I am working on some legacy code on the basic 'change my password' use case.
I have a User object and a UserService object. The User object has a password property. However, when changing passwords I have a User object in session with the encrypted password stored in the 'password' property but when validating a password change I also have the original password the user has entered in the form (to prove its them) , the new password and the 'confirm new password' values. At the moment the 'originalPasswordFromForm', 'newPassword' and 'newPasswordConfirm' are not in the User object and the validation happens in the service. This smells a bit as we're still talking about a User so the User object feels like the correct place for this validation logic to go. Question is how I handle the whole process of moving the logic and avoiding headaches with generic User validation. Do I... a) add new properties to User object but ignore them for general object validation and have a seperate validatePasswordChange() method for this use case b) add new properties to User object and populate them when the User is read. ie set the 'originalPasswordFromForm', 'newPassword' and 'newPasswordConfirm' values to the same as is in 'password', thus allowing general validation to pass when the user is simply updating another field (except if I get stricter on password strength rules and many existing passwords would fail validation .... so this also smells!) c) keep these out of User and put in another object, either the service or another suitable bean. I'm sure many of you have been here before so any suggestions welcome :-) Thanks Alan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CFCDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfcdev?hl=en -~----------~----~----~----~------~----~------~--~---
