Refactoring done, simplified

[amanfoundongithub]

Summary by Sourcery

Modularize and reorganize the identity and access management domain while tightening persistence and messaging models.

New Features:

• Introduce a dedicated AuthService interface and UserResponseDto for returning sanitized user profiles.
• Add a NotificationChannel enum to standardize messaging channel types.

Enhancements:

• Refactor DAOs to repository interfaces and update services and controllers to use constructor injection with domain-specific packages.
• Rework token and user entities to use builders, immutable IDs, safer defaults, and updated validation annotations.
• Simplify RabbitMQ configuration and email notification dispatch to use a single high-priority routing key.
• Restructure configuration, middleware, messaging, auth, token, and user classes into clearer domain-centric packages.

Tests:

• Remove obsolete unit tests tied to the previous package layout and entity implementations.

[sourcery-ai]

Reviewer's Guide

Refactors the identity and access management module into a more domain-oriented package structure, replaces legacy DAO classes with Spring Data repositories, modernizes token and messaging implementations, and tightens several domain models and controller/services wiring using constructor injection and Lombok.

File-Level Changes

Change	Details	Files
Replace legacy DAO layer with domain-scoped Spring Data repositories across auth, token, and user services.	Rename UserDao and token DAOs to UserRepository and TokenRepository under new domain..repository packages Update AuthServiceImpl, TokenManagementServiceImpl, and JwtService to depend on repositories instead of DAOs Adjust all query/save/delete calls to use the new repository field names	src/main/java/com/loan_org/identity_and_access_management/domain/user/repository/UserRepository.java src/main/java/com/loan_org/identity_and_access_management/domain/token/repository/RefreshTokenRepository.java src/main/java/com/loan_org/identity_and_access_management/domain/token/repository/ActivationTokenRepository.java src/main/java/com/loan_org/identity_and_access_management/domain/token/repository/PasswordResetTokenRepository.java src/main/java/com/loan_org/identity_and_access_management/domain/auth/service/impl/AuthServiceImpl.java src/main/java/com/loan_org/identity_and_access_management/domain/token/service/impl/TokenManagementServiceImpl.java src/main/java/com/loan_org/identity_and_access_management/domain/auth/service/JwtService.java
Reorganize packages into a domain-driven structure for auth, token, user, messaging, middleware, mongo, and web layers.	Move controllers, DTOs, entities, services, factories, and configs into domain.* or middleware.* subpackages Update imports everywhere to align with new package locations Introduce a domain-scoped AuthService interface in the auth package	src/main/java/com/loan_org/identity_and_access_management/domain/auth/controller/AuthController.java src/main/java/com/loan_org/identity_and_access_management/domain/token/service/TokenManagementService.java src/main/java/com/loan_org/identity_and_access_management/domain/auth/dto/*.java src/main/java/com/loan_org/identity_and_access_management/domain/token/dto/RefreshTokenRequestDto.java src/main/java/com/loan_org/identity_and_access_management/domain/user/entity/*.java src/main/java/com/loan_org/identity_and_access_management/domain/user/factory/UserAttributeFactory.java src/main/java/com/loan_org/identity_and_access_management/domain/web/PasswordResetPageController.java src/main/java/com/loan_org/identity_and_access_management/messaging/**/*.java src/main/java/com/loan_org/identity_and_access_management/middleware/**/*.java src/main/java/com/loan_org/identity_and_access_management/mongo/MongoConfig.java
Improve token domain models and their usage by switching to builder-based construction and hardening IDs.	Remove convenience constructors on ActivationTokenDocument, PasswordResetTokenDocument, and RefreshTokenDocument, replacing with builder or explicit field setting Add @Setter(AccessLevel.NONE) to entity IDs to enforce immutability Update TokenManagementServiceImpl token creation to use builders and explicitly set expiry Instants via configuration	src/main/java/com/loan_org/identity_and_access_management/domain/token/entity/ActivationTokenDocument.java src/main/java/com/loan_org/identity_and_access_management/domain/token/entity/PasswordResetTokenDocument.java src/main/java/com/loan_org/identity_and_access_management/domain/token/entity/RefreshTokenDocument.java src/main/java/com/loan_org/identity_and_access_management/domain/token/service/impl/TokenManagementServiceImpl.java
Refine user-facing and security-related domain objects and login flows.	Introduce a new UserResponseDto under the user domain to represent sanitized profile data Default SecurityBlock flags and counters (emailVerified, mfaEnabled, failedLoginAttempts) using @Builder.Default and hide sensitive fields from toString Ensure AuthServiceImpl uses UserResponseDto in login responses and consistently saves via UserRepository	src/main/java/com/loan_org/identity_and_access_management/domain/user/dto/UserResponseDto.java src/main/java/com/loan_org/identity_and_access_management/domain/user/entity/SecurityBlock.java src/main/java/com/loan_org/identity_and_access_management/domain/auth/service/impl/AuthServiceImpl.java
Modernize wiring and configuration by using constructor injection and simplifying security and messaging configuration.	Replace field-level @Autowired with Lombok @requiredargsconstructor and final dependencies in controllers, services, and config Simplify SecurityConfig by removing custom authenticationEntryPoint while keeping stateless, CORS, and authorization rules Streamline RabbitMQConfig and EmailServiceImpl dispatch to always use a single high-priority routing key and a routing-key-agnostic helper	src/main/java/com/loan_org/identity_and_access_management/domain/auth/controller/AuthController.java src/main/java/com/loan_org/identity_and_access_management/domain/web/PasswordResetPageController.java src/main/java/com/loan_org/identity_and_access_management/domain/auth/service/JwtService.java src/main/java/com/loan_org/identity_and_access_management/middleware/config/SecurityConfig.java src/main/java/com/loan_org/identity_and_access_management/messaging/RabbitMQConfig.java src/main/java/com/loan_org/identity_and_access_management/messaging/service/impl/EmailServiceImpl.java
Tighten DTO validation and messaging enums.	Add @PositiveOrZero constraint to signingLimit in UserRegistrationDto Move NotificationChannel enum into messaging.dto and remove unused NotificationPriority Adjust NotificationEventDto usage to rely on channel and priority as plain strings, still set to EMAIL and HIGH	src/main/java/com/loan_org/identity_and_access_management/domain/auth/dto/UserRegistrationDto.java src/main/java/com/loan_org/identity_and_access_management/messaging/dto/NotificationChannel.java src/main/java/com/loan_org/identity_and_access_management/messaging/dto/NotificationEventDto.java src/main/java/com/loan_org/identity_and_access_management/messaging/service/impl/EmailServiceImpl.java
Remove old tests that referenced legacy packages and DAOs without adding new equivalents.	Delete unit tests for token entities, user entities, AuthServiceImpl, TokenManagementServiceImpl, and some MDC config/filter tests that target the old package structure Leave TODO implied for recreating tests under new domain.* and middleware.* packages	src/test/java/com/loan_org/identity_and_access_management/entity/token/ActivationTokenDocumentTest.java src/test/java/com/loan_org/identity_and_access_management/entity/token/PasswordResetTokenDocumentTest.java src/test/java/com/loan_org/identity_and_access_management/entity/token/RefreshTokenDocumentTest.java src/test/java/com/loan_org/identity_and_access_management/entity/user/MetadataBlockTest.java src/test/java/com/loan_org/identity_and_access_management/entity/user/SecurityBlockTest.java src/test/java/com/loan_org/identity_and_access_management/entity/user/UserDocumentTest.java src/test/java/com/loan_org/identity_and_access_management/entity/user/UserStatusTest.java src/test/java/com/loan_org/identity_and_access_management/service/AuthServiceImplTest.java src/test/java/com/loan_org/identity_and_access_management/service/TokenManagementServiceImplTest.java src/test/java/com/loan_org/identity_and_access_management/mdc/AsyncMdcConfigTest.java src/test/java/com/loan_org/identity_and_access_management/mdc/MdcHeaderFilterTest.java

Assessment against linked issues

Issue	Objective	Addressed	Explanation
#36	Refactor the identity and access management codebase to use a domain-oriented package structure (domain.auth, domain.token, domain.user, messaging, middleware, mongo) and update imports, interfaces, and class locations accordingly.	✅
#36	Replace legacy DAO-based persistence (UserDao, RefreshTokenDao, ActivationTokenDao, PasswordResetTokenDao) with repository-based abstractions (UserRepository, RefreshTokenRepository, ActivationTokenRepository, PasswordResetTokenRepository) and adjust service implementations to use constructor injection (Lombok annotations) instead of field injection.	✅
#36	Perform internal refactoring and cleanup of supporting components (JWT service, email/messaging, security configuration, DTOs/entities defaults and validation) to align with the new architecture without changing core functionality.	✅

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• In TokenManagementServiceImpl.generatePasswordResetToken, the new builder-based creation of PasswordResetTokenDocument no longer sets userEmail, which will break downstream lookups like getUserEmail() during verification; ensure userEmail is populated when building the token.
• The refactor of EmailServiceImpl.dispatchToBroker now hardcodes RabbitMQConfig.ROUTING_KEY_HIGH and removes the ability to pass different routing keys, which reduces flexibility for future notification priority routing; consider keeping the routing key as a parameter if multiple priorities are expected.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `TokenManagementServiceImpl.generatePasswordResetToken`, the new builder-based creation of `PasswordResetTokenDocument` no longer sets `userEmail`, which will break downstream lookups like `getUserEmail()` during verification; ensure `userEmail` is populated when building the token.
- The refactor of `EmailServiceImpl.dispatchToBroker` now hardcodes `RabbitMQConfig.ROUTING_KEY_HIGH` and removes the ability to pass different routing keys, which reduces flexibility for future notification priority routing; consider keeping the routing key as a parameter if multiple priorities are expected.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}