Conversation
WalkthroughAdded an interactive JDBC-driven CLI Changes
Sequence DiagramsequenceDiagram
participant User as User (Console)
participant Main as Main.run()
participant DB as Database
participant Input as Scanner
User->>Main: Start application
Main->>Main: Resolve DB config (env/properties)
Main->>DB: Open JDBC connection
Main->>Input: Open console scanner
rect rgb(200,220,255)
Note over Main,DB: Authentication
Main->>Input: Prompt username/password
Input->>Main: Return credentials
Main->>DB: Query account table (authenticate)
DB->>Main: Auth result
end
rect rgb(220,240,220)
Note over Main,DB: Interactive menu loop
loop until Exit
Main->>Input: Display menu / read choice
Input->>Main: Choice
alt List Missions
Main->>DB: Query missions
else Get Mission by ID
Main->>Input: Prompt ID
Input->>Main: ID
Main->>DB: Query mission by ID
else Count by Year
Main->>Input: Prompt year
Input->>Main: Year
Main->>DB: Count missions
else Create Account
Main->>Input: Prompt account details
Input->>Main: Details
Main->>DB: Insert account
else Update Password
Main->>Input: Prompt new password
Input->>Main: New password
Main->>DB: Update account
else Delete Account
Main->>Input: Prompt account id
Input->>Main: id
Main->>DB: Delete account
end
DB->>Main: Operation result
Main->>User: Display result
end
end
Main->>DB: Close connection
Main->>Input: Close scanner
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (5)
pom.xml (1)
54-58: Consider adding<scope>runtime</scope>for consistency.The
slf4j-nopdependency is a no-op logging binding typically only needed at runtime to suppress SLF4J warning messages. Adding<scope>runtime</scope>would align with the intent and match the pattern used bymysql-connector-jabove.<dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-nop</artifactId> <version>2.0.17</version> + <scope>runtime</scope> </dependency>src/main/java/com/example/Main.java (4)
133-133: Stale TODO comment.This TODO comment appears to be leftover from a template. Since the
run()method is now fully implemented, consider removing it to avoid confusion.- //Todo: Starting point for your code
169-189: Consider validating user_id input.If
user_idis a numeric column, usingsetStringrelies on implicit type conversion. Consider parsing toint/longand usingsetInt/setLongfor type safety, similar to the approach inmoonMissionsById.
216-219: Inconsistent error handling pattern.This method prints to
System.errbefore throwingRuntimeException, while other methods (e.g.,deleteAccount,createAnAccount) throw directly. Consider removing theSystem.err.printlnfor consistency.} catch (SQLException e) { - System.err.println("ERROR: Failed to update password."); throw new RuntimeException("Database operation failed. " + e.getMessage()); }
281-297: Redundant input validation logic.The method checks
hasNextInt()on line 283, but then reads asnextLine()and re-parses asLongwith a try-catch on lines 291-297. ThehasNextInt()check is effectively bypassed by reading the whole line. Consider simplifying:private void moonMissionsById(Connection connection, Scanner scanner) { System.out.println("Enter moon mission id: "); - if (!scanner.hasNextInt()) { + if (!scanner.hasNextLine()) { return; } String missionId = scanner.nextLine().trim(); + + long id; + try { + id = Long.parseLong(missionId); + } catch (NumberFormatException e) { + System.out.println("Invalid moon mission id. Please enter a number"); + return; + } String sql = "select spacecraft, mission_id, mission_type, launch_date from moon_mission where mission_id = ?"; try (PreparedStatement stmt = connection.prepareStatement(sql)) { - long id; - try { - id = Long.parseLong(missionId); - stmt.setLong(1, id); - } catch (NumberFormatException e) { - System.out.println("Invalid moon mission id. Please enter a number"); - return; - } + stmt.setLong(1, id);
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
README.md(1 hunks)pom.xml(1 hunks)src/main/java/com/example/Main.java(2 hunks)
🔇 Additional comments (4)
README.md (1)
1-1: LGTM!Standard GitHub Classroom badge for assignment deadline tracking.
src/main/java/com/example/Main.java (3)
44-57: LGTM!Good use of try-with-resources for both
ConnectionandScanner, ensuring proper resource cleanup. The configuration validation with a clear error message is also appropriate.
137-166: Good use of parameterized queries for SQL injection prevention.The authentication logic correctly uses
PreparedStatementwith parameter binding. Minor nit: consider translating the Swedish comments ("Hantera EOF i testmiljön") to English for consistency.
253-279: LGTM!Good input validation with
hasNextInt()and proper cleanup of the newline character. The SQL query and prepared statement usage are correct.
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/main/java/com/example/Main.java (1)
10-15: JVM entrypoint likely broken:mainmust bepublic static void main(String[] args)- static void main(String[] args) { + public static void main(String[] args) { if (isDevMode(args)) { DevDatabaseInitializer.start(); } new Main().run(); }
♻️ Duplicate comments (1)
src/main/java/com/example/Main.java (1)
245-278: Account creation: fix wrong validation message + add missing EOF guards (and avoid crashing the CLI)
- Line 254 throws “First name…” when validating last name.
- Lines 256–258 read without
hasNextLine()(EOF can throw), andIllegalArgumentExceptionwill currently crash the interactive flow (better to print + return).- if (lastName.length() < 3) { throw new IllegalArgumentException("First name must be at least 3 characters long."); } + if (lastName.length() < 3) { + System.out.println("Last name must be at least 3 characters long."); + return; + } System.out.print("Enter ssn: "); + if (!scanner.hasNextLine()) { return; } String ssn = scanner.nextLine().trim(); System.out.print("Enter password: "); + if (!scanner.hasNextLine()) { return; } String password = scanner.nextLine().trim();
| private String authenticateUser(Connection connection, Scanner scanner) { | ||
| System.out.print("Username: "); | ||
| if (!scanner.hasNextLine()) { | ||
| return null; // Hantera EOF i testmiljön | ||
| } | ||
| String username = scanner.nextLine().trim(); | ||
|
|
||
| System.out.print("Password: "); | ||
| if (!scanner.hasNextLine()) { | ||
| return null; // Hantera EOF i testmiljön | ||
| } | ||
| String password = scanner.nextLine().trim(); | ||
|
|
||
| String sql = " select name from account where name = ? and password = ? "; | ||
|
|
||
| try (PreparedStatement stmt = connection.prepareStatement(sql)) { | ||
| stmt.setString(1, username); | ||
| stmt.setString(2, password); | ||
|
|
||
| try (ResultSet rs = stmt.executeQuery()) { | ||
| if (rs.next()) { | ||
| return rs.getString("name"); | ||
| } else { | ||
| return null; | ||
| } | ||
| } | ||
| } catch (SQLException ex) { | ||
| throw new RuntimeException(ex); | ||
| } | ||
| } |
There was a problem hiding this comment.
Plaintext password authentication + weak exception context
- Comparing
password = ?suggests plaintext storage/comparison; please hash + salt passwords (and compare hashes), even for a CLI. - Also, Line 162 throws
new RuntimeException(ex)with no context—hard to debug.
- } catch (SQLException ex) {
- throw new RuntimeException(ex);
+ } catch (SQLException ex) {
+ throw new RuntimeException("Error authenticating user.", ex);
}🤖 Prompt for AI Agents
In src/main/java/com/example/Main.java around lines 135 to 164, the method
currently selects by plaintext password and throws a RuntimeException with no
context; change the query to fetch the stored password hash by username only
(e.g., "select name, password_hash from account where name = ?"), remove
password from the WHERE clause, then compute/verify the provided password
against the stored salted hash using a secure algorithm/library (bcrypt or
Argon2) and return the username only on successful verification; also replace
the bare throw new RuntimeException(ex) with a more informative exception or log
message that includes context (e.g., "Failed to authenticate user: " + username)
while preserving the original exception as the cause.
| private void moonMissionsById(Connection connection, Scanner scanner) { | ||
| System.out.println("Enter moon mission id: "); | ||
| if (!scanner.hasNextLine()) { | ||
| return; | ||
| } | ||
| String missionId = scanner.nextLine().trim(); | ||
| long id; | ||
| try { | ||
| id = Long.parseLong(missionId); | ||
| } catch (NumberFormatException e) { | ||
| System.out.println("Invalid moon mission id. Please enter a number"); | ||
| return; | ||
| } | ||
|
|
||
| String sql = "select spacecraft, mission_id, mission_type, launch_date from moon_mission where mission_id = ?"; | ||
| try (PreparedStatement stmt = connection.prepareStatement(sql)) { | ||
| stmt.setLong(1, id); | ||
|
|
||
| try (ResultSet rs = stmt.executeQuery()) { | ||
| if (rs.next()) { | ||
| System.out.println("ID: " + rs.getLong("mission_id")); | ||
| System.out.println("Spacecraft: " + rs.getString("spacecraft")); | ||
| System.out.println("Mission type: " + rs.getString("mission_type")); | ||
| System.out.println("Launch date: " + rs.getString("launch_date")); | ||
| } else { | ||
| System.out.println("Mission id " + missionId + " not found. Please enter a number"); | ||
| } | ||
| } | ||
|
|
||
| } catch (SQLException e) { | ||
| throw new RuntimeException(e); | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
moonMissionsById: improve error messaging + keep SQL exception context
- Line 210 message says “Please enter a number” when the ID was a number but wasn’t found.
- Line 215 drops context.
- } else {
- System.out.println("Mission id " + missionId + " not found. Please enter a number");
+ } else {
+ System.out.println("Mission id " + missionId + " not found.");
}
...
- } catch (SQLException e) {
- throw new RuntimeException(e);
+ } catch (SQLException e) {
+ throw new RuntimeException("Error fetching moon mission by id=" + id, e);
}🤖 Prompt for AI Agents
In src/main/java/com/example/Main.java around lines 185-218, update the
user-facing "not found" message and preserve SQL exception context: change the
"Mission id ... not found. Please enter a number" line to a clear not-found
message (e.g., "Mission id X not found.") without the misleading "Please enter a
number" text, and replace the catch(SQLException e) throw with a
RuntimeException that includes context about the query (for example: throw new
RuntimeException("Failed to query moon mission with id " + id, e)) so the
original SQLException is preserved as the cause.
| private void updateAccountPassword(Connection connection, Scanner scanner) { | ||
| System.out.println("Enter user_id: "); | ||
| if (!scanner.hasNextLine()) { | ||
| return; | ||
| } | ||
| String userId = scanner.nextLine(); | ||
| System.out.println("Enter new password: "); | ||
| if (!scanner.hasNextLine()) { | ||
| return; | ||
| } | ||
| String newPassword = scanner.nextLine(); | ||
|
|
||
| String sql = " update account set password = ? where user_id = ? "; | ||
| try (PreparedStatement stmt = connection.prepareStatement(sql)) { | ||
| stmt.setString(1, newPassword); | ||
| stmt.setString(2, userId); | ||
|
|
||
| int affectedRows = stmt.executeUpdate(); | ||
|
|
||
| if (affectedRows > 0) { | ||
| System.out.println("Account updated successfully."); | ||
| } else { | ||
| System.out.println("Failed to update account."); | ||
| } | ||
|
|
||
| } catch (SQLException e) { | ||
| System.err.println("ERROR: Failed to update password."); | ||
| throw new RuntimeException("Database operation failed. " + e.getMessage()); | ||
| } | ||
| } |
There was a problem hiding this comment.
updateAccountPassword: validate user_id, trim inputs, and preserve SQL cause
- String userId = scanner.nextLine();
+ String userId = scanner.nextLine().trim();
+ try {
+ Long.parseLong(userId);
+ } catch (NumberFormatException e) {
+ System.out.println("Invalid user_id. Please enter a number.");
+ return;
+ }
...
- String newPassword = scanner.nextLine();
+ String newPassword = scanner.nextLine().trim();
...
- } catch (SQLException e) {
- System.err.println("ERROR: Failed to update password.");
- throw new RuntimeException("Database operation failed. " + e.getMessage());
+ } catch (SQLException e) {
+ System.err.println("ERROR: Failed to update password.");
+ throw new RuntimeException("Database operation failed. " + e.getMessage(), e);
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| private void updateAccountPassword(Connection connection, Scanner scanner) { | |
| System.out.println("Enter user_id: "); | |
| if (!scanner.hasNextLine()) { | |
| return; | |
| } | |
| String userId = scanner.nextLine(); | |
| System.out.println("Enter new password: "); | |
| if (!scanner.hasNextLine()) { | |
| return; | |
| } | |
| String newPassword = scanner.nextLine(); | |
| String sql = " update account set password = ? where user_id = ? "; | |
| try (PreparedStatement stmt = connection.prepareStatement(sql)) { | |
| stmt.setString(1, newPassword); | |
| stmt.setString(2, userId); | |
| int affectedRows = stmt.executeUpdate(); | |
| if (affectedRows > 0) { | |
| System.out.println("Account updated successfully."); | |
| } else { | |
| System.out.println("Failed to update account."); | |
| } | |
| } catch (SQLException e) { | |
| System.err.println("ERROR: Failed to update password."); | |
| throw new RuntimeException("Database operation failed. " + e.getMessage()); | |
| } | |
| } | |
| private void updateAccountPassword(Connection connection, Scanner scanner) { | |
| System.out.println("Enter user_id: "); | |
| if (!scanner.hasNextLine()) { | |
| return; | |
| } | |
| String userId = scanner.nextLine().trim(); | |
| try { | |
| Long.parseLong(userId); | |
| } catch (NumberFormatException e) { | |
| System.out.println("Invalid user_id. Please enter a number."); | |
| return; | |
| } | |
| System.out.println("Enter new password: "); | |
| if (!scanner.hasNextLine()) { | |
| return; | |
| } | |
| String newPassword = scanner.nextLine().trim(); | |
| String sql = " update account set password = ? where user_id = ? "; | |
| try (PreparedStatement stmt = connection.prepareStatement(sql)) { | |
| stmt.setString(1, newPassword); | |
| stmt.setString(2, userId); | |
| int affectedRows = stmt.executeUpdate(); | |
| if (affectedRows > 0) { | |
| System.out.println("Account updated successfully."); | |
| } else { | |
| System.out.println("Failed to update account."); | |
| } | |
| } catch (SQLException e) { | |
| System.err.println("ERROR: Failed to update password."); | |
| throw new RuntimeException("Database operation failed. " + e.getMessage(), e); | |
| } | |
| } |
🤖 Prompt for AI Agents
In src/main/java/com/example/Main.java around lines 280 to 309, the
updateAccountPassword method must trim inputs, validate user_id and new
password, and preserve the original SQLException as the cause when rethrowing;
trim userId and newPassword after reading them, check that userId is not blank
and meets the expected format (adjust pattern to your app — e.g. non-empty or
numeric/UUID) and that newPassword is not blank (return early with a clear
message if validation fails), then proceed to prepare and execute the statement
as before, and in the catch block rethrow a RuntimeException that includes the
SQLException as the cause (new RuntimeException("Database operation failed", e))
rather than just concatenating the message.
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (5)
src/main/java/com/example/Main.java (5)
291-328: Good userId validation, but trim the password input and preserve exception cause.The userId validation (lines 296-303) properly addresses the previous review comment. However, line 309 should trim the password input for consistency, and line 326 should include the SQLException cause.
Apply this diff:
System.out.println("Enter new password: "); if (!scanner.hasNextLine()) { return; } - String newPassword = scanner.nextLine(); + String newPassword = scanner.nextLine().trim(); String sql = " update account set password = ? where user_id = ? "; try (PreparedStatement stmt = connection.prepareStatement(sql)) { stmt.setString(1, newPassword); stmt.setLong(2, userId); int affectedRows = stmt.executeUpdate(); if (affectedRows > 0) { System.out.println("Account updated successfully."); } else { System.out.println("Failed to update account."); } } catch (SQLException e) { System.err.println("ERROR: Failed to update password."); - throw new RuntimeException("Database operation failed. " + e.getMessage()); + throw new RuntimeException("Database operation failed. " + e.getMessage(), e); }
135-164: Plaintext password authentication remains unresolved.The authentication method still compares passwords in plaintext (line 148). This is a significant security risk even for a CLI application. Additionally, line 162 throws a
RuntimeExceptionwithout any descriptive context, making debugging difficult.Please implement password hashing (bcrypt or Argon2) and improve exception context:
- String sql = " select name from account where name = ? and password = ? "; + String sql = " select name, password from account where name = ? "; try (PreparedStatement stmt = connection.prepareStatement(sql)) { stmt.setString(1, username); - stmt.setString(2, password); try (ResultSet rs = stmt.executeQuery()) { if (rs.next()) { - return rs.getString("name"); + String storedHash = rs.getString("password"); + // Verify password against stored hash using BCrypt or similar + if (verifyPassword(password, storedHash)) { + return rs.getString("name"); + } + return null; } else { return null; } } } catch (SQLException ex) { - throw new RuntimeException(ex); + throw new RuntimeException("Failed to authenticate user: " + username, ex); }Note: Based on learnings or past feedback, if plaintext is acceptable for this educational/demo context, at minimum fix the exception message.
185-217: Misleading error message and missing exception context.Line 210 says "Please enter a number" even though the input was successfully parsed as a number—it just wasn't found in the database. Line 215 throws a generic
RuntimeExceptionwithout context.Apply this diff:
} else { - System.out.println("Mission id " + missionId + " not found. Please enter a number"); + System.out.println("Mission id " + missionId + " not found."); } } } catch (SQLException e) { - throw new RuntimeException(e); + throw new RuntimeException("Error fetching moon mission by id=" + id, e); }
252-289: Good length validation, but passwords stored in plaintext and exception cause missing.The length validation (lines 257-263) properly addresses the previous
StringIndexOutOfBoundsExceptionrisk. However, line 277 stores the password in plaintext in the database, and line 287 doesn't preserve the SQLException cause.Apply this diff:
System.out.print("Enter password: "); if (!scanner.hasNextLine()) {return;} String password = scanner.nextLine().trim(); + // Hash the password before storage (use BCrypt, Argon2, etc.) + String hashedPassword = hashPassword(password); String name = firstName.substring(0, 3) + lastName.substring(0, 3); String sql = "INSERT INTO account (first_name, last_name, ssn, password, name) VALUES (?, ?, ?, ?, ?)"; try (PreparedStatement stmt = connection.prepareStatement(sql)) { stmt.setString(1, firstName); stmt.setString(2, lastName); stmt.setString(3, ssn); - stmt.setString(4, password); + stmt.setString(4, hashedPassword); stmt.setString(5, name); int affectedRows = stmt.executeUpdate(); if (affectedRows > 0) { System.out.println("Successfully created an account for " + firstName + " " + lastName); } else System.out.println("Failed to create an account."); } catch (SQLException e) { - throw new RuntimeException("Database operation failed. " + e.getMessage()); + throw new RuntimeException("Database operation failed. " + e.getMessage(), e); }Note: If plaintext is acceptable for this educational context, at minimum fix the exception cause.
330-350: Validate and trim userId input, and preserve exception cause.The method should validate that
userIdis numeric (similar toupdateAccountPassword) and trim the input. Line 348 should also include the SQLException cause for better debugging.Apply this diff:
System.out.println("Enter user id, that you wish to delete: "); if (!scanner.hasNextLine()) { return; } - String userId = scanner.nextLine(); + String userIdStr = scanner.nextLine().trim(); + long userId; + try { + userId = Long.parseLong(userIdStr); + } catch (NumberFormatException e) { + System.out.println("Invalid user_id. Please enter a number."); + return; + } String sql = " delete from account where user_id = ? "; try (PreparedStatement stmt = connection.prepareStatement(sql)) { - stmt.setString(1, userId); + stmt.setLong(1, userId); int affectedRows = stmt.executeUpdate(); if (affectedRows > 0) { System.out.println("Successfully deleted the account."); } else { System.out.println("Failed to delete the account."); } } catch (SQLException e) { - throw new RuntimeException("Database operation failed. " + e.getMessage()); + throw new RuntimeException("Database operation failed. " + e.getMessage(), e); }
🧹 Nitpick comments (1)
src/main/java/com/example/Main.java (1)
219-250: Good input validation, but add exception context.The NumberFormatException handling (lines 227-232) properly addresses the previous review comment. However, line 248 should include a descriptive message in the RuntimeException.
Apply this diff to improve exception context:
} catch (SQLException e) { - throw new RuntimeException(e); + throw new RuntimeException("Error counting missions for year=" + year, e); }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
src/main/java/com/example/Main.java(2 hunks)
🔇 Additional comments (2)
src/main/java/com/example/Main.java (2)
129-131: Good fix: SQLException cause is now preserved.The exception handling now properly includes the original
SQLExceptionas the cause, which will help with debugging.
167-183: LGTM: Exception handling is correct.The method properly includes the SQLException cause and a descriptive message in the RuntimeException.
1 participant
Summary by CodeRabbit
New Features
Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.