Added some things for better code smell

[Flanderzz]

Added some things for code-smell. example of why security is needed within our endpoints.

Security issue in TeamSphere:

If this codeblock is ran in prod, any user can change the name of any user without issue. Which is what we don't want, we can add some basic security with JWT's around the usage of what we are doing.

const formData = new FormData();
formData.append("username", "WhoAmI");

const userId = "User-Id-Here";

const chatUser = localStorage.getItem("chat-user");

const accessToken = await JSON.parse(chatUser);

console.log(`accessToken: ${accessToken.jwt}`);

const request = await fetch(`http://localhost:5454/api/user/update/${userId}`, {
  method: "PUT",
  headers: {
    Authorization: `Bearer ${accessToken}`
  },
  body: formData
});

if (request.error) {
	console.log("didnt work")
} else {
	const data = await request.json();
	console.log(data);
}

[Copilot]

Pull Request Overview

This PR addresses code smell issues by improving security and code maintainability across several backend components. Key changes include adding JWT-based security checks for user updates and group chat operations, refactoring method signatures to pass additional context (e.g., email information), and updating logging and error-handling to better reflect the application's security posture.

Reviewed Changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
backend-service/src/test/java/co/teamsphere/api/services/impl/UserServiceImplTest.java	Updated test for user update with new email parameter
backend-service/src/test/java/co/teamsphere/api/services/impl/MessageServiceImplTest.java	Refactored user creation and message sending test setups
backend-service/src/test/java/co/teamsphere/api/controller/UserControllerTest.java	Added JWT token extraction and verifications in controller tests
backend-service/src/main/java/co/teamsphere/api/services/impl/UserServiceImpl.java	Introduced security check for matching user emails and improved error logging
backend-service/src/main/java/co/teamsphere/api/services/impl/ChatServiceImpl.java	Updated group chat operations with additional permission checks
backend-service/src/main/java/co/teamsphere/api/services/impl/AuthenticationServiceImpl.java	Improved file type comparisons and error handling during authentication
backend-service/src/main/java/co/teamsphere/api/services/UserService.java	Updated method signature for updateUser to include email parameter
backend-service/src/main/java/co/teamsphere/api/services/ChatService.java	Updated method signature for addUserToGroup to pass the requesting user
backend-service/src/main/java/co/teamsphere/api/controller/UserController.java	Integrated JWT token extraction for secure user update requests
backend-service/src/main/java/co/teamsphere/api/controller/MessageController.java	Added new endpoint mapping for sending messages
backend-service/src/main/java/co/teamsphere/api/controller/ChatController.java	Updated group chat endpoints to include JWT-based authorization

[Copilot]

Pull Request Overview

This pull request addresses a security gap by updating user, message, chat, and authentication endpoints to enforce JWT-based authorization, along with corresponding test updates. Key changes include modifying update methods to accept a requester ID from JWT, updating token generation to use UUIDs in the subject field, and adding security validations in message and chat services.

Reviewed Changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
backend-service/src/test/java/co/teamsphere/api/services/impl/UserServiceImplTest.java	Updated tests to use JWT id extraction instead of email; duplicate mocking call observed.
backend-service/src/test/java/co/teamsphere/api/services/impl/MessageServiceImplTest.java	Updated test signatures to include request user id for retrieving messages.
backend-service/src/test/java/co/teamsphere/api/services/impl/AuthenticationServiceImplTest.java	Updated JWT token generation parameters to include user id.
backend-service/src/main/java/co/teamsphere/api/services/impl/UserServiceImpl.java	Changed updateUser and findUserProfile methods to use userId from JWT and adjusted conditional logic.
backend-service/src/main/java/co/teamsphere/api/services/impl/ChatServiceImpl.java	Modified group chat methods to enforce permission checks and added TODO comments for refactoring.
backend-service/src/main/java/co/teamsphere/api/config/JWTTokenProvider.java	Updated token generation and parsing methods to use UUIDs and added substring handling in getIdFromToken.
Other files (controllers, tests, service interfaces)	Updated method signatures and dependency injections to support security improvements with JWT.

[Copilot]

Duplicate mocking of getIdFromToken(jwt) is observed; consider removing the redundant call to simplify the test setup.

Suggested change

	when(jwtTokenProvider.getIdFromToken(jwt)).thenReturn(userId);

[Copilot]

Please remove or replace informal comments like 'Horrible way to write this, will fix later' with a clear TODO that outlines the intended refactoring for improved clarity and maintainability.

Suggested change

	// Horrible way to write this, will fix later
	// TODO: Refactor this condition to improve readability and maintainability.
	// The current implementation combines multiple checks in a single line, making it hard to read and debug.
	// Consider breaking this into separate boolean variables with descriptive names.

[Copilot]

[nitpick] Consider preserving the original exception (e.g., by wrapping it) instead of simply throwing a new UserException with the message; this helps with debugging and error tracing.

Suggested change

	throw new UserException(e.getMessage());
	throw new UserException(e.getMessage(), e);

[Copilot]

The manual substring removal assumes the token always has a 'Bearer ' prefix; consider adding a check to verify the prefix and handle cases where it might be missing or formatted differently.

Suggested change

	if (token == null || !token.startsWith("Bearer ")) {
	log.error("Invalid token format: missing 'Bearer ' prefix");
	throw new IllegalArgumentException("Invalid token format");
	}

[BravinR]

LGTM