From 90cc3a6963fb066a65969e75806a7419de2ce886 Mon Sep 17 00:00:00 2001
From: klaas <klaas@boergmann.it>
Date: Sat, 8 Nov 2025 13:20:10 +0100
Subject: [PATCH] Passwort reset Web

---
 .../tkdApp/config/SecurityConfig.java         |  6 +----
 .../tkdApp/controller/web/UserController.java | 25 ++++++++++++++-----
 .../tkdApp/dto/PasswordConfirmRequest.java    |  1 +
 .../tkdApp/repository/AppUserRepository.java  |  1 +
 .../tkdApp/service/AppUserService.java        |  2 +-
 .../error/password_reset_request_error.html   | 10 ++++++++
 .../password-reset-confirmation.html          | 17 +++++++++++++
 .../resources/templates/set-password.html     | 18 +++++++++++++
 8 files changed, 68 insertions(+), 12 deletions(-)
 create mode 100644 src/main/resources/templates/error/password_reset_request_error.html
 create mode 100644 src/main/resources/templates/password-reset-confirmation.html
 create mode 100644 src/main/resources/templates/set-password.html

diff --git a/src/main/java/it/boergmann/tkdApp/config/SecurityConfig.java b/src/main/java/it/boergmann/tkdApp/config/SecurityConfig.java
index 54ac09d..5c51971 100644
--- a/src/main/java/it/boergmann/tkdApp/config/SecurityConfig.java
+++ b/src/main/java/it/boergmann/tkdApp/config/SecurityConfig.java
@@ -2,7 +2,6 @@ package it.boergmann.tkdApp.config;
 
 import it.boergmann.tkdApp.security.CustomUserDetailsService;
 import it.boergmann.tkdApp.security.JwtAuthenticationFilter;
-import jakarta.servlet.Filter;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -36,8 +35,6 @@ public class SecurityConfig {
     private final CustomUserDetailsService userDetailsService;
     private final JwtAuthenticationFilter jwtAuthFilter;
 
-
-    // 🧱 1. API Security (JWT, kein Redirect)
     @Bean
     @Order(1)
     public SecurityFilterChain apiSecurity(HttpSecurity http) throws Exception {
@@ -57,13 +54,12 @@ public class SecurityConfig {
         return http.build();
     }
 
-    // 🌐 2. Web Security (Form Login)
     @Bean
     @Order(2)
     public SecurityFilterChain webSecurity(HttpSecurity http) throws Exception {
         http
                 .authorizeHttpRequests(authz -> authz
-                        .requestMatchers("/login", "/register", "/css/**", "/js/**", "/reset-request").permitAll()
+                        .requestMatchers("/login", "/register", "/css/**", "/js/**", "/reset-request", "/password-reset", "/set-password").permitAll()
                         .anyRequest().authenticated()
                 )
                 .formLogin(form -> form
diff --git a/src/main/java/it/boergmann/tkdApp/controller/web/UserController.java b/src/main/java/it/boergmann/tkdApp/controller/web/UserController.java
index 6aa62a7..b46dd93 100644
--- a/src/main/java/it/boergmann/tkdApp/controller/web/UserController.java
+++ b/src/main/java/it/boergmann/tkdApp/controller/web/UserController.java
@@ -1,10 +1,10 @@
 package it.boergmann.tkdApp.controller.web;
 
+import it.boergmann.tkdApp.dto.PasswordConfirmRequest;
 import it.boergmann.tkdApp.dto.PasswordResetRequest;
 import it.boergmann.tkdApp.dto.RegisterRequest;
-import it.boergmann.tkdApp.domain.AppUser;
-import it.boergmann.tkdApp.domain.Role;
 import it.boergmann.tkdApp.repository.AppUserRepository;
+import it.boergmann.tkdApp.repository.AppUserRoleRepository;
 import it.boergmann.tkdApp.service.AppUserService;
 import it.boergmann.tkdApp.service.MailService;
 import jakarta.validation.Valid;
@@ -15,14 +15,13 @@ import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 
-import java.util.List;
-
 @Controller
 @RequiredArgsConstructor
 public class UserController {
     private final AppUserRepository userRepository;
     private final AppUserService appUserService;
     private final PasswordEncoder passwordEncoder;
+    private final AppUserRoleRepository appUserRoleRepository;
 
     @GetMapping("/register")
     public String showRegisterForm(Model model) {
@@ -43,8 +42,6 @@ public class UserController {
         return "login"; // src/main/resources/templates/login.html
     }
 
-    private final MailService mailService; // oder dein eigener Service
-
     @GetMapping("/reset-request")
     public String showRequestForm(Model model) {
         model.addAttribute("emailRequest", new PasswordResetRequest());
@@ -57,4 +54,20 @@ public class UserController {
         model.addAttribute("message", "Wenn ein Konto existiert, wurde eine Mail gesendet.");
         return "password_reset_request";
     }
+
+    @GetMapping("/set-password")
+    public String setNewPassword(@RequestParam String token, Model model) {
+        if (userRepository.existsByResetToken(token)) {
+            model.addAttribute("token", token);
+            return "set-password";
+        } else {
+            return "error/password_reset_request_error";
+        }
+    }
+
+    @PostMapping("/set-password")
+    public String saveNewPassword(@RequestBody PasswordConfirmRequest request){
+        appUserService.confirmPasswordReset(request);
+        return "password-reset-confirmation";
+    }
 }
diff --git a/src/main/java/it/boergmann/tkdApp/dto/PasswordConfirmRequest.java b/src/main/java/it/boergmann/tkdApp/dto/PasswordConfirmRequest.java
index a0e8eef..c8b52dc 100644
--- a/src/main/java/it/boergmann/tkdApp/dto/PasswordConfirmRequest.java
+++ b/src/main/java/it/boergmann/tkdApp/dto/PasswordConfirmRequest.java
@@ -9,4 +9,5 @@ public class PasswordConfirmRequest {
     private String token;
     @NotBlank(message = "Passwort darf nicht leer sein")
     private String newPassword;
+    private String newPasswordRepeated;
 }
diff --git a/src/main/java/it/boergmann/tkdApp/repository/AppUserRepository.java b/src/main/java/it/boergmann/tkdApp/repository/AppUserRepository.java
index 2b80024..001c229 100644
--- a/src/main/java/it/boergmann/tkdApp/repository/AppUserRepository.java
+++ b/src/main/java/it/boergmann/tkdApp/repository/AppUserRepository.java
@@ -15,6 +15,7 @@ import java.util.UUID;
 public interface AppUserRepository extends JpaRepository<AppUser, UUID> {
     boolean existsByUsername(String username); // 🔥 hier hinzufügen!
     boolean existsByEmail(String email);
+    boolean existsByResetToken(String token);
     Optional<AppUser> findByUsername(String username);
     Optional<AppUser> findByResetToken(String token);
     Optional<AppUser> findByEmailVerificationToken(String token);
diff --git a/src/main/java/it/boergmann/tkdApp/service/AppUserService.java b/src/main/java/it/boergmann/tkdApp/service/AppUserService.java
index 9114535..2955756 100644
--- a/src/main/java/it/boergmann/tkdApp/service/AppUserService.java
+++ b/src/main/java/it/boergmann/tkdApp/service/AppUserService.java
@@ -88,7 +88,7 @@ public class AppUserService {
         user.setResetExpires(LocalDateTime.now().plusHours(1));
         userRepository.save(user);
 
-        String link = "https://tkdapp.de/reset-password?token=" + user.getResetToken();
+        String link = "http://localhost:8080/set-password?token=" + user.getResetToken();
 
 
         mailService.sendMail(
diff --git a/src/main/resources/templates/error/password_reset_request_error.html b/src/main/resources/templates/error/password_reset_request_error.html
new file mode 100644
index 0000000..9b1116b
--- /dev/null
+++ b/src/main/resources/templates/error/password_reset_request_error.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>Passwort zurücksetzen</title>
+</head>
+<body>
+<h2>Fehler</h2>
+<p>kein gültiges Reset-Token</p>
+</body>
+</html>
diff --git a/src/main/resources/templates/password-reset-confirmation.html b/src/main/resources/templates/password-reset-confirmation.html
new file mode 100644
index 0000000..9e70bcc
--- /dev/null
+++ b/src/main/resources/templates/password-reset-confirmation.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Passwort zurückgesetzt</title>
+</head>
+<body>
+
+<h1>Passwort erfolgreich geändert</h1>
+<form th:action="@{/login}" method="post" th:object="${confirmationRequest}">
+    <label>Benutzername: <input type="text" name="username"/></label><br/>
+    <label>Passwort: <input type="password" name="password"/></label><br/>
+    <button type="submit">Login</button>
+</form>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/set-password.html b/src/main/resources/templates/set-password.html
new file mode 100644
index 0000000..9ba7bb9
--- /dev/null
+++ b/src/main/resources/templates/set-password.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>Passwort zurücksetzen</title>
+</head>
+<body>
+<h2>Passwort zurücksetzen</h2>
+
+<form th:action="@{/set-password}" method="post" th:object="${passwordConfirmRequest}">
+    <label>Passwort: <input type="password" name="newPassword"/></label><br/>
+    <label>Noch einmal: <input type="password" name="newPasswordRepeated"/></label><br/>
+    <input type="hidden" value=th:text="${token}"/>
+    <button type="submit">Zurücksetzen anfordern</button>
+</form>
+
+<p th:if="${message}" th:text="${message}"></p>
+</body>
+</html>