Class UserService

java.lang.Object
vaultWeb.services.UserService

@Service public class UserService extends Object
Service class for managing users.

Provides functionality for user registration, checking for existing usernames, and retrieving all users. Passwords are securely encoded before storing.

  • Constructor Details

    • UserService

      public UserService()
  • Method Details

    • registerUser

      public void registerUser(User user)
      Registers a new user by encoding their password and assigning the default role.

      Steps performed by this method:

      1. Check if the username already exists in the database. If so, throw DuplicateUsernameException.
      2. Encode the plaintext password using the injected PasswordEncoder.
      3. Save the user entity with the hashed password to the database via UserRepository.

      Important: - The PasswordEncoder bean must match the encoder used during authentication to correctly verify passwords.

      Parameters:
      user - The User entity containing username and plaintext password.
      Throws:
      DuplicateUsernameException - if a user with the same username already exists.
    • usernameExists

      public boolean usernameExists(String username)
      Checks if a username already exists in the database.
      Parameters:
      username - The username to check.
      Returns:
      true if the username exists, false otherwise.
    • getAllUsers

      public List<User> getAllUsers()
      Retrieves a list of all registered users.
      Returns:
      A List of User entities.
    • changePassword

      public void changePassword(User user, String currentPassword, String newPassword)
      Allows an authenticated user to change their password after validating the old password.
      Parameters:
      user - The authenticated User requesting the change.
      currentPassword - The plaintext current password provided by the user.
      newPassword - The new plaintext password to set.
      Throws:
      UnauthorizedException - if the user is null or the current password is invalid.
    • getSecurityEvents

      public List<SecurityEventDto> getSecurityEvents(User user)
      Retrieves recent security events for a specific user, ordered chronologically (newest first).
    • logSecurityEvent

      public void logSecurityEvent(User user, SecurityEventType eventType, String status, jakarta.servlet.http.HttpServletRequest request, String deviceId)
      Manually logs a security event (e.g. for external/custom actions).
    • updateProfilePicture

      public void updateProfilePicture(User user, String picturePath)
      Saves a profile picture path to the user's record in the database.
    • removeProfilePicture

      public void removeProfilePicture(User user)
      Clears the profile picture from the user's database record (sets it to null).