Merge pull request #19 from thongdanghoang/hotfix/18

fix(auth): Correct security authentication logic
thongdanghoang · Oct 27, 2023 · efe5493 · efe5493
2 parents e5ebd5f + 178ec13
commit efe5493
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/...a/fptu/swp391/shoppingcart/user/authentication/service/AuthenticationProviderService.java b/...a/fptu/swp391/shoppingcart/user/authentication/service/AuthenticationProviderService.java
@@ -1,7 +1,6 @@
 package fptu.swp391.shoppingcart.user.authentication.service;
 
 import fptu.swp391.shoppingcart.user.authentication.model.CustomUserDetails;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -14,11 +13,14 @@
 
 @Service
 public class AuthenticationProviderService implements AuthenticationProvider {
-    @Autowired
-    private JpaUserDetailsService userDetailsService;
+    private final JpaUserDetailsService userDetailsService;
 
-    @Autowired
-    private BCryptPasswordEncoder bCryptPasswordEncoder;
+    private final BCryptPasswordEncoder bCryptPasswordEncoder;
+
+    public AuthenticationProviderService(JpaUserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
+        this.userDetailsService = userDetailsService;
+        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
+    }
 
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
@@ -27,9 +29,9 @@ public Authentication authenticate(Authentication authentication) throws Authent
 
         CustomUserDetails userDetails = userDetailsService.loadUserByUsername(username);
 
-        if (!userDetails.getUser().isEnabled() && (userDetails.getUser().getDisabledUntil().isAfter(LocalDateTime.now()))){
-                throw new BadCredentialsException("Account is disabled, please try again later until "
-                        + userDetails.getUser().getDisabledUntil());
+        if (!userDetails.getUser().isEnabled() || (userDetails.getUser().getDisabledUntil().isAfter(LocalDateTime.now()))) {
+            throw new BadCredentialsException("Account is disabled, please try again later until "
+                    + userDetails.getUser().getDisabledUntil());
         }
         if (bCryptPasswordEncoder.matches(password, userDetails.getPassword())) {
             return new UsernamePasswordAuthenticationToken(userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities());