fix reset password view

src/main/java/com/primefactorsolutions/service/AccountService.java

@@ -6,8 +6,6 @@ import com.auth0.jwt.exceptions.JWTCreationException;
 import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.auth0.jwt.interfaces.JWTVerifier;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.primefactorsolutions.model.Employee;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@@ -16,14 +14,12 @@ import org.springframework.stereotype.Service;
 
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
-import java.util.Map;
 
 @Service
 @Slf4j
 public class AccountService {
     private final EmailService emailService;
     private final EmployeeService employeeService;
-    private final ObjectMapper objectMapper = new ObjectMapper();
     private final String secret;
 
     public AccountService(final EmailService emailService, final EmployeeService employeeService,
@@ -56,14 +52,16 @@ public class AccountService {
                     .build();
 
             decodedJWT = verifier.verify(token);
-            final Map<String, ?> payload = (Map<String, ?>) objectMapper.readValue(decodedJWT.getPayload(), Map.class);
+            final Instant expiry = decodedJWT.getExpiresAtAsInstant();
+            final String claim = decodedJWT.getClaim("username").asString();
 
-            if (Instant.parse((String) payload.get("expire")).isBefore(Instant.now())
+            if (expiry.isBefore(Instant.now())
-                    || !username.equals(payload.get("username"))) {
+                    || !username.equals(claim)) {
-                log.warn("token invalid {} {} {}", username, payload.get("username"), payload.get("expire"));
+                log.warn("token invalid {} {} {}", username, claim, expiry);
                 return;
             }
-        } catch (JWTVerificationException | JsonProcessingException e) {
+        } catch (JWTVerificationException e) {
+            log.warn("error updating password", e);
             return;
         }
 
@@ -79,6 +77,8 @@ public class AccountService {
         }
 
         employeeService.updatePassword(employee, newPassword);
+
+        log.info("updated password for {}", username);
     }
 
     private String createResetPasswordLink(final String username) {
@@ -88,10 +88,10 @@ public class AccountService {
             Algorithm algorithm = Algorithm.HMAC512(secret);
             token = JWT.create()
                     .withIssuer("pfs")
-                    .withPayload(objectMapper.writeValueAsString(Map.of("username", username,
+                    .withClaim("username", username)
-                            "expire", Instant.now().plus(1, ChronoUnit.HOURS).toString())))
+                    .withExpiresAt(Instant.now().plus(1, ChronoUnit.HOURS))
                     .sign(algorithm);
-        } catch (JWTCreationException | JsonProcessingException e) {
+        } catch (JWTCreationException e) {
             throw new RuntimeException(e);
         }
 

src/main/java/com/primefactorsolutions/service/EmployeeService.java

@@ -18,7 +18,7 @@ import java.util.Collections;
 @Service
 @AllArgsConstructor
 public class EmployeeService {
-    private static final String USERPASSWORD = "userpassword";
+    private static final String USERPASSWORD = "userPassword";
     private static final String OBJECTCLASS = "objectclass";
     private static final String ORGANIZATIONAL_PERSON = "organizationalPerson";
     private static final String INET_ORG_PERSON = "inetOrgPerson";