I have database table called student, contains fname, lname, city, email & password. I want to create an Spring boot API, which will check email & password for login purpose. I have tried something but this is checking email in total student table and password in total student table.
I want to find email first then check if given password exists for same email.
Please help me over here. My code in controller:-
@GetMapping("login/{email}/{pass}")
public String login(@PathVariable("email") String email, @PathVariable("pass") String pass) {
Boolean isEmail = studentService.existsByEmail(student.getEmail());
Boolean isPassword = studentService.existsByPassword(student.getPassword());
if(isEmail) {
if(isPassword) {
return "student exists";
}
return "Not found";
}
return "Did Not found";
}
Solution:-
@PostMapping("/login")
public String login(@RequestBody Student student) {
if(studentService.existsByEmail(student.getEmail())) {
if(studentService.existsByPassword(student.getPassword())) {
return "student Exists";
}
return "Incorrect Password";
}
return "Student doesn't exist with this email id:- " student.getEmail() ;
}
CodePudding user response:
In your @Repository you need a findByEmail
method, either with @Query annotation and your implementation or shipped with spring naming conventions(in that case read about Spring JpaRepository).
This method should return whole Student object and you can check its password.
CodePudding user response:
Your solution seems wrong since it could return false positives.
Your solution:
@PostMapping("/login")
public String login(@RequestBody Student student) {
if(studentService.existsByEmail(student.getEmail())) {
if(studentService.existsByPassword(student.getPassword())) {
return "student Exists";
}
return "Incorrect Password";
}
return "Student doesn't exist with this email id:- " student.getEmail() ;
}
Let's say there are 2 students, Mark with email address "[email protected]" and password "markymark", and Kim with email address "[email protected]" and password "kimmykimkim".
If your request specifies email "[email protected]" and password "kimmykimkim" then the code in your solution would return "student Exists". [email protected] does indeed exist, however, their password is not "kimmykimkim".
You could fix it by adding and using the following repository method:
existsByEmailAndPassword(String email, String password);
Is this for a school assignment? If not you should consider storing your passwords encrypted. You'd then first need to retrieve the password of a student, given their email address. Then you need to compare the plaintext password to the encrypted password using a password encoder. This spring security reference can be useful.