From 37539185262b7e7dce678ef2d659eb8f708793d8 Mon Sep 17 00:00:00 2001
From: Naeem Ullah <enaeemullah@gmail.com>
Date: Thu, 29 Jan 2026 14:58:13 +0500
Subject: [PATCH 1/3] Update TransactionLogService.java

---
 .../mfsys/aconnect/client/service/TransactionLogService.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionLogService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionLogService.java
index 43d9b84..151a232 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionLogService.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionLogService.java
@@ -105,7 +105,7 @@ public class TransactionLogService {
         transactionLog.setCrMbmbkmsnumber(glToAccountDTO.getCreditAcc().getMbmBkmsnumber());
         transactionLog.setDrMbmbkmsnumber("");
         transactionLog.setCrPcaglacode("");
-        transactionLog.setDrPcaGlacode("");
+        transactionLog.setDrPcaGlacode(glToAccountDTO.getDebitGl().getPcaGlaccode());
         transactionLog.setPpmPymdcode(glToAccountDTO.getPpmPymdcode());
         transactionLog.setSgtGntrdate(glToAccountDTO.getSgtGntrvaluedate());
         transactionLog.setCreatedAt(LocalDateTime.now());

From c969d35b26786ce8828cfa9e5204107d94373663 Mon Sep 17 00:00:00 2001
From: Naeem Ullah <enaeemullah@gmail.com>
Date: Thu, 29 Jan 2026 15:44:19 +0500
Subject: [PATCH 2/3] Prevent reuse of old password during password change

Added NewPasswordException and updated UserService to throw this exception if the new password matches the current password. Introduced a new error code ERR_SEC_0007 for this scenario and added a matches method to PasswordEncryptionService for password comparison.
---
 .../exceptions/NewPasswordException.java         | 10 ++++++++++
 .../usermanagement/service/UserService.java      | 16 +++++++++-------
 .../common/configuration/constant/ERRCode.java   |  3 ++-
 .../service/PasswordEncryptionService.java       |  4 ++++
 4 files changed, 25 insertions(+), 8 deletions(-)
 create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/usermanagement/exceptions/NewPasswordException.java

diff --git a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/exceptions/NewPasswordException.java b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/exceptions/NewPasswordException.java
new file mode 100644
index 0000000..483449a
--- /dev/null
+++ b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/exceptions/NewPasswordException.java
@@ -0,0 +1,10 @@
+package com.mfsys.aconnect.usermanagement.exceptions;
+
+import com.mfsys.common.configuration.constant.ERRCode;
+import com.mfsys.common.configuration.exception.ApplicationException;
+
+public class NewPasswordException extends ApplicationException {
+    public NewPasswordException(String porOrgacode) {
+        super(porOrgacode, ERRCode.NEW_PASSWORD);
+    }
+}
\ No newline at end of file
diff --git a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
index 492cc2e..c3fd6f5 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
@@ -3,6 +3,7 @@ package com.mfsys.aconnect.usermanagement.service;
 import com.mfsys.aconnect.security.dto.ChangePasswordDTO;
 import com.mfsys.aconnect.security.dto.ResetPasswordDTO;
 import com.mfsys.aconnect.usermanagement.exceptions.EmailAlreadyExistException;
+import com.mfsys.aconnect.usermanagement.exceptions.NewPasswordException;
 import com.mfsys.aconnect.usermanagement.exceptions.OldPasswordNotMatch;
 import com.mfsys.aconnect.usermanagement.exceptions.UsernameAlreadyExistException;
 import com.mfsys.aconnect.usermanagement.model.Role;
@@ -55,9 +56,8 @@ public class UserService {
     User user = userRepository.findById(request.getUserId())
             .orElseThrow(() -> new EntityNotFoundException("User not found with ID: " + request.getUserId()));
 
-    boolean isPasswordValid = PasswordEncryptionService.verifyPassword(request.getOldPassword(), user.getPassword());
-    if(!isPasswordValid) {
-      throw new OldPasswordNotMatch(request.getPorOrgacode());
+    if (passwordEncryptionService.matches(request.getNewPassword(), user.getPassword())) {
+      throw new NewPasswordException(request.getPorOrgacode());
     }
     user.setPassword(passwordEncryptionService.hashPassword(request.getNewPassword()));
     userRepository.save(user);
@@ -69,10 +69,9 @@ public class UserService {
         User user = userRepository.findById(request.getUserId())
                 .orElseThrow(() -> new EntityNotFoundException("User not found with ID: " + request.getUserId()));
 
-        boolean isPasswordValid = PasswordEncryptionService.verifyPassword(request.getOldPassword(), user.getPassword());
-        if(!isPasswordValid) {
-            throw new OldPasswordNotMatch(request.getPorOrgacode());
-        }
+      if (passwordEncryptionService.matches(request.getNewPassword(), user.getPassword())) {
+        throw new NewPasswordException(request.getPorOrgacode());
+      }
         user.setPassword(passwordEncryptionService.hashPassword(request.getNewPassword()));
         user.setFirstLogin(false);
         userRepository.save(user);
@@ -84,6 +83,9 @@ public class UserService {
     User user = userRepository.findById(request.getUserId())
             .orElseThrow(() -> new EntityNotFoundException("User not found with ID: " + request.getUserId()));
 
+    if (passwordEncryptionService.matches(request.getNewPassword(), user.getPassword())) {
+      throw new NewPasswordException(request.getPorOrgacode());
+    }
     user.setPassword(passwordEncryptionService.hashPassword(request.getNewPassword()));
     userRepository.save(user);
     return "Password changed successfully";
diff --git a/common/src/main/java/com/mfsys/common/configuration/constant/ERRCode.java b/common/src/main/java/com/mfsys/common/configuration/constant/ERRCode.java
index bb04c39..542631d 100644
--- a/common/src/main/java/com/mfsys/common/configuration/constant/ERRCode.java
+++ b/common/src/main/java/com/mfsys/common/configuration/constant/ERRCode.java
@@ -15,7 +15,8 @@ public enum ERRCode implements ErrorMessage {
     MISSING_GL_CODE("ERR_GL_0001","Credit and Debit GL codes are required"),
     SAMEGLCODE("ERR_GL_0002","Credit and Debit GL codes must be different"),
     MISSING_ACCOUNT_NUMBER("ERR_ACCT_0001","Account number is required"),
-    SAMEACCOUNTNUMBER("ERR_ACCT_0002","Account number must be different");
+    SAMEACCOUNTNUMBER("ERR_ACCT_0002","Account number must be different"),
+    NEW_PASSWORD("ERR_SEC_0007","New password cannot be same as old password");
 
 
 
diff --git a/common/src/main/java/com/mfsys/common/configuration/service/PasswordEncryptionService.java b/common/src/main/java/com/mfsys/common/configuration/service/PasswordEncryptionService.java
index 46962bc..2c247aa 100644
--- a/common/src/main/java/com/mfsys/common/configuration/service/PasswordEncryptionService.java
+++ b/common/src/main/java/com/mfsys/common/configuration/service/PasswordEncryptionService.java
@@ -14,4 +14,8 @@ public class PasswordEncryptionService {
     return BCrypt.checkpw(plainPassword, hashedPassword);
   }
 
+  public boolean matches(String rawPassword, String encodedPassword) {
+    return BCrypt.checkpw(rawPassword, encodedPassword);
+  }
+
 }

From 7e9b314127ad8d5b721461c7461da4aedcca85ba Mon Sep 17 00:00:00 2001
From: Naeem Ullah <enaeemullah@gmail.com>
Date: Thu, 29 Jan 2026 16:02:31 +0500
Subject: [PATCH 3/3] Add ptrTrancode to DTOs and use in TransactionLogService

Introduced the ptrTrancode field to AccountToAccountDTO and GlToAccountDTO. Updated TransactionLogService to set the transaction code from the new ptrTrancode field instead of using an empty string.
---
 .../com/mfsys/aconnect/client/dto/AccountToAccountDTO.java  | 1 +
 .../java/com/mfsys/aconnect/client/dto/GlToAccountDTO.java  | 1 +
 .../aconnect/client/service/TransactionLogService.java      | 6 ++----
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/dto/AccountToAccountDTO.java b/aconnect/src/main/java/com/mfsys/aconnect/client/dto/AccountToAccountDTO.java
index d6049e9..be3fd19 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/client/dto/AccountToAccountDTO.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/client/dto/AccountToAccountDTO.java
@@ -16,6 +16,7 @@ public class AccountToAccountDTO {
     private String plcLocacode;
     private String porOrgacode;
     private String ppmPymdcode;
+    private String ptrTrancode;
     private String sgtGntrcreateusr;
     private String sgtGntrnarration;
     private LocalDate sgtGntrvaluedate;
diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/dto/GlToAccountDTO.java b/aconnect/src/main/java/com/mfsys/aconnect/client/dto/GlToAccountDTO.java
index 2d63607..2bfe1e4 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/client/dto/GlToAccountDTO.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/client/dto/GlToAccountDTO.java
@@ -17,6 +17,7 @@ public class GlToAccountDTO {
     private String plcLocacode;
     private String porOrgacode;
     private String ppmPymdcode;
+    private String ptrTrancode;
     private String sgtGntrcreateusr;
     private String sgtGntrnarration;
     private LocalDate sgtGntrvaluedate;
diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionLogService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionLogService.java
index 151a232..cd22545 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionLogService.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionLogService.java
@@ -93,7 +93,7 @@ public class TransactionLogService {
         transactionLog.setUpdatedAt(LocalDateTime.now());
         transactionLog.setSgtGntrdate(accountToAccountDTO.getSgtGntrvaluedate());
         transactionLog.setTransactionUri(URI);
-        transactionLog.setTransactionCode("");
+        transactionLog.setTransactionCode(accountToAccountDTO.getPtrTrancode());
         return transactionLogRepository.save(transactionLog);
     }
 
@@ -105,14 +105,12 @@ public class TransactionLogService {
         transactionLog.setCrMbmbkmsnumber(glToAccountDTO.getCreditAcc().getMbmBkmsnumber());
         transactionLog.setDrMbmbkmsnumber("");
         transactionLog.setCrPcaglacode("");
-        transactionLog.setDrPcaGlacode(glToAccountDTO.getDebitGl().getPcaGlaccode());
-        transactionLog.setPpmPymdcode(glToAccountDTO.getPpmPymdcode());
         transactionLog.setSgtGntrdate(glToAccountDTO.getSgtGntrvaluedate());
         transactionLog.setCreatedAt(LocalDateTime.now());
         transactionLog.setUpdatedAt(LocalDateTime.now());
         transactionLog.setSgtGntrdate(glToAccountDTO.getSgtGntrvaluedate());
         transactionLog.setTransactionUri(URI);
-        transactionLog.setTransactionCode("");
+        transactionLog.setTransactionCode(glToAccountDTO.getPtrTrancode());
         return transactionLogRepository.save(transactionLog);
     }
 }