Package org.ntnu.idi.idatt2106.sparesti.sparestibackend.service

Class ChangePasswordRequestService

java.lang.Object

org.ntnu.idi.idatt2106.sparesti.sparestibackend.service.ChangePasswordRequestService

@Service
public class ChangePasswordRequestService
extends Object

Service for managing password change requests and related operations, such as sending password reset emails and updating user passwords. This service validates requests, manages email interactions, and ensures user authentication changes are handled securely.

Author:

L.M.L Nilsen

Constructor Summary

Constructors

Constructor	Description
ChangePasswordRequestService()

Method Summary

Modifier and Type	Method	Description
static boolean	isLessThan24HoursAgo(LocalDateTime dateTime)	Checked if the given LocalDateTime is less than 24 hours ago.
void	resetPassword(ResetPasswordRequest request)	Resets the user's password if the reset request is valid, the user exists, and the request was made within 24 hours of the change request.
void	save(String email, String encodedUniqueKey)	Saves a password reset request in the database.
void	sendForgotPasswordEmail(ChangePasswordRequestRequest request)	Sends a password reset email to the user if the email provided is valid and exists in the system.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ChangePasswordRequestService

public ChangePasswordRequestService()

Method Details

sendForgotPasswordEmail

public void sendForgotPasswordEmail(ChangePasswordRequestRequest request)
                             throws javax.mail.MessagingException

Sends a password reset email to the user if the email provided is valid and exists in the system. This method generates a unique key for password reset, before sending it via email. The method also encodes the unique key and stores it in the database.

Parameters:

request - DTO containing the email address for the password reset request.

Throws:

javax.mail.MessagingException - If there is an error while attempting to send the email.

BadInputException - If the provided email address is not valid.

resetPassword

public void resetPassword(ResetPasswordRequest request)

Resets the user's password if the reset request is valid, the user exists, and the request was made within 24 hours of the change request. Also validates the strength of the new password.

Parameters:

request - DTO containing the user ID, reset ID, and new password.

Throws:

BadInputException - If the new password does not meet security criteria.

isLessThan24HoursAgo

public static boolean isLessThan24HoursAgo(LocalDateTime dateTime)

Checked if the given LocalDateTime is less than 24 hours ago.

Parameters:

dateTime - The LocalDateTime to check.

Returns:

true if the dateTime is less than 24 hours ago, false otherwise.

save

public void save(String email,
 String encodedUniqueKey)

Saves a password reset request in the database. If an existing request is found for the user, it is replaced with the new request.

Parameters:

email - The user's email address associated with the password reset request.

encodedUniqueKey - The encoded unique key for the password reset, used to verify the request.