From 9cb76a38a684dea782d32dcab90f14116811d2ee Mon Sep 17 00:00:00 2001
From: Lukas Brendle <lukas.a.j.brendle@gmail.com>
Date: Sun, 22 Oct 2023 12:52:32 +0200
Subject: [PATCH] fix login for returning users

---
 .../security/RegistrationController.java             | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/spring-backend/src/main/java/com/baloise/collab/springbackend/security/RegistrationController.java b/spring-backend/src/main/java/com/baloise/collab/springbackend/security/RegistrationController.java
index f575f9f..856e7e4 100644
--- a/spring-backend/src/main/java/com/baloise/collab/springbackend/security/RegistrationController.java
+++ b/spring-backend/src/main/java/com/baloise/collab/springbackend/security/RegistrationController.java
@@ -1,7 +1,5 @@
 package com.baloise.collab.springbackend.security;
 
-import jakarta.servlet.ServletException;
-import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.java.Log;
 import org.springframework.security.core.userdetails.User;
@@ -9,9 +7,6 @@
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.web.bind.annotation.*;
 
-import java.io.IOException;
-import java.util.Objects;
-
 @RestController
 @RequiredArgsConstructor
 @Log
@@ -22,13 +17,14 @@ public class RegistrationController {
     private final PasswordEncoder encoder;
 
     @PostMapping("/user/registration")
-    public boolean registerUser(HttpServletRequest request, @RequestBody Credential credential) throws ServletException, IOException {
+    public boolean registerUser(@RequestBody Credential credential) {
 
         if (userDetailsManager.userExists(credential.username())) {
-            if(Objects.equals(userDetailsManager.loadUserByUsername(credential.username()).getPassword(), credential.password())){
-                log.info("User already exists + password is correct - returning okey");
+            if(encoder.matches(credential.password(), userDetailsManager.loadUserByUsername(credential.username()).getPassword())){
+                log.info(credential.username() + " User already exists + password is correct - returning okey");
                 return true;
             } else {
+                log.info(credential.username() + " User already exists but password is wrong");
                 return false;
             }
         } else {