Fix and complete the refactorization of the service methods related to password recovery

Author: CAPELLAX02

backend/src/main/java/com/x/backend/exceptions/auth/InvalidLoginCredentialsException.java

@@ -1,7 +1,10 @@
 package com.x.backend.exceptions.auth;
 
 import com.x.backend.exceptions.CustomRuntimeException;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
 
+@ResponseStatus(HttpStatus.UNAUTHORIZED)
 public class InvalidLoginCredentialsException extends CustomRuntimeException {
     public InvalidLoginCredentialsException() {
         super("Invalid login credentials");

backend/src/main/java/com/x/backend/models/user/auth/EmailVerificationToken.java

@@ -9,7 +9,7 @@
 @Table(
         name = "email_verification_tokens",
         uniqueConstraints = {
-        w        @UniqueConstraint(
+                @UniqueConstraint(
                         name = "uq_email_verification_user",
                         columnNames = { "user_id" }
                 )

backend/src/main/java/com/x/backend/services/auth/AuthenticationServiceImpl.java

@@ -238,15 +238,14 @@ public BaseApiResponse<SendPasswordRecoveryEmailResponse> sendPasswordRecoveryEm
         String hashedCode = SecureCodeManager.encode(rawCode, passwordEncodingConfig.passwordEncoder());
         Instant expiry = Instant.now().plusSeconds(300);
 
+        passwordRecoveryTokenRepository.deleteByUser_Username(user.getUsername());
+
         PasswordRecoveryToken passwordRecoveryToken = new PasswordRecoveryToken();
         passwordRecoveryToken.setHashedCode(hashedCode);
         passwordRecoveryToken.setExpiry(expiry);
         passwordRecoveryToken.setUser(user);
         passwordRecoveryTokenRepository.save(passwordRecoveryToken);
 
-        passwordRecoveryTokenRepository.deleteByUser_Username(user.getUsername());
-        passwordRecoveryTokenRepository.save(passwordRecoveryToken);
-
         EmailDispatcher.sendPasswordRecoveryEmail(mailService, user.getEmail(), user.getFullName(), rawCode);
 
         SendPasswordRecoveryEmailResponse res = new SendPasswordRecoveryEmailResponse(expiry);
@@ -267,21 +266,21 @@ public BaseApiResponse<SendPasswordRecoveryEmailResponse> resendPasswordRecovery
         String hashedCode = SecureCodeManager.encode(rawCode, passwordEncodingConfig.passwordEncoder());
         Instant expiry = Instant.now().plusSeconds(300);
 
-        PasswordRecoveryToken newPasswordRecoveryToken = new PasswordRecoveryToken();
-        newPasswordRecoveryToken.setHashedCode(hashedCode);
-        newPasswordRecoveryToken.setExpiry(expiry);
-        newPasswordRecoveryToken.setUser(user);
-        passwordRecoveryTokenRepository.save(newPasswordRecoveryToken);
-
         passwordRecoveryTokenRepository.deleteByUser_Username(user.getUsername());
-        passwordRecoveryTokenRepository.save(newPasswordRecoveryToken);
+
+        PasswordRecoveryToken newPasswordRecoveryCode = new PasswordRecoveryToken();
+        newPasswordRecoveryCode.setHashedCode(hashedCode);
+        newPasswordRecoveryCode.setExpiry(expiry);
+        newPasswordRecoveryCode.setUser(user);
+        passwordRecoveryTokenRepository.save(newPasswordRecoveryCode);
 
         EmailDispatcher.sendPasswordRecoveryEmail(mailService, user.getEmail(), user.getFullName(), rawCode);
 
         SendPasswordRecoveryEmailResponse res = new SendPasswordRecoveryEmailResponse(expiry);
         return BaseApiResponse.success(res, "New password recovery code sent via email.");
     }
 
+
     @Override
     public BaseApiResponse<String> recoverPassword(RecoverPasswordRequest req) {
         ApplicationUser user = getUserByEmail(req.email());

backend/src/main/resources/application.yml

@@ -13,7 +13,7 @@ spring:
     database-platform: org.hibernate.dialect.PostgreSQLDialect
     hibernate:
       ddl-auto: update
-    show-sql: true
+    show-sql: false
     properties:
       hibernate:
         format_sql: true