AuthController Validation and Exceptions Flow

[Dynavy]

AuthController Validation Flow:

The AuthController handles both user login and user registration endpoints requests. When a request is received, the flow follows these steps:

1. Receive Request:

   • The system can receive two types of requests at the AuthController endpoint: user login or user registration.

     • For the loginUser() method, the request will contain a UserLoginRequest DTO, typically including the user's email and password.

     • For the registerUser() method, the request will contain a UserRegisterRequest DTO, which includes user data such as name, email, password, and optionally phoneNumber.

2. DTO Validation:

   • UserLoginRequest DTO:

     • The email and password fields are validated with annotations such as @NotBlank (ensuring that they are not empty) and @Size (ensuring the fields meet the required size, like the password being of a minimum length).

   • UserRegisterRequest DTO:

     • The name, email, password, and phoneNumber fields undergo validation:

       • @NotBlank ensures the name and email are not empty.

       • @Size ensures the password meets the required length.

       • Custom validations are applied to ensure the email format is correct and that the phoneNumber (if provided) is valid.

   • The ValidationService handles both the UserLoginRequest and UserRegisterRequest validations. If any validation fails, a ValidationErrorResponse DTO is returned with detailed error messages, indicating which fields failed the validation.

3. Validation Outcome:

   • If the validation is successful:

     • For UserLoginRequest, the flow continues to the AuthService to authenticate the user.

     • For UserRegisterRequest, the flow continues to the UserService to check if the user already exists in the system.

   • If the validation fails, a ValidationErrorResponse DTO is returned, which provides information about the failed validation.

4. Business Logic and Custom Validations in AuthService or UserService:

   • User Login:

     • In AuthService, after successful validation, the system checks if the email and password match an existing user. If the credentials are valid, the system proceeds to generate a JWT (JSON Web Token).

   • User Registration:

     • In UserService, the system checks if the email or phoneNumber already exists in the system. If there is a conflict (e.g., an email already in use), a custom exception such as EmailAlreadyExistsException or PhoneAlreadyExistsException is thrown.

     • These exceptions are caught by the GlobalExceptionHandler, which returns a ValidationErrorResponse DTO with a specific error message.

5. Generate JWT Token (For Login):

   • If the UserLoginRequest is valid and the credentials are correct, the AuthService generates a JWT token that is returned in the JwtResponse DTO. This token is used to authenticate the user in subsequent requests.

6. Return Response:

   • For UserLoginRequest, the JwtResponse DTO is returned with the generated JWT token.

   • For UserRegisterRequest, if no conflicts are found and the registration is successful, the system returns a success message or the newly created user data.

7. GlobalExceptionHandler:

   • The GlobalExceptionHandler plays a key role in catching any exceptions, such as validation errors or custom exceptions (e.g., EmailAlreadyExistsException), and returning appropriate ValidationErrorResponse DTO with clear error messages.