我目前有一个具有正常登录和注册页面的应用程序。一切都进行得很顺利,所有测试用例都可以正常工作,直到出现密码要求唯一的情况为止。如果用户使用与现有密码相同的密码登录,将引发错误。有人可以引导我朝正确的方向解决这个错误吗?我会认为这将是控制器中的某件事,但我不确定100%。我也在使用内置的h2内存数据库。
编辑:我也刚刚测试了另一个用例,我没有检查放入的关联电子邮件是否具有正确的密码,我只是检查放入的数据是否在数据库中。
这是主控制器
@Controller
@SessionAttributes("name")
public class MainController {
@Autowired
private AccountRepository accountRepo;
public MainController(AccountRepository accountRepo) {
this.accountRepo = accountRepo;
}
@RequestMapping(value="/registration", method = RequestMethod.POST)
public String registerAccount(@ModelAttribute("accountForm") AccountEntity accountForm, BindingResult bindingResult, Model model){
if (bindingResult.hasErrors()) {
return "error";
}
//Grabs information from view and saves them to attribute to save to database
model.addAttribute("userName", accountForm.getUserName());
model.addAttribute("email", accountForm.getEmail());
model.addAttribute("firstName", accountForm.getFirstName());
model.addAttribute("lastName", accountForm.getLastName());
model.addAttribute("password", accountForm.getPassword());
model.addAttribute("age", accountForm.getAge());
//model.addAttribute("gender", accountForm.getGender());
//Email Verification
String randomVerificationCode = RandomString.make(64);
accountForm.setVerificationCode(randomVerificationCode);
AccountEntity emailChecker = accountRepo.findByEmail(accountForm.getEmail());
AccountEntity usernameChecker = accountRepo.findByUserName(accountForm.getUserName());
//checks if an email and username are unique;
//if email or username already exists in database, throws error
if(emailChecker != null || usernameChecker != null){
System.out.println("the email or username already exists");
return "redirect:registration";
}
else{
accountRepo.save(accountForm);
return "redirect:login";
}
}
@RequestMapping(value="/login", method = RequestMethod.GET)
public String showLoginPage(ModelMap model){
model.addAttribute("login", new AccountEntity());
return "login";
}
@RequestMapping(value="/login", method = RequestMethod.POST)
public String submitLoginIn(@ModelAttribute("login") AccountEntity account){
AccountEntity accountFormEmail = accountRepo.findByEmail(account.getEmail());
AccountEntity accountFormPassword = accountRepo.findByPassword(account.getPassword());
// Can't login if passwords are the same as an existing account --> need to fix
if(accountFormEmail == null || accountFormPassword == null)
{
System.out.print("Account does not exist");
return "redirect:login";
}
else {
System.out.print("account exist");
return "redirect:welcome"; //Change later
}
}
}
这是AccountEntity
package com.CSCI4050.TermProject.CovidWebsite.entities;
import javax.management.relation.Role;
import javax.persistence.*;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Size;
import java.util.Set;
@Entity (name = "user")
public class AccountEntity {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
private String firstName;
private String lastName;
private String userName;
private String email;
private String password;
//private String gender;
private Integer age;
private String verificationCode;
//Getters and Setters
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return id;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getFirstName() {
return firstName;
}
public String getLastName() {
return lastName;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
/*
public String getGender() {
return gender;
}
public void setGender(String gender) {
this.gender = gender;
}
*/
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
public String getVerificationCode() {
return verificationCode;
}
public void setVerificationCode(String verificationCode) {
this.verificationCode = verificationCode;
}
}
这是login.jsp
<%@ page import="java.net.URLDecoder" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<html>
<head>
<!-- Required MetaFiles -->
<meta name="content-type" content="text-html" charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="keywords" content="keyword1, keyword2, keyword3">
<meta name="description" content="this is my page">
<!-- Webjars for Bootstrap and Jquery -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
<style><%@include file="/WEB-INF/css/login.css"%></style>
<title>Login</title>
</head>
<body>
<%--@elvariable id="login" type=""--%>
<form:form modelAttribute="login" >
<div class="form-group container" id="positionOfLogin" style="text-align: center">
<div>
<form:input type="email"
class="form-control MyInput"
id="email"
style="display: inline; width: 300px;"
placeholder="[email protected]"
path="email"/>
</div>
<div>
<form:input type="password"
name="password"
class="form-control MyInput"
id="password"
placeholder="password"
path="password"/>
</div>
<div>
<form:button type="submit" style="text-align: center" class="form-control MyButton">Login</form:button>
</div>
<div>
<a href="/registration"
type="submit" class="form-control MyButton" >Sign Up</a>
</div>
</div>
</form:form>
</body>
</html>```
如果您的密码以普通格式保存,则当前逻辑正常。但是安全级别太低。我建议您使用MD5对密码进行编码,然后保存到数据库。用MD5编码的相同字符串具有相同的结果。因此,您可以避免在数据库中保存普通密码。
MD5编码器当前不安全,因为有更多的解码器在线方式。您应该很好地保护数据库。这是建议用户定期更改密码的好方法。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句