Issue
I have database table called student, contains fname, lname, city, email & password. I want to create an Spring boot API, which will check email & password for login purpose. I have tried something but this is checking email in total student table and password in total student table.
I want to find email first then check if given password exists for same email.
Please help me over here. My code in controller:-
@GetMapping("login/{email}/{pass}")
public String login(@PathVariable("email") String email, @PathVariable("pass") String pass) {
Boolean isEmail = studentService.existsByEmail(student.getEmail());
Boolean isPassword = studentService.existsByPassword(student.getPassword());
if(isEmail) {
if(isPassword) {
return "student exists";
}
return "Not found";
}
return "Did Not found";
}
Final Solution:- (Special thanks to all.)
@PostMapping("/login")
public String login(@RequestBody Student student) {
if(studentService.existsByEmailAndPassword(student.getEmail(), student.getPassword())) {
String resultString = "Logged in Successfully";
return resultString;
}
return "Student doesn't exist with the given email id:- " + student.getEmail();
}
Solution
Your solution seems wrong since it could return false positives.
Your solution:
@PostMapping("/login")
public String login(@RequestBody Student student) {
if(studentService.existsByEmail(student.getEmail())) {
if(studentService.existsByPassword(student.getPassword())) {
return "student Exists";
}
return "Incorrect Password";
}
return "Student doesn't exist with this email id:- " + student.getEmail() ;
}
Let's say there are 2 students, Mark with email address "[email protected]" and password "markymark", and Kim with email address "[email protected]" and password "kimmykimkim".
If your request specifies email "[email protected]" and password "kimmykimkim" then the code in your solution would return "student Exists". [email protected] does indeed exist, however, their password is not "kimmykimkim".
You could fix it by adding and using the following repository method:
existsByEmailAndPassword(String email, String password);
Is this for a school assignment? If not you should consider storing your passwords encrypted. You'd then first need to retrieve the password of a student, given their email address. Then you need to compare the plaintext password to the encrypted password using a password encoder. This spring security reference can be useful.
Answered By - Jelly
Answer Checked By - Candace Johnson (JavaFixing Volunteer)