package com.social.media.util; import com.social.media.domain.entity.UserCredentials; import com.social.media.dto.UserCredentialsDto; /** * Mapper utility for UserCredentials entity and DTO conversions */ public class UserCredentialsMapper { private UserCredentialsMapper() { // Utility class - private constructor } /** * Convert UserCredentials entity to DTO */ public static UserCredentialsDto toDto(UserCredentials entity) { if (entity == null) { return null; } UserCredentialsDto dto = new UserCredentialsDto(); // Basic fields that exist in both entity and DTO dto.setUserId(entity.getUserId()); // Note: Never expose password hash in DTO for security reasons dto.setPasswordHash(null); dto.setPasswordChangedAt(entity.getPasswordChangedAt()); dto.setLastLoginAt(entity.getLastLoginAt()); dto.setFailedLoginAttempts(entity.getFailedLoginAttempts()); dto.setLockedUntil(entity.getLockedUntil()); // Token fields (only expose existence, not actual tokens for security) dto.setPasswordResetToken(entity.getPasswordResetToken() != null ? "[SET]" : null); dto.setPasswordResetExpiresAt(entity.getPasswordResetExpiresAt()); dto.setEmailVerificationToken(entity.getEmailVerificationToken() != null ? "[SET]" : null); // Two-factor authentication dto.setTwoFactorEnabled(entity.getTwoFactorEnabled()); // Metadata dto.setCreatedAt(entity.getCreatedAt()); dto.setUpdatedAt(entity.getUpdatedAt()); // Computed fields dto.setIsAccountLocked(entity.isAccountLocked()); dto.setIsPermanentlyLocked(entity.isPermanentlyLocked()); dto.setIsPasswordResetTokenValid(entity.isPasswordResetTokenValid()); dto.setHasEmailVerificationToken(entity.hasEmailVerificationToken()); dto.setIsPasswordRecentlyChanged(entity.isPasswordRecentlyChanged()); dto.setHasRecentLogin(entity.hasRecentLogin()); return dto; } /** * Convert UserCredentials DTO to entity */ public static UserCredentials toEntity(UserCredentialsDto dto) { if (dto == null) { return null; } UserCredentials entity = new UserCredentials(); // Basic fields entity.setUserId(dto.getUserId()); // Password hash should be set separately through service layer for security if (dto.getPasswordHash() != null && !dto.getPasswordHash().equals("[SET]")) { entity.setPasswordHash(dto.getPasswordHash()); } entity.setPasswordChangedAt(dto.getPasswordChangedAt()); entity.setLastLoginAt(dto.getLastLoginAt()); entity.setFailedLoginAttempts(dto.getFailedLoginAttempts() != null ? dto.getFailedLoginAttempts() : 0); entity.setLockedUntil(dto.getLockedUntil()); // Tokens should be set separately through service layer for security entity.setPasswordResetExpiresAt(dto.getPasswordResetExpiresAt()); // Two-factor authentication entity.setTwoFactorEnabled(dto.getTwoFactorEnabled() != null ? dto.getTwoFactorEnabled() : false); // Metadata entity.setCreatedAt(dto.getCreatedAt()); entity.setUpdatedAt(dto.getUpdatedAt()); return entity; } /** * Update entity from DTO (for update operations) */ public static void updateEntityFromDto(UserCredentials entity, UserCredentialsDto dto) { if (entity == null || dto == null) { return; } // Update basic fields (excluding user ID which shouldn't change) if (dto.getPasswordChangedAt() != null) { entity.setPasswordChangedAt(dto.getPasswordChangedAt()); } if (dto.getLastLoginAt() != null) { entity.setLastLoginAt(dto.getLastLoginAt()); } if (dto.getFailedLoginAttempts() != null) { entity.setFailedLoginAttempts(dto.getFailedLoginAttempts()); } if (dto.getLockedUntil() != null) { entity.setLockedUntil(dto.getLockedUntil()); } // Update token expiry (tokens themselves should be updated through service methods) if (dto.getPasswordResetExpiresAt() != null) { entity.setPasswordResetExpiresAt(dto.getPasswordResetExpiresAt()); } // Update two-factor authentication settings if (dto.getTwoFactorEnabled() != null) { entity.setTwoFactorEnabled(dto.getTwoFactorEnabled()); } // updatedAt will be handled automatically by JPA } }