NIAEFEUP · jamcunha · Feb 20, 2023 · Feb 20, 2023 · Feb 28, 2023 · May 3, 2023
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AccountController.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AccountController.kt
@@ -1,5 +1,6 @@
 package pt.up.fe.ni.website.backend.controller
 
+import jakarta.validation.Valid
 import org.springframework.validation.annotation.Validated
 import org.springframework.web.bind.annotation.DeleteMapping
 import org.springframework.web.bind.annotation.GetMapping
@@ -13,7 +14,7 @@ import org.springframework.web.bind.annotation.RequestPart
 import org.springframework.web.bind.annotation.RestController
 import org.springframework.web.multipart.MultipartFile
 import pt.up.fe.ni.website.backend.dto.auth.ChangePasswordDto
-import pt.up.fe.ni.website.backend.dto.auth.PassRecoveryDto
+import pt.up.fe.ni.website.backend.dto.auth.PasswordRecoveryDto
 import pt.up.fe.ni.website.backend.dto.entity.account.CreateAccountDto
 import pt.up.fe.ni.website.backend.dto.entity.account.UpdateAccountDto
 import pt.up.fe.ni.website.backend.model.Account
@@ -31,11 +32,19 @@ class AccountController(private val service: AccountService) {
     fun getAccountById(@PathVariable id: Long) = service.getAccountById(id)
 
     @PutMapping("/recoverPassword/{recoveryToken}")
-    fun recoverPassword(@RequestBody dto: PassRecoveryDto, @PathVariable recoveryToken: String) =
+    fun recoverPassword(
+        @Valid @RequestBody
+        dto: PasswordRecoveryDto,
+        @PathVariable recoveryToken: String
+    ) =
         service.recoverPassword(recoveryToken, dto)
 
     @PostMapping("/changePassword/{id}")
-    fun changePassword(@PathVariable id: Long, @RequestBody dto: ChangePasswordDto): Map<String, String> {
+    fun changePassword(
+        @Valid @RequestBody
+        dto: ChangePasswordDto,
+        @PathVariable id: Long
+    ): Map<String, String> {
         service.changePassword(id, dto)
         return emptyMap()
     }

diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt
@@ -16,8 +16,8 @@ import pt.up.fe.ni.website.backend.service.AuthService
 @RestController
 @RequestMapping("/auth")
 class AuthController(val authService: AuthService) {
-    @field:Value("\${backend.url}")
-    private lateinit var backendUrl: String
+    @field:Value("\${page.recover-password}")
+    private lateinit var recoverPasswordPage: String
 
     @PostMapping("/new")
     fun getNewToken(@RequestBody loginDto: LoginDto): Map<String, String> {
@@ -36,8 +36,8 @@ class AuthController(val authService: AuthService) {
     @PostMapping("/recoverPassword/{id}")
     fun generateRecoveryToken(@PathVariable id: Long): Map<String, String> {
         val recoveryToken = authService.generateRecoveryToken(id)
-        // TODO: Change URL Later
-        return mapOf("recovery_url" to "$backendUrl/accounts/recoverPassword/$recoveryToken")
+        // TODO: Change to email service
+        return mapOf("recovery_url" to "$recoverPasswordPage/$recoveryToken")
     }
 
     @GetMapping

diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/dto/auth/ChangePasswordDto.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/dto/auth/ChangePasswordDto.kt
@@ -1,6 +1,12 @@
 package pt.up.fe.ni.website.backend.dto.auth
 
+import jakarta.validation.constraints.Size
+import pt.up.fe.ni.website.backend.model.constants.AccountConstants as Constants
+
 data class ChangePasswordDto(
+    @field:Size(min = Constants.Password.minSize, max = Constants.Password.maxSize)
     val oldPassword: String,
+
+    @field:Size(min = Constants.Password.minSize, max = Constants.Password.maxSize)
     val newPassword: String
 )
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/dto/auth/PassRecoveryDto.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/dto/auth/PassRecoveryDto.kt
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/dto/auth/PasswordRecoveryDto.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/dto/auth/PasswordRecoveryDto.kt
@@ -0,0 +1,9 @@
+package pt.up.fe.ni.website.backend.dto.auth
+
+import jakarta.validation.constraints.Size
+import pt.up.fe.ni.website.backend.model.constants.AccountConstants as Constants
+
+data class PasswordRecoveryDto(
+    @field:Size(min = Constants.Password.minSize, max = Constants.Password.maxSize)
+    val password: String
+)
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/service/AccountService.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/service/AccountService.kt
@@ -9,7 +9,7 @@ import org.springframework.security.oauth2.server.resource.InvalidBearerTokenExc
 import org.springframework.stereotype.Service
 import org.springframework.web.multipart.MultipartFile
 import pt.up.fe.ni.website.backend.dto.auth.ChangePasswordDto
-import pt.up.fe.ni.website.backend.dto.auth.PassRecoveryDto
+import pt.up.fe.ni.website.backend.dto.auth.PasswordRecoveryDto
 import pt.up.fe.ni.website.backend.dto.entity.account.CreateAccountDto
 import pt.up.fe.ni.website.backend.dto.entity.account.UpdateAccountDto
 import pt.up.fe.ni.website.backend.model.Account
@@ -70,7 +70,7 @@ class AccountService(
     fun getAccountByEmail(email: String): Account = repository.findByEmail(email)
         ?: throw NoSuchElementException(ErrorMessages.emailNotFound(email))
 
-    fun recoverPassword(recoveryToken: String, dto: PassRecoveryDto): Account {
+    fun recoverPassword(recoveryToken: String, dto: PasswordRecoveryDto): Account {
         val jwt =
             try {
                 jwtDecoder.decode(recoveryToken)

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -37,8 +37,9 @@ upload.static-path=classpath:static
 # URL that will serve static content
 upload.static-serve=http://localhost:3000/static
 
-# Backend URL
-backend.url=http://localhost:8080
+# Recover password page
+# (for now it's the backend endpoint as we don't have the front end page yet)
+page.recover-password=http://localhost:8080/accounts/recoverPassword
 
 # Cors Origin
 cors.allow-origin = http://localhost:3000
diff --git a/src/test/kotlin/pt/up/fe/ni/website/backend/controller/AccountControllerTest.kt b/src/test/kotlin/pt/up/fe/ni/website/backend/controller/AccountControllerTest.kt
@@ -619,6 +619,57 @@ class AccountControllerTest @Autowired constructor(
                     hasRequestPayload = true
                 )
         }
+
+        @NestedTest
+        @DisplayName("Input Validation")
+        inner class InputValidation {
+            private val validationTester = ValidationTester(
+                req = { params: Map<String, Any?> ->
+                    mockMvc.perform(
+                        post("/accounts/changePassword/${changePasswordAccount.id}")
+                            .contentType(MediaType.APPLICATION_JSON)
+                            .content(objectMapper.writeValueAsString(params))
+                    )
+                        .andDocumentErrorResponse(documentation, hasRequestPayload = true)
+                },
+                requiredFields = mapOf(
+                    "oldPassword" to password,
+                    "newPassword" to "test_password2"
+                )
+            )
+
+            @NestedTest
+            @DisplayName("oldPassword")
+            inner class OldPasswordValidation {
+                @BeforeAll
+                fun setParam() {
+                    validationTester.param = "oldPassword"
+                }
+
+                @Test
+                fun `should be required`() = validationTester.isRequired()
+
+                @Test
+                @DisplayName("size should be between ${Constants.Password.minSize} and ${Constants.Password.maxSize}()")
+                fun size() = validationTester.hasSizeBetween(Constants.Password.minSize, Constants.Password.maxSize)
+            }
+
+            @NestedTest
+            @DisplayName("newPassword")
+            inner class NewPasswordValidation {
+                @BeforeAll
+                fun setParam() {
+                    validationTester.param = "newPassword"
+                }
+
+                @Test
+                fun `should be required`() = validationTester.isRequired()
+
+                @Test
+                @DisplayName("size should be between ${Constants.Password.minSize} and ${Constants.Password.maxSize}()")
+                fun size() = validationTester.hasSizeBetween(Constants.Password.minSize, Constants.Password.maxSize)
+            }
+        }
     }
 
     @NestedTest
@@ -908,8 +959,8 @@ class AccountControllerTest @Autowired constructor(
     @NestedTest
     @DisplayName("PUT /recoverPassword/{recoveryToken}")
     inner class RecoverPassword {
-        @field:Value("\${backend.url}")
-        private lateinit var backendUrl: String
+        @field:Value("\${page.recover-password}")
+        private lateinit var recoverPasswordPage: String
 
         private val newPassword = "new-password"
 
@@ -934,7 +985,7 @@ class AccountControllerTest @Autowired constructor(
             mockMvc.perform(post("/auth/recoverPassword/${testAccount.id}"))
                 .andReturn().response.let { authResponse ->
                     val recoveryToken = objectMapper.readTree(authResponse.contentAsString)["recovery_url"].asText()
-                        .removePrefix("$backendUrl/accounts/recoverPassword/")
+                        .removePrefix("$recoverPasswordPage/")
                     mockMvc.perform(
                         put("/accounts/recoverPassword/{recoveryToken}", recoveryToken)
                             .contentType(MediaType.APPLICATION_JSON)
@@ -956,6 +1007,15 @@ class AccountControllerTest @Autowired constructor(
                         documentRequestPayload = true
                     )
                 }
+            mockMvc.post("/auth/new") {
+                contentType = MediaType.APPLICATION_JSON
+                content = objectMapper.writeValueAsString(
+                    mapOf(
+                        "email" to testAccount.email,
+                        "password" to newPassword
+                    )
+                )
+            }.andExpect { status { isOk() } }
         }
 
         @Test
@@ -980,6 +1040,40 @@ class AccountControllerTest @Autowired constructor(
                 hasRequestPayload = true
             )
         }
+
+        @NestedTest
+        @DisplayName("Input Validation")
+        inner class InputValidation {
+            private val validationTester = ValidationTester(
+                req = { params: Map<String, Any?> ->
+                    mockMvc.perform(
+                        put("/accounts/recoverPassword/random-token")
+                            .contentType(MediaType.APPLICATION_JSON)
+                            .content(objectMapper.writeValueAsString(params))
+                    )
+                        .andDocumentErrorResponse(documentation, hasRequestPayload = true)
+                },
+                requiredFields = mapOf(
+                    "password" to "new-password"
+                )
+            )
+
+            @NestedTest
+            @DisplayName("password")
+            inner class PasswordValidation {
+                @BeforeAll
+                fun setParam() {
+                    validationTester.param = "password"
+                }
+
+                @Test
+                fun `should be required`() = validationTester.isRequired()
+
+                @Test
+                @DisplayName("size should be between ${Constants.Password.minSize} and ${Constants.Password.maxSize}()")
+                fun size() = validationTester.hasSizeBetween(Constants.Password.minSize, Constants.Password.maxSize)
+            }
+        }
     }
 
     fun Date?.toJson(): String {