Solved hw #934
Solved hw #934
Conversation
There was a problem hiding this comment.
Review Summary
Hey! Thanks for the submission. There are a few things to address: 1) Remove password and salt from the toString() method in User.java for security reasons. 2) In AuthenticationServiceImpl.java, you should pass the plain password to userService.add() for registration, and create salt and hash password in UserService add() method. You should also have only one condition for throwing AuthenticationException in the login() method. Fix these and you're good to go! 🚀
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Important
Fix the issues, commit the changes, and then re-request my review using the Re-request review button2 in the Reviewers tab.
Tip
If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag3.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.
Caution
Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.
Footnotes
| public String toString() { | ||
| return "User{" | ||
| + "id=" + id | ||
| + ", login='" + email + '\'' | ||
| + ", password='" + password + '\'' | ||
| + ", salt=" + Arrays.toString(salt) | ||
| + '}'; |
There was a problem hiding this comment.
The toString() method includes the password and salt, which is a security risk. Remove these fields from the toString() representation.
According to the checklist:
Don't add password and salt to the toString() method.
| if (userFromDbOptional.isEmpty() | ||
| || (!userFromDbOptional.get().getPassword().equals( | ||
| HashUtil.hashPassword(password, userFromDbOptional.get().getSalt())))) { |
There was a problem hiding this comment.
According to the checklist, you should create only one condition for throwing AuthenticationException in login() method. You may combine two checks: whether the user has been found by login and do passwords match.
| user.setEmail(email); | ||
| user.setPassword(password); |
There was a problem hiding this comment.
The salt and hash password should be created in UserService add() method. Therefore, you should pass the plain password to userService.add().
According to the checklist:
You should create salt and hash password in UserService
add()method.
There was a problem hiding this comment.
Review Summary
The code looks great and meets all the specified requirements! The structure is clean, the logic is well-implemented, and the exception handling and transaction management are correctly handled. I particularly appreciate that password hashing and salting are handled in the UserService, as it ensures better security. The User model's toString() method correctly excludes sensitive information.
Keep in mind to review all the code to ensure best quality.
Also, I noticed this final conclusion: The code meets the task requirements and constraints.
Overall, excellent work! You've demonstrated a strong understanding of the concepts. Keep up the great work! 🎉
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Footnotes
No description provided.