fix: signInResource

Author: matheusandre1

timeless-api/src/main/java/dev/matheuscruz/presentation/SignInResource.java

@@ -2,10 +2,14 @@
 
 import dev.matheuscruz.domain.User;
 import dev.matheuscruz.domain.UserRepository;
+import dev.matheuscruz.infra.security.AESAdapter;
 import dev.matheuscruz.infra.security.BCryptAdapter;
 import dev.matheuscruz.infra.security.Groups;
 import io.quarkus.panache.common.Parameters;
 import io.smallrye.jwt.build.Jwt;
+import jakarta.persistence.EntityManager;
+import jakarta.persistence.NoResultException;
+import jakarta.transaction.Transactional;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.NotBlank;
@@ -15,22 +19,61 @@
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.core.Response;
 import java.time.Duration;
+import java.util.Optional;
 import java.util.Set;
 
 @Path("/api/sign-in")
 public class SignInResource {
 
     UserRepository userRepository;
+    AESAdapter aesAdapter;
+    EntityManager entityManager;
 
-    public SignInResource(UserRepository userRepository) {
+    public SignInResource(UserRepository userRepository, AESAdapter aesAdapter, EntityManager entityManager) {
         this.userRepository = userRepository;
+        this.aesAdapter = aesAdapter;
+        this.entityManager = entityManager;
     }
 
     @POST
+    @Transactional
     public Response signIn(@Valid SignInRequest req) {
 
-        User user = userRepository.find("email = :email", Parameters.with("email", req.email())).firstResultOptional()
-                .orElseThrow(ForbiddenException::new);
+        Optional<User> userOptional = userRepository.find("email = :email", Parameters.with("email", req.email()))
+                .firstResultOptional();
+
+        User user = null;
+
+        if (userOptional.isPresent()) {
+            user = userOptional.get();
+        } else {
+            // try to find by plain text
+            try {
+                user = (User) entityManager.createNativeQuery("SELECT * FROM users WHERE email = :email", User.class)
+                        .setParameter("email", req.email()).getSingleResult();
+
+                // if found, we need to migrate the user to the new encryption format
+                // but first we need to check the password
+                Boolean checked = BCryptAdapter.checkPassword(req.password(), user.getPassword());
+
+                if (!checked) {
+                    return Response.status(Response.Status.UNAUTHORIZED).build();
+                }
+                
+                String encryptedEmail = aesAdapter.encrypt(req.email());
+                String encryptedPhone = user.getPhoneNumber() != null ? aesAdapter.encrypt(user.getPhoneNumber())
+                        : null;
+
+                entityManager.createNativeQuery("UPDATE users SET email = :email, phone_number = :phone WHERE id = :id")
+                        .setParameter("email", encryptedEmail).setParameter("phone", encryptedPhone)
+                        .setParameter("id", user.getId()).executeUpdate();
+                
+            } catch (NoResultException e) {
+                throw new ForbiddenException();
+            } catch (Exception e) {
+                throw new RuntimeException(e);
+            }
+        }
 
         Boolean checked = BCryptAdapter.checkPassword(req.password(), user.getPassword());