diff --git a/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java b/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java index 81acd8ca..b6b6cb89 100644 --- a/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java +++ b/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java @@ -156,7 +156,7 @@ public String userAuthenticate( logger.info("CAPTCHA validated successfully for user: {}", m_User.getUserName()); } else { logger.warn("CAPTCHA token missing for user: {}", m_User.getUserName()); - response.setError(new IEMRException("CAPTCHA token is required")); + response.setError(new IEMRException("CAPTCHA validation failed. Please try again.")); return response.toString(); } } else { @@ -170,9 +170,9 @@ public String userAuthenticate( JSONObject serviceRoleMap = new JSONObject(); JSONArray serviceRoleList = new JSONArray(); JSONObject previlegeObj = new JSONObject(); - if (m_User.getUserName() != null - && (m_User.getDoLogout() == null || !m_User.getDoLogout()) - && (m_User.getWithCredentials() != null && m_User.getWithCredentials())) { + if (m_User.getUserName() != null + && (m_User.getDoLogout() == null || !m_User.getDoLogout()) + && (m_User.getWithCredentials() != null && m_User.getWithCredentials())) { String tokenFromRedis = getConcurrentCheckSessionObjectAgainstUser( m_User.getUserName().trim().toLowerCase()); if (tokenFromRedis != null) { @@ -187,7 +187,7 @@ public String userAuthenticate( String refreshToken = null; if (mUser.size() == 1) { jwtToken = jwtUtil.generateToken(m_User.getUserName(), mUser.get(0).getUserID().toString()); - + User user = new User(); // Assuming the Users class exists user.setUserID(mUser.get(0).getUserID()); user.setUserName(mUser.get(0).getUserName()); @@ -201,8 +201,7 @@ public String userAuthenticate( "refresh:" + jti, user.getUserID().toString(), jwtUtil.getRefreshTokenExpiration(), - TimeUnit.MILLISECONDS - ); + TimeUnit.MILLISECONDS); } else { cookieUtil.addJwtTokenToCookie(jwtToken, httpResponse, request); } @@ -254,58 +253,67 @@ public ResponseEntity refreshToken(@RequestBody Map request) try { if (jwtUtil.validateToken(refreshToken) == null) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid token"); + logger.warn("Token validation failed: invalid token provided."); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized."); } Claims claims = jwtUtil.getAllClaimsFromToken(refreshToken); // Verify token type if (!"refresh".equals(claims.get("token_type", String.class))) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid token type"); + logger.warn("Token validation failed: incorrect token type in refresh request."); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized."); + } // Check revocation using JTI String jti = claims.getId(); if (!redisTemplate.hasKey("refresh:" + jti)) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Token revoked"); + logger.warn("Token validation failed: refresh token is revoked or not found in store."); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized."); } // Get user details // Get user details String userId = claims.get("userId", String.class); User user = iemrAdminUserServiceImpl.getUserById(Long.parseLong(userId)); - + // Validate that the user still exists and is active if (user == null) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("User not found"); + logger.warn("Token validation failed: user not found for userId in token."); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized."); } - + if (user.getM_status() == null || !"Active".equalsIgnoreCase(user.getM_status().getStatus())) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("User account is inactive"); + logger.warn("Token validation failed: user account is inactive or not in 'Active' status."); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized."); } // Generate new tokens String newJwt = jwtUtil.generateToken(user.getUserName(), userId); Map tokens = new HashMap<>(); tokens.put("jwtToken", newJwt); - + // Generate and store a new refresh token (token rotation) String newRefreshToken = jwtUtil.generateRefreshToken(user.getUserName(), userId); String newJti = jwtUtil.getJtiFromToken(newRefreshToken); redisTemplate.opsForValue().set( - "refresh:" + newJti, - userId, - jwtUtil.getRefreshTokenExpiration(), - TimeUnit.MILLISECONDS - ); + "refresh:" + newJti, + userId, + jwtUtil.getRefreshTokenExpiration(), + TimeUnit.MILLISECONDS); tokens.put("refreshToken", newRefreshToken); return ResponseEntity.ok(tokens); } catch (ExpiredJwtException ex) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Token expired"); + logger.warn("Token validation failed: token has expired."); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED) + .body("Authentication failed. Please log in again."); } catch (Exception e) { logger.error("Refresh failed: ", e); - return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Token refresh failed"); + logger.error("Token refresh failed due to unexpected server error."); + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR) + .body("An unexpected error occurred. Please try again later."); } } @@ -321,10 +329,12 @@ public String logOutUserFromConcurrentSession( List mUsers = iemrAdminUserServiceImpl.userExitsCheck(m_User.getUserName()); if (mUsers == null || mUsers.size() <= 0) { - throw new IEMRException("User not found, please contact administrator"); - } else if (mUsers.size() > 1) - throw new IEMRException("More than 1 user found, please contact administrator"); - else if (mUsers.size() == 1) { + logger.error("User not found"); + throw new IEMRException("Logout request failed, please try again later"); + } else if (mUsers.size() > 1) { + logger.error("More than 1 user found"); + throw new IEMRException("Logout failed. Please retry or contact administrator"); + } else if (mUsers.size() == 1) { String previousTokenFromRedis = sessionObject .getSessionObject((mUsers.get(0).getUserName().toString().trim().toLowerCase())); if (previousTokenFromRedis != null) { @@ -332,7 +342,8 @@ else if (mUsers.size() == 1) { sessionObject.deleteSessionObject(previousTokenFromRedis); response.setResponse("User successfully logged out"); } else - throw new IEMRException("Unable to fetch session from redis"); + logger.error("Unable to fetch session from redis"); + throw new IEMRException("Session error. Please try again later"); } } else { throw new IEMRException("Invalid request object"); @@ -404,7 +415,7 @@ private void createUserMapping(User mUser, JSONObject resMap, JSONObject service previlegeObj.getJSONObject(serv).put("agentPassword", m_UserServiceRoleMapping.getAgentPassword()); } JSONArray roles = previlegeObj.getJSONObject(serv).getJSONArray("roles"); -// roles.put(new JSONObject(m_UserServiceRoleMapping.getM_Role().toString())); + // roles.put(new JSONObject(m_UserServiceRoleMapping.getM_Role().toString())); JSONObject roleObject = new JSONObject(m_UserServiceRoleMapping.getM_Role().toString()); roleObject.put("teleConsultation", m_UserServiceRoleMapping.getTeleConsultation()); roles.put(roleObject); @@ -423,7 +434,7 @@ private void createUserMapping(User mUser, JSONObject resMap, JSONObject service @RequestMapping(value = "/superUserAuthenticate", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON) public String superUserAuthenticate( @Param(value = "\"{\\\"userName\\\":\\\"String\\\",\\\"doLogout\\\":\\\"Boolean\\\"}\"") @RequestBody LoginRequestModel m_User, - HttpServletRequest request,HttpServletResponse httpResponse) { + HttpServletRequest request, HttpServletResponse httpResponse) { OutputResponse response = new OutputResponse(); logger.info("userAuthenticate request "); try { @@ -453,10 +464,10 @@ public String superUserAuthenticate( resMap.put("isAuthenticated", /* Boolean.valueOf(true) */true); resMap.put("userName", mUser.getUserName()); jwtToken = jwtUtil.generateToken(m_User.getUserName(), mUser.getUserID().toString()); - + User user = new User(); // Assuming the Users class exists - user.setUserID(mUser.getUserID()); - user.setUserName(mUser.getUserName()); + user.setUserID(mUser.getUserID()); + user.setUserName(mUser.getUserName()); String userAgent = request.getHeader("User-Agent"); isMobile = UserAgentUtil.isMobileDevice(userAgent); @@ -470,8 +481,7 @@ public String superUserAuthenticate( "refresh:" + jti, user.getUserID().toString(), jwtUtil.getRefreshTokenExpiration(), - TimeUnit.MILLISECONDS - ); + TimeUnit.MILLISECONDS); } else { cookieUtil.addJwtTokenToCookie(jwtToken, httpResponse, request); } @@ -512,32 +522,38 @@ public String superUserAuthenticate( return response.toString(); } -// @Operation(summary = "User authentication V1") -// @RequestMapping(value = "/userAuthenticateV1", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON) -// public String userAuthenticateV1( -// @Param(value = "\"{\\\"userName\\\":\\\"String\\\",\\\"password\\\":\\\"String\\\"}\"") @RequestBody LoginRequestModel loginRequest, -// HttpServletRequest request) { -// OutputResponse response = new OutputResponse(); -// logger.info("userAuthenticate request "); -// try { -// -// String remoteAddress = request.getHeader("X-FORWARDED-FOR"); -// if (remoteAddress == null || remoteAddress.trim().length() == 0) { -// remoteAddress = request.getRemoteAddr(); -// } -// LoginResponseModel resp = iemrAdminUserServiceImpl.userAuthenticateV1(loginRequest, remoteAddress, -// request.getRemoteHost()); -// JSONObject responseObj = new JSONObject(OutputMapper.gsonWithoutExposeRestriction().toJson(resp)); -// responseObj = iemrAdminUserServiceImpl.generateKeyAndValidateIP(responseObj, remoteAddress, -// request.getRemoteHost()); -// response.setResponse(responseObj.toString()); -// } catch (Exception e) { -// logger.error("userAuthenticate failed with error " + e.getMessage(), e); -// response.setError(e); -// } -// logger.info("userAuthenticate response " + response.toString()); -// return response.toString(); -// } + // @Operation(summary = "User authentication V1") + // @RequestMapping(value = "/userAuthenticateV1", method = RequestMethod.POST, + // produces = MediaType.APPLICATION_JSON) + // public String userAuthenticateV1( + // @Param(value = + // "\"{\\\"userName\\\":\\\"String\\\",\\\"password\\\":\\\"String\\\"}\"") + // @RequestBody LoginRequestModel loginRequest, + // HttpServletRequest request) { + // OutputResponse response = new OutputResponse(); + // logger.info("userAuthenticate request "); + // try { + // + // String remoteAddress = request.getHeader("X-FORWARDED-FOR"); + // if (remoteAddress == null || remoteAddress.trim().length() == 0) { + // remoteAddress = request.getRemoteAddr(); + // } + // LoginResponseModel resp = + // iemrAdminUserServiceImpl.userAuthenticateV1(loginRequest, remoteAddress, + // request.getRemoteHost()); + // JSONObject responseObj = new + // JSONObject(OutputMapper.gsonWithoutExposeRestriction().toJson(resp)); + // responseObj = iemrAdminUserServiceImpl.generateKeyAndValidateIP(responseObj, + // remoteAddress, + // request.getRemoteHost()); + // response.setResponse(responseObj.toString()); + // } catch (Exception e) { + // logger.error("userAuthenticate failed with error " + e.getMessage(), e); + // response.setError(e); + // } + // logger.info("userAuthenticate response " + response.toString()); + // return response.toString(); + // } @Operation(summary = "Get login response") @RequestMapping(value = "/getLoginResponse", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON, headers = "Authorization") @@ -548,7 +564,7 @@ public String getLoginResponse(HttpServletRequest request) { if (authHeader.isEmpty()) { // Try JWT token from header first String jwtToken = request.getHeader("Jwttoken"); - + // If not in header, try cookie if (jwtToken == null) { Cookie[] cookies = request.getCookies(); @@ -561,18 +577,21 @@ public String getLoginResponse(HttpServletRequest request) { } } } - + if (jwtToken == null) { - throw new IEMRException("No authentication token found in header or cookie"); + logger.warn("Authentication failed: no token found in header or cookies."); + throw new IEMRException("Authentication failed. Please log in again."); } - + // Extract user ID from the JWT token String userId = jwtUtil.getUserIdFromToken(jwtToken); - + // Get user details and prepare response User user = iemrAdminUserServiceImpl.getUserById(Long.parseLong(userId)); if (user == null) { - throw new IEMRException("User not found"); + logger.warn("User lookup failed for provided userId."); + throw new IEMRException("Authentication failed. Please try again."); + } String remoteAddress = request.getHeader("X-FORWARDED-FOR"); @@ -603,10 +622,13 @@ public String forgetPassword( List mUsers = iemrAdminUserServiceImpl.userExitsCheck(m_User.getUserName()); if (mUsers == null || mUsers.size() <= 0) { - throw new IEMRException("user not found, please contact administrator"); - } else if (mUsers.size() > 1) - throw new IEMRException("more than 1 user found, please contact administrator"); - else if (mUsers.size() == 1) { + logger.error("User not found"); + throw new IEMRException("If the username is valid, you will be asked a security question."); + } else if (mUsers.size() > 1) { + logger.error("More than 1 user found"); + throw new IEMRException("If the username is valid, you will be asked a security question."); + + } else if (mUsers.size() == 1) { List> quesAnsList = new ArrayList<>(); Map quesAnsMap; Map resMap = new HashMap<>(); @@ -642,8 +664,11 @@ public String setPassword( int noOfRowModified = 0; List mUsers = iemrAdminUserServiceImpl.userExitsCheck(m_user.getUserName()); if (mUsers.size() != 1) { - throw new IEMRException( - "Set forgot password failed as the user does not exist or is not active or multiple user found.Please contact with administrator"); + logger.warn( + "Password reset failed for username '{}'. Reason: user not found, inactive, or multiple matches.", + m_user.getUserName()); + + throw new IEMRException("Unable to process your request. Please try again or contact support."); } User mUser = mUsers.get(0); String setStatus; @@ -660,7 +685,7 @@ public String setPassword( } catch (Exception e) { logger.error("setForgetPassword failed with error " + e.getMessage(), e); if (e.getMessage().equals( - "Set forgot password failed as the user does not exist or is not active or multiple user found.Please contact with administrator")) + "Unable to process your request. Please try again or contact support.")) response.setError(e); else response.setError(5000, e.getMessage()); @@ -681,7 +706,9 @@ public String changePassword( List mUsers = iemrAdminUserServiceImpl.userExitsCheck(changePassword.getUserName()); String changeReqResult; if (mUsers.size() != 1) { - throw new IEMRException("Change password failed with error as user is not available"); + logger.warn("Change password attempt failed. User not found or not available."); + + throw new IEMRException("Unable to change password. Please try again later"); } try { int validatePassword; @@ -917,55 +944,58 @@ private void deleteSessionObject(String key) { @Operation(summary = "Force log out") @RequestMapping(value = "/forceLogout", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON, headers = "Authorization") - public String forceLogout(@RequestBody ForceLogoutRequestModel request, HttpServletRequest httpRequest, HttpServletResponse response) { - OutputResponse outputResponse = new OutputResponse(); - try { - // Perform the force logout logic - iemrAdminUserServiceImpl.forceLogout(request); - - // Extract token from cookies or headers - String token = getJwtTokenFromCookies(httpRequest); - if (token == null) { - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - outputResponse.setError(new RuntimeException("No JWT token found in request")); - return outputResponse.toString(); - } - - // Validate the token: Check if it is expired or in the deny list - Claims claims = jwtUtil.validateToken(token); - if (claims.isEmpty() || claims.getExpiration() == null || claims.getId() == null) { // If token is either expired or in the deny list, return 401 Unauthorized - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - outputResponse.setError(new RuntimeException("Token is expired or has been logged out")); - return outputResponse.toString(); - } - - // Extract the jti (JWT ID) and expiration time from the validated claims - String jti = claims.getId(); // jti is in the 'id' field of claims - long expirationTime = claims.getExpiration().getTime(); // Use expiration from claims - long ttlMillis = expirationTime - System.currentTimeMillis(); - tokenDenylist.addTokenToDenylist(jti, ttlMillis); - - // Set the response message - outputResponse.setResponse("Success"); - } catch (Exception e) { - outputResponse.setError(e); - } - return outputResponse.toString(); + public String forceLogout(@RequestBody ForceLogoutRequestModel request, HttpServletRequest httpRequest, + HttpServletResponse response) { + OutputResponse outputResponse = new OutputResponse(); + try { + // Perform the force logout logic + iemrAdminUserServiceImpl.forceLogout(request); + + // Extract token from cookies or headers + String token = getJwtTokenFromCookies(httpRequest); + if (token == null) { + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + outputResponse.setError(new RuntimeException("No JWT token found in request")); + return outputResponse.toString(); + } + + // Validate the token: Check if it is expired or in the deny list + Claims claims = jwtUtil.validateToken(token); + if (claims.isEmpty() || claims.getExpiration() == null || claims.getId() == null) { // If token is either + // expired or in the + // deny list, return 401 + // Unauthorized + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + outputResponse.setError(new RuntimeException("Token is expired or has been logged out")); + return outputResponse.toString(); + } + + // Extract the jti (JWT ID) and expiration time from the validated claims + String jti = claims.getId(); // jti is in the 'id' field of claims + long expirationTime = claims.getExpiration().getTime(); // Use expiration from claims + long ttlMillis = expirationTime - System.currentTimeMillis(); + tokenDenylist.addTokenToDenylist(jti, ttlMillis); + + // Set the response message + outputResponse.setResponse("Success"); + } catch (Exception e) { + outputResponse.setError(e); + } + return outputResponse.toString(); } private String getJwtTokenFromCookies(HttpServletRequest request) { - Cookie[] cookies = request.getCookies(); - if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equalsIgnoreCase(Constants.JWT_TOKEN)) { - return cookie.getValue(); - } - } - } - return null; + Cookie[] cookies = request.getCookies(); + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equalsIgnoreCase(Constants.JWT_TOKEN)) { + return cookie.getValue(); + } + } + } + return null; } - @Operation(summary = "User force log out") @RequestMapping(value = "/userForceLogout", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON, headers = "Authorization") public String userForceLogout( @@ -1079,8 +1109,8 @@ public String validateSecurityQuestionAndAnswer( } else throw new IEMRException("Invalid Request"); } catch (Exception e) { + logger.error("validateSecurityQuestionAndAnswer failed: {}", e.toString()); response.setError(5000, e.getMessage()); - logger.error(e.toString()); } logger.info("validateSecurityQuestionAndAnswer API response" + response.toString()); return response.toString(); @@ -1162,7 +1192,8 @@ public ResponseEntity getJwtTokenFromCookie(HttpServletRequest httpReque return ResponseEntity.status(HttpStatus.NOT_FOUND).body("JWT token not found"); } - private JSONObject prepareAuthenticationResponse(User mUser, String remoteAddress, String remoteHost) throws Exception { + private JSONObject prepareAuthenticationResponse(User mUser, String remoteAddress, String remoteHost) + throws Exception { JSONObject resMap = new JSONObject(); JSONObject serviceRoleMultiMap = new JSONObject(); JSONObject serviceRoleMap = new JSONObject(); diff --git a/src/main/java/com/iemr/common/service/users/IEMRAdminUserServiceImpl.java b/src/main/java/com/iemr/common/service/users/IEMRAdminUserServiceImpl.java index a0efd373..591180bd 100644 --- a/src/main/java/com/iemr/common/service/users/IEMRAdminUserServiceImpl.java +++ b/src/main/java/com/iemr/common/service/users/IEMRAdminUserServiceImpl.java @@ -224,7 +224,7 @@ public void setValidator(Validator validator) { public List userAuthenticate(String userName, String password) throws Exception { List users = iEMRUserRepositoryCustom.findByUserNameNew(userName); if (users.size() != 1) { - throw new IEMRException("User login failed due to incorrect username/password"); + throw new IEMRException("Invalid username or password"); } else { if (users.get(0).getDeleted()) throw new IEMRException("Your account is locked or de-activated. Please contact administrator"); @@ -263,16 +263,18 @@ else if (users.get(0).getStatusID() > 2) user.setFailedAttempt(user.getFailedAttempt() + 1); user.setDeleted(true); user = iEMRUserRepositoryCustom.save(user); + logger.warn("User Account has been locked after reaching the limit of {} failed login attempts.", + ConfigProperties.getInteger("failedLoginAttempt")); + throw new IEMRException( - "User login failed due to incorrect username/password. Your account is locked due to " - + ConfigProperties.getInteger("failedLoginAttempt") - + " failed attempts. Please contact administrator."); + "Your account has been locked due to multiple failed login attempts. Please contact administrator."); } else { user.setFailedAttempt(user.getFailedAttempt() + 1); user = iEMRUserRepositoryCustom.save(user); - throw new IEMRException("User login failed due to incorrect username/password. " - + (ConfigProperties.getInteger("failedLoginAttempt") - user.getFailedAttempt()) - + " more attempt left."); + logger.warn("Failed login attempt {} of {} for a user account.", + user.getFailedAttempt(), ConfigProperties.getInteger("failedLoginAttempt")); + throw new IEMRException( + "Your account has been locked due to multiple failed login attempts. Please contact administrator."); } } else { if (user.getFailedAttempt() != 0) { @@ -307,7 +309,7 @@ public User superUserAuthenticate(String userName, String password) throws Excep List users = iEMRUserRepositoryCustom.findByUserName(userName); if (users.size() != 1) { - throw new IEMRException("User login failed due to incorrect username/password"); + throw new IEMRException("Invalid username or password"); } else { if (users.get(0).getDeleted()) throw new IEMRException("Your account is locked or de-activated. Please contact administrator"); @@ -344,16 +346,18 @@ else if (users.get(0).getStatusID() > 2) user.setFailedAttempt(user.getFailedAttempt() + 1); user.setDeleted(true); user = iEMRUserRepositoryCustom.save(user); + logger.warn("User Account has been locked after reaching the limit of {} failed login attempts.", + ConfigProperties.getInteger("failedLoginAttempt")); + throw new IEMRException( - "User login failed due to incorrect username/password. Your account is locked due to " - + ConfigProperties.getInteger("failedLoginAttempt") - + " failed attempts. Please contact administrator."); + "Your account has been locked due to multiple failed login attempts. Please contact administrator."); } else { user.setFailedAttempt(user.getFailedAttempt() + 1); user = iEMRUserRepositoryCustom.save(user); - throw new IEMRException("User login failed due to incorrect username/password. " - + (ConfigProperties.getInteger("failedLoginAttempt") - user.getFailedAttempt()) - + " more attempt left."); + logger.warn("Failed login attempt {} of {} for a user account.", + user.getFailedAttempt(), ConfigProperties.getInteger("failedLoginAttempt")); + throw new IEMRException( + "Your account has been locked due to multiple failed login attempts. Please contact administrator."); } } else { if (user.getFailedAttempt() != 0) { @@ -376,10 +380,10 @@ public LoginResponseModel userAuthenticateV1(LoginRequestModel loginRequest, Str User user = users.get(0); try { if (!securePassword.validatePasswordExisting(loginRequest.getPassword(), user.getPassword())) { - throw new IEMRException("User login failed due to incorrect username/password"); + throw new IEMRException("Invalid username or password"); } } catch (Exception e) { - throw new IEMRException("User login failed due to incorrect username/password"); + throw new IEMRException("Invalid username or password"); } loginResponseModel = userMapper.userDataToLoginResponse(user); logger.info("Login response is " + loginResponseModel.toString()); @@ -391,7 +395,7 @@ public LoginResponseModel userAuthenticateV1(LoginRequestModel loginRequest, Str // loginResponseModel.setHostName(hostName); // loginResponseModel.setIpAddress(ipAddress); } else { - throw new IEMRException("User login failed due to incorrect username/password"); + throw new IEMRException("Invalid username or password"); } return loginResponseModel; @@ -614,7 +618,8 @@ public String saveUserSecurityQuesAns(Iterable m_UserSecur User users = iEMRUserRepositoryCustom .findUserByUserID(m_UserSecurityQMapping.iterator().next().getUserID()); if (users == null) { - throw new IEMRException("User does not exist or is not active"); + logger.warn("User validation failed: user not found for provided ID."); + throw new IEMRException("Invalid user. Please contact administrator."); } Iterable obj = iEMRUserSecurityQuesAnsRepository.saveAll(m_UserSecurityQMapping); @@ -627,7 +632,9 @@ public String saveUserSecurityQuesAns(Iterable m_UserSecur sessionObject.deleteSessionObject((users.getUserID().toString() + users.getUserName())); return generateTransactionIdForPasswordChange(users); } else { - throw new IEMRException("Failed to save security question and answers, Please try again"); + logger.error( + "Failed to save user security questions. Repository save operation returned empty result."); + throw new IEMRException("Unable to complete the operation. Please try again later."); } } else throw new IEMRException("Invalid user, please contact administrator"); @@ -867,9 +874,9 @@ public JSONObject generateKeyAndValidateIP(JSONObject responseObj, String ipAddr throws JSONException, NoSuchAlgorithmException, IEMRException { String key = generateKey(responseObj); // commented the below code to restrict IP address and hostname to be sent on UI -// responseObj.put("loginIPAddress", ipAddress); -// responseObj.put("ipAddress", ipAddress); -// responseObj.put("hostName", hostName); + // responseObj.put("loginIPAddress", ipAddress); + // responseObj.put("ipAddress", ipAddress); + // responseObj.put("hostName", hostName); responseObj = validator.updateCacheObj(responseObj, key, ""); setConcurrentCheckSessionObject(responseObj, key); return responseObj; @@ -958,10 +965,10 @@ public void userForceLogout(ForceLogoutRequestModel request) throws Exception { } try { if (!securePassword.validatePasswordExisting(request.getPassword(), users.get(0).getPassword())) { - throw new Exception("Force logout failed due to incorrect password"); + throw new Exception("Force logout failed"); } } catch (Exception e) { - throw new Exception("Force logout failed due to incorrect password"); + throw new Exception("Force logout failed"); } userForceLogout(request, users.get(0)); } @@ -1049,15 +1056,15 @@ public List userAuthenticateByEncryption(String req) throws Exception { LoginRequestModel m_user = InputMapper.gson().fromJson(jsonreq, LoginRequestModel.class); List users = iEMRUserRepositoryCustom.findByUserName(m_user.getUserName()); if (users.size() != 1) { - throw new IEMRException("User login failed due to incorrect username/password"); + throw new IEMRException("Invalid username or password"); } User user = users.get(0); try { if (!securePassword.validatePasswordExisting(m_user.getPassword(), user.getPassword())) { - throw new IEMRException("User login failed due to incorrect username/password"); + throw new IEMRException("Invalid username or password"); } } catch (Exception e) { - throw new IEMRException("User login failed due to incorrect username/password"); + throw new IEMRException("Invalid username or password"); } user.setM_UserServiceRoleMapping(getUserServiceRoleMapping(user.getUserID())); return users; @@ -1105,7 +1112,10 @@ public String validateQuestionAndAnswersForPasswordChange(JsonObject request) th if (request.has("userName") && request.get("userName") != null) { List users = iEMRUserRepositoryCustom.findByUserName(request.get("userName").getAsString()); if (users.size() != 1) { - throw new IEMRException("User does not exist or is not active or more than 1 user found"); + logger.warn("User validation failed: not found or duplicate entries for username '{}'", + request.get("userName").getAsString()); + throw new IEMRException("Unable to validate credentials. Please contact administrator."); + } User user = users.get(0); sessionObject.deleteSessionObject((user.getUserID().toString() + user.getUserName())); @@ -1118,8 +1128,12 @@ public String validateQuestionAndAnswersForPasswordChange(JsonObject request) th user.getUserID(), securityAnswers.getQuestionId(), securityAnswers.getAnswer()); if (userSecurityQuestionAnswers == null - || userSecurityQuestionAnswers.getUserSecurityQAID() == null) - throw new IEMRException("Security answers does not match"); + || userSecurityQuestionAnswers.getUserSecurityQAID() == null) { + logger.warn("Security answer mismatch for userId={}, questionId={}", + user.getUserID(), securityAnswers.getQuestionId()); + throw new IEMRException( + "We couldn't verify your answers. Please try again"); + } pointer++; } @@ -1132,7 +1146,7 @@ public String validateQuestionAndAnswersForPasswordChange(JsonObject request) th throw new IEMRException("Invalid questions, validation failed, please contact administrator"); } else - throw new IEMRException("Invalid/NULL user name"); + throw new IEMRException("Invalid request. Please try again."); } catch (Exception e) { logger.error(e.getMessage(), e); throw new IEMRException(e.getMessage());