Refine login error handling and adjust Google signup flow

2026-03-03 18:40:46 +08:00 · 2025-07-15 11:06:33 +08:00
parent f65df582f6
commit abb6c98df7
6 changed files with 87 additions and 43 deletions
--- a/src/main/java/com/openisle/controller/AuthController.java
+++ b/src/main/java/com/openisle/controller/AuthController.java
@@ -72,12 +72,24 @@ public class AuthController {
        if (captchaEnabled && loginCaptchaEnabled && !captchaService.verify(req.getCaptcha())) {
            return ResponseEntity.badRequest().body(Map.of("error", "Invalid captcha"));
        }
-        Optional<User> user = userService.authenticate(req.getUsername(), req.getPassword());
-        if (user.isPresent()) {
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
-        } else {
-            return ResponseEntity.badRequest().body(Map.of("error", "Invalid credentials or user not verified"));
+        Optional<User> userOpt = userService.findByUsername(req.getUsername());
+        if (userOpt.isEmpty() || !userService.matchesPassword(userOpt.get(), req.getPassword())) {
+            return ResponseEntity.badRequest().body(Map.of(
+                    "error", "Invalid credentials",
+                    "reason_code", "INVALID_CREDENTIALS"));
        }
+        User user = userOpt.get();
+        if (!user.isVerified()) {
+            return ResponseEntity.badRequest().body(Map.of(
+                    "error", "User not verified",
+                    "reason_code", "NOT_VERIFIED"));
+        }
+        if (!user.isApproved()) {
+            return ResponseEntity.badRequest().body(Map.of(
+                    "error", "Register reason not approved",
+                    "reason_code", "NOT_APPROVED"));
+        }
+        return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.getUsername())));
    }

    @PostMapping("/google")
--- a/src/main/java/com/openisle/service/UserService.java
+++ b/src/main/java/com/openisle/service/UserService.java
@@ -94,6 +94,10 @@ public class UserService {
                .filter(user -> passwordEncoder.matches(password, user.getPassword()));
    }

+    public boolean matchesPassword(User user, String rawPassword) {
+        return passwordEncoder.matches(rawPassword, user.getPassword());
+    }
+
    public Optional<User> findByUsername(String username) {
        return userRepository.findByUsername(username);
    }
--- a/src/test/java/com/openisle/controller/AuthControllerTest.java
+++ b/src/test/java/com/openisle/controller/AuthControllerTest.java
@@ -73,7 +73,8 @@ class AuthControllerTest {
    void loginReturnsToken() throws Exception {
        User user = new User();
        user.setUsername("u");
-        Mockito.when(userService.authenticate("u", "p")).thenReturn(Optional.of(user));
+        Mockito.when(userService.findByUsername("u")).thenReturn(Optional.of(user));
+        Mockito.when(userService.matchesPassword(user, "p")).thenReturn(true);
        Mockito.when(jwtService.generateToken("u")).thenReturn("token");

        mockMvc.perform(post("/api/auth/login")
@@ -85,12 +86,12 @@ class AuthControllerTest {

    @Test
    void loginFails() throws Exception {
-        Mockito.when(userService.authenticate("u", "bad")).thenReturn(Optional.empty());
+        Mockito.when(userService.findByUsername("u")).thenReturn(Optional.empty());

        mockMvc.perform(post("/api/auth/login")
                        .contentType(MediaType.APPLICATION_JSON)
                        .content("{\"username\":\"u\",\"password\":\"bad\"}"))
                .andExpect(status().isBadRequest())
-                .andExpect(jsonPath("$.error").value("Invalid credentials or user not verified"));
+                .andExpect(jsonPath("$.reason_code").value("INVALID_CREDENTIALS"));
    }
 }