Feature/recover password

[jamcunha]

Closes #84

Review checklist

• Properly documents API changes in docs/openapi.yml
• Contains enough appropriate tests
• Behavior is as expected
• Clean, well structured code

[BrunoRosendo]

The logic looks good overall. I didn't do a careful review since this is just a draft

[codecov]

Codecov Report

Patch coverage: 26.08% and project coverage change: -3.64 ⚠️

Comparison is base (af68fd8) 88.99% compared to head (36812a3) 85.36%.

❗ Current head 36812a3 differs from pull request most recent head 1be6f37. Consider uploading reports for the commit 1be6f37 to get more accurate results

Additional details and impacted files

@@              Coverage Diff              @@
##             develop     #113      +/-   ##
=============================================
- Coverage      88.99%   85.36%   -3.64%     
+ Complexity       361      234     -127     
=============================================
  Files             63       43      -20     
  Lines            827      567     -260     
  Branches          65       29      -36     
=============================================
- Hits             736      484     -252     
- Misses            57       62       +5     
+ Partials          34       21      -13     

Impacted Files	Coverage Δ
...ni/website/backend/controller/AccountController.kt	83.33% <0.00%> (-16.67%)	⬇️
...fe/ni/website/backend/controller/AuthController.kt	83.33% <0.00%> (-16.67%)	⬇️
.../fe/ni/website/backend/dto/auth/PassRecoveryDto.kt	0.00% <0.00%> (ø)
...pt/up/fe/ni/website/backend/service/AuthService.kt	91.48% <0.00%> (-4.07%)	⬇️
.../up/fe/ni/website/backend/service/ErrorMessages.kt	71.42% <ø> (-19.49%)	⬇️
...up/fe/ni/website/backend/service/AccountService.kt	61.53% <28.57%> (-38.47%)	⬇️
...ebsite/backend/config/auth/AuthConfigProperties.kt	100.00% <100.00%> (ø)

... and 51 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[BrunoRosendo]

@jamcunha Is this ready for review or do you still have some doubts? We can talk about it in the next meeting or in 1on1

[bdmendes]

The code looks good to me. To improve security a bit, we can look into serializing the current password into the jwt to make sure it is only used once: https://stackoverflow.com/a/54865104

[github-actions]

Check the documentation preview: https://649ca04ed8b19e215c607a56--niaefeup-backend-docs.netlify.app

[github-actions]

Check the documentation preview: https://649ca1498b322b02fcdd527a--niaefeup-backend-docs.netlify.app

[BrunoRosendo]

Very good job with this implementation! I left some comments with small suggestions and doubts

[github-actions]

Check the documentation preview: https://64a0e585de74510aa07bd843--niaefeup-backend-docs.netlify.app

[BrunoRosendo]

Good job, I left a small comment but I'm pre-approving. It'd be nice if you could review your commits too, maybe squash a few

[github-actions]

Check the documentation preview: https://64a1a0168cd57a5fc9cb1bc4--niaefeup-backend-docs.netlify.app

[BrunoRosendo]

Regarding the latest change, where do you check to see if the hash present in the jwt is the same as the one in the db?

[BrunoRosendo]

Regarding the latest change, where do you check to see if the hash present in the jwt is the same as the one in the db?

nevermind this comment, I was looking at the wrong diff

[BrunoRosendo]

can you create 1/2 tests for the latest change? Maybe 1 where a user tries to use the same recovery link twice and another one just to check for missing hash (if the last one isn't too hard)

[BrunoRosendo]

small changes, Im also waiting for @DoStini response on my comment

[BrunoRosendo]

Is the logger being used?

[github-actions]

Check the documentation preview: https://64aae9d16ffd10485fee1ef9--niaefeup-backend-docs.netlify.app

[BrunoRosendo]

Small comments, besides the one still unresolved

Also, can you find a way to test the uncovered (red) lines? It'd be awesome if it's not too much trouble

[jamcunha]

Small comments, besides the one still unresolved

Also, can you find a way to test the uncovered (red) lines? It'd be awesome if it's not too much trouble

I'm having problems trying to test those two lines because when testing token expiration, I try to create a new token with all the claims of the previous token but modifying the expireAt to Instant.now() but it's caught in an exception when trying to decode in confirmRecoveryToken. I think it's the same for passwordHash claim.

[github-actions]

Check the documentation preview: https://64c92675c420e6299b59bee0--niaefeup-backend-docs.netlify.app

[jamcunha]

For now, I only changed the error handling in the recovery logic so as not to mess up with the tests. After some inputs, I will change the handling for other jwt logic.

[BrunoRosendo]

Needs a rebase but I'm pre-approving

[LuisDuarte1]

LGTM 🚀, it looks clean to me, just solve the conflicts below 😅

[LuisDuarte1]

@jamcunha can you fix the conflicts please?

[github-actions]

Check the documentation preview: https://64efb2c789311e0a7eba43ac--niaefeup-backend-docs.netlify.app

[DoStini]

Why the changes here?

[jamcunha]

I removed the try catch block and handled the exception in the ErrorController and the token expiration validation is already handled in the decode() method.

[DoStini]

This function also updates the account password, so I don't think this is the best name. I would either change the function name a little but, or extract the update logic and use this as an auxiliary function to validate the token

[github-actions]

Check the documentation preview: https://67e2d44b709c3a63c93ff0e5--niaefeup-backend-docs.netlify.app

[DoStini]

Honestly I dont even know what I requested to change but if my homie @rubuy-74 asks me to allow the merge of this beautiful pull request, I will. I hope this project finished this year.

This will be my last LGTM 🚀 A hug to all the beautiful members of NIAEFEUP.