From 3dd72dd1beef5cab806db8e6afdea6808ea3d337 Mon Sep 17 00:00:00 2001
From: c2038058 <gillj8@cardiff.ac.uk>
Date: Fri, 10 Dec 2021 13:24:35 +0000
Subject: [PATCH] loginAPI logged

---
 .../web/restControllers/loginAPI.java         | 22 ++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/example/clientproject/web/restControllers/loginAPI.java b/src/main/java/com/example/clientproject/web/restControllers/loginAPI.java
index 530d6a9..3107abc 100644
--- a/src/main/java/com/example/clientproject/web/restControllers/loginAPI.java
+++ b/src/main/java/com/example/clientproject/web/restControllers/loginAPI.java
@@ -1,6 +1,7 @@
 package com.example.clientproject.web.restControllers;
 
 import com.example.clientproject.exceptions.ForbiddenErrorException;
+import com.example.clientproject.service.LoggingService;
 import com.example.clientproject.service.Utils.JWTUtils;
 import com.example.clientproject.service.dtos.UsersDTO;
 import com.example.clientproject.service.searches.UsersSearch;
@@ -20,6 +21,7 @@ import java.util.Optional;
 public class loginAPI {
     private UsersSearch usersSearch;
     private JWTUtils jwtUtils;
+    LoggingService loggingService;
 
     public loginAPI(UsersSearch aUsersSearch, JWTUtils jwt) {
         usersSearch = aUsersSearch;
@@ -51,14 +53,32 @@ public class loginAPI {
                 jwtUtils.makeUserJWT(
                         (int) usersDTOOptional.get().getUserId(),
                         session);
-                // Otherwise, throw an exception with the correct error message
+                // Log the successful login
+                loggingService.logEvent(
+                        "Successful Login",
+                        session,
+                        "Successful login for User with Id: " + usersDTOOptional.get().getUserId()
+                );
             } else {
+                // Log the Failed login
+                loggingService.logEvent(
+                        "Failed Login",
+                        session,
+                        "Failed login for User with Id: " + usersDTOOptional.get().getUserId()
+                );
                 //Changed this as it is a security risk exposing which field is incorrect
                 //throw new ForbiddenErrorException("Password Incorrect");
                 throw new ForbiddenErrorException("Details Incorrect");
+
             }
             // Else - assumes that the email is incorrect
         } else {
+            // Log the Failed login
+            loggingService.logEvent(
+                    "Failed Login",
+                    session,
+                    "Failed login for User with Email: " + loginForm.getLoginEmail()
+            );
             //Changed this as it is a security risk exposing which field is incorrect
             //throw new ForbiddenErrorException("Email Incorrect");
             throw new ForbiddenErrorException("Details Incorrect");
-- 
GitLab