Total points: 10/10
Overall nice work. Good tests! Happy to see you writing code to verify your understanding of BCrypt.
You should add the loggedin property to the session when someone successfully signs
up for a new account. Right now you redirect someone to the "you logged in" page when
they sign up, but they're not really logged in. Accessing the secret page causes the
app to crash because there's no loggedin property set in the session.
HttpSession session = request.getSession();
session.setAttribute("loggedin", true);
@PostMapping("/register")
public ModelAndView register(@RequestParam String username, @RequestParam String password, @RequestParam String bio) {
ModelAndView mv = new ModelAndView();
if (UserDB.getUserByName(username) != null) {
mv.setViewName("loginerror");
mv.addObject("error", "Sorry, that username already exists. Choose another.");
} else {
UserDB.createUser(username, password, bio);
mv.setViewName("loggedin");
mv.addObject("username", username);
}
return mv;
}