Create error handling mechanisms for token errors

Author: patrick-emmanuel

src/main/java/com/springboilerplate/springboilerplate/controller/UserController.java

@@ -40,7 +40,7 @@ public UserController(UserService userService, TokenAuthenticationService tokenA
     @PostMapping(path="/register")
     public ResponseEntity<?> registerUser(@Valid @RequestBody UserDto user) throws Exception {
         final User registeredUser = userService.saveUser(user, RoleType.USER);
-        String token = tokenAuthenticationService.createUserToken(registeredUser);
+        s
         HttpHeaders responseHeaders = new HttpHeaders();
         responseHeaders.set(TokenAuthenticationService.AUTH_HEADER_NAME, token);
         return new ResponseEntity<>("Registered and Logged in", responseHeaders, HttpStatus.CREATED);

src/main/java/com/springboilerplate/springboilerplate/exceptions/CentralizedExceptionHandler.java

@@ -1,10 +1,56 @@
 package com.springboilerplate.springboilerplate.exceptions;
 
 
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.validation.FieldError;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.MissingServletRequestParameterException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.context.request.WebRequest;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
 
+import java.util.List;
+import java.util.stream.Collectors;
+
 @ControllerAdvice
 public class CentralizedExceptionHandler extends ResponseEntityExceptionHandler {
 
+    @Override
+    protected ResponseEntity<Object> handleMissingServletRequestParameter(
+            MissingServletRequestParameterException exception, HttpHeaders headers,
+            HttpStatus status, WebRequest request){
+        logger.error("Missing servlet request parameter exception.");
+        String error = String.format("%s parameter is missing", exception.getParameterName());
+        ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, exception.getLocalizedMessage(), error);
+        return new ResponseEntity<>(apiError, new HttpHeaders(), apiError.getStatus());
+    }
+
+    @Override
+    protected ResponseEntity<Object> handleMethodArgumentNotValid(MethodArgumentNotValidException exception, HttpHeaders headers,
+                                                                  HttpStatus status, WebRequest request){
+        logger.error("Method argument not valid.");
+        List<FieldError> fieldErrors = exception.getBindingResult().getFieldErrors();
+        String error = fieldErrors.stream()
+                .map(fieldError -> fieldError.getField() + " : " + fieldError.getDefaultMessage())
+                .collect(Collectors.joining());
+        ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, exception.getMessage(), error);
+        return new ResponseEntity<>(apiError, apiError.getStatus());
+    }
+
+    @ExceptionHandler({ExpiredTokenException.class})
+    public ResponseEntity<Object> handleExpiredTokenException(ExpiredTokenException ex, WebRequest webRequest){
+        String error = ex.getMessage();
+        ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getMessage(), error);
+        return new ResponseEntity<>(apiError, apiError.getStatus());
+    }
+
+    @ExceptionHandler({InvalidTokenException.class})
+    public ResponseEntity<Object> handleInvalidTokenException(InvalidTokenException ex, WebRequest webRequest){
+        String error = ex.getMessage();
+        ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getMessage(), error);
+        return new ResponseEntity<>(apiError, apiError.getStatus());
+    }
 }

src/main/java/com/springboilerplate/springboilerplate/exceptions/ExpiredTokenException.java

@@ -0,0 +1,8 @@
+package com.springboilerplate.springboilerplate.exceptions;
+
+public class ExpiredTokenException extends RuntimeException {
+
+    public ExpiredTokenException(String message) {
+        super(message);
+    }
+}

src/main/java/com/springboilerplate/springboilerplate/exceptions/InvalidTokenException.java

@@ -0,0 +1,8 @@
+package com.springboilerplate.springboilerplate.exceptions;
+
+public class InvalidTokenException extends RuntimeException {
+
+    public InvalidTokenException(String message) {
+        super(message);
+    }
+}

src/main/java/com/springboilerplate/springboilerplate/model/PasswordResetToken.java

@@ -17,6 +17,7 @@ public class PasswordResetToken {
 
     @Id
     @GeneratedValue(strategy= GenerationType.IDENTITY)
+    @Column(name = "password_reset_token_id")
     public Long getId() {
         return id;
     }

src/main/java/com/springboilerplate/springboilerplate/security/StatelessAuthenticationFilter.java

@@ -26,7 +26,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         chain.doFilter(request, response);
     }
 
-    private void setAuthenticationFromHeader(HttpServletRequest request) {
+    private void setAuthenticationFromHeader(HttpServletRequest request){
         final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (!(authentication instanceof UserAuthentication)) {
             final UserAuthentication userAuthentication = tokenAuthenticationService.

src/main/java/com/springboilerplate/springboilerplate/security/TokenHandler.java

@@ -5,6 +5,8 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.datatype.jsr310.JSR310Module;
+import com.springboilerplate.springboilerplate.exceptions.ExpiredTokenException;
+import com.springboilerplate.springboilerplate.exceptions.InvalidTokenException;
 import com.springboilerplate.springboilerplate.model.User;
 import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
 import org.springframework.stereotype.Component;
@@ -38,25 +40,37 @@ public TokenHandler(byte[] secretKey) {
 
     public User parseUserFromToken(String token) {
         final String[] parts = token.split(SEPARATOR_SPLITTER);
-        if (parts.length == 2 && parts[0].length() > 0 && parts[1].length() > 0) {
+        if (validToken(parts)) {
             try {
                 final byte[] userBytes = fromBase64(parts[0]);
                 final byte[] hash = fromBase64(parts[1]);
-
                 boolean validHash = Arrays.equals(createHmac(userBytes), hash);
-                if (validHash) {
-                    final User user = fromJSON(userBytes);
-                    if (new Date().getTime() <  user.getExpires()) {
-                        return user;
-                    }
-                }
+                final User user = getUser(userBytes, validHash);
+                if (user != null) return user;
             } catch (IllegalArgumentException e) {
                 //log tempering attempt here
             }
         }
         return null;
     }
 
+    private User getUser(byte[] userBytes, boolean validHash) {
+        if (validHash) {
+            final User user = fromJSON(userBytes);
+            long currentTime = new Date().getTime();
+            if (currentTime <  user.getExpires()) {
+                return user;
+            }else {
+                throw new ExpiredTokenException("User token has expired.");
+            }
+        }
+        throw new InvalidTokenException("The token is not valid");
+    }
+
+    private boolean validToken(String parts[]){
+        return parts.length == 2 && parts[0].length() > 0 && parts[1].length() > 0;
+    }
+
     public String createTokenForUser(User user) {
         byte[] userBytes = toJSON(user);
         byte[] hash = createHmac(userBytes);

src/main/resources/application.properties

@@ -5,7 +5,7 @@ server.port=8080
 
 spring.jpa.database=POSTGRESQL
 spring.datasource.platform=postgres
-spring.jpa.hibernate.ddl-auto=create-drop
+spring.jpa.hibernate.ddl-auto=validate
 spring.database.driverClassName=org.postgresql.Driver
 spring.datasource.url=jdbc:postgresql://localhost:5432/boilerplate
 spring.datasource.username=postgres