search

NY1105 / e-commerce

0 stars 0 forks source link

Repeated user registration - Duplicated userId #8

Closed WongSinYan closed 10 months ago

WongSinYan commented 10 months ago

Summary

Repeated user registration - Duplicated userId

Severity

Critical

Reporter

@wsy617

Assignee

@NY1105

Product

e-commerce

Component

User

Version

Release 2

Environment

Visual Studio Code

Version: 1.85.0 (Universal) Commit: af28b32d7e553898b2a91af498b1fb666fdebe0c Date: 2023-12-06T18:18:04.614Z (4 days ago) Electron: 25.9.7 ElectronBuildId: 25551756 Chromium: 114.0.5735.289 Node.js: 18.15.0 V8: 11.4.183.29-electron.0 OS: macOS Darwin arm64 22.6.0

Thunder Client (Equivalent to Postman)

v2.16.2

Description

Discovery:

@Test
public void postUserRegisterToRegisteredID() throws Exception {
    String str_1 = "{\"userId\":\"user123\",\"userPassword\":\"Pass456!\"}";
    MvcResult result_1 = mockMvc.perform(
                    MockMvcRequestBuilders.request(HttpMethod.POST, "/user/register")
                            .accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).content(str_1)
            )
            .andDo(print())
            .andExpect(MockMvcResultMatchers.status().isCreated())
            .andReturn();
    String str_0 = "{\"userId\":\"user123\",\"userPassword\":\"!Pass123\"}";
    MvcResult result_0 = mockMvc.perform(
                    MockMvcRequestBuilders.request(HttpMethod.POST, "/user/register")
                            .accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).content(str_0)
            )
            .andDo(print())
            .andExpect(MockMvcResultMatchers.status().isConflict())
            .andReturn();

}

Current result:

Status: 201 Created

{
  "userId": "user123",
  "userPassword": "Pass456!",
  "totalSpent": 0.0,
  "carts": null,
  "membershipTier": 0
}

Expected result:

Status: 409 Conflict

NY1105 commented 10 months ago

Problem

Missing condition of finding existing users with same userId

Solution

Added condition

    public ResponseEntity<User> register(User newUser) {
      if (!isValidPassword(newUser.getUserPassword())) {
        return ResponseEntity.badRequest().build();
      }
      Optional<User> existingUser = user_repository.findById(newUser.getUserId());
      if (existingUser.isPresent()) {
        return ResponseEntity.status(HttpStatus.CONFLICT).build();
      }
      User user = user_repository.saveAndFlush(newUser);
      return ResponseEntity.status(HttpStatus.CREATED).body(user);
    }

Conclusion

Solved and tested, Closing