Merge pull request #41 from Stephenson-Software/copilot/identify-spring-security-opportunities

Better utilize Spring Security — remove reinvented wheel patterns

Author: dmccoystephenson

backend/src/main/java/com/accordion/controller/UserController.java

@@ -13,6 +13,7 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Map;
@@ -103,11 +104,11 @@ public ResponseEntity<?> login(@RequestBody LoginRequest request) {
         }
 
         try {
-            authenticationManager.authenticate(
+            Authentication authentication = authenticationManager.authenticate(
                 new UsernamePasswordAuthenticationToken(username.trim(), password)
             );
 
-            User user = userService.findByUsername(username.trim())
+            User user = userService.findByUsername(authentication.getName())
                     .orElseThrow(() -> new BadCredentialsException("Invalid credentials"));
 
             String token = jwtUtil.generateToken(user.getUsername());

backend/src/main/java/com/accordion/security/WebSocketAuthInterceptor.java

@@ -10,7 +10,6 @@
 import org.springframework.messaging.support.ChannelInterceptor;
 import org.springframework.messaging.support.MessageHeaderAccessor;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 
@@ -55,7 +54,6 @@ public Message<?> preSend(Message<?> message, MessageChannel channel) {
                 UsernamePasswordAuthenticationToken authentication = 
                     new UsernamePasswordAuthenticationToken(
                         userDetails, null, userDetails.getAuthorities());
-                SecurityContextHolder.getContext().setAuthentication(authentication);
                 accessor.setUser(authentication);
 
                 logger.debug("WebSocket CONNECT authenticated for user '{}'", username);

backend/src/main/java/com/accordion/service/UserService.java

@@ -44,8 +44,4 @@ public boolean userExists(String username) {
     public Optional<User> findByUsername(String username) {
         return userRepository.findByUsername(username);
     }
-
-    public boolean verifyPassword(String rawPassword, String encodedPassword) {
-        return passwordEncoder.matches(rawPassword, encodedPassword);
-    }
 }

backend/src/test/java/com/accordion/controller/UserControllerTest.java

@@ -17,6 +17,7 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.web.servlet.MockMvc;
 
@@ -125,9 +126,11 @@ void testRegister_UsernameExists() throws Exception {
     @Test
     void testLogin_Success() throws Exception {
         LoginRequest request = new LoginRequest("testuser", "Password1");
-        
+
+        Authentication mockAuthentication = mock(Authentication.class);
+        when(mockAuthentication.getName()).thenReturn("testuser");
         when(authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class)))
-                .thenReturn(null);
+                .thenReturn(mockAuthentication);
         when(userService.findByUsername("testuser")).thenReturn(Optional.of(testUser));
         when(jwtUtil.generateToken("testuser")).thenReturn("test.jwt.token");
 

backend/src/test/java/com/accordion/service/UserServiceTest.java

@@ -96,32 +96,6 @@ void testRegisterUser_UsernameExists() {
         verify(userRepository, never()).save(any(User.class));
     }
 
-    @Test
-    void testVerifyPassword_Correct() {
-        String rawPassword = "Password123";
-        String encodedPassword = "$2a$10$encodedPasswordHash";
-        
-        when(passwordEncoder.matches(rawPassword, encodedPassword)).thenReturn(true);
-
-        boolean result = userService.verifyPassword(rawPassword, encodedPassword);
-
-        assertTrue(result);
-        verify(passwordEncoder, times(1)).matches(rawPassword, encodedPassword);
-    }
-
-    @Test
-    void testVerifyPassword_Incorrect() {
-        String rawPassword = "WrongPassword";
-        String encodedPassword = "$2a$10$encodedPasswordHash";
-        
-        when(passwordEncoder.matches(rawPassword, encodedPassword)).thenReturn(false);
-
-        boolean result = userService.verifyPassword(rawPassword, encodedPassword);
-
-        assertFalse(result);
-        verify(passwordEncoder, times(1)).matches(rawPassword, encodedPassword);
-    }
-
     @Test
     void testUserExists_True() {
         when(userRepository.existsByUsername("testuser")).thenReturn(true);