From 393fa16fa3af8859dbdd8b536422b29d5fa9a250 Mon Sep 17 00:00:00 2001 From: Naeem Ullah Date: Thu, 22 Jan 2026 16:44:55 +0500 Subject: [PATCH] Add first login password change endpoint Introduced a new /first-login endpoint in AuthenticationController to handle password changes on first login. Added corresponding constant in SecurityURI and implemented firstLogin method in UserService to update password and firstLogin status. --- .../aconnect/security/constant/SecurityURI.java | 1 + .../controller/AuthenticationController.java | 9 +++++++++ .../usermanagement/service/UserService.java | 15 +++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java b/aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java index b3c7c6f..dce9cef 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java @@ -5,5 +5,6 @@ public interface SecurityURI { String LOGIN = "/login"; String REGISTER = "/signup"; String CHANGE_PASSWORD = "/change-password"; + String FIRST_LOGIN = "/first-login"; String RESET_PASSWORD = "/reset-password"; } diff --git a/aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java b/aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java index 1d1b3a9..8b443e2 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java @@ -55,6 +55,15 @@ public class AuthenticationController { return new ResponseEntity<>(response, HttpStatus.OK); } + @PostMapping(SecurityURI.FIRST_LOGIN) + public ResponseEntity> firstLogin(@RequestBody ChangePasswordDTO request) { + String message = userService.firstLogin(request); + Map response = new HashMap<>(); + response.put("message", message); + + return new ResponseEntity<>(response, HttpStatus.OK); + } + @PostMapping(SecurityURI.RESET_PASSWORD) public ResponseEntity> resetPassword(@RequestBody ResetPasswordDTO request) { String message = userService.resetPassword(request); diff --git a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java index af6efe2..9c69ca1 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java @@ -61,6 +61,21 @@ public class UserService { return "Password changed successfully"; } + @Transactional + public String firstLogin(ChangePasswordDTO request) { + User user = userRepository.findById(request.getUserId()) + .orElseThrow(() -> new EntityNotFoundException("User not found with ID: " + request.getUserId())); + + boolean isPasswordValid = PasswordEncryptionService.verifyPassword(request.getOldPassword(), user.getPassword()); + if(!isPasswordValid) { + throw new OldPasswordNotMatch(request.getPorOrgacode()); + } + user.setPassword(passwordEncryptionService.hashPassword(request.getNewPassword())); + user.setFirstLogin(false); + userRepository.save(user); + return "Password changed successfully"; + } + @Transactional public String resetPassword(ResetPasswordDTO request) { User user = userRepository.findById(request.getUserId())