feat: add login with password verification and audit logging

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 10:26:37 +02:00
parent 33c4a2991f
commit 770f59500d
3 changed files with 110 additions and 0 deletions
--- a/src/main/java/net/siegeln/cameleer/saas/auth/AuthService.java
+++ b/src/main/java/net/siegeln/cameleer/saas/auth/AuthService.java
@@ -3,6 +3,7 @@ package net.siegeln.cameleer.saas.auth;
 import net.siegeln.cameleer.saas.audit.AuditAction;
 import net.siegeln.cameleer.saas.audit.AuditService;
 import net.siegeln.cameleer.saas.auth.dto.AuthResponse;
+import net.siegeln.cameleer.saas.auth.dto.LoginRequest;
 import net.siegeln.cameleer.saas.auth.dto.RegisterRequest;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
@@ -52,4 +53,30 @@ public class AuthService {

        return new AuthResponse(token, saved.getEmail(), saved.getName());
    }
+
+    public AuthResponse login(LoginRequest request, String sourceIp) {
+        var user = userRepository.findByEmail(request.email())
+                .orElseThrow(() -> new IllegalArgumentException("Invalid credentials"));
+
+        if (!passwordEncoder.matches(request.password(), user.getPassword())) {
+            auditService.log(
+                    user.getId(), user.getEmail(), null,
+                    AuditAction.AUTH_LOGIN_FAILED, null,
+                    null, sourceIp,
+                    "FAILURE", null
+            );
+            throw new IllegalArgumentException("Invalid credentials");
+        }
+
+        var token = jwtService.generateToken(user);
+
+        auditService.log(
+                user.getId(), user.getEmail(), null,
+                AuditAction.AUTH_LOGIN, null,
+                null, sourceIp,
+                "SUCCESS", null
+        );
+
+        return new AuthResponse(token, user.getEmail(), user.getName());
+    }
 }
--- a/src/main/java/net/siegeln/cameleer/saas/auth/dto/LoginRequest.java
+++ b/src/main/java/net/siegeln/cameleer/saas/auth/dto/LoginRequest.java
@@ -0,0 +1,10 @@
+package net.siegeln.cameleer.saas.auth.dto;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+
+public record LoginRequest(
+        @NotBlank @Email String email,
+        @NotBlank String password
+) {
+}