Throw exception on invalid deviceId during logout rather than silent pass

isopropylcyanide · isopropylcyanide · commit aa55d257aa8b · 2018-09-04T17:27:11.000+05:30
diff --git a/src/main/java/com/accolite/pru/health/AuthApp/advice/AuthControllerAdvice.java b/src/main/java/com/accolite/pru/health/AuthApp/advice/AuthControllerAdvice.java
@@ -11,6 +11,7 @@
 import com.accolite.pru.health.AuthApp.exception.TokenRefreshException;
 import com.accolite.pru.health.AuthApp.exception.UpdatePasswordException;
 import com.accolite.pru.health.AuthApp.exception.UserLoginException;
+import com.accolite.pru.health.AuthApp.exception.UserLogoutException;
 import com.accolite.pru.health.AuthApp.exception.UserRegistrationException;
 import com.accolite.pru.health.AuthApp.model.payload.ApiResponse;
 import org.apache.log4j.Logger;
@@ -216,4 +217,14 @@ public ApiResponse handleTokenRefreshException(TokenRefreshException ex) {
 		return apiResponse;
 	}
 
+	@ExceptionHandler(value = UserLogoutException.class)
+	@ResponseStatus(HttpStatus.EXPECTATION_FAILED)
+	@ResponseBody
+	public ApiResponse handleUserLogoutException(UserLogoutException ex) {
+		ApiResponse apiResponse = new ApiResponse();
+		apiResponse.setSuccess(false);
+		apiResponse.setData(ex.getMessage());
+		return apiResponse;
+	}
+
 }
diff --git a/src/main/java/com/accolite/pru/health/AuthApp/exception/UserLogoutException.java b/src/main/java/com/accolite/pru/health/AuthApp/exception/UserLogoutException.java
@@ -0,0 +1,17 @@
+package com.accolite.pru.health.AuthApp.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(HttpStatus.EXPECTATION_FAILED)
+public class UserLogoutException extends RuntimeException {
+
+	private String user;
+	private String message;
+
+	public UserLogoutException(String user, String message) {
+		super(String.format("Couldn't log out device [%s]: [%s])", user, message));
+		this.user = user;
+		this.message = message;
+	}
+}
diff --git a/src/main/java/com/accolite/pru/health/AuthApp/service/UserService.java b/src/main/java/com/accolite/pru/health/AuthApp/service/UserService.java
@@ -1,5 +1,6 @@
 package com.accolite.pru.health.AuthApp.service;
 
+import com.accolite.pru.health.AuthApp.exception.UserLogoutException;
 import com.accolite.pru.health.AuthApp.model.CustomUserDetails;
 import com.accolite.pru.health.AuthApp.model.Role;
 import com.accolite.pru.health.AuthApp.model.RoleName;
@@ -125,6 +126,8 @@ private Set<Role> getRolesForNewUser(Boolean isAdmin) {
 	public void logoutUser(CustomUserDetails customUserDetails, LogOutRequest logOutRequest) {
 		String deviceId = logOutRequest.getDeviceInfo().getDeviceId();
 		Optional<UserDevice> userDeviceOpt = userDeviceService.findByDeviceId(deviceId);
+		userDeviceOpt.orElseThrow(() -> new UserLogoutException(logOutRequest.getDeviceInfo().getDeviceId(), "" +
+				"Invalid device Id supplied. No matching user device found"));
 		logger.info("Removing refresh token associated with device [" + userDeviceOpt + "]");
 		userDeviceOpt.map(UserDevice::getRefreshToken)
 				.map(RefreshToken::getId)
