fix(auth): standardize login field to email and fix VITE_API_BASE_URL…#50
Open
latakshsariyapatidar wants to merge 3 commits into
Open
Conversation
Author
|
Hi @rdodiya, I've pushed the additional changes to this PR:
Please review when you get a chance. Happy to make further adjustments if needed! 🙏 |
Owner
|
Hi @latakshsariyapatidar , |
|
Hey @latakshsariyapatidar! Saw your work on GSSoC 2026. We are building TermUI, a TypeScript terminal UI framework with React-style hooks and JSX, rendered entirely in the terminal. We have 67 unassigned GSSoC issues open. 19 are marked Karanjot, TermUI maintainer |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to (1) fix frontend API base-URL configuration for Vite by using VITE_API_BASE_URL, and (2) standardize authentication to use email as the identifier across frontend and backend.
Changes:
- Frontend: updated Axios base URL to read from
import.meta.env.VITE_API_BASE_URL(with localhost fallback). - Backend: migrated auth DTOs/services to use
emailinstead ofusernamein login/refresh responses and request payloads. - Backend: introduced a startup
DataInitializerto seed roles/users.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
RestroHub/src/main/java/com/restroly/qrmenu/security/CustomUserDetailsService.java |
Adjusts user lookup semantics for auth, but currently introduces a compilation error (duplicate field). |
RestroHub/src/main/java/com/restroly/qrmenu/config/DataInitializer.java |
Adds startup seeding of default roles/users (needs profile-gating to avoid production security risk). |
RestroHub/src/main/java/com/restroly/qrmenu/auth/service/AuthServiceImpl.java |
Updates login/refresh flows to use email, but leaves inconsistent credential error messaging. |
RestroHub/src/main/java/com/restroly/qrmenu/auth/dto/LoginRequest.java |
Renames login identifier to email and adds email validation (API-breaking unless migrated/versioned). |
RestroHub/src/main/java/com/restroly/qrmenu/auth/dto/AuthResponse.java |
Renames response field to email (API-breaking) and currently leaves other code constructing .username(...). |
RestroHub/src/main/java/com/restroly/qrmenu/auth/controller/AuthController.java |
Updates OpenAPI examples/logging to use email (docs can diverge from runtime error message until handler is updated). |
RestroHub-FrontEnd/src/services/public/ApiService.js |
Uses VITE_API_BASE_URL for API calls with a localhost fallback. |
RestroHub-FrontEnd/src/services/common/api.js |
Simplifies Axios baseURL assignment using VITE_API_BASE_URL. |
RestroHub-FrontEnd/src/pages/public/Login.jsx |
Partially updates UI messaging, but still submits username to the backend and has a styling/validation binding bug. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+23
to
+25
| private final UserRepository userRepository; | ||
| private final com.restroly.qrmenu.user.repository.UserRepository userRepository; | ||
|
|
||
Owner
There was a problem hiding this comment.
@latakshsariyapatidar remove 1 userRepository as it is declared twice
Comment on lines
+9
to
+20
| import org.springframework.boot.CommandLineRunner; | ||
| import org.springframework.security.crypto.password.PasswordEncoder; | ||
| import org.springframework.stereotype.Component; | ||
| import org.springframework.transaction.annotation.Transactional; | ||
|
|
||
| import java.util.Arrays; | ||
| import java.util.List; | ||
|
|
||
| @Component | ||
| @RequiredArgsConstructor | ||
| @Slf4j | ||
| public class DataInitializer implements CommandLineRunner { |
Owner
There was a problem hiding this comment.
@latakshsariyapatidar Delete DataInitializer class as it is not required.
Comment on lines
+31
to
+32
| @Schema(description = "Email of authenticated user", example = "admin@restroly.com") | ||
| private String email; |
Owner
There was a problem hiding this comment.
@latakshsariyapatidar changes username to emails in other classes
| } catch (BadCredentialsException ex) { | ||
| log.warn("Failed login attempt for user: {}", loginRequest.getUsername()); | ||
| log.warn("Failed login attempt for user: {}", loginRequest.getEmail()); | ||
| throw new BadCredentialsException("Invalid username or password"); |
Comment on lines
326
to
+330
| placeholder="Enter email or username" | ||
| value={formik.values.username} | ||
| onChange={formik.handleChange} | ||
| onBlur={formik.handleBlur} | ||
| className={inputClass("username")} | ||
| className={inputClass("email")} |
Comment on lines
187
to
190
| } catch (err) { | ||
| toast.error( | ||
| err.response?.data?.message || "Invalid username or password" | ||
| err.response?.data?.message || "Invalid email or password" | ||
| ); |
Comment on lines
107
to
111
| { | ||
| "status": 401, | ||
| "error": "UNAUTHORIZED", | ||
| "message": "Invalid username or password", | ||
| "message": "Invalid email or password", | ||
| "path": "/api/v1/auth/login", |
Comment on lines
+31
to
+32
| @Schema(description = "Email of authenticated user", example = "admin@restroly.com") | ||
| private String email; |
Comment on lines
+15
to
+18
| @NotBlank(message = "Email is required") | ||
| @jakarta.validation.constraints.Email(message = "Invalid email format") | ||
| @Schema(description = "Email", example = "admin@restroly.com", requiredMode = Schema.RequiredMode.REQUIRED) | ||
| private String email; |
Owner
|
Hi @latakshsariyapatidar , |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed?
Fixes two issues in the frontend config and login flow, and aligns the backend to use
emailas the auth identifier as requested by @rdodiya.Frontend
api.js: Replacedimport.meta.env.API_BASE_URLwithimport.meta.env.VITE_API_BASE_URLso Vite correctly exposes the env variable instead of silently falling back to hardcoded localhostLogin.jsx: Standardized Formik initial values, input field bindings, and validation error rendering fromusername→email. Added email format validation.Backend
LoginRequest.java: Renamedusernamefield toemail, added@EmailvalidationAuthServiceImpl.java: Updated authentication logic to look up users byemailAuthResponse.java: Updated response payload to returnemailfieldType
Testing
Tested locally — login form shows correct email validation errors, API calls hit the correct base URL, and backend authentication works with email as identifier.
Related Issue
Closes #28
Additional Notes
Changes are backward-compatible. The
emailfield replacesusernameacross the full auth flow as per maintainer's guidance.