fix reset password view

2024-10-22 22:30:08 -04:00 · 2024-10-22 22:30:08 -04:00 · 3ddacfc771
commit 3ddacfc771
parent 292825d1a8
2 changed files with 13 additions and 13 deletions
--- a/src/main/java/com/primefactorsolutions/service/AccountService.java
+++ b/src/main/java/com/primefactorsolutions/service/AccountService.java
@ -6,8 +6,6 @@ import com.auth0.jwt.exceptions.JWTCreationException;
 import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.auth0.jwt.interfaces.JWTVerifier;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.primefactorsolutions.model.Employee;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@ -16,14 +14,12 @@ import org.springframework.stereotype.Service;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Map;
@Service
@Slf4j
 public class AccountService {
    private final EmailService emailService;
    private final EmployeeService employeeService;
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final String secret;
    public AccountService(final EmailService emailService, final EmployeeService employeeService,
@ -56,14 +52,16 @@ public class AccountService {
                    .build();
            decodedJWT = verifier.verify(token);
-            final Map<String, ?> payload = (Map<String, ?>) objectMapper.readValue(decodedJWT.getPayload(), Map.class);
+            final Instant expiry = decodedJWT.getExpiresAtAsInstant();
            final String claim = decodedJWT.getClaim("username").asString();
-            if (Instant.parse((String) payload.get("expire")).isBefore(Instant.now())
+            if (expiry.isBefore(Instant.now())
-                    || !username.equals(payload.get("username"))) {
+                    || !username.equals(claim)) {
-                log.warn("token invalid {} {} {}", username, payload.get("username"), payload.get("expire"));
+                log.warn("token invalid {} {} {}", username, claim, expiry);
                return;
            }
-        } catch (JWTVerificationException | JsonProcessingException e) {
+        } catch (JWTVerificationException e) {
            log.warn("error updating password", e);
            return;
        }
@ -79,6 +77,8 @@ public class AccountService {
        }
        employeeService.updatePassword(employee, newPassword);
        log.info("updated password for {}", username);
    }
    private String createResetPasswordLink(final String username) {
@ -88,10 +88,10 @@ public class AccountService {
            Algorithm algorithm = Algorithm.HMAC512(secret);
            token = JWT.create()
                    .withIssuer("pfs")
-                    .withPayload(objectMapper.writeValueAsString(Map.of("username", username,
+                    .withClaim("username", username)
-                            "expire", Instant.now().plus(1, ChronoUnit.HOURS).toString())))
+                    .withExpiresAt(Instant.now().plus(1, ChronoUnit.HOURS))
                    .sign(algorithm);
-        } catch (JWTCreationException | JsonProcessingException e) {
+        } catch (JWTCreationException e) {
            throw new RuntimeException(e);
        }
--- a/src/main/java/com/primefactorsolutions/service/EmployeeService.java
+++ b/src/main/java/com/primefactorsolutions/service/EmployeeService.java
@ -18,7 +18,7 @@ import java.util.Collections;
@Service
@AllArgsConstructor
 public class EmployeeService {
-    private static final String USERPASSWORD = "userpassword";
+    private static final String USERPASSWORD = "userPassword";
    private static final String OBJECTCLASS = "objectclass";
    private static final String ORGANIZATIONAL_PERSON = "organizationalPerson";
    private static final String INET_ORG_PERSON = "inetOrgPerson";