Add custom password validator to match old and new passwords

Author: isopropylcyanide

src/main/java/com/accolite/pru/health/AuthApp/advice/AuthControllerAdvice.java

@@ -21,7 +21,7 @@
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.validation.BindingResult;
-import org.springframework.validation.FieldError;
+import org.springframework.validation.ObjectError;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -46,31 +46,31 @@ public class AuthControllerAdvice {
 	@ResponseBody
 	public ApiResponse processValidationError(MethodArgumentNotValidException ex) {
 		BindingResult result = ex.getBindingResult();
-		List<FieldError> fieldErrors = result.getFieldErrors();
+		List<ObjectError> allErrors = result.getAllErrors();
 		ApiResponse response = new ApiResponse();
 		response.setSuccess(false);
-		response.setData(processFieldErrors(fieldErrors).stream().collect(Collectors.joining("\n")));
+		response.setData(processAllErrors(allErrors).stream().collect(Collectors.joining("\n")));
 		return response;
 	}
 
 	/**
 	 * Utility Method to generate localized message for a list of field errors
-	 * @param fieldErrors the field errors
+	 * @param allErrors the field errors
 	 * @return the list
 	 */
-	private List<String> processFieldErrors(List<FieldError> fieldErrors) {
-		return fieldErrors.stream().map(this::resolveLocalizedErrorMessage).collect(Collectors.toList());
+	private List<String> processAllErrors(List<ObjectError> allErrors) {
+		return allErrors.stream().map(this::resolveLocalizedErrorMessage).collect(Collectors.toList());
 	}
 
 	/**
 	 * Resolve localized error message. Utiity method to generate a localized error
 	 * message
-	 * @param fieldError the field error
+	 * @param objectError the field error
 	 * @return the string
 	 */
-	private String resolveLocalizedErrorMessage(FieldError fieldError) {
+	private String resolveLocalizedErrorMessage(ObjectError objectError) {
 		Locale currentLocale = LocaleContextHolder.getLocale();
-		String localizedErrorMessage = messageSource.getMessage(fieldError, currentLocale);
+		String localizedErrorMessage = messageSource.getMessage(objectError, currentLocale);
 		logger.info(localizedErrorMessage);
 		return localizedErrorMessage;
 	}

src/main/java/com/accolite/pru/health/AuthApp/model/payload/PasswordResetRequest.java

@@ -1,8 +1,12 @@
 package com.accolite.pru.health.AuthApp.model.payload;
 
+import com.accolite.pru.health.AuthApp.validation.annotation.PasswordsMatch;
+
 import javax.validation.constraints.NotBlank;
 
+@PasswordsMatch(allowNull = false)
 public class PasswordResetRequest {
+
 	@NotBlank(message = "Password cannot be blank")
 	private String password;
 

src/main/java/com/accolite/pru/health/AuthApp/validation/annotation/PasswordsMatch.java

@@ -0,0 +1,26 @@
+package com.accolite.pru.health.AuthApp.validation.annotation;
+
+import com.accolite.pru.health.AuthApp.validation.validator.PasswordsMatchValidator;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+@Target({ElementType.TYPE, ElementType.ANNOTATION_TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Constraint(validatedBy = PasswordsMatchValidator.class)
+@Documented
+public @interface PasswordsMatch {
+	String message() default "The new passwords must match";
+
+	Class<?>[] groups() default {};
+
+	boolean allowNull() default false;
+
+	Class<? extends Payload>[] payload() default {};
+}

src/main/java/com/accolite/pru/health/AuthApp/validation/validator/PasswordsMatchValidator.java

@@ -0,0 +1,27 @@
+package com.accolite.pru.health.AuthApp.validation.validator;
+
+import com.accolite.pru.health.AuthApp.model.payload.PasswordResetRequest;
+import com.accolite.pru.health.AuthApp.validation.annotation.PasswordsMatch;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+
+public class PasswordsMatchValidator implements ConstraintValidator<PasswordsMatch, PasswordResetRequest> {
+
+	private Boolean allowNull;
+
+	@Override
+	public void initialize(PasswordsMatch constraintAnnotation) {
+		allowNull = constraintAnnotation.allowNull();
+	}
+
+	@Override
+	public boolean isValid(PasswordResetRequest value, ConstraintValidatorContext context) {
+		String password = value.getPassword();
+		String confirmPassword = value.getConfirmPassword();
+		if (allowNull) {
+			return null == password && null == confirmPassword;
+		}
+		return password.equals(confirmPassword);
+	}
+}