add change password

Author: Doha2012

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/IUserService.java

@@ -32,4 +32,6 @@ public interface IUserService {
     User getUserByID(long id);
 
     void changeUserPassword(User user, String password);
+
+    boolean checkIfValidOldPassword(User user, String password);
 }

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java

@@ -120,6 +120,11 @@ public void changeUserPassword(final User user, final String password) {
         repository.save(user);
     }
 
+    @Override
+    public boolean checkIfValidOldPassword(final User user, final String oldPassword) {
+        return passwordEncoder.matches(oldPassword, user.getPassword());
+    }
+
     private boolean emailExist(final String email) {
         final User user = repository.findByEmail(email);
         if (user != null) {

spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java

@@ -49,6 +49,7 @@ public void addViewControllers(final ViewControllerRegistry registry) {
         registry.addViewController("/successRegister.html");
         registry.addViewController("/forgetPassword.html");
         registry.addViewController("/updatePassword.html");
+        registry.addViewController("/changePassword.html");
     }
 
     @Override

spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java

@@ -14,6 +14,7 @@
 import org.baeldung.persistence.service.UserDto;
 import org.baeldung.registration.OnRegistrationCompleteEvent;
 import org.baeldung.validation.EmailExistsException;
+import org.baeldung.web.error.InvalidOldPasswordException;
 import org.baeldung.web.error.UserAlreadyExistException;
 import org.baeldung.web.error.UserNotFoundException;
 import org.baeldung.web.util.GenericResponse;
@@ -133,7 +134,6 @@ public GenericResponse resetPassword(final HttpServletRequest request, @RequestP
         final String appUrl = "http://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath();
         final SimpleMailMessage email = constructResetTokenEmail(appUrl, request.getLocale(), token, user);
         mailSender.send(email);
-
         return new GenericResponse(messages.getMessage("message.resetPasswordEmail", null, request.getLocale()));
     }
 
@@ -168,6 +168,19 @@ public GenericResponse savePassword(final Locale locale, @RequestParam("password
         return new GenericResponse(messages.getMessage("message.resetPasswordSuc", null, locale));
     }
 
+    // change user password
+
+    @RequestMapping(value = "/user/updatePassword", method = RequestMethod.POST)
+    @ResponseBody
+    public GenericResponse changeUserPassword(final Locale locale, @RequestParam("password") final String password, @RequestParam("oldpassword") final String oldPassword) {
+        final User user = userService.findUserByEmail(SecurityContextHolder.getContext().getAuthentication().getName());
+        if (!userService.checkIfValidOldPassword(user, oldPassword)) {
+            throw new InvalidOldPasswordException();
+        }
+        userService.changeUserPassword(user, password);
+        return new GenericResponse(messages.getMessage("message.updatePasswordSuc", null, locale));
+    }
+
     // NON-API
 
     private final SimpleMailMessage constructResendVerificationTokenEmail(final String contextPath, final Locale locale, final VerificationToken newToken, final User user) {

spring-security-login-and-registration/src/main/java/org/baeldung/web/error/InvalidOldPasswordException.java

@@ -0,0 +1,23 @@
+package org.baeldung.web.error;
+
+public final class InvalidOldPasswordException extends RuntimeException {
+
+    private static final long serialVersionUID = 5861310537366287163L;
+
+    public InvalidOldPasswordException() {
+        super();
+    }
+
+    public InvalidOldPasswordException(final String message, final Throwable cause) {
+        super(message, cause);
+    }
+
+    public InvalidOldPasswordException(final String message) {
+        super(message);
+    }
+
+    public InvalidOldPasswordException(final Throwable cause) {
+        super(cause);
+    }
+
+}

spring-security-login-and-registration/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java

@@ -29,7 +29,7 @@ public RestResponseEntityExceptionHandler() {
 
     // 400
     @Override
-    protected ResponseEntity<Object> handleBindException(BindException ex, HttpHeaders headers, HttpStatus status, WebRequest request) {
+    protected ResponseEntity<Object> handleBindException(final BindException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
         logger.error("400 Status Code", ex);
         final BindingResult result = ex.getBindingResult();
         final GenericResponse bodyOfResponse = new GenericResponse(result.getFieldErrors(), result.getGlobalErrors());
@@ -44,6 +44,13 @@ protected ResponseEntity<Object> handleMethodArgumentNotValid(final MethodArgume
         return handleExceptionInternal(ex, bodyOfResponse, new HttpHeaders(), HttpStatus.BAD_REQUEST, request);
     }
 
+    @ExceptionHandler({ InvalidOldPasswordException.class })
+    public ResponseEntity<Object> handleInvalidOldPassword(final RuntimeException ex, final WebRequest request) {
+        logger.error("400 Status Code", ex);
+        final GenericResponse bodyOfResponse = new GenericResponse(messages.getMessage("message.invalidOldPassword", null, request.getLocale()), "InvalidOldEmail");
+        return handleExceptionInternal(ex, bodyOfResponse, new HttpHeaders(), HttpStatus.BAD_REQUEST, request);
+    }
+
     // 404
     @ExceptionHandler({ UserNotFoundException.class })
     public ResponseEntity<Object> handleUserNotFound(final RuntimeException ex, final WebRequest request) {

spring-security-login-and-registration/src/main/resources/messages_en.properties

@@ -64,4 +64,9 @@ message.accountVerified=Your account verified successfully
 message.resetPasswordSuc=Password reset successfully
 message.resetYourPassword=Reset your password
 message.resetPasswordEmail=You should receive an Password Reset Email shortly
-message.error=Error Occurred
+message.error=Error Occurred
+message.updatePasswordSuc=Password updated successfully
+message.changePassword=Change Password
+message.invalidOldPassword=Invalid Old Password
+label.user.newPassword=New Password
+label.user.oldPassword=Old Password

spring-security-login-and-registration/src/main/resources/messages_es_ES.properties

@@ -64,4 +64,9 @@ message.accountVerified=Su cuenta verificada con 
 message.resetPasswordSuc=Contraseña reajusta correctamente
 message.resetYourPassword=Restablecer su contraseña
 message.resetPasswordEmail=Te enviaremos un correo electrónico para restablecer su contraseña
-message.error=Se produjo un error
+message.error=Se produjo un error
+message.updatePasswordSuc=Contraseña actualizado correctamente
+message.changePassword=Cambiar La Contraseña
+message.invalidOldPassword=Inválida contraseña antigua
+label.user.newPassword=Nueva Contraseña
+label.user.oldPassword=Contraseña Anterior