PEC-CSS · 13jksingh · Nov 3, 2023 · harasees-singh · Nov 4, 2023 · harasees-singh
diff --git a/src/main/java/com/pecacm/backend/entities/PasswordVerificationToken.java b/src/main/java/com/pecacm/backend/entities/PasswordVerificationToken.java
@@ -0,0 +1,4 @@
+package com.pecacm.backend.entities;
+
+public class PasswordVerificationToken {
+}
diff --git a/src/main/java/com/pecacm/backend/repository/VerificationTokenRepository.java b/src/main/java/com/pecacm/backend/repository/VerificationTokenRepository.java
@@ -1,5 +1,6 @@
 package com.pecacm.backend.repository;
 
+import com.pecacm.backend.entities.User;
 import com.pecacm.backend.entities.VerificationToken;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Modifying;
@@ -17,11 +18,11 @@ public interface VerificationTokenRepository extends JpaRepository<VerificationT
 
     @Query("SELECT "+
             "CASE " +
-            "WHEN :tokenId = (SELECT v.token from VerificationToken v ORDER BY v.createdDate DESC LIMIT 1)" +
+            "WHEN :tokenId = (SELECT v.token from VerificationToken v WHERE v.user=:user ORDER BY v.createdDate DESC LIMIT 1)" +
             "THEN TRUE " +
             "ELSE FALSE " +
             "END as result")
-    Boolean checkVerificationToken(UUID tokenId);
+    Boolean checkVerificationToken(UUID tokenId, User user);
 
     @Modifying
     void deleteByToken(UUID tokenId);

diff --git a/src/main/java/com/pecacm/backend/services/UserService.java b/src/main/java/com/pecacm/backend/services/UserService.java
@@ -60,10 +60,11 @@ public void addUser(User user, PasswordEncoder passwordEncoder) {
 
     @Transactional
     public void changePassword(UUID tokenId, String username, String password, PasswordEncoder passwordEncoder) {
-        if (!userRepository.existsByEmail(username)) {
+        Optional<User> user = userRepository.findByEmail(username);
+        if (user.isEmpty()) {
             throw new AcmException("Email provided does not match any of the registered users", HttpStatus.NOT_FOUND);
         }
-        if (!verificationTokenRepository.checkVerificationToken(tokenId)) {
+        if (!verificationTokenRepository.checkVerificationToken(tokenId,user.get())) {
             throw new AcmException("UUID token provided does not match, it might be expired", HttpStatus.NOT_FOUND);
         }
         if (password.isBlank() || password.isEmpty()) {