request/VerifyResetCodeRequestDto.java new file mode 100644 index 00000000..f084be5d --- /dev/null +++ b/app/backend/src/main/java/com/app/gamereview/dto/request/VerifyResetCodeRequestDto.java @@ -0,0 +1,12 @@ +package com.app.gamereview.dto.request; + +import lombok.Getter; + +@Getter +public class VerifyResetCodeRequestDto { + + private String resetCode; + + private String userEmail; + +} \ No newline at end of file diff --git a/app/backend/src/main/java/com/app/gamereview/repository/ResetCodeRepository.java b/app/backend/src/main/java/com/app/gamereview/repository/ResetCodeRepository.java index e6e4ece4..efb18f45 100644 --- a/app/backend/src/main/java/com/app/gamereview/repository/ResetCodeRepository.java +++ b/app/backend/src/main/java/com/app/gamereview/repository/ResetCodeRepository.java @@ -3,8 +3,10 @@ import com.app.gamereview.model.ResetCode; import org.springframework.data.mongodb.repository.MongoRepository; +import java.util.Optional; + public interface ResetCodeRepository extends MongoRepository { ResetCode findByUserId(String userId); - ResetCode findByCode(String code); + Optional findByCode(String code); void deleteByUserId(String userId); } \ No newline at end of file