Functioning Error handeling like in API required

Author: ClaudiaDuenzinger

user-svc/src/main/java/de/tum/aet/devops25/usersvc/CustomAuthenticationEntryPoint.java

@@ -0,0 +1,55 @@
+package de.tum.aet.devops25.usersvc;
+
+import java.io.IOException;
+import java.time.OffsetDateTime;
+
+import org.springframework.http.MediaType;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import de.tum.aet.devops25.api.generated.model.ErrorResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    private final ObjectMapper objectMapper;
+
+    public CustomAuthenticationEntryPoint(ObjectMapper objectMapper) {
+        this.objectMapper = objectMapper;
+    }
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+            AuthenticationException authException) throws IOException, ServletException {
+
+        String requestURI = request.getRequestURI();
+        String authHeader = request.getHeader("Authorization");
+
+        ErrorResponse error;
+        if (authHeader == null || authHeader.isEmpty()) {
+            error = new ErrorResponse()
+                    .error("MISSING_TOKEN")
+                    .message("Authentication token is required")
+                    .path(requestURI)
+                    .status(401)
+                    .timestamp(OffsetDateTime.now());
+        } else {
+            error = new ErrorResponse()
+                    .error("INVALID_TOKEN")
+                    .message("Invalid or expired authentication token")
+                    .path(requestURI)
+                    .status(401)
+                    .timestamp(OffsetDateTime.now());
+        }
+
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        response.getWriter().write(objectMapper.writeValueAsString(error));
+    }
+}

user-svc/src/main/java/de/tum/aet/devops25/usersvc/GlobalExceptionHandler.java

@@ -0,0 +1,63 @@
+package de.tum.aet.devops25.usersvc;
+
+import java.time.OffsetDateTime;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.context.request.WebRequest;
+
+import de.tum.aet.devops25.api.generated.model.ErrorResponse;
+
+@ControllerAdvice
+public class GlobalExceptionHandler {
+
+    @ExceptionHandler(UserAlreadyExistsException.class)
+    public ResponseEntity<ErrorResponse> handleUserAlreadyExistsException(UserAlreadyExistsException ex, WebRequest request) {
+        ErrorResponse error = new ErrorResponse()
+                .error("USER_ALREADY_EXISTS")
+                .message(ex.getMessage())
+                .path(request.getDescription(false).replace("uri=", ""))
+                .status(409)
+                .timestamp(OffsetDateTime.now());
+
+        return ResponseEntity.status(HttpStatus.CONFLICT).body(error);
+    }
+
+    @ExceptionHandler(RuntimeException.class)
+    public ResponseEntity<ErrorResponse> handleRuntimeException(RuntimeException ex, WebRequest request) {
+        ErrorResponse error = new ErrorResponse()
+                .error("RUNTIME_ERROR")
+                .message(ex.getMessage())
+                .path(request.getDescription(false).replace("uri=", ""))
+                .status(500)
+                .timestamp(OffsetDateTime.now());
+
+        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(error);
+    }
+
+    @ExceptionHandler(Exception.class)
+    public ResponseEntity<ErrorResponse> handleGenericException(Exception ex, WebRequest request) {
+        ErrorResponse error = new ErrorResponse()
+                .error("INTERNAL_SERVER_ERROR")
+                .message("An unexpected error occurred")
+                .path(request.getDescription(false).replace("uri=", ""))
+                .status(500)
+                .timestamp(OffsetDateTime.now());
+
+        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(error);
+    }
+
+    @ExceptionHandler(IllegalArgumentException.class)
+    public ResponseEntity<ErrorResponse> handleIllegalArgumentException(IllegalArgumentException ex, WebRequest request) {
+        ErrorResponse error = new ErrorResponse()
+                .error("VALIDATION_ERROR")
+                .message(ex.getMessage())
+                .path(request.getDescription(false).replace("uri=", ""))
+                .status(400)
+                .timestamp(OffsetDateTime.now());
+
+        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(error);
+    }
+}

user-svc/src/main/java/de/tum/aet/devops25/usersvc/JwtAuthenticationFilter.java

@@ -7,6 +7,7 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 import org.springframework.web.filter.OncePerRequestFilter;
 
@@ -18,6 +19,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
+@Component
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
     private static final String JWT_SECRET = "my-super-long-and-secure-secret-key-1234567890!@#$"; // Use env var in production
@@ -27,6 +29,7 @@ protected void doFilterInternal(HttpServletRequest request,
             HttpServletResponse response,
             FilterChain filterChain) throws ServletException, IOException {
         String header = request.getHeader("Authorization");
+
         if (StringUtils.hasText(header) && header.startsWith("Bearer ")) {
             String token = header.substring(7);
             try {
@@ -46,9 +49,11 @@ protected void doFilterInternal(HttpServletRequest request,
                 authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                 SecurityContextHolder.getContext().setAuthentication(authentication);
             } catch (Exception e) {
-                // Invalid token, do nothing (request will be rejected by security)
+                // Invalid token - let Spring Security handle the error
+                // The CustomAuthenticationEntryPoint will be called
             }
         }
+
         filterChain.doFilter(request, response);
     }
 }

user-svc/src/main/java/de/tum/aet/devops25/usersvc/SecurityConfig.java

@@ -1,29 +1,43 @@
 package de.tum.aet.devops25.usersvc;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
 public class SecurityConfig {
 
+    @Autowired
+    private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
+
+    @Autowired
+    private JwtAuthenticationFilter jwtAuthenticationFilter;
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .csrf(csrf -> csrf.disable()) // Disable CSRF for APIs
                 .headers(headers -> headers
                 .frameOptions(frameOptions -> frameOptions.sameOrigin()) // Allow frames from same origin
                 )
-                .formLogin(form -> form.disable()) // <--- Add this line
-                .httpBasic(httpBasic -> httpBasic.disable()) // <--- And this line
+                .formLogin(form -> form.disable()) // Disable form login
+                .httpBasic(httpBasic -> httpBasic.disable()) // Disable HTTP basic auth
+                .sessionManagement(session -> session
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // Make it stateless
                 .authorizeHttpRequests(authz -> authz
                 .requestMatchers("/", "/api/users/register", "/api/users/login", "/health").permitAll()
                 .anyRequest().authenticated()
                 )
+                // Use custom authentication entry point
+                .exceptionHandling(exceptionHandling -> exceptionHandling
+                .authenticationEntryPoint(customAuthenticationEntryPoint)
+                )
                 // Register your JWT filter here:
-                .addFilterBefore(new JwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
         return http.build();
     }
 }

user-svc/src/main/java/de/tum/aet/devops25/usersvc/UserAlreadyExistsException.java

@@ -0,0 +1,12 @@
+package de.tum.aet.devops25.usersvc;
+
+public class UserAlreadyExistsException extends RuntimeException {
+
+    public UserAlreadyExistsException(String message) {
+        super(message);
+    }
+
+    public UserAlreadyExistsException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}

user-svc/src/main/java/de/tum/aet/devops25/usersvc/UserController.java

@@ -10,6 +10,7 @@
 import javax.crypto.SecretKey;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -22,7 +23,9 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import de.tum.aet.devops25.api.generated.controller.UserRegistrationApi;
+import de.tum.aet.devops25.api.generated.model.ErrorResponse;
 import de.tum.aet.devops25.api.generated.model.RegisterUserRequest;
+import de.tum.aet.devops25.api.generated.model.UpdateUserRequest;
 import de.tum.aet.devops25.api.generated.model.User;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
@@ -45,7 +48,7 @@ public UserController(UserRepository userRepository) {
     public ResponseEntity<User> registerUser(RegisterUserRequest registerUserRequest) {
         // Check if user already exists
         if (userRepository.findByEmail(registerUserRequest.getEmail()).isPresent()) {
-            return ResponseEntity.status(409).build(); // Conflict: user already exists
+            throw new UserAlreadyExistsException("User with this email already exists");
         }
 
         // Create and save new user
@@ -108,14 +111,26 @@ public Map<String, Object> getUserServiceHealth() {
     }
 
     @PostMapping("/api/users/login")
-    public ResponseEntity<LoginResponse> login(@RequestBody LoginRequest loginRequest) {
+    public ResponseEntity<?> login(@RequestBody LoginRequest loginRequest) {
         Optional<UserEntity> userOpt = userRepository.findByEmail(loginRequest.getEmail());
         if (userOpt.isEmpty()) {
-            return ResponseEntity.status(401).build();
+            ErrorResponse error = new ErrorResponse()
+                    .error("INVALID_CREDENTIALS")
+                    .message("Invalid email or password")
+                    .path("/api/users/login")
+                    .status(401)
+                    .timestamp(OffsetDateTime.now());
+            return ResponseEntity.status(401).body(error);
         }
         UserEntity user = userOpt.get();
         if (!passwordEncoder.matches(loginRequest.getPassword(), user.getPasswordHash())) {
-            return ResponseEntity.status(401).build();
+            ErrorResponse error = new ErrorResponse()
+                    .error("INVALID_CREDENTIALS")
+                    .message("Invalid email or password")
+                    .path("/api/users/login")
+                    .status(401)
+                    .timestamp(OffsetDateTime.now());
+            return ResponseEntity.status(401).body(error);
         }
 
         // Update lastLoginAt
@@ -140,13 +155,19 @@ public ResponseEntity<LoginResponse> login(@RequestBody LoginRequest loginReques
     }
 
     @GetMapping("/api/users/profile")
-    public ResponseEntity<User> getProfile() {
+    public ResponseEntity<?> getProfile() {
         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
         String userId = (String) auth.getPrincipal();
 
         Optional<UserEntity> userOpt = userRepository.findById(UUID.fromString(userId));
         if (userOpt.isEmpty()) {
-            return ResponseEntity.status(404).build();
+            ErrorResponse error = new ErrorResponse()
+                    .error("USER_NOT_FOUND")
+                    .message("User not found")
+                    .path("/api/users/profile")
+                    .status(404)
+                    .timestamp(OffsetDateTime.now());
+            return ResponseEntity.status(404).body(error);
         }
 
         UserEntity userEntity = userOpt.get();
@@ -185,7 +206,13 @@ public ResponseEntity<?> updateProfile(@RequestBody UpdateUserRequest updateRequ
 
         Optional<UserEntity> userOpt = userRepository.findById(UUID.fromString(userId));
         if (userOpt.isEmpty()) {
-            return ResponseEntity.status(404).body("User not found");
+            ErrorResponse error = new ErrorResponse()
+                    .error("USER_NOT_FOUND")
+                    .message("User not found")
+                    .path("/api/users/profile")
+                    .status(404)
+                    .timestamp(OffsetDateTime.now());
+            return ResponseEntity.status(404).body(error);
         }
         UserEntity user = userOpt.get();
 
@@ -196,8 +223,8 @@ public ResponseEntity<?> updateProfile(@RequestBody UpdateUserRequest updateRequ
         if (updateRequest.getLastName() != null) {
             user.setLastName(updateRequest.getLastName());
         }
-        if (updateRequest.getEmail() != null) {
-            user.setEmail(updateRequest.getEmail());
+        if (updateRequest.getIsActive() != null) {
+            user.setActive(updateRequest.getIsActive());
         }
         if (updateRequest.getPreferences() != null) {
             // Get existing preferences or create new ones
@@ -229,14 +256,30 @@ public ResponseEntity<?> updateProfile(@RequestBody UpdateUserRequest updateRequ
         user.setUpdatedAt(OffsetDateTime.now());
 
         // Add more fields as needed
-        userRepository.save(user);
+        UserEntity savedUser = userRepository.save(user);
+
+        // Map to API User model and return
+        User userResponse = new User()
+                .id(savedUser.getId())
+                .email(savedUser.getEmail())
+                .firstName(savedUser.getFirstName())
+                .lastName(savedUser.getLastName())
+                .isActive(savedUser.isActive())
+                .preferences(UserPreferencesMapper.toDto(savedUser.getPreferences()))
+                .createdAt(savedUser.getCreatedAt())
+                .updatedAt(savedUser.getUpdatedAt());
+
+        // Handle lastLoginAt properly
+        if (savedUser.getLastLoginAt() != null) {
+            userResponse.lastLoginAt(savedUser.getLastLoginAt());
+        }
 
-        return ResponseEntity.ok("Profile updated successfully");
+        return ResponseEntity.ok(userResponse);
     }
 
     @PostMapping("/api/users/logout")
     public ResponseEntity<?> logout() {
-        // For stateless JWT, just return 200 OK.
-        return ResponseEntity.ok("Logged out successfully");
+        // For stateless JWT, just return 200 OK with a simple message
+        return ResponseEntity.ok().body("Logged out successfully");
     }
 }