Updating user info (Spring boot)

Question

I have a entity class that contains userinfo:

@Entity
@Table(name = "user")
@PasswordMatch(message="{register.repeatPassword.mismatch}") 
@DynamicUpdate
public class SiteUser {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id")
private Long id;

@Column(name = "email", unique=true)
@Email(message="{register.email.invalid}") 
@NotBlank(message="{register.email.invalid}")
private String email;

@Transient  
@Size(min=5, max=15, message="{register.password.size}")
private String plainPassword;

@Transient
private String repeatPassword;

@Column(name = "password", length=60)
private String password;

@Column(name="enabled")
private boolean enabled = false;

@Column(name="role", length=20)
private String role;

@NotNull
@Column(name="firstname", length=20)
@Size(min=2, max=20, message="{register.firstname.size}")
private String firstname;

@NotNull
@Column(name="surname", length=25)
@Size(min=2, max=25, message="{register.surname.size}")
private String surname;

public SiteUser() {

}

public SiteUser(String email, String password, String firstname, String surname) {
    this.email = email;
    this.setPlainPassword(password);
    this.repeatPassword = password;
    this.enabled= true;
    this.firstname= firstname;
    this.surname= surname;
}

public Long getId() {
    return id;
}


public void setId(Long id) {
    this.id = id;
}

public String getEmail() {
    return email;
}

public void setEmail(String email) {
    this.email = email;
}

public String getPassword() {
    return password;
}

public void setPassword(String password) {
    this.password = password;
}

public String getRole() {
    return role;
}

public void setRole(String role) {
    this.role = role;
}

public String getPlainPassword() {
    return plainPassword;
}

public void setPlainPassword(String plainPassword) {
    this.password = new BCryptPasswordEncoder().encode(plainPassword);
    this.plainPassword = plainPassword;
}

public String getRepeatPassword() {
    return repeatPassword;
}

public void setRepeatPassword(String repeatPassword) {
    this.repeatPassword = repeatPassword;
}

public boolean isEnabled() {
    return enabled;
}

public void setEnabled(boolean enabled) {
    this.enabled = enabled;
}

public String getFirstname() {
    return firstname;
}

public void setFirstname(String firstname) {
    this.firstname = firstname;
}

public String getSurname() {
    return surname;
}

public void setSurname(String surname) {
    this.surname = surname;
}
}

My problem is that for registering users I added unique and @NotBlank annotations to my email and firstname / lastname columns so now that I want to only update my password I have 2 problems

1- I have to add other fields as hidden in the update form since they can't be empty

2- when i try to update my data using save() method of the Dao I get an error that there is same email in database.

Is there any kind of logical solution for this issue?

====================Update=========================

Controller:

@RequestMapping(value ="/resetPassword", method = RequestMethod.GET)
ModelAndView resetPasswordMailRecieved(ModelAndView modelAndView,           @RequestParam("t") String tokenString) {

    VerificationToken token = userService.getVerificationToken(tokenString);
    SiteUser user = token.getUser();

    if(token == null)
    {
        modelAndView.setViewName("redirect:/invalidUser");
        return modelAndView;
    }

    Date expirydate = token.getExpiry();

    if(expirydate.before(new Date()))
    {
        modelAndView.setViewName("redirect:/expiredToken");
        userService.deleteToken(token);
        return modelAndView;
    }

    userService.deleteToken(token);
    modelAndView.getModel().put("user", user);
    modelAndView.setViewName("app.resetPass");
    return modelAndView;
}

jSP file:

<form:form method="post" modelAttribute="user" class="login-form">

                <form:input type="hidden" path="firstname" />
                <form:input type="hidden" path="surname" />
                <form:input type="hidden" path="email" />

                <div class="input-group">
                    <form:input type="password" path="plainPassword"
                        placeholder="Password" class="form-control" />
                </div>

                <div class="input-group">
                    <form:input path="repeatPassword" type="password"
                        placeholder="Repeat password" class="form-control" />
                </div>

                <div class="input-group">
                    <button type="submit" class="btn-primary pull-right">Change
                        Password</button>
                </div>
            </form:form>

UserDao:

@Repository
public interface UserDao extends CrudRepository<SiteUser, Long> { 
   SiteUser findByEmail(String email);
}

UserService:

@Service 
public class UserService implements UserDetailsService {
@Autowired
private UserDao userDao;

@Autowired
PasswordEncoder encoder;

@Autowired 
private VerificationDao verificationDao; 

public void register(SiteUser user) {
    user.setRole("ROLE_USER");
    userDao.save(user);
}

@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
    SiteUser user = userDao.findByEmail(email);

    if (user == null) {
        return null;
    }

    List<GrantedAuthority> auth = AuthorityUtils.commaSeparatedStringToAuthorityList(user.getRole());

    String password = user.getPassword();
    boolean enabled = user.isEnabled();


    return new User(email, password, enabled, true, true, true, auth);
}

public void save(SiteUser user)
{
    userDao.save(user);
}

public void updatePass(SiteUser user,String pass){
    user.setPlainPassword(pass);
}

public String createEmailVerificationToken(SiteUser user)
{

    VerificationToken token = new VerificationToken(UUID.randomUUID().toString(), user, TokenType.REGISTRATION);
    verificationDao.save(token);
    return token.getToken();  
}

public String createPasswordResetVerificationToken(SiteUser user)
{
    VerificationToken token = new VerificationToken(UUID.randomUUID().toString(), user, TokenType.PASSWORD_RESET);
    verificationDao.save(token);
    return token.getToken();
}

public VerificationToken getVerificationToken(String token)
{
    return verificationDao.findByToken(token);
}

public void deleteToken(VerificationToken token) {
    verificationDao.delete(token);
}

public SiteUser get(String email) {

    return userDao.findByEmail(email);
}

public SiteUser get(Long id) {

    return userDao.findOne(id);
}

}

Answer 1

在其他隐藏字段之后，在JSP文件中添加以下内容：

<form:input type="hidden" path="id"/>

Answer 2

@RequestMapping(value="/updateUserInfo", method=RequestMethod.POST)
public ResponseEntity profileInfo(
            @RequestBody HashMap<String, Object> mapper
        ) throws Exception{

    int id = (Integer) mapper.get("id");
    String email = (String) mapper.get("email");
    String username = (String) mapper.get("username");
    String firstName = (String) mapper.get("firstName");
    String lastName = (String) mapper.get("lastName");
    String newPassword = (String) mapper.get("newPassword");
    String currentPassword = (String) mapper.get("currentPassword");

    User currentUser = userService.findById(Long.valueOf(id));

    if(currentUser == null) {
        throw new Exception ("User not found");
    }

    if(userService.findByEmail(email) != null) {
        if(userService.findByEmail(email).getId() != currentUser.getId()) {
            return new ResponseEntity("Email not found!", HttpStatus.BAD_REQUEST);
        }
    }

    if(userService.findByUsername(username) != null) {
        if(userService.findByUsername(username).getId() != currentUser.getId()) {
            return new ResponseEntity("Username not found!", HttpStatus.BAD_REQUEST);
        }
    }

    SecurityConfig securityConfig = new SecurityConfig();


        BCryptPasswordEncoder passwordEncoder = SecurityUtility.passwordEncoder();
        String dbPassword = currentUser.getPassword();

        if(null != currentPassword)
        if(passwordEncoder.matches(currentPassword, dbPassword)) {
            if(newPassword != null && !newPassword.isEmpty() && !newPassword.equals("")) {
                currentUser.setPassword(passwordEncoder.encode(newPassword));
            }
            currentUser.setEmail(email);
        } else {
            return new ResponseEntity("Incorrect current password!", HttpStatus.BAD_REQUEST);
        }


    currentUser.setFirstName(firstName);
    currentUser.setLastName(lastName);
    currentUser.setUsername(username);


    userService.save(currentUser);

    return new ResponseEntity("Update Success", HttpStatus.OK);
}

Answer 3

PasswordRequest:

@Data
@AllArgsConstructor
@NoArgsConstructor
public class PasswordRequest {
    
    private String oldPassword;
    private String newPassword;
}

Controller:

@PutMapping("/changePassword")
    public ResponseEntity changePassword(@RequestBody PasswordRequest pwdRequest, Principal principal) {

        String LoggedInUserUsername=principal.getName();
        User currentUser=this.userRepository.findByUsername(LoggedInUserUsername);

         if(pwdRequest.getNewPassword() != null && !pwdRequest.getNewPassword().isEmpty() 
                 && !pwdRequest.getNewPassword().equals("") && !pwdRequest.getNewPassword().contains(" ")) {
             
            bCryptPasswordEncoder.matches(pwdRequest.getOldPassword(),currentUser.getPassword());//this will check old pwd fiels with current pwd 

            currentUser.setPassword(bCryptPasswordEncoder.encode(pwdRequest.getNewPassword()));
            userRepository.save(currentUser);

            return new ResponseEntity("Success", HttpStatus.OK); 
        }else {
            return new ResponseEntity("Somthing went wrong", HttpStatus.BAD_REQUEST); 
        }
    }