Enforcing Username Uniqueness (#906)

* Enforcing Username Uniqueness Changes in UserService.java: Added a new method findByUsername to allow searching for usernames regardless of case sensitivity. Added a new method isUsernameValid to validate the username. Changes in UserController.java: Updated the changeUsername method to ensure the new username is valid before changing it. Updated the editUser method to ensure the new username is unique and valid. Changes in UserRepository.java: Added a custom JPQL query to search for usernames regardless of case sensitivity. Changes in HTML templates (account.html and addUsers.html): Error messages are displayed if a username is invalid or already exists. * JPAs auto
2024-03-13 23:09:16 +01:00
parent ae73595335
commit 9cc7a49d12
32 changed files with 96 additions and 5 deletions
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@@ -61,11 +61,16 @@ public class UserController {
            HttpServletRequest request,
            HttpServletResponse response,
            RedirectAttributes redirectAttributes) {
+
+        if (!userService.isUsernameValid(newUsername)) {
+            return new RedirectView("/account?messageType=invalidUsername");
+        }
+
        if (principal == null) {
            return new RedirectView("/account?messageType=notAuthenticated");
        }

-        Optional<User> userOpt = userService.findByUsername(principal.getName());
+        Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());

        if (userOpt == null || userOpt.isEmpty()) {
            return new RedirectView("/account?messageType=userNotFound");
@@ -73,6 +78,10 @@ public class UserController {

        User user = userOpt.get();

+        if (user.getUsername().equals(newUsername)) {
+            return new RedirectView("/account?messageType=usernameExists");
+        }
+
        if (!userService.isPasswordCorrect(user, currentPassword)) {
            return new RedirectView("/account?messageType=incorrectPassword");
        }
@@ -186,6 +195,18 @@ public class UserController {
            @RequestParam(name = "forceChange", required = false, defaultValue = "false")
                    boolean forceChange) {

+        if (!userService.isUsernameValid(username)) {
+            return new RedirectView("/addUsers?messageType=invalidUsername");
+        }
+
+        Optional<User> userOpt = userService.findByUsernameIgnoreCase(username);
+
+        if (userOpt.isPresent()) {
+            User user = userOpt.get();
+            if (user != null && user.getUsername().equalsIgnoreCase(username)) {
+                return new RedirectView("/addUsers?messageType=usernameExists");
+            }
+        }
        if (userService.usernameExists(username)) {
            return new RedirectView("/addUsers?messageType=usernameExists");
        }