implemented services and dao level #899
Conversation
There was a problem hiding this comment.
Thank you for your hard work on this project! There are a few critical issues that need to be addressed before we can approve the pull request:
-
Unique Email Constraint: Ensure the email field in the
Usermodel is unique in the database to meet the task requirements. -
AuthenticationService Implementation: The
loginmethod should authenticate an existing user by checking if the email exists and verifying the password. It should not create a new user if the email is not found. -
Registration Logic: The
registermethod should create a new user if the email does not already exist, rather than incorrectly calling theloginmethod.
These issues impact the core functionality of user authentication and registration, which are critical to the task. Please address these points, and feel free to reach out if you need any help. Keep up the great work! 🚀
✨ Please rate this review in the Platform's notification center. I will be grateful for your feedback! ✨
🔄 Fix the issues, commit the changes, and then re-request my review using the Re-request review button in the Reviewers tab.
| private static final String FIRST_HALL_CAPACITY = "first hall with capacity 100"; | ||
| private static final String SECOND_HALL_CAPACITY = "second hall with capacity 200"; |
There was a problem hiding this comment.
The variables FIRST_HALL_CAPACITY and SECOND_HALL_CAPACITY are used to store descriptions, but their names suggest they are for capacity values. Consider renaming these variables to better reflect their purpose, such as FIRST_HALL_DESCRIPTION and SECOND_HALL_DESCRIPTION.
src/main/java/mate/academy/Main.java
Outdated
| + "street racing, heists, and spies."; | ||
| private static final String FIRST_HALL_CAPACITY = "first hall with capacity 100"; | ||
| private static final String SECOND_HALL_CAPACITY = "second hall with capacity 200"; | ||
| private static final long LONG_1 = 1L; |
There was a problem hiding this comment.
The constant LONG_1 is used to represent a day offset for date calculations. Consider renaming it to something more descriptive, like ONE_DAY_OFFSET, to improve code readability.
src/main/java/mate/academy/Main.java
Outdated
| private static final long LONG_1 = 1L; | ||
| private static final String USER_PASSWORD = "nazar1177"; | ||
| private static final String USER_EMAIL = "nazar@gmail.com"; | ||
| private static final String EMAIL_NOT_EXIST = "nazarss@gmail.com"; |
There was a problem hiding this comment.
The variable EMAIL_NOT_EXIST is declared but never used in the code. If it's not needed, consider removing it to clean up the code.
| if (transaction != null) { | ||
| transaction.rollback(); |
There was a problem hiding this comment.
The transaction rollback is correctly handled, but consider logging the exception before throwing a DataProcessingException to aid in debugging.
|
|
||
| @Override | ||
| public User add(User user) { | ||
| Session session = null; |
There was a problem hiding this comment.
The session variable is declared outside the try block, which is not necessary. You can declare it inside the try block to limit its scope and improve code readability.
| int result = Objects.hash(getId(), getEmail(), getPassword()); | ||
| result = 31 * result + Arrays.hashCode(getSalt()); |
There was a problem hiding this comment.
In the hashCode method, consider using Objects.hash(id, email, password) directly without the getter methods for consistency with the equals method.
| public User login(String email, String password) throws AuthenticationException { | ||
| User user = new User(); | ||
|
|
||
| Optional<User> userByEmail = userService.findByEmail(email); | ||
| if (userByEmail.isEmpty()) { | ||
| user.setEmail(email); | ||
| user.setPassword(password); | ||
| return user; | ||
| } else { | ||
| throw new AuthenticationException("User with email " + email + " already exist"); | ||
| } | ||
| } |
There was a problem hiding this comment.
The login method logic is incorrect. It should authenticate an existing user by checking if the email exists and then verifying the password. Currently, it throws an exception if the user exists, which is not the expected behavior for a login method.
| public User register(String email, String password) throws RegistrationException { | ||
| try { | ||
| User userLogin = login(email, password); | ||
| return userService.add(userLogin); | ||
| } catch (Exception e) { | ||
| throw new RegistrationException("User can't register ", e); | ||
| } | ||
| } |
There was a problem hiding this comment.
The register method incorrectly calls the login method. Registration should create a new user if the email does not already exist. Consider checking if the user exists first, and if not, create and add the new user.
| user.setSalt(HashUtil.salt()); | ||
| String userHashPassword = | ||
| HashUtil.hashPassword(user.getPassword(), user.getSalt()); | ||
| user.setPassword(userHashPassword); |
There was a problem hiding this comment.
The add method correctly hashes the user's password with a salt. Ensure that the HashUtil.salt() method generates a secure and random salt for each user to maintain security.
| @@ -5,6 +5,7 @@ | |||
|
|
|||
| public class HibernateUtil { | |||
| private static final SessionFactory sessionFactory = initSessionFactory(); | |||
There was a problem hiding this comment.
Consider adding a shutdown method to close the SessionFactory when the application is stopped. This can help in releasing resources properly.
There was a problem hiding this comment.
Thank you for your submission! 🎉 Your code demonstrates a solid understanding of setting up services and models in a Java application. However, there are a few critical issues that need to be addressed to ensure the functionality and security of your application:
-
Unique Email Constraint: Ensure the
Usermodel has a unique constraint on the email field by adding@Column(unique = true). This will enforce email uniqueness at the database level. -
AuthenticationService Implementation:
- The
loginmethod should handle cases where the user is not found by checking if theOptionalis present. Useuser.orElseThrow()to avoidNoSuchElementException. - The
registermethod should hash the password usingHashUtil.hashPassword(password, salt)and generate a salt before saving the user. Ensure the email does not already exist before creating a new user.
- The
-
Database Query Handling: Replace
getSingleResultOrNull()withgetResultList()and check if the list is empty to ensure compatibility across different environments.
These improvements are crucial for the security and reliability of your application. While the decision is to APPROVE your pull request to help you move forward with your learning, please address these issues in future iterations to enhance your code quality. Keep up the good work and continue learning from these experiences! 🚀
✨ Please rate this review in the Platform's notification center. I will be grateful for your feedback! ✨
| AuthenticationService authenticationService = (AuthenticationService) | ||
| injector.getInstance(AuthenticationService.class); | ||
|
|
||
| User login = authenticationService.login(USER_EMAIL, USER_PASSWORD); |
There was a problem hiding this comment.
The login method should authenticate an existing user by checking if the email exists and verifying the password. It should not create a new user if the email is not found. Please ensure the login method in AuthenticationService is implemented correctly according to the task requirements.
|
|
||
| User login = authenticationService.login(USER_EMAIL, USER_PASSWORD); | ||
| System.out.println(login); | ||
|
|
There was a problem hiding this comment.
The register method should create a new user only if the email does not already exist. Ensure that the register method in AuthenticationService checks for the existence of the email before creating a new user.
| Query<User> userQuery = | ||
| session.createQuery("SELECT u FROM User u where u.email=:email", User.class); | ||
| userQuery.setParameter(EMAIL, email); | ||
| User user = userQuery.getSingleResultOrNull(); |
There was a problem hiding this comment.
The method getSingleResultOrNull() is not a standard JPA method and might not be supported in all environments. Consider using getResultList() and checking if the list is empty to handle the case where no user is found.
| @Id | ||
| @GeneratedValue(strategy = GenerationType.AUTO) | ||
| private Long id; | ||
| private String email; |
There was a problem hiding this comment.
To ensure the email field is unique in the database, consider adding a unique constraint annotation, such as @Column(unique = true), to the email field. This will enforce the uniqueness of email addresses at the database level.
|
|
||
| @Override | ||
| public User login(String email, String password) throws AuthenticationException { | ||
| Optional<User> user = userService.findByEmail(email); |
There was a problem hiding this comment.
The login method should handle the case where the user is not found. Before accessing user.get(), check if the Optional is present to avoid NoSuchElementException. Consider using user.orElseThrow() with a custom exception message.
| Optional<User> userByEmail = userService.findByEmail(email); | ||
| if (userByEmail.isEmpty()) { | ||
| user.setEmail(email); | ||
| user.setPassword(password); |
There was a problem hiding this comment.
The register method should hash the password before saving the user. Use HashUtil.hashPassword(password, salt) to hash the password and set it to the user object. Ensure that a salt is generated and stored with the user.
| if (user == null) { | ||
| return Optional.empty(); | ||
| } | ||
| return Optional.of(user); |
There was a problem hiding this comment.
| if (user == null) { | |
| return Optional.empty(); | |
| } | |
| return Optional.of(user); | |
| return Optional.ofNullable(user); |
| private static final String CAN_T_ADD_NEW_USER_MSG = "Can't add new user"; | ||
| private static final String SPACE = " "; |
There was a problem hiding this comment.
| private static final String CAN_T_ADD_NEW_USER_MSG = "Can't add new user"; | |
| private static final String SPACE = " "; | |
| private static final String CAN_T_ADD_NEW_USER_MSG = "Can't add new user "; |
| import java.util.Arrays; | ||
| import java.util.Objects; | ||
|
|
||
| @Entity |
| @Id | ||
| @GeneratedValue(strategy = GenerationType.AUTO) | ||
| private Long id; | ||
| private String email; |
There was a problem hiding this comment.
Let's make the email unique. We need to check the email during user registration and make the email a unique field in the database.
| @Override | ||
| public User login(String email, String password) throws AuthenticationException { | ||
| Optional<User> user = userService.findByEmail(email); | ||
| String userHashPassword = HashUtil.hashPassword(password, user.get().getSalt()); |
There was a problem hiding this comment.
| String userHashPassword = HashUtil.hashPassword(password, user.get().getSalt()); |
No description provided.