From 77c4cfc7772f42639afba858bb77b435acd1e7dc Mon Sep 17 00:00:00 2001 From: Krrish Ghimire Date: Wed, 8 Jul 2026 22:55:22 +0545 Subject: [PATCH] add email verification after account registration --- backend/build.gradle | 1 + .../java/com/krrishg/IndieApplication.java | 2 + .../com/krrishg/config/SchemaMigration.java | 6 + .../krrishg/controller/AuthController.java | 27 +- .../com/krrishg/dto/RegistrationResponse.java | 14 + .../dto/ResendVerificationRequest.java | 16 + .../com/krrishg/dto/SetPasswordRequest.java | 19 + .../com/krrishg/dto/VerifyEmailRequest.java | 14 + .../com/krrishg/dto/VerifyEmailResponse.java | 15 + .../src/main/java/com/krrishg/model/User.java | 10 +- .../com/krrishg/model/VerificationToken.java | 58 +++ .../VerificationTokenRepository.java | 20 + .../java/com/krrishg/service/AuthService.java | 148 ++++++- .../com/krrishg/service/CleanupService.java | 56 +++ .../com/krrishg/service/EmailService.java | 80 ++++ backend/src/main/resources/application.yml | 16 + .../controller/AuthControllerTest.java | 127 +++++- .../test/java/com/krrishg/model/UserTest.java | 1 + .../com/krrishg/service/AuthServiceTest.java | 413 +++++++++++++++++- .../FakeVerificationTokenRepository.java | 56 +++ .../com/krrishg/support/StubEmailService.java | 39 ++ frontend/src/app/app.routes.ts | 4 + .../src/app/auth/login/login.component.ts | 51 ++- .../app/auth/register/register.component.ts | 2 +- .../verify-email/verify-email.component.ts | 226 ++++++++++ .../src/app/core/services/auth.service.ts | 18 +- 26 files changed, 1386 insertions(+), 53 deletions(-) create mode 100644 backend/src/main/java/com/krrishg/dto/RegistrationResponse.java create mode 100644 backend/src/main/java/com/krrishg/dto/ResendVerificationRequest.java create mode 100644 backend/src/main/java/com/krrishg/dto/SetPasswordRequest.java create mode 100644 backend/src/main/java/com/krrishg/dto/VerifyEmailRequest.java create mode 100644 backend/src/main/java/com/krrishg/dto/VerifyEmailResponse.java create mode 100644 backend/src/main/java/com/krrishg/model/VerificationToken.java create mode 100644 backend/src/main/java/com/krrishg/repository/VerificationTokenRepository.java create mode 100644 backend/src/main/java/com/krrishg/service/CleanupService.java create mode 100644 backend/src/main/java/com/krrishg/service/EmailService.java create mode 100644 backend/src/test/java/com/krrishg/support/FakeVerificationTokenRepository.java create mode 100644 backend/src/test/java/com/krrishg/support/StubEmailService.java create mode 100644 frontend/src/app/auth/verify-email/verify-email.component.ts diff --git a/backend/build.gradle b/backend/build.gradle index dfeedec..6010243 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -36,6 +36,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-security' implementation 'org.springframework.boot:spring-boot-starter-validation' implementation 'org.springframework.boot:spring-boot-starter-data-mongodb' + implementation 'org.springframework.boot:spring-boot-starter-mail' implementation "com.bucket4j:bucket4j-core:8.10.1" diff --git a/backend/src/main/java/com/krrishg/IndieApplication.java b/backend/src/main/java/com/krrishg/IndieApplication.java index aab87fa..416e086 100644 --- a/backend/src/main/java/com/krrishg/IndieApplication.java +++ b/backend/src/main/java/com/krrishg/IndieApplication.java @@ -2,8 +2,10 @@ package com.krrishg; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.scheduling.annotation.EnableScheduling; @SpringBootApplication +@EnableScheduling public class IndieApplication { public static void main(String[] args) { diff --git a/backend/src/main/java/com/krrishg/config/SchemaMigration.java b/backend/src/main/java/com/krrishg/config/SchemaMigration.java index 1be7303..6d8b2ab 100644 --- a/backend/src/main/java/com/krrishg/config/SchemaMigration.java +++ b/backend/src/main/java/com/krrishg/config/SchemaMigration.java @@ -40,5 +40,11 @@ public class SchemaMigration { } catch (Exception e) { log.warn("Could not add ssl_email column: {}", e.getMessage()); } + try { + jdbcTemplate.execute("ALTER TABLE users DROP CONSTRAINT IF EXISTS users_provider_check"); + log.info("Dropped provider check constraint from users"); + } catch (Exception e) { + log.warn("Could not drop provider check constraint: {}", e.getMessage()); + } } } diff --git a/backend/src/main/java/com/krrishg/controller/AuthController.java b/backend/src/main/java/com/krrishg/controller/AuthController.java index 369bf80..077a12d 100644 --- a/backend/src/main/java/com/krrishg/controller/AuthController.java +++ b/backend/src/main/java/com/krrishg/controller/AuthController.java @@ -4,6 +4,11 @@ import com.krrishg.dto.AuthResponse; import com.krrishg.dto.LoginRequest; import com.krrishg.dto.RefreshTokenRequest; import com.krrishg.dto.RegisterRequest; +import com.krrishg.dto.RegistrationResponse; +import com.krrishg.dto.ResendVerificationRequest; +import com.krrishg.dto.SetPasswordRequest; +import com.krrishg.dto.VerifyEmailRequest; +import com.krrishg.dto.VerifyEmailResponse; import com.krrishg.service.AuthService; import jakarta.validation.Valid; import org.springframework.http.HttpStatus; @@ -24,8 +29,8 @@ public class AuthController { } @PostMapping("/register") - public ResponseEntity register(@Valid @RequestBody RegisterRequest request) { - AuthResponse response = authService.register(request); + public ResponseEntity register(@Valid @RequestBody RegisterRequest request) { + RegistrationResponse response = authService.register(request); return ResponseEntity.status(HttpStatus.CREATED).body(response); } @@ -45,4 +50,22 @@ public class AuthController { public ResponseEntity logout() { return ResponseEntity.noContent().build(); } + + @PostMapping("/verify-email") + public ResponseEntity verifyEmail(@Valid @RequestBody VerifyEmailRequest request) { + VerifyEmailResponse response = authService.verifyEmail(request); + return ResponseEntity.ok(response); + } + + @PostMapping("/resend-verification") + public ResponseEntity resendVerification(@Valid @RequestBody ResendVerificationRequest request) { + RegistrationResponse response = authService.resendVerification(request); + return ResponseEntity.ok(response); + } + + @PostMapping("/set-password") + public ResponseEntity setPassword(@Valid @RequestBody SetPasswordRequest request) { + authService.setPassword(request); + return ResponseEntity.ok().build(); + } } diff --git a/backend/src/main/java/com/krrishg/dto/RegistrationResponse.java b/backend/src/main/java/com/krrishg/dto/RegistrationResponse.java new file mode 100644 index 0000000..603a1a9 --- /dev/null +++ b/backend/src/main/java/com/krrishg/dto/RegistrationResponse.java @@ -0,0 +1,14 @@ +package com.krrishg.dto; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@NoArgsConstructor +@AllArgsConstructor +@Builder +public class RegistrationResponse { + private String message; +} diff --git a/backend/src/main/java/com/krrishg/dto/ResendVerificationRequest.java b/backend/src/main/java/com/krrishg/dto/ResendVerificationRequest.java new file mode 100644 index 0000000..003d1d3 --- /dev/null +++ b/backend/src/main/java/com/krrishg/dto/ResendVerificationRequest.java @@ -0,0 +1,16 @@ +package com.krrishg.dto; + +import jakarta.validation.constraints.Email; +import jakarta.validation.constraints.NotBlank; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@NoArgsConstructor +@AllArgsConstructor +public class ResendVerificationRequest { + @NotBlank + @Email + private String email; +} diff --git a/backend/src/main/java/com/krrishg/dto/SetPasswordRequest.java b/backend/src/main/java/com/krrishg/dto/SetPasswordRequest.java new file mode 100644 index 0000000..c5c3f5f --- /dev/null +++ b/backend/src/main/java/com/krrishg/dto/SetPasswordRequest.java @@ -0,0 +1,19 @@ +package com.krrishg.dto; + +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.Size; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@NoArgsConstructor +@AllArgsConstructor +public class SetPasswordRequest { + @NotBlank + private String setupToken; + + @NotBlank + @Size(min = 8, max = 100) + private String password; +} diff --git a/backend/src/main/java/com/krrishg/dto/VerifyEmailRequest.java b/backend/src/main/java/com/krrishg/dto/VerifyEmailRequest.java new file mode 100644 index 0000000..0ed4e48 --- /dev/null +++ b/backend/src/main/java/com/krrishg/dto/VerifyEmailRequest.java @@ -0,0 +1,14 @@ +package com.krrishg.dto; + +import jakarta.validation.constraints.NotBlank; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@NoArgsConstructor +@AllArgsConstructor +public class VerifyEmailRequest { + @NotBlank + private String token; +} diff --git a/backend/src/main/java/com/krrishg/dto/VerifyEmailResponse.java b/backend/src/main/java/com/krrishg/dto/VerifyEmailResponse.java new file mode 100644 index 0000000..cb48657 --- /dev/null +++ b/backend/src/main/java/com/krrishg/dto/VerifyEmailResponse.java @@ -0,0 +1,15 @@ +package com.krrishg.dto; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@NoArgsConstructor +@AllArgsConstructor +@Builder +public class VerifyEmailResponse { + private String message; + private String setupToken; +} diff --git a/backend/src/main/java/com/krrishg/model/User.java b/backend/src/main/java/com/krrishg/model/User.java index 17e2e08..54be04d 100644 --- a/backend/src/main/java/com/krrishg/model/User.java +++ b/backend/src/main/java/com/krrishg/model/User.java @@ -39,6 +39,14 @@ public class User { @Builder.Default private boolean emailVerified = false; + @Enumerated(EnumType.STRING) + @Column(name = "provider", nullable = false) + @Builder.Default + private AuthProvider provider = AuthProvider.LOCAL; + + @Column(name = "provider_id") + private String providerId; + @Convert(converter = MapToJsonConverter.class) @Column(name = "llm_api_keys", columnDefinition = "TEXT") private Map llmApiKeys; @@ -58,7 +66,7 @@ public class User { private LocalDateTime updatedAt; @PrePersist - void onCreate() { + public void onCreate() { if (id == null) { id = UUID.randomUUID(); } diff --git a/backend/src/main/java/com/krrishg/model/VerificationToken.java b/backend/src/main/java/com/krrishg/model/VerificationToken.java new file mode 100644 index 0000000..757830b --- /dev/null +++ b/backend/src/main/java/com/krrishg/model/VerificationToken.java @@ -0,0 +1,58 @@ +package com.krrishg.model; + +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.Id; +import jakarta.persistence.PrePersist; +import jakarta.persistence.Table; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.time.LocalDateTime; +import java.util.UUID; + +@Entity +@Table(name = "verification_tokens") +@Data +@NoArgsConstructor +@AllArgsConstructor +@Builder +public class VerificationToken { + + @Id + @Column(name = "id") + private UUID id; + + @Column(name = "user_id", nullable = false) + private UUID userId; + + @Column(name = "token", nullable = false, unique = true) + private String token; + + @Column(name = "setup_token") + private String setupToken; + + @Column(name = "setup_token_used") + @Builder.Default + private boolean setupTokenUsed = false; + + @Column(name = "expiry_date", nullable = false) + private LocalDateTime expiryDate; + + @Column(name = "used") + @Builder.Default + private boolean used = false; + + @Column(name = "created_at", nullable = false, updatable = false) + private LocalDateTime createdAt; + + @PrePersist + public void onCreate() { + if (id == null) { + id = UUID.randomUUID(); + } + createdAt = LocalDateTime.now(); + } +} diff --git a/backend/src/main/java/com/krrishg/repository/VerificationTokenRepository.java b/backend/src/main/java/com/krrishg/repository/VerificationTokenRepository.java new file mode 100644 index 0000000..a3e842e --- /dev/null +++ b/backend/src/main/java/com/krrishg/repository/VerificationTokenRepository.java @@ -0,0 +1,20 @@ +package com.krrishg.repository; + +import com.krrishg.model.VerificationToken; +import org.springframework.data.jpa.repository.JpaRepository; + +import java.time.LocalDateTime; +import java.util.List; +import java.util.Optional; +import java.util.UUID; + +public interface VerificationTokenRepository extends JpaRepository { + + Optional findByToken(String token); + + Optional findBySetupToken(String setupToken); + + void deleteByUserId(UUID userId); + + List findByUsedFalseAndExpiryDateBefore(LocalDateTime now); +} diff --git a/backend/src/main/java/com/krrishg/service/AuthService.java b/backend/src/main/java/com/krrishg/service/AuthService.java index 88b0d6b..f253335 100644 --- a/backend/src/main/java/com/krrishg/service/AuthService.java +++ b/backend/src/main/java/com/krrishg/service/AuthService.java @@ -4,31 +4,67 @@ import com.krrishg.config.TokenService; import com.krrishg.dto.AuthResponse; import com.krrishg.dto.LoginRequest; import com.krrishg.dto.RefreshTokenRequest; +import com.krrishg.dto.RegistrationResponse; import com.krrishg.dto.RegisterRequest; +import com.krrishg.dto.ResendVerificationRequest; +import com.krrishg.dto.SetPasswordRequest; +import com.krrishg.dto.VerifyEmailRequest; +import com.krrishg.dto.VerifyEmailResponse; import com.krrishg.model.User; +import com.krrishg.model.VerificationToken; import com.krrishg.repository.UserRepository; +import com.krrishg.repository.VerificationTokenRepository; import io.jsonwebtoken.Claims; -import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.annotation.Value; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import java.time.LocalDateTime; +import java.util.Optional; import java.util.UUID; @Service -@RequiredArgsConstructor public class AuthService { private final UserRepository userRepository; private final PasswordEncoder passwordEncoder; private final TokenService jwtConfig; + private final VerificationTokenRepository verificationTokenRepository; + private final EmailService emailService; + private final int tokenExpirationMinutes; + + public AuthService(UserRepository userRepository, + PasswordEncoder passwordEncoder, + TokenService jwtConfig, + VerificationTokenRepository verificationTokenRepository, + EmailService emailService, + @Value("${indie.app.verification-token-expiration-minutes}") int tokenExpirationMinutes) { + this.userRepository = userRepository; + this.passwordEncoder = passwordEncoder; + this.jwtConfig = jwtConfig; + this.verificationTokenRepository = verificationTokenRepository; + this.emailService = emailService; + this.tokenExpirationMinutes = tokenExpirationMinutes; + } @Transactional - public AuthResponse register(RegisterRequest request) { + public RegistrationResponse register(RegisterRequest request) { String email = request.getEmail().toLowerCase().strip(); - if (userRepository.existsByEmail(email)) { - throw new IllegalArgumentException("Email already registered"); + Optional existingUser = userRepository.findByEmail(email); + + if (existingUser.isPresent()) { + if (existingUser.get().isEmailVerified()) { + return new RegistrationResponse("If this email is available, a verification link has been sent."); + } + + User user = existingUser.get(); + verificationTokenRepository.deleteByUserId(user.getId()); + VerificationToken token = createVerificationToken(user.getId()); + verificationTokenRepository.save(token); + emailService.sendVerificationEmail(user.getEmail(), user.getName(), token.getToken()); + return new RegistrationResponse("If this email is available, a verification link has been sent."); } User user = User.builder() @@ -39,7 +75,12 @@ public class AuthService { .build(); user = userRepository.save(user); - return generateAuthResponse(user); + + VerificationToken token = createVerificationToken(user.getId()); + verificationTokenRepository.save(token); + emailService.sendVerificationEmail(user.getEmail(), user.getName(), token.getToken()); + + return new RegistrationResponse("If this email is available, a verification link has been sent."); } public AuthResponse login(LoginRequest request) { @@ -51,9 +92,95 @@ public class AuthService { throw new IllegalArgumentException("Invalid email or password"); } + if (!user.isEmailVerified()) { + throw new IllegalArgumentException("Please verify your email address before logging in"); + } + return generateAuthResponse(user); } + @Transactional + public VerifyEmailResponse verifyEmail(VerifyEmailRequest request) { + VerificationToken token = verificationTokenRepository.findByToken(request.getToken()) + .orElseThrow(() -> new IllegalArgumentException("Invalid verification token")); + + if (token.isUsed()) { + throw new IllegalArgumentException("Verification token has already been used"); + } + + if (token.getExpiryDate().isBefore(LocalDateTime.now())) { + throw new IllegalArgumentException("Verification token has expired"); + } + + User user = userRepository.findById(token.getUserId()) + .orElseThrow(() -> new IllegalArgumentException("User not found")); + + user.setEmailVerified(true); + userRepository.save(user); + + token.setUsed(true); + String setupToken = UUID.randomUUID().toString(); + token.setSetupToken(setupToken); + token.setSetupTokenUsed(false); + verificationTokenRepository.save(token); + + return VerifyEmailResponse.builder() + .message("Email verified successfully") + .setupToken(setupToken) + .build(); + } + + @Transactional + public RegistrationResponse resendVerification(ResendVerificationRequest request) { + String email = request.getEmail().toLowerCase().strip(); + + Optional existingUser = userRepository.findByEmail(email); + + if (existingUser.isEmpty()) { + return new RegistrationResponse("If this email is available, a verification link has been sent."); + } + + User user = existingUser.get(); + + if (user.isEmailVerified()) { + return new RegistrationResponse("If this email is available, a verification link has been sent."); + } + + verificationTokenRepository.deleteByUserId(user.getId()); + VerificationToken token = createVerificationToken(user.getId()); + verificationTokenRepository.save(token); + emailService.sendVerificationEmail(user.getEmail(), user.getName(), token.getToken()); + + return new RegistrationResponse("If this email is available, a verification link has been sent."); + } + + @Transactional + public void setPassword(SetPasswordRequest request) { + VerificationToken token = verificationTokenRepository.findBySetupToken(request.getSetupToken()) + .orElseThrow(() -> new IllegalArgumentException("Invalid setup token")); + + if (!token.isUsed()) { + throw new IllegalArgumentException("Email must be verified first"); + } + + if (token.isSetupTokenUsed()) { + throw new IllegalArgumentException("Setup token has already been used"); + } + + if (token.getExpiryDate().isBefore(LocalDateTime.now())) { + throw new IllegalArgumentException("Setup token has expired"); + } + + User user = userRepository.findById(token.getUserId()) + .orElseThrow(() -> new IllegalArgumentException("User not found")); + + user.setPassword(passwordEncoder.encode(request.getPassword())); + userRepository.save(user); + + token.setSetupTokenUsed(true); + verificationTokenRepository.save(token); + } + public AuthResponse refreshToken(RefreshTokenRequest request) { try { Claims claims = jwtConfig.validateToken(request.getRefreshToken()); @@ -68,6 +195,15 @@ public class AuthService { } } + private VerificationToken createVerificationToken(UUID userId) { + return VerificationToken.builder() + .userId(userId) + .token(UUID.randomUUID().toString()) + .expiryDate(LocalDateTime.now().plusMinutes(tokenExpirationMinutes)) + .used(false) + .build(); + } + private AuthResponse generateAuthResponse(User user) { String accessToken = jwtConfig.generateAccessToken(user); String refreshToken = jwtConfig.generateRefreshToken(user); diff --git a/backend/src/main/java/com/krrishg/service/CleanupService.java b/backend/src/main/java/com/krrishg/service/CleanupService.java new file mode 100644 index 0000000..b8bf985 --- /dev/null +++ b/backend/src/main/java/com/krrishg/service/CleanupService.java @@ -0,0 +1,56 @@ +package com.krrishg.service; + +import com.krrishg.model.VerificationToken; +import com.krrishg.repository.UserRepository; +import com.krrishg.repository.VerificationTokenRepository; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.scheduling.annotation.Scheduled; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.time.LocalDateTime; +import java.util.List; +import java.util.UUID; +import java.util.stream.Collectors; + +@Service +public class CleanupService { + + private static final Logger log = LoggerFactory.getLogger(CleanupService.class); + + private final UserRepository userRepository; + private final VerificationTokenRepository verificationTokenRepository; + + public CleanupService(UserRepository userRepository, + VerificationTokenRepository verificationTokenRepository) { + this.userRepository = userRepository; + this.verificationTokenRepository = verificationTokenRepository; + } + + @Scheduled(cron = "0 0 */6 * * ?") + @Transactional + public void cleanupStaleUnverifiedAccounts() { + LocalDateTime cutoff = LocalDateTime.now().minusHours(24); + List staleTokens = verificationTokenRepository + .findByUsedFalseAndExpiryDateBefore(cutoff); + + if (staleTokens.isEmpty()) { + return; + } + + List userIds = staleTokens.stream() + .map(VerificationToken::getUserId) + .collect(Collectors.toList()); + + for (UUID userId : userIds) { + userRepository.findById(userId).ifPresent(user -> { + if (!user.isEmailVerified()) { + userRepository.delete(user); + verificationTokenRepository.deleteByUserId(userId); + log.info("Cleaned up unverified account: {} ({})", user.getEmail(), userId); + } + }); + } + } +} diff --git a/backend/src/main/java/com/krrishg/service/EmailService.java b/backend/src/main/java/com/krrishg/service/EmailService.java new file mode 100644 index 0000000..7c0caca --- /dev/null +++ b/backend/src/main/java/com/krrishg/service/EmailService.java @@ -0,0 +1,80 @@ +package com.krrishg.service; + +import jakarta.mail.MessagingException; +import jakarta.mail.internet.MimeMessage; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.mail.javamail.JavaMailSender; +import org.springframework.mail.javamail.MimeMessageHelper; +import org.springframework.stereotype.Service; + +@Service +public class EmailService { + + private static final Logger log = LoggerFactory.getLogger(EmailService.class); + + private final JavaMailSender mailSender; + private final String baseUrl; + + public EmailService(JavaMailSender mailSender, + @Value("${indie.app.base-url}") String baseUrl) { + this.mailSender = mailSender; + this.baseUrl = baseUrl; + } + + public void sendVerificationEmail(String to, String name, String token) { + String link = baseUrl + "/verify-email?token=" + token; + String subject = "Verify your Indie account"; + String html = """ + + + + + + +
+ + + + +
+

Indie

+
+

Hi %s,

+

+ Someone created an account with this email address. If this was you, click the button below to verify your email and set your password. +

+ + +
+ Verify Email Address +
+

This link expires in 24 hours.

+

If you didn't create this account, you can safely ignore this email.

+
+

Indie Platform

+
+
+ + + """.formatted(name, link); + + sendHtml(to, subject, html); + } + + private void sendHtml(String to, String subject, String html) { + try { + MimeMessage message = mailSender.createMimeMessage(); + MimeMessageHelper helper = new MimeMessageHelper(message, true, "UTF-8"); + helper.setTo(to); + helper.setSubject(subject); + helper.setText(html, true); + mailSender.send(message); + log.info("Verification email sent to {}", to); + } catch (MessagingException e) { + log.error("Failed to send verification email to {}", to, e); + throw new RuntimeException("Failed to send verification email", e); + } + } +} diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index c3a17bd..5cbf099 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -26,6 +26,18 @@ spring: show-sql: true open-in-view: false + mail: + host: ${EMAIL_HOST:localhost} + port: ${EMAIL_PORT:1025} + username: ${EMAIL_USERNAME:} + password: ${EMAIL_PASSWORD:} + properties: + mail: + smtp: + auth: ${EMAIL_SMTP_AUTH:true} + starttls: + enable: ${EMAIL_SMTP_STARTTLS:true} + springdoc: api-docs: path: /api-docs @@ -57,6 +69,10 @@ indie: encryption: master-key-path: ${INDIE_ENCRYPTION_KEY_PATH:config/encryption.key} + app: + base-url: ${INDIE_APP_BASE_URL:http://localhost:4200} + verification-token-expiration-minutes: ${INDIE_VERIFICATION_TOKEN_EXPIRATION:1440} + llm: rate-limit: max-requests-per-hour: ${INDIE_LLM_RATE_LIMIT:10} diff --git a/backend/src/test/java/com/krrishg/controller/AuthControllerTest.java b/backend/src/test/java/com/krrishg/controller/AuthControllerTest.java index 3521b53..e017f1a 100644 --- a/backend/src/test/java/com/krrishg/controller/AuthControllerTest.java +++ b/backend/src/test/java/com/krrishg/controller/AuthControllerTest.java @@ -6,6 +6,11 @@ import com.krrishg.dto.AuthResponse.UserInfo; import com.krrishg.dto.LoginRequest; import com.krrishg.dto.RefreshTokenRequest; import com.krrishg.dto.RegisterRequest; +import com.krrishg.dto.RegistrationResponse; +import com.krrishg.dto.ResendVerificationRequest; +import com.krrishg.dto.SetPasswordRequest; +import com.krrishg.dto.VerifyEmailRequest; +import com.krrishg.dto.VerifyEmailResponse; import com.krrishg.service.AuthService; import com.krrishg.support.TestSecurityConfig; import com.fasterxml.jackson.databind.ObjectMapper; @@ -20,6 +25,7 @@ import org.springframework.test.web.servlet.MockMvc; import java.util.UUID; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; @@ -40,14 +46,9 @@ class AuthControllerTest { } @Test - void registerReturns201() throws Exception { - AuthResponse response = AuthResponse.builder() - .accessToken("at-123") - .refreshToken("rt-456") - .tokenType("Bearer") - .user(new UserInfo(UUID.randomUUID(), "test@example.com", "Test", null)) - .build(); - when(authService.register(any(RegisterRequest.class))).thenReturn(response); + void registerReturns201WithMessage() throws Exception { + when(authService.register(any(RegisterRequest.class))) + .thenReturn(new RegistrationResponse("If this email is available, a verification link has been sent.")); RegisterRequest request = new RegisterRequest(); request.setEmail("test@example.com"); @@ -58,10 +59,7 @@ class AuthControllerTest { .contentType(MediaType.APPLICATION_JSON) .content(objectMapper.writeValueAsString(request))) .andExpect(status().isCreated()) - .andExpect(jsonPath("$.accessToken").value("at-123")) - .andExpect(jsonPath("$.refreshToken").value("rt-456")) - .andExpect(jsonPath("$.tokenType").value("Bearer")) - .andExpect(jsonPath("$.user.email").value("test@example.com")); + .andExpect(jsonPath("$.message").value("If this email is available, a verification link has been sent.")); } @Test @@ -112,6 +110,22 @@ class AuthControllerTest { .andExpect(jsonPath("$.detail").value("Invalid email or password")); } + @Test + void loginReturns400OnUnverifiedEmail() throws Exception { + when(authService.login(any(LoginRequest.class))) + .thenThrow(new IllegalArgumentException("Please verify your email address before logging in")); + + LoginRequest request = new LoginRequest(); + request.setEmail("unverified@example.com"); + request.setPassword("password123"); + + mockMvc.perform(post("/api/auth/login") + .contentType(MediaType.APPLICATION_JSON) + .content(objectMapper.writeValueAsString(request))) + .andExpect(status().isBadRequest()) + .andExpect(jsonPath("$.detail").value("Please verify your email address before logging in")); + } + @Test void refreshReturns200() throws Exception { AuthResponse response = AuthResponse.builder() @@ -137,4 +151,93 @@ class AuthControllerTest { mockMvc.perform(post("/api/auth/logout")) .andExpect(status().isNoContent()); } + + @Test + void verifyEmailReturns200() throws Exception { + when(authService.verifyEmail(any(VerifyEmailRequest.class))) + .thenReturn(new VerifyEmailResponse("Email verified successfully", "setup-token-123")); + + VerifyEmailRequest request = new VerifyEmailRequest(); + request.setToken("valid-token"); + + mockMvc.perform(post("/api/auth/verify-email") + .contentType(MediaType.APPLICATION_JSON) + .content(objectMapper.writeValueAsString(request))) + .andExpect(status().isOk()) + .andExpect(jsonPath("$.message").value("Email verified successfully")) + .andExpect(jsonPath("$.setupToken").value("setup-token-123")); + } + + @Test + void verifyEmailReturns400OnInvalidToken() throws Exception { + when(authService.verifyEmail(any(VerifyEmailRequest.class))) + .thenThrow(new IllegalArgumentException("Invalid verification token")); + + VerifyEmailRequest request = new VerifyEmailRequest(); + request.setToken("bad-token"); + + mockMvc.perform(post("/api/auth/verify-email") + .contentType(MediaType.APPLICATION_JSON) + .content(objectMapper.writeValueAsString(request))) + .andExpect(status().isBadRequest()) + .andExpect(jsonPath("$.detail").value("Invalid verification token")); + } + + @Test + void verifyEmailReturns400OnExpiredToken() throws Exception { + when(authService.verifyEmail(any(VerifyEmailRequest.class))) + .thenThrow(new IllegalArgumentException("Verification token has expired")); + + VerifyEmailRequest request = new VerifyEmailRequest(); + request.setToken("expired-token"); + + mockMvc.perform(post("/api/auth/verify-email") + .contentType(MediaType.APPLICATION_JSON) + .content(objectMapper.writeValueAsString(request))) + .andExpect(status().isBadRequest()) + .andExpect(jsonPath("$.detail").value("Verification token has expired")); + } + + @Test + void resendVerificationReturns200() throws Exception { + when(authService.resendVerification(any(ResendVerificationRequest.class))) + .thenReturn(new RegistrationResponse("If this email is available, a verification link has been sent.")); + + ResendVerificationRequest request = new ResendVerificationRequest(); + request.setEmail("user@example.com"); + + mockMvc.perform(post("/api/auth/resend-verification") + .contentType(MediaType.APPLICATION_JSON) + .content(objectMapper.writeValueAsString(request))) + .andExpect(status().isOk()) + .andExpect(jsonPath("$.message").value("If this email is available, a verification link has been sent.")); + } + + @Test + void setPasswordReturns200() throws Exception { + SetPasswordRequest request = new SetPasswordRequest(); + request.setSetupToken("setup-token-123"); + request.setPassword("new-password"); + + mockMvc.perform(post("/api/auth/set-password") + .contentType(MediaType.APPLICATION_JSON) + .content(objectMapper.writeValueAsString(request))) + .andExpect(status().isOk()); + } + + @Test + void setPasswordReturns400OnInvalidToken() throws Exception { + doThrow(new IllegalArgumentException("Invalid setup token")) + .when(authService).setPassword(any(SetPasswordRequest.class)); + + SetPasswordRequest request = new SetPasswordRequest(); + request.setSetupToken("bad-token"); + request.setPassword("new-password"); + + mockMvc.perform(post("/api/auth/set-password") + .contentType(MediaType.APPLICATION_JSON) + .content(objectMapper.writeValueAsString(request))) + .andExpect(status().isBadRequest()) + .andExpect(jsonPath("$.detail").value("Invalid setup token")); + } } diff --git a/backend/src/test/java/com/krrishg/model/UserTest.java b/backend/src/test/java/com/krrishg/model/UserTest.java index cb7d29e..b916555 100644 --- a/backend/src/test/java/com/krrishg/model/UserTest.java +++ b/backend/src/test/java/com/krrishg/model/UserTest.java @@ -63,5 +63,6 @@ class UserTest { .build(); assertFalse(user.isEmailVerified()); + assertEquals(AuthProvider.LOCAL, user.getProvider()); } } diff --git a/backend/src/test/java/com/krrishg/service/AuthServiceTest.java b/backend/src/test/java/com/krrishg/service/AuthServiceTest.java index 6a14859..96b00f5 100644 --- a/backend/src/test/java/com/krrishg/service/AuthServiceTest.java +++ b/backend/src/test/java/com/krrishg/service/AuthServiceTest.java @@ -4,58 +4,110 @@ import com.krrishg.dto.AuthResponse; import com.krrishg.dto.LoginRequest; import com.krrishg.dto.RefreshTokenRequest; import com.krrishg.dto.RegisterRequest; +import com.krrishg.dto.RegistrationResponse; +import com.krrishg.dto.ResendVerificationRequest; +import com.krrishg.dto.SetPasswordRequest; +import com.krrishg.dto.VerifyEmailRequest; +import com.krrishg.dto.VerifyEmailResponse; import com.krrishg.model.User; +import com.krrishg.model.VerificationToken; import com.krrishg.support.FakeJwtConfig; import com.krrishg.support.FakeUserRepository; +import com.krrishg.support.FakeVerificationTokenRepository; +import com.krrishg.support.StubEmailService; import com.krrishg.support.StubPasswordEncoder; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import java.time.LocalDateTime; + import static org.junit.jupiter.api.Assertions.*; class AuthServiceTest { private FakeUserRepository userRepository; + private FakeVerificationTokenRepository tokenRepository; + private StubEmailService emailService; private AuthService authService; @BeforeEach void setUp() { userRepository = new FakeUserRepository(); - authService = new AuthService(userRepository, new StubPasswordEncoder(), new FakeJwtConfig()); + tokenRepository = new FakeVerificationTokenRepository(); + emailService = new StubEmailService(); + authService = new AuthService(userRepository, new StubPasswordEncoder(), + new FakeJwtConfig(), tokenRepository, emailService, 1440); } @Test - void registerCreatesUserAndReturnsTokens() { + void registerCreatesUserAndSendsVerification() { RegisterRequest request = new RegisterRequest(); request.setEmail("new@example.com"); request.setPassword("password123"); request.setName("New User"); - AuthResponse response = authService.register(request); + RegistrationResponse response = authService.register(request); - assertNotNull(response.getAccessToken()); - assertNotNull(response.getRefreshToken()); - assertEquals("Bearer", response.getTokenType()); - assertEquals("new@example.com", response.getUser().getEmail()); - assertEquals("New User", response.getUser().getName()); + assertEquals("If this email is available, a verification link has been sent.", response.getMessage()); + assertTrue(userRepository.findByEmail("new@example.com").isPresent()); + assertFalse(userRepository.findByEmail("new@example.com").get().isEmailVerified()); } @Test - void registerThrowsOnDuplicateEmail() { + void registerSendsVerificationEmail() { RegisterRequest request = new RegisterRequest(); - request.setEmail("dup@example.com"); + request.setEmail("emailtest@example.com"); request.setPassword("password123"); - request.setName("User"); + request.setName("Email Test"); + authService.register(request); - RegisterRequest duplicate = new RegisterRequest(); - duplicate.setEmail("dup@example.com"); - duplicate.setPassword("password456"); - duplicate.setName("Other"); + assertEquals("emailtest@example.com", emailService.getLastTo()); + assertNotNull(emailService.getLastToken()); + assertEquals(1, emailService.getSendCount()); + } - IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, - () -> authService.register(duplicate)); - assertEquals("Email already registered", ex.getMessage()); + @Test + void registerReturnsGenericMessageForExistingVerifiedEmail() { + User user = User.builder() + .email("verified@example.com") + .name("Verified") + .emailVerified(true) + .build(); + user.onCreate(); + userRepository.save(user); + + RegisterRequest request = new RegisterRequest(); + request.setEmail("verified@example.com"); + request.setPassword("password123"); + request.setName("Should Not Matter"); + + RegistrationResponse response = authService.register(request); + + assertEquals("If this email is available, a verification link has been sent.", response.getMessage()); + assertEquals(0, emailService.getSendCount()); + } + + @Test + void registerResendsForExistingUnverifiedEmail() { + User user = User.builder() + .email("unverified@example.com") + .name("Unverified") + .emailVerified(false) + .build(); + user.onCreate(); + userRepository.save(user); + + RegisterRequest request = new RegisterRequest(); + request.setEmail("unverified@example.com"); + request.setPassword("newpassword"); + request.setName("New Name"); + + RegistrationResponse response = authService.register(request); + + assertEquals("If this email is available, a verification link has been sent.", response.getMessage()); + assertEquals(1, emailService.getSendCount()); + assertEquals("unverified@example.com", emailService.getLastTo()); } @Test @@ -65,19 +117,23 @@ class AuthServiceTest { request.setPassword("password123"); request.setName("User"); - AuthResponse response = authService.register(request); + authService.register(request); - assertEquals("uppercase@example.com", response.getUser().getEmail()); + assertTrue(userRepository.findByEmail("uppercase@example.com").isPresent()); } @Test - void loginWithValidCredentialsReturnsTokens() { + void loginWithValidCredentialsAndVerifiedEmailReturnsTokens() { RegisterRequest reg = new RegisterRequest(); reg.setEmail("login@example.com"); reg.setPassword("password123"); reg.setName("Login User"); authService.register(reg); + User user = userRepository.findByEmail("login@example.com").get(); + user.setEmailVerified(true); + userRepository.save(user); + LoginRequest login = new LoginRequest(); login.setEmail("login@example.com"); login.setPassword("password123"); @@ -89,6 +145,23 @@ class AuthServiceTest { assertEquals("login@example.com", response.getUser().getEmail()); } + @Test + void loginThrowsWhenEmailNotVerified() { + RegisterRequest reg = new RegisterRequest(); + reg.setEmail("unverified@example.com"); + reg.setPassword("password123"); + reg.setName("Unverified"); + authService.register(reg); + + LoginRequest login = new LoginRequest(); + login.setEmail("unverified@example.com"); + login.setPassword("password123"); + + IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, + () -> authService.login(login)); + assertEquals("Please verify your email address before logging in", ex.getMessage()); + } + @Test void loginThrowsOnWrongPassword() { RegisterRequest reg = new RegisterRequest(); @@ -97,6 +170,10 @@ class AuthServiceTest { reg.setName("User"); authService.register(reg); + User user = userRepository.findByEmail("wrongpw@example.com").get(); + user.setEmailVerified(true); + userRepository.save(user); + LoginRequest login = new LoginRequest(); login.setEmail("wrongpw@example.com"); login.setPassword("wrongpw"); @@ -117,16 +194,305 @@ class AuthServiceTest { assertEquals("Invalid email or password", ex.getMessage()); } + @Test + void verifyEmailMarksUserVerifiedAndReturnsSetupToken() { + User user = User.builder() + .email("verify@example.com") + .name("Verify") + .password("encoded") + .emailVerified(false) + .build(); + user.onCreate(); + userRepository.save(user); + + VerificationToken token = VerificationToken.builder() + .userId(user.getId()) + .token("valid-token-123") + .expiryDate(LocalDateTime.now().plusHours(24)) + .used(false) + .build(); + token.onCreate(); + tokenRepository.save(token); + + VerifyEmailRequest request = new VerifyEmailRequest(); + request.setToken("valid-token-123"); + + VerifyEmailResponse response = authService.verifyEmail(request); + + assertEquals("Email verified successfully", response.getMessage()); + assertNotNull(response.getSetupToken()); + + User updatedUser = userRepository.findById(user.getId()).get(); + assertTrue(updatedUser.isEmailVerified()); + } + + @Test + void verifyEmailThrowsForInvalidToken() { + VerifyEmailRequest request = new VerifyEmailRequest(); + request.setToken("nonexistent-token"); + + IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, + () -> authService.verifyEmail(request)); + assertEquals("Invalid verification token", ex.getMessage()); + } + + @Test + void verifyEmailThrowsForUsedToken() { + User user = User.builder() + .email("usedtoken@example.com") + .name("Used") + .emailVerified(false) + .build(); + user.onCreate(); + userRepository.save(user); + + VerificationToken token = VerificationToken.builder() + .userId(user.getId()) + .token("used-token") + .expiryDate(LocalDateTime.now().plusHours(24)) + .used(true) + .build(); + token.onCreate(); + tokenRepository.save(token); + + VerifyEmailRequest request = new VerifyEmailRequest(); + request.setToken("used-token"); + + IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, + () -> authService.verifyEmail(request)); + assertEquals("Verification token has already been used", ex.getMessage()); + } + + @Test + void verifyEmailThrowsForExpiredToken() { + User user = User.builder() + .email("expired@example.com") + .name("Expired") + .emailVerified(false) + .build(); + user.onCreate(); + userRepository.save(user); + + VerificationToken token = VerificationToken.builder() + .userId(user.getId()) + .token("expired-token") + .expiryDate(LocalDateTime.now().minusHours(1)) + .used(false) + .build(); + token.onCreate(); + tokenRepository.save(token); + + VerifyEmailRequest request = new VerifyEmailRequest(); + request.setToken("expired-token"); + + IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, + () -> authService.verifyEmail(request)); + assertEquals("Verification token has expired", ex.getMessage()); + } + + @Test + void setPasswordUpdatesPassword() { + User user = User.builder() + .email("setpw@example.com") + .name("SetPw") + .password("old-encoded") + .emailVerified(true) + .build(); + user.onCreate(); + userRepository.save(user); + + VerificationToken token = VerificationToken.builder() + .userId(user.getId()) + .token("verify-token") + .setupToken("setup-token-123") + .setupTokenUsed(false) + .expiryDate(LocalDateTime.now().plusHours(24)) + .used(true) + .build(); + token.onCreate(); + tokenRepository.save(token); + + SetPasswordRequest request = new SetPasswordRequest(); + request.setSetupToken("setup-token-123"); + request.setPassword("new-password"); + + authService.setPassword(request); + + User updatedUser = userRepository.findById(user.getId()).get(); + assertTrue(updatedUser.getPassword().contains("new-password")); + + VerificationToken updatedToken = tokenRepository.findByToken("verify-token").get(); + assertTrue(updatedToken.isSetupTokenUsed()); + } + + @Test + void setPasswordThrowsForInvalidSetupToken() { + SetPasswordRequest request = new SetPasswordRequest(); + request.setSetupToken("invalid-setup-token"); + request.setPassword("new-password"); + + IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, + () -> authService.setPassword(request)); + assertEquals("Invalid setup token", ex.getMessage()); + } + + @Test + void setPasswordThrowsWhenEmailNotVerifiedFirst() { + User user = User.builder() + .email("notverified@example.com") + .name("NotVerified") + .emailVerified(false) + .build(); + user.onCreate(); + userRepository.save(user); + + VerificationToken token = VerificationToken.builder() + .userId(user.getId()) + .token("unused-verify-token") + .setupToken("setup-token-bad") + .setupTokenUsed(false) + .expiryDate(LocalDateTime.now().plusHours(24)) + .used(false) + .build(); + token.onCreate(); + tokenRepository.save(token); + + SetPasswordRequest request = new SetPasswordRequest(); + request.setSetupToken("setup-token-bad"); + request.setPassword("new-password"); + + IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, + () -> authService.setPassword(request)); + assertEquals("Email must be verified first", ex.getMessage()); + } + + @Test + void setPasswordThrowsForAlreadyUsedSetupToken() { + User user = User.builder() + .email("alreadyset@example.com") + .name("AlreadySet") + .emailVerified(true) + .build(); + user.onCreate(); + userRepository.save(user); + + VerificationToken token = VerificationToken.builder() + .userId(user.getId()) + .token("used-verify-token") + .setupToken("already-used-setup") + .setupTokenUsed(true) + .expiryDate(LocalDateTime.now().plusHours(24)) + .used(true) + .build(); + token.onCreate(); + tokenRepository.save(token); + + SetPasswordRequest request = new SetPasswordRequest(); + request.setSetupToken("already-used-setup"); + request.setPassword("new-password"); + + IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, + () -> authService.setPassword(request)); + assertEquals("Setup token has already been used", ex.getMessage()); + } + + @Test + void setPasswordThrowsForExpiredSetupToken() { + User user = User.builder() + .email("expiredsetup@example.com") + .name("ExpiredSetup") + .emailVerified(true) + .build(); + user.onCreate(); + userRepository.save(user); + + VerificationToken token = VerificationToken.builder() + .userId(user.getId()) + .token("expired-verify-token") + .setupToken("expired-setup-token") + .setupTokenUsed(false) + .expiryDate(LocalDateTime.now().minusHours(1)) + .used(true) + .build(); + token.onCreate(); + tokenRepository.save(token); + + SetPasswordRequest request = new SetPasswordRequest(); + request.setSetupToken("expired-setup-token"); + request.setPassword("new-password"); + + IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, + () -> authService.setPassword(request)); + assertEquals("Setup token has expired", ex.getMessage()); + } + + @Test + void resendVerificationSendsNewToken() { + User user = User.builder() + .email("resend@example.com") + .name("Resend") + .emailVerified(false) + .build(); + user.onCreate(); + userRepository.save(user); + + ResendVerificationRequest request = new ResendVerificationRequest(); + request.setEmail("resend@example.com"); + + RegistrationResponse response = authService.resendVerification(request); + + assertEquals("If this email is available, a verification link has been sent.", response.getMessage()); + assertEquals(1, emailService.getSendCount()); + assertEquals("resend@example.com", emailService.getLastTo()); + } + + @Test + void resendVerificationReturnsGenericForNonExistentEmail() { + ResendVerificationRequest request = new ResendVerificationRequest(); + request.setEmail("nonexistent@example.com"); + + RegistrationResponse response = authService.resendVerification(request); + + assertEquals("If this email is available, a verification link has been sent.", response.getMessage()); + assertEquals(0, emailService.getSendCount()); + } + + @Test + void resendVerificationReturnsGenericForAlreadyVerifiedEmail() { + User user = User.builder() + .email("alreadyverified@example.com") + .name("AlreadyVerified") + .emailVerified(true) + .build(); + user.onCreate(); + userRepository.save(user); + + ResendVerificationRequest request = new ResendVerificationRequest(); + request.setEmail("alreadyverified@example.com"); + + RegistrationResponse response = authService.resendVerification(request); + + assertEquals("If this email is available, a verification link has been sent.", response.getMessage()); + assertEquals(0, emailService.getSendCount()); + } + @Test void refreshTokenReturnsNewTokens() { RegisterRequest reg = new RegisterRequest(); reg.setEmail("refresh@example.com"); reg.setPassword("password123"); reg.setName("Refresh User"); - AuthResponse initial = authService.register(reg); + authService.register(reg); + + User user = userRepository.findByEmail("refresh@example.com").get(); + user.setEmailVerified(true); + userRepository.save(user); + + FakeJwtConfig jwtConfig = new FakeJwtConfig(); + String token = jwtConfig.generateRefreshToken(user); RefreshTokenRequest refreshRequest = new RefreshTokenRequest(); - refreshRequest.setRefreshToken(initial.getRefreshToken()); + refreshRequest.setRefreshToken(token); AuthResponse response = authService.refreshToken(refreshRequest); @@ -151,6 +517,7 @@ class AuthServiceTest { .email("deleted@example.com") .name("Deleted") .build(); + user.onCreate(); userRepository.save(user); FakeJwtConfig jwtConfig = new FakeJwtConfig(); diff --git a/backend/src/test/java/com/krrishg/support/FakeVerificationTokenRepository.java b/backend/src/test/java/com/krrishg/support/FakeVerificationTokenRepository.java new file mode 100644 index 0000000..44df57c --- /dev/null +++ b/backend/src/test/java/com/krrishg/support/FakeVerificationTokenRepository.java @@ -0,0 +1,56 @@ +package com.krrishg.support; + +import com.krrishg.model.VerificationToken; +import com.krrishg.repository.VerificationTokenRepository; + +import java.time.LocalDateTime; +import java.util.List; +import java.util.Optional; +import java.util.UUID; +import java.util.stream.Collectors; + +public class FakeVerificationTokenRepository extends InMemoryRepository implements VerificationTokenRepository { + + @Override + protected UUID getId(VerificationToken entity) { + return entity.getId(); + } + + @Override + protected VerificationToken setId(VerificationToken entity, UUID id) { + entity.setId(id); + return entity; + } + + @Override + protected UUID generateId() { + return UUID.randomUUID(); + } + + @Override + public Optional findByToken(String token) { + return store.values().stream() + .filter(t -> t.getToken().equals(token)) + .findFirst(); + } + + @Override + public Optional findBySetupToken(String setupToken) { + return store.values().stream() + .filter(t -> setupToken.equals(t.getSetupToken())) + .findFirst(); + } + + @Override + public void deleteByUserId(UUID userId) { + store.values().removeIf(t -> t.getUserId().equals(userId)); + } + + @Override + public List findByUsedFalseAndExpiryDateBefore(LocalDateTime now) { + return store.values().stream() + .filter(t -> !t.isUsed()) + .filter(t -> t.getExpiryDate().isBefore(now)) + .collect(Collectors.toList()); + } +} diff --git a/backend/src/test/java/com/krrishg/support/StubEmailService.java b/backend/src/test/java/com/krrishg/support/StubEmailService.java new file mode 100644 index 0000000..2f2ec72 --- /dev/null +++ b/backend/src/test/java/com/krrishg/support/StubEmailService.java @@ -0,0 +1,39 @@ +package com.krrishg.support; + +import com.krrishg.service.EmailService; + +public class StubEmailService extends EmailService { + + private String lastTo; + private String lastToken; + private int sendCount; + + public StubEmailService() { + super(null, "http://localhost:4200"); + } + + @Override + public void sendVerificationEmail(String to, String name, String token) { + this.lastTo = to; + this.lastToken = token; + this.sendCount++; + } + + public String getLastTo() { + return lastTo; + } + + public String getLastToken() { + return lastToken; + } + + public int getSendCount() { + return sendCount; + } + + public void reset() { + lastTo = null; + lastToken = null; + sendCount = 0; + } +} diff --git a/frontend/src/app/app.routes.ts b/frontend/src/app/app.routes.ts index 9a627db..be970ae 100644 --- a/frontend/src/app/app.routes.ts +++ b/frontend/src/app/app.routes.ts @@ -9,6 +9,10 @@ export const routes: Routes = [ loadComponent: () => import('./auth/login/login.component').then(m => m.LoginComponent), canActivate: [LoginGuard], }, + { + path: 'verify-email', + loadComponent: () => import('./auth/verify-email/verify-email.component').then(m => m.VerifyEmailComponent), + }, { path: 'register', loadComponent: () => import('./auth/register/register.component').then(m => m.RegisterComponent), diff --git a/frontend/src/app/auth/login/login.component.ts b/frontend/src/app/auth/login/login.component.ts index c4d54c2..149e328 100644 --- a/frontend/src/app/auth/login/login.component.ts +++ b/frontend/src/app/auth/login/login.component.ts @@ -1,5 +1,5 @@ -import { Component } from '@angular/core'; -import { Router, RouterLink } from '@angular/router'; +import { Component, OnInit } from '@angular/core'; +import { Router, ActivatedRoute, RouterLink } from '@angular/router'; import { FormBuilder, ReactiveFormsModule, Validators } from '@angular/forms'; import { MatCardModule } from '@angular/material/card'; import { MatFormFieldModule } from '@angular/material/form-field'; @@ -25,6 +25,10 @@ import { NgIf } from '@angular/common';

Sign in to your account

+
+ Your account is ready. Please sign in. +
+
Email @@ -41,6 +45,13 @@ import { NgIf } from '@angular/common';
{{ error }}
+
+ + Resend verification email + +
{{ resendMessage }}
+
+ + + Back to login + + +
+ +

Verifying your email...

+
+ +
+
+

Email verified!

+

Your email has been verified. Now set your password to activate your account.

+ +
+ +
+

Set your password

+ + + New Password + + Password is required + At least 8 characters + + + + Confirm Password + + Please confirm your password + Passwords do not match + + +
{{ passwordError }}
+ + + +
+ +
+
+

{{ errorTitle }}

+

{{ errorMessage }}

+ + + + Create a new account + Back to login +
+ + + `, +}) +export class VerifyEmailComponent implements OnInit { + state: PageState = 'check-email'; + email = ''; + errorTitle = ''; + errorMessage = ''; + showResend = false; + resendMessage = ''; + resendError = ''; + resending = false; + + private setupToken = ''; + passwordLoading = false; + passwordError = ''; + + passwordForm = this.fb.group({ + password: ['', [Validators.required, Validators.minLength(8)]], + confirmPassword: ['', Validators.required], + }, { validators: this.passwordsMatch }); + + constructor( + private route: ActivatedRoute, + private router: Router, + private authService: AuthService, + private fb: FormBuilder, + ) {} + + ngOnInit(): void { + this.route.queryParams.subscribe(params => { + const token = params['token']; + const email = params['email']; + + if (token) { + this.verify(token); + } else if (email) { + this.email = email; + this.state = 'check-email'; + } else { + this.state = 'check-email'; + } + }); + } + + private verify(token: string): void { + this.state = 'verifying'; + this.authService.verifyEmail(token).subscribe({ + next: (res) => { + if (res.setupToken) { + this.setupToken = res.setupToken; + this.state = 'verified'; + } else { + this.state = 'verified'; + } + }, + error: (err) => { + const msg = err.error?.detail || err.error?.message || 'Verification failed'; + if (msg.toLowerCase().includes('expired')) { + this.errorTitle = 'Link expired'; + this.errorMessage = 'This verification link has expired. Request a new one.'; + this.showResend = true; + } else if (msg.toLowerCase().includes('already been used')) { + this.errorTitle = 'Already verified'; + this.errorMessage = 'This link has already been used. Your email may already be verified. Try logging in.'; + this.showResend = false; + } else { + this.errorTitle = 'Verification failed'; + this.errorMessage = msg; + this.showResend = true; + } + this.state = 'error'; + }, + }); + } + + resend(): void { + if (!this.email) { + const token = this.route.snapshot.queryParams['token']; + this.authService.verifyEmail(token).subscribe({ + next: () => {}, + error: (err) => { + this.email = err.error?.email || ''; + }, + }); + return; + } + + this.resending = true; + this.resendMessage = ''; + this.resendError = ''; + this.authService.resendVerification(this.email).subscribe({ + next: () => { + this.resendMessage = 'Verification email resent. Please check your inbox.'; + this.resending = false; + this.state = 'check-email'; + }, + error: () => { + this.resendError = 'Failed to resend. Please try again later.'; + this.resending = false; + }, + }); + } + + onSetPassword(): void { + if (this.passwordForm.invalid) return; + this.passwordLoading = true; + this.passwordError = ''; + + this.authService.setPassword(this.setupToken, this.passwordForm.value.password!).subscribe({ + next: () => { + this.router.navigate(['/login'], { queryParams: { verified: 'true' } }); + }, + error: (err) => { + this.passwordError = err.error?.detail || err.error?.message || 'Failed to set password'; + this.passwordLoading = false; + }, + }); + } + + private passwordsMatch(group: any): { mismatch: boolean } | null { + const password = group.get('password')?.value; + const confirm = group.get('confirmPassword')?.value; + return password === confirm ? null : { mismatch: true }; + } +} diff --git a/frontend/src/app/core/services/auth.service.ts b/frontend/src/app/core/services/auth.service.ts index 16a00e0..2eb2778 100644 --- a/frontend/src/app/core/services/auth.service.ts +++ b/frontend/src/app/core/services/auth.service.ts @@ -14,9 +14,8 @@ export class AuthService { constructor(private http: HttpClient) {} - register(name: string, email: string, password: string): Observable { - return this.http.post('/api/auth/register', { name, email, password }) - .pipe(tap(res => this.setSession(res))); + register(name: string, email: string, password: string): Observable<{ message: string }> { + return this.http.post<{ message: string }>('/api/auth/register', { name, email, password }); } login(email: string, password: string): Observable { @@ -34,6 +33,18 @@ export class AuthService { .pipe(tap(() => this.clearSession())); } + verifyEmail(token: string): Observable<{ message: string; setupToken?: string }> { + return this.http.post<{ message: string; setupToken?: string }>('/api/auth/verify-email', { token }); + } + + resendVerification(email: string): Observable<{ message: string }> { + return this.http.post<{ message: string }>('/api/auth/resend-verification', { email }); + } + + setPassword(setupToken: string, password: string): Observable { + return this.http.post('/api/auth/set-password', { setupToken, password }); + } + getAccessToken(): string | null { return localStorage.getItem(this.ACCESS_TOKEN_KEY); } @@ -72,5 +83,4 @@ export class AuthService { const data = localStorage.getItem(this.USER_KEY); return data ? JSON.parse(data) : null; } - }