diff --git a/src/main/java/com/petshop/backend/controller/UserController.java b/src/main/java/com/petshop/backend/controller/UserController.java index ed48bab2..8f7e07c3 100644 --- a/src/main/java/com/petshop/backend/controller/UserController.java +++ b/src/main/java/com/petshop/backend/controller/UserController.java @@ -27,7 +27,7 @@ public class UserController { @GetMapping public ResponseEntity> getAllUsers( @RequestParam(required = false) String q, - @RequestParam(required = false) User.Role role, + @RequestParam(required = false) String role, Pageable pageable) { return ResponseEntity.ok(userService.getAllUsers(q, role, pageable)); } diff --git a/src/main/java/com/petshop/backend/security/JwtAuthenticationFilter.java b/src/main/java/com/petshop/backend/security/JwtAuthenticationFilter.java index 8d311f74..d804a3b7 100644 --- a/src/main/java/com/petshop/backend/security/JwtAuthenticationFilter.java +++ b/src/main/java/com/petshop/backend/security/JwtAuthenticationFilter.java @@ -2,6 +2,7 @@ package com.petshop.backend.security; import com.petshop.backend.entity.User; import com.petshop.backend.repository.UserRepository; +import io.jsonwebtoken.JwtException; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; @@ -41,7 +42,13 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { } jwt = authHeader.substring(7); - Long userId = jwtUtil.extractUserId(jwt); + Long userId; + try { + userId = jwtUtil.extractUserId(jwt); + } catch (JwtException | IllegalArgumentException ex) { + writeUnauthorized(response, "Invalid or expired token"); + return; + } if (userId != null && SecurityContextHolder.getContext().getAuthentication() == null) { User user = userRepository.findById(userId).orElse(null); diff --git a/src/main/java/com/petshop/backend/service/UserService.java b/src/main/java/com/petshop/backend/service/UserService.java index c68743ef..3c219172 100644 --- a/src/main/java/com/petshop/backend/service/UserService.java +++ b/src/main/java/com/petshop/backend/service/UserService.java @@ -13,6 +13,9 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.server.ResponseStatusException; +import java.util.Locale; + +import static org.springframework.http.HttpStatus.BAD_REQUEST; import static org.springframework.http.HttpStatus.CONFLICT; @Service @@ -28,15 +31,16 @@ public class UserService { this.userBusinessLinkageService = userBusinessLinkageService; } - public Page getAllUsers(String query, User.Role role, Pageable pageable) { + public Page getAllUsers(String query, String role, Pageable pageable) { + User.Role parsedRole = parseRole(role); Page users; boolean hasQuery = query != null && !query.trim().isEmpty(); - if (hasQuery && role != null) { - users = userRepository.searchUsersByRole(query, role, pageable); + if (hasQuery && parsedRole != null) { + users = userRepository.searchUsersByRole(query, parsedRole, pageable); } else if (hasQuery) { users = userRepository.searchUsers(query, pageable); - } else if (role != null) { - users = userRepository.findByRole(role, pageable); + } else if (parsedRole != null) { + users = userRepository.findByRole(parsedRole, pageable); } else { users = userRepository.findAll(pageable); } @@ -147,4 +151,16 @@ public class UserService { String trimmed = value.trim(); return trimmed.isEmpty() ? null : trimmed; } + + private User.Role parseRole(String role) { + String normalizedRole = trimToNull(role); + if (normalizedRole == null) { + return null; + } + try { + return User.Role.valueOf(normalizedRole.toUpperCase(Locale.ROOT)); + } catch (IllegalArgumentException ex) { + throw new ResponseStatusException(BAD_REQUEST, "Invalid value for parameter: role"); + } + } }