fixes

app/src/main/java/it/chalmers/gamma/adapter/primary/web/AccountDeletedController.java

@@ -8,7 +8,6 @@ public class AccountDeletedController {
 
   @GetMapping("/account-deleted")
   public String getAccountDeleted() {
-    // TODO: Remove cookie
     return "accountdeleted";
   }
 }

app/src/main/java/it/chalmers/gamma/adapter/primary/web/ClientsController.java

@@ -348,7 +348,6 @@ public ModelAndView createAuthority(
       @PathVariable("id") UUID clientUid,
       CreateAuthority form) {
 
-    // TODO: Move this to one call in the facade.
     try {
       this.clientAuthorityFacade.create(clientUid, form.authority);
     } catch (ClientAuthorityRepository.ClientAuthorityAlreadyExistsException e) {

app/src/main/java/it/chalmers/gamma/adapter/primary/web/ConsentController.java

@@ -36,9 +36,8 @@ public ModelAndView getOAuth2Consent(
 
     RegisteredClient client = this.registeredClientRepository.findByClientId(clientId);
 
-    // TODO: Do something better than this.
     if (client == null) {
-      return null;
+      throw new RuntimeException();
     }
 
     ModelAndView mv = new ModelAndView();

app/src/main/java/it/chalmers/gamma/adapter/primary/web/ForgotPasswordController.java

@@ -48,8 +48,7 @@ public ModelAndView sendForgotPassword(
       this.userResetPasswordFacade.startResetPasswordProcess(form.email);
       mv.setViewName("redirect:forgot-password/finalize");
     } catch (UserResetPasswordFacade.PasswordResetProcessException e) {
-      // TODO: proper logging
-      System.out.println("attempted to reset password");
+      mv.setViewName("redirect:forgot-password/finalize");
     } catch (IllegalArgumentException e) {
       if (htmxRequest) {
         mv.setViewName("pages/forgot-password");
@@ -91,12 +90,9 @@ public record FinalizeForgotPassword(
   public ModelAndView finalizeForgotPassword(
       @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
       FinalizeForgotPassword form) {
-    // TODO: Move validation to facade
-    if (!form.password.equals(form.confirmPassword)) {}
-
     try {
       this.userResetPasswordFacade.finishResetPasswordProcess(
-          form.email, form.token, form.password);
+          form.email, form.token, form.password, form.confirmPassword);
     } catch (UserResetPasswordFacade.PasswordResetProcessException e) {
       throw new RuntimeException(e);
     }

app/src/main/java/it/chalmers/gamma/adapter/primary/web/GroupsController.java

@@ -326,7 +326,6 @@ public ModelAndView createGroup(
       @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
       final GroupForm form,
       final BindingResult bindingResult) {
-    // TODO: Do this in one facade call
     try {
       UUID groupId =
           this.groupFacade.create(

app/src/main/java/it/chalmers/gamma/adapter/primary/web/MeController.java

@@ -107,7 +107,6 @@ public ModelAndView getCancelEdit(
       @RequestHeader(value = "HX-Request", required = true) boolean htmxRequest) {
     ModelAndView mv = new ModelAndView();
 
-    // TODO: Use only getMe
     MeFacade.MeDTO me = this.meFacade.getMe();
 
     mv.setViewName("pages/me :: userinfo");

app/src/main/java/it/chalmers/gamma/adapter/primary/web/RegisterAccountController.java

@@ -74,11 +74,6 @@ public ModelAndView getRegister(
   public ModelAndView registerAccount(
       @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
       CreateAccountForm form) {
-    // TODO: Move validation to facade
-    if (!form.password.equals(form.confirmPassword)) {}
-
-    if (!form.acceptUserAgreement) {}
-
     try {
       this.userCreationFacade.createUserWithCode(
           new UserCreationFacade.NewUser(
@@ -90,7 +85,9 @@ public ModelAndView registerAccount(
               form.acceptanceYear,
               form.cid,
               form.language),
-          form.code);
+          form.code,
+          form.confirmPassword,
+          form.acceptUserAgreement);
     } catch (UserCreationFacade.SomePropertyNotUniqueException e) {
       throw new RuntimeException(e);
     }

app/src/main/java/it/chalmers/gamma/adapter/secondary/jpa/group/GroupEntityConverter.java

@@ -53,7 +53,6 @@ public Group toDomain(GroupEntity entity) {
     Optional<ImageUri> avatarUri = Optional.empty();
     Optional<ImageUri> bannerUri = Optional.empty();
 
-    // TODO: Remove Optional from Group (and User)
     if (entity.groupImages != null) {
       avatarUri = Optional.ofNullable(entity.groupImages.avatarUri).map(ImageUri::new);
       bannerUri = Optional.ofNullable(entity.groupImages.bannerUri).map(ImageUri::new);

app/src/main/java/it/chalmers/gamma/adapter/secondary/jpa/user/UserJpaRepository.java

@@ -5,7 +5,6 @@
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
-// TODO: Only UserRepositoryAdapter and UserPasswordRetrieverAdapter should be able to access this.
 @Repository
 public interface UserJpaRepository extends JpaRepository<UserEntity, UUID> {
 

app/src/main/java/it/chalmers/gamma/app/oauth2/GammaAuthorizationService.java

@@ -85,10 +85,8 @@ private boolean hasNoTokens(OAuth2Authorization authorization) {
         && authorization.getToken(OidcIdToken.class) == null;
   }
 
-  // TODO: Tokens are not removed?
   @Override
   public void remove(OAuth2Authorization authorization) {
-    LOGGER.info("Remove: " + authorization.toString());
     gammaAuthorizationRepository.remove(authorization);
   }
 

app/src/main/java/it/chalmers/gamma/app/post/PostFacade.java

@@ -33,7 +33,10 @@ public PostFacade(
   public UUID create(NewPost newPost) {
     PostId postId = PostId.generate();
 
-    // TODO: Post text should not be able to be empty
+    if (newPost.svText.isEmpty() || newPost.enText.isEmpty()) {
+      throw new IllegalArgumentException("Post names must not be empty");
+    }
+
     this.postRepository.save(
         new Post(
             postId,

app/src/main/java/it/chalmers/gamma/app/user/UserCreationFacade.java

@@ -77,12 +77,20 @@ public UUID createUser(NewUser newUser) throws EmailNotUniqueException, CidNotUn
   }
 
   @Transactional
-  public void createUserWithCode(NewUser data, String token) throws SomePropertyNotUniqueException {
+  public void createUserWithCode(
+      NewUser data, String token, String confirmPassword, boolean acceptsUserAgreement)
+      throws SomePropertyNotUniqueException {
     this.accessGuard.require(isNotSignedIn());
 
-    Cid tokenCid = this.userActivationRepository.getByToken(new UserActivationToken(token));
+    if (!data.password.equals(confirmPassword)) {
+      throw new IllegalArgumentException("password not confirmed");
+    }
 
-    // TODO: Check if email is not [email protected]
+    if (!acceptsUserAgreement) {
+      throw new IllegalArgumentException("must accept user agreement");
+    }
+
+    Cid tokenCid = this.userActivationRepository.getByToken(new UserActivationToken(token));
 
     if (tokenCid.value().equals(data.cid)) {
       Cid cid = new Cid(data.cid);

app/src/main/java/it/chalmers/gamma/app/user/activation/domain/UserActivationToken.java

@@ -1,10 +1,17 @@
 package it.chalmers.gamma.app.user.activation.domain;
 
 import it.chalmers.gamma.util.TokenUtils;
+import java.util.Objects;
 
 public record UserActivationToken(String value) {
 
-  // TODO add validation that length must be 9 in only numbers
+  public UserActivationToken {
+    Objects.requireNonNull(value);
+
+    if (value.length() == 9) {
+      throw new IllegalArgumentException("User activation token must be 9 numbers");
+    }
+  }
 
   public static UserActivationToken generate() {
     String value = TokenUtils.generateToken(9, TokenUtils.CharacterTypes.NUMBERS);

app/src/main/java/it/chalmers/gamma/app/user/passwordreset/UserResetPasswordFacade.java

@@ -53,10 +53,14 @@ public void startResetPasswordProcess(String emailString) throws PasswordResetPr
   }
 
   public void finishResetPasswordProcess(
-      String emailString, String inputTokenRaw, String newPassword)
+      String emailString, String inputTokenRaw, String newPassword, String confirmPassword)
       throws PasswordResetProcessException {
     this.accessGuard.require(isNotSignedIn());
 
+    if (!newPassword.equals(confirmPassword)) {
+      throw new IllegalArgumentException("please properly confirm password");
+    }
+
     Email email = new Email(emailString);
 
     Optional<GammaUser> maybeUser = this.userRepository.get(email);

app/src/main/java/it/chalmers/gamma/security/user/UserPasswordRetriever.java

@@ -4,7 +4,6 @@
 import it.chalmers.gamma.app.user.domain.UserId;
 import org.springframework.lang.Nullable;
 
-// TODO: Add ArchUnit that only UserConfig can use this.
 public interface UserPasswordRetriever {
   @Nullable Password getPassword(UserId id);