Resetting password and deleting account can be done with the UUID

Alovoa · Dec 17, 2024 · b17a915 · b17a915
1 parent 3ee9a49
commit b17a915
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/src/main/java/com/nonononoki/alovoa/service/ImprintService.java b/src/main/java/com/nonononoki/alovoa/service/ImprintService.java
@@ -1,5 +1,6 @@
 package com.nonononoki.alovoa.service;
 
+import com.nonononoki.alovoa.component.ExceptionHandler;
 import com.nonononoki.alovoa.entity.User;
 import com.nonononoki.alovoa.model.AccountDeletionRequestDto;
 import com.nonononoki.alovoa.model.AlovoaException;
@@ -14,6 +15,7 @@
 import java.io.UnsupportedEncodingException;
 import java.security.NoSuchAlgorithmException;
 import java.util.Date;
+import java.util.UUID;
 
 @Service
 public class ImprintService {
@@ -53,6 +55,13 @@ public void deleteAccountRequest(AccountDeletionRequestDto dto) throws AlovoaExc
 			throw new AlovoaException(publicService.text("backend.error.captcha.invalid"));
 		}
 		User user = userRepository.findByEmail(dto.getEmail());
+
+		if (user == null) {
+			try{
+				UUID uuid = UUID.fromString(dto.getEmail());
+				user = userRepository.findByUuid(uuid);
+			} catch (IllegalArgumentException ignored){}
+		}
 		if (user != null) {
 			userService.deleteAccountRequestBase(user);
 		}

diff --git a/src/main/java/com/nonononoki/alovoa/service/PasswordService.java b/src/main/java/com/nonononoki/alovoa/service/PasswordService.java
@@ -4,6 +4,8 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Date;
+import java.util.Objects;
+import java.util.UUID;
 
 import com.nonononoki.alovoa.component.ExceptionHandler;
 import jakarta.mail.MessagingException;
@@ -61,7 +63,15 @@ public UserPasswordToken resetPassword(PasswordResetDto dto)
 		User u = userRepo.findByEmail(Tools.cleanEmail(dto.getEmail()));
 
 		if (u == null) {
-			throw new AlovoaException(ExceptionHandler.USER_NOT_FOUND);
+			try{
+				UUID uuid = UUID.fromString(dto.getEmail());
+				u = userRepo.findByUuid(uuid);
+			} catch (IllegalArgumentException exception){
+				throw new AlovoaException(ExceptionHandler.USER_NOT_FOUND);
+			}
+			if (u == null) {
+				throw new AlovoaException(ExceptionHandler.USER_NOT_FOUND);
+			}
 		}
 
 		if (u.isAdmin()) {
@@ -101,7 +111,8 @@ public void changePassword(PasswordChangeDto dto) throws AlovoaException {
 		}
 		User user = token.getUser();
 
-		if (!user.getEmail().equals(Tools.cleanEmail(dto.getEmail()))) {
+		if (!Objects.equals(user.getEmail(),Tools.cleanEmail(dto.getEmail())) &&
+				!Objects.equals(user.getUuid().toString(), Tools.cleanEmail(dto.getEmail()))) {
 			throw new AlovoaException("wrong_email");
 		}
 		if (user.isAdmin()) {