Add user registration and GitHub OAuth2 authentication features#8
Merged
Add user registration and GitHub OAuth2 authentication features#8
Conversation
…nd profile update functionality
There was a problem hiding this comment.
Pull request overview
This PR introduces Spring Security-based authentication (form login + GitHub OAuth2), refactors user registration to hash passwords via BCrypt, and adds basic user profile update capabilities backed by the existing JDBC repository layer.
Changes:
- Added Spring Security + OAuth2 client dependencies and introduced
SecurityConfig+CustomOAuth2UserServicefor GitHub login. - Refactored user registration to use
RegisterRequest, hash passwords, and add duplicate-email handling. - Added user profile update and user-by-id retrieval in service/repository/controller layers; updated sample users to use BCrypt hashes.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
pom.xml |
Adds Spring Security and OAuth2 client dependencies. |
src/main/resources/application.yml |
Adds GitHub OAuth client config via environment variables. |
src/main/resources/db/migration/V3__insert_sample_data.sql |
Replaces dummy hashes with BCrypt hashes and updates sample emails. |
src/main/java/dev/pasinduog/eventsphere/config/SecurityConfig.java |
Defines security filter chain (auth rules, login, OAuth2, logout). |
src/main/java/dev/pasinduog/eventsphere/config/AppConfig.java |
Adds PasswordEncoder bean (BCrypt). |
src/main/java/dev/pasinduog/eventsphere/service/CustomOAuth2UserService.java |
Registers GitHub-authenticated users into the local users table. |
src/main/java/dev/pasinduog/eventsphere/dto/RegisterRequest.java |
Introduces DTO for registration payload. |
src/main/java/dev/pasinduog/eventsphere/service/UserService.java |
Updates service contract for registration + adds profile-related methods. |
src/main/java/dev/pasinduog/eventsphere/service/impl/UserServiceImpl.java |
Implements password hashing, duplicate email check, get-by-id, update. |
src/main/java/dev/pasinduog/eventsphere/controller/UserController.java |
Updates registration endpoint payload + adds profile update endpoint. |
src/main/java/dev/pasinduog/eventsphere/repository/UserRepository.java |
Adds update(User) method. |
src/main/java/dev/pasinduog/eventsphere/repository/impl/UserRepositoryImpl.java |
Implements SQL update for profile fields. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ity configuration
… supporting dynamic admin email configuration
There was a problem hiding this comment.
Pull request overview
This PR adds authentication capabilities to the EventSphere backend, including local user registration with hashed passwords, JWT-based API authentication, and GitHub OAuth2 login integration, along with related schema/config updates.
Changes:
- Introduces Spring Security + GitHub OAuth2 login flow, plus JWT generation/validation and a JWT request filter.
- Refactors user registration to use a DTO and BCrypt hashing; adds endpoints for “me” and profile updates.
- Updates DB schema/sample data to support roles/event statuses and hashed passwords.
Reviewed changes
Copilot reviewed 26 out of 26 changed files in this pull request and generated 17 comments.
Show a summary per file
| File | Description |
|---|---|
| src/main/resources/db/migration/V1__init_schema.sql | Adds roles/event_statuses tables and foreign keys for role/status values. |
| src/main/resources/db/migration/V3__insert_sample_data.sql | Seeds roles/statuses and updates sample users to use BCrypt password hashes. |
| src/main/resources/application.yml | Adds GitHub OAuth2 client config and JWT/admin configuration keys. |
| src/main/java/dev/pasinduog/eventsphere/service/UserService.java | Updates registration contract and adds profile/user lookup APIs. |
| src/main/java/dev/pasinduog/eventsphere/service/OAuth2CodeService.java | Defines one-time code generation/validation for OAuth2-to-JWT handoff. |
| src/main/java/dev/pasinduog/eventsphere/service/JwtService.java | Defines JWT operations for token lifecycle and claims extraction. |
| src/main/java/dev/pasinduog/eventsphere/service/impl/UserServiceImpl.java | Implements DTO-based registration, hashing, and profile update support. |
| src/main/java/dev/pasinduog/eventsphere/service/impl/OAuth2CodeServiceImpl.java | Implements in-memory OAuth2 code storage. |
| src/main/java/dev/pasinduog/eventsphere/service/impl/JwtServiceImpl.java | Implements JWT creation and validation via JJWT. |
| src/main/java/dev/pasinduog/eventsphere/service/impl/AiMatchmakingServiceImpl.java | Updates Gemini config property keys used by matchmaking. |
| src/main/java/dev/pasinduog/eventsphere/service/CustomOAuth2UserService.java | Registers GitHub-authenticated users and fetches email when missing. |
| src/main/java/dev/pasinduog/eventsphere/repository/UserRepository.java | Adds update operation to repository contract. |
| src/main/java/dev/pasinduog/eventsphere/repository/impl/UserRepositoryImpl.java | Adds update logic and expands queries to include password_hash where needed. |
| src/main/java/dev/pasinduog/eventsphere/model/User.java | Implements Spring Security UserDetails for DB-backed users. |
| src/main/java/dev/pasinduog/eventsphere/filter/JwtAuthFilter.java | Adds JWT auth filter to populate SecurityContext from Bearer tokens. |
| src/main/java/dev/pasinduog/eventsphere/exception/InvalidAuthCodeException.java | Adds a typed exception for invalid OAuth2 callback codes. |
| src/main/java/dev/pasinduog/eventsphere/dto/RegisterRequest.java | Adds registration DTO. |
| src/main/java/dev/pasinduog/eventsphere/dto/OAuth2CallbackRequest.java | Adds DTO for exchanging OAuth2 callback code for a JWT. |
| src/main/java/dev/pasinduog/eventsphere/dto/LoginResponse.java | Adds JWT login response DTO. |
| src/main/java/dev/pasinduog/eventsphere/dto/LoginRequest.java | Adds password login request DTO. |
| src/main/java/dev/pasinduog/eventsphere/controller/UserController.java | Adds secured user lookup endpoints and profile update (“me”) APIs. |
| src/main/java/dev/pasinduog/eventsphere/controller/EventController.java | Adds method-level authorization annotations to event endpoints. |
| src/main/java/dev/pasinduog/eventsphere/controller/AuthController.java | Adds password login and OAuth2 callback-to-JWT exchange endpoints. |
| src/main/java/dev/pasinduog/eventsphere/config/SecurityConfig.java | Configures Spring Security, JWT filter, OAuth2 login, and CORS. |
| src/main/java/dev/pasinduog/eventsphere/config/AppConfig.java | Adds BCrypt PasswordEncoder and OpenAPI bearer auth configuration. |
| pom.xml | Adds Spring Security, OAuth2 client, and JJWT dependencies. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…HttpUrl removed in Spring 7 Agent-Logs-Url: https://github.com/PasinduOG/eventsphere/sessions/e1363c15-ab4d-4386-9e06-36516a988e9b Co-authored-by: PasinduOG <126347762+PasinduOG@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…ror handling in fetchEmailFromGitHub Agent-Logs-Url: https://github.com/PasinduOG/eventsphere/sessions/2c67ab62-fd77-4811-9b65-06d6ca0e8b0f Co-authored-by: PasinduOG <126347762+PasinduOG@users.noreply.github.com>
Agent-Logs-Url: https://github.com/PasinduOG/eventsphere/sessions/2c67ab62-fd77-4811-9b65-06d6ca0e8b0f Co-authored-by: PasinduOG <126347762+PasinduOG@users.noreply.github.com>
PasinduOG
commented
Apr 14, 2026
|
|
||
| @Override | ||
| public Collection<? extends GrantedAuthority> getAuthorities() { | ||
| String effectiveRole = (this.role != null) ? this.role : "ATTENDEE"; |
Owner
Author
There was a problem hiding this comment.
@copilot IntelliJ said "this.role ! = null" is always true so I think this is not necessary
Contributor
There was a problem hiding this comment.
Simplified in commit 2590284 — since the class is annotated with @NullMarked, role is treated as non-null and the ternary guard was redundant. getAuthorities() now directly returns List.of(new SimpleGrantedAuthority(this.role)).
…der @NullMarked Agent-Logs-Url: https://github.com/PasinduOG/eventsphere/sessions/6c9317dc-6684-4dc3-ba7c-c99d6875a8b1 Co-authored-by: PasinduOG <126347762+PasinduOG@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces comprehensive user authentication and security enhancements, including integration with Spring Security and OAuth2 (GitHub), as well as improvements to user registration and profile management. It also updates the user data model and sample data to support secure password storage and user roles.
Authentication and Security Integration:
spring-boot-starter-securityandspring-boot-starter-oauth2-clientdependencies to enable security and OAuth2 support. (pom.xml)SecurityConfigto configure HTTP security, form login, OAuth2 login with GitHub, and logout handling. (SecurityConfig.java)application.yml.PasswordEncoderbean using BCrypt for secure password hashing. (AppConfig.java) [1] [2]User Registration and Profile Management:
RegisterRequestDTO, added password hashing, and checked for duplicate emails. (RegisterRequest.java,UserService/Impl,UserController.java) [1] [2] [3] [4] [5]UserController.java,UserService/Impl,UserRepository/Impl) [1] [2] [3] [4] [5]OAuth2 User Handling:
CustomOAuth2UserServiceto register new users authenticated via GitHub, assign roles based on email, and log registration events. (CustomOAuth2UserService.java)Sample Data and Password Security:
V3__insert_sample_data.sql)