minor changes#26
Conversation
There was a problem hiding this comment.
Pull request overview
This PR refactors the 2FA verification logic by changing the error handling approach from returning a boolean to throwing exceptions. The main change converts verifyCode() from a boolean return method to a void method that throws exceptions on failure.
Key changes:
- Modified
Google2FAService.verifyCode()to throwBadRequestExceptioninstead of returning false when verification fails - Simplified
TwoFactorAuthController.verifyTOTP()to remove conditional logic, relying on exception propagation
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/main/java/dev/burgerman/bitelo/services/Google2FAService.java | Changed verifyCode method from boolean return to void with exception throwing for invalid codes |
| src/main/java/dev/burgerman/bitelo/controller/TwoFactorAuthController.java | Simplified controller by removing boolean check and conditional response logic |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
| } catch (NumberFormatException e) { | ||
| log.warn("2FA verification failed for user: {} - invalid format", userId); | ||
| throw new BadCredentialsException("Invalid code provided"); |
There was a problem hiding this comment.
Inconsistent exception handling for invalid 2FA codes. When the code format is invalid (NumberFormatException), the method throws BadCredentialsException, but when the code is valid format but incorrect, it throws BadRequestException. Both represent invalid credentials and should use the same exception type for consistency. Consider using BadRequestException with DomainErrorType.INVALID_CREDENTIALS for both cases.
| throw new BadCredentialsException("Invalid code provided"); | |
| throw new BadRequestException(userId, DomainErrorType.INVALID_CREDENTIALS); |
No description provided.