User as Entity

pom.xml

@@ -32,6 +32,11 @@
       <artifactId>spring-boot-starter-websocket</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-core</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-data-jpa</artifactId>

src/main/angular/src/app/api/Subscribed.ts

@@ -0,0 +1,46 @@
+import {Subscription} from "rxjs";
+import {Next} from "./common/types";
+
+export class Subscribed<T> {
+
+  private subscription: Subscription | null = null;
+
+  private _value: T | null = null;
+
+  constructor(
+    private readonly same: (a: T, b: T) => boolean,
+    private readonly subscribe: (value: T, next: Next<T>) => Subscription,
+  ) {
+    // -
+  }
+
+  get value(): T | null {
+    return this._value;
+  }
+
+  set value(value: T | null) {
+    if (!this.isSame(value)) {
+      if (this.subscription) {
+        this.subscription.unsubscribe();
+        this.subscription = null;
+      }
+      if (value) {
+        this.subscription = this.subscribe(value, next => this.value = next);
+      }
+    }
+    this._value = value;
+  }
+
+  private isSame(value: T | null) {
+    if (this._value === null) {
+      return value === null;
+    } else {
+      if (value === null) {
+        return false
+      } else {
+        return this.same(this._value, value);
+      }
+    }
+  }
+
+}

src/main/angular/src/app/api/User/UserPrivate.ts

@@ -1,4 +1,4 @@
-import {validateDate, validateList, validateString} from "../common/validators";
+import {validateBoolean, validateDate, validateList, validateString} from "../common/validators";
 import {Group} from "../group/Group";
 
 export class UserPrivate {
@@ -7,8 +7,9 @@ export class UserPrivate {
     readonly privateUuid: string,
     readonly publicUuid: string,
     readonly created: Date,
-    readonly groups: Group[],
     readonly name: string,
+    readonly password: boolean,
+    readonly groups: Group[],
   ) {
     // -
   }
@@ -18,8 +19,9 @@ export class UserPrivate {
       validateString(json['privateUuid']),
       validateString(json['publicUuid']),
       validateDate(json['created']),
-      validateList(json['groups'], Group.fromJson),
       validateString(json['name']),
+      validateBoolean(json['password']),
+      validateList(json['groups'], Group.fromJson),
     );
   }
 
@@ -30,4 +32,8 @@ export class UserPrivate {
     return UserPrivate.fromJson(json);
   }
 
+  static samePrivateUuid(a: UserPrivate, b: UserPrivate): boolean {
+    return a.privateUuid === b.privateUuid;
+  }
+
 }

src/main/angular/src/app/api/User/user.service.ts

@@ -4,10 +4,11 @@ import {UserPrivate} from "./UserPrivate";
 import {Next} from "../common/types";
 import {UserCommon} from "./UserCommon";
 import {UserPublic} from "./UserPublic";
-import {Router} from "@angular/router";
+import {EventType, Router} from "@angular/router";
 import {BehaviorSubject, Subscription} from "rxjs";
 import {Group} from "../group/Group";
 import {StompService} from "@stomp/ng2-stompjs";
+import {Subscribed} from "../Subscribed";
 
 @Injectable({
   providedIn: 'root'
@@ -16,6 +17,8 @@ export class UserService {
 
   private readonly subject: BehaviorSubject<UserPrivate | null> = new BehaviorSubject<UserPrivate | null>(null);
 
+  private subscription?: Subscription;
+
   get user(): UserPrivate | null {
     return this.subject.value;
   }
@@ -25,9 +28,13 @@ export class UserService {
     protected readonly api: ApiService,
     protected readonly stompService: StompService,
   ) {
-    this.stompService.connected$.subscribe(() => {
+    this.router.events.subscribe(e => {
+      if (e.type === EventType.NavigationEnd || e.type === EventType.NavigationSkipped) {
+        console.log(e);
         this.refresh();
+      }
     });
+    this.stompService.connected$.subscribe(() => this.refresh());
   }
 
   getCommonByUuid(uuid: string, next: Next<UserCommon>): void {
@@ -35,17 +42,15 @@ export class UserService {
   }
 
   delete(next?: Next<void>) {
-    this.api.getNone(['User', 'delete'], _ => {
-      this.refresh();
-      next && next();
-    });
+    this.api.getNone(['User', 'delete'], next);
   }
 
   changeName(name: string, next?: Next<UserPrivate>) {
-    this.api.postSingle(['User', 'changeName'], name, UserPrivate.fromJson, user => {
-      this.refresh();
-      next && next(user);
-    });
+    this.api.postSingle(['User', 'changeName'], name, UserPrivate.fromJson, next);
+  }
+
+  changePassword(password: string, next?: Next<UserPrivate>) {
+    this.api.postSingle(['User', 'changePassword'], password, UserPrivate.fromJson, next);
   }
 
   goto(user: UserPublic) {
@@ -53,7 +58,7 @@ export class UserService {
   }
 
   refresh() {
-    this.api.getSingle(['User', 'whoAmI'], UserPrivate.fromJsonOrNull, user => this.subject.next(user));
+    this.api.getSingle(['User', 'whoAmI'], UserPrivate.fromJsonOrNull, user => this.setUser(user));
   }
 
   subscribe(next: Next<UserPrivate | null>): Subscription {
@@ -64,4 +69,20 @@ export class UserService {
     return this.user?.publicUuid === group.owner.publicUuid;
   }
 
+  private setUser(user: UserPrivate | null) {
+    if (this.subject.value?.privateUuid !== user?.privateUuid) {
+      if (this.subscription) {
+        this.subscription.unsubscribe();
+        this.subscription = undefined;
+      }
+      if (user) {
+        this.subscription = this.api.subscribe(["User", user.privateUuid], UserPrivate.fromJson, user => this.setUser(user));
+      }
+    }
+    this.subject.next(user);
+  }
+
+  newSubscriber(): Subscribed<UserPrivate> {
+    return new Subscribed<UserPrivate>(UserPrivate.samePrivateUuid, (user, next) => this.api.subscribe(['UserPrivate', user.privateUuid], UserPrivate.fromJson, next));
+  }
 }

src/main/angular/src/app/api/group/Group.ts

@@ -31,10 +31,6 @@ export class Group {
     );
   }
 
-  static compareCreated(a: Group, b: Group): number {
-    return a.created.getTime() - b.created.getTime();
-  }
-
   usersByNameOwnerFirst() {
     return this.users.sort((a, b) => this.compareOwnerFirstThenName(a, b));
   }
@@ -42,9 +38,19 @@ export class Group {
   private compareOwnerFirstThenName(a: UserPublic, b: UserPublic): number {
     if (a.publicUuid === this.owner.publicUuid) {
       return -1;
+    } else if (b.publicUuid === this.owner.publicUuid) {
+      return +1;
     }
     return UserPublic.compareName(a, b);
   }
 
+  static sameUuid(a: Group, b: Group): boolean {
+    return a.uuid === b.uuid;
+  }
+
+  static compareCreated(a: Group, b: Group): number {
+    return a.created.getTime() - b.created.getTime();
+  }
+
 }
 

src/main/angular/src/app/api/group/group.service.ts

@@ -5,6 +5,7 @@ import {Router} from "@angular/router";
 import {UserService} from "../User/user.service";
 import {validateBoolean} from "../common/validators";
 import {Injectable} from "@angular/core";
+import {Subscribed} from "../Subscribed";
 
 @Injectable({
   providedIn: 'root'
@@ -28,10 +29,7 @@ export class GroupService {
   }
 
   create(next: Next<Group>): void {
-    this.api.getSingle(['Group', 'create'], Group.fromJson, group => {
-      next(group);
-      this.userService.refresh();
-    });
+    this.api.getSingle(['Group', 'create'], Group.fromJson, next);
   }
 
   changeTitle(group: Group, title: string, next?: Next<Group>) {
@@ -66,5 +64,9 @@ export class GroupService {
     this.router.navigate(['Group', group.uuid]);
   }
 
+  newSubscriber(): Subscribed<Group> {
+    return new Subscribed<Group>(Group.sameUuid, (group, next) => this.api.subscribe(['Group', group.uuid], Group.fromJson, next));
+  }
+
 }
 

src/main/angular/src/app/pages/group/group/group.component.html

@@ -1,34 +1,34 @@
-<ng-container *ngIf="group !== null">
-  <h1>Nummern</h1>
+<ng-container *ngIf="group.value">
+  <h1>Gruppe</h1>
   <table>
     <tr>
       <th>Erstellt</th>
-      <td>{{ group.created | date:'yyyy-MM-dd HH:mm' }}</td>
+      <td>{{ group.value.created | date:'yyyy-MM-dd HH:mm' }}</td>
     </tr>
     <tr>
       <th>Titel</th>
       <td>
-        <app-text [initial]="group.title" [editable]="userService.iOwn(group)" (onChange)="changeTitle(group, $event)"></app-text>
-        <ng-container *ngIf="!userService.iOwn(group)"></ng-container>
+        <app-text [initial]="group.value.title" [editable]="userService.iOwn(group.value)" (onChange)="changeTitle(group.value, $event)"></app-text>
+        <ng-container *ngIf="!userService.iOwn(group.value)"></ng-container>
       </td>
     </tr>
     <tr>
       <th>Passwort</th>
       <td>
-        <app-text [initial]="group.password" [editable]="userService.iOwn(group)" (onChange)="changePassword(group, $event)"></app-text>
-        <ng-container *ngIf="!userService.iOwn(group)"></ng-container>
+        <app-text [initial]="group.value.password" [editable]="userService.iOwn(group.value)" (onChange)="changePassword(group.value, $event)"></app-text>
+        <ng-container *ngIf="!userService.iOwn(group.value)"></ng-container>
       </td>
     </tr>
     <tr>
       <th>Teilnehmer</th>
       <td>
-        <div class="user" [class.user_owner]="group.isOwner(user)" *ngFor="let user of group.usersByNameOwnerFirst()" (click)="userService.goto(user)">{{ user.name }}</div>
+        <div class="user" [class.user_owner]="group.value.isOwner(user)" *ngFor="let user of group.value.usersByNameOwnerFirst()" (click)="userService.goto(user)">{{ user.name }}</div>
       </td>
     </tr>
   </table>
 </ng-container>
 
-<ng-container *ngIf="uuid && !group && accessDenied">
+<ng-container *ngIf="uuid && !group.value && accessDenied">
   <h1>Passwort</h1>
   <input type="text" [(ngModel)]="password" (keydown.enter)="join()">
   <button (click)="join()">Beitreten</button>

src/main/angular/src/app/pages/group/group/group.component.ts

@@ -3,9 +3,10 @@ import {DatePipe, NgForOf, NgIf} from "@angular/common";
 import {FormsModule, ReactiveFormsModule} from "@angular/forms";
 import {TextComponent} from "../../../shared/text/text.component";
 import {ActivatedRoute, Router} from "@angular/router";
-import {GroupService} from "../../../api/group/GroupService";
+import {GroupService} from "../../../api/group/group.service";
 import {UserService} from "../../../api/User/user.service";
 import {Group} from "../../../api/group/Group";
+import {Subscribed} from "../../../api/Subscribed";
 
 @Component({
   selector: 'app-group',
@@ -23,7 +24,7 @@ import {Group} from "../../../api/group/Group";
 })
 export class GroupComponent implements OnInit {
 
-  protected group: Group | null = null;
+  protected readonly group: Subscribed<Group>;
 
   protected uuid: string | null = null;
 
@@ -37,7 +38,7 @@ export class GroupComponent implements OnInit {
     protected readonly groupService: GroupService,
     protected readonly userService: UserService,
   ) {
-    // -
+    this.group = this.groupService.newSubscriber();
   }
 
   ngOnInit(): void {
@@ -49,29 +50,25 @@ export class GroupComponent implements OnInit {
         this.groupService.canAccess(this.uuid, canAccess => {
           this.accessDenied = !canAccess;
           if (canAccess && this.uuid) {
-            this.groupService.get(this.uuid, group => this.setGroup(group));
+            this.groupService.get(this.uuid, group => this.group.value = group);
           }
         });
       }
     });
   }
 
-  private setGroup(group: Group): void {
-    this.group = group;
-  }
-
   protected join() {
     if (this.uuid) {
-      this.groupService.join(this.uuid, this.password, group => this.setGroup(group));
+      this.groupService.join(this.uuid, this.password, group => this.group.value = group);
     }
   }
 
   protected changeTitle(group: Group, title: string) {
-    this.groupService.changeTitle(group, title, group => this.setGroup(group));
+    this.groupService.changeTitle(group, title, group => this.group.value = group);
   }
 
   protected changePassword(group: Group, password: string) {
-    this.groupService.changePassword(group, password, group => this.setGroup(group));
+    this.groupService.changePassword(group, password, group => this.group.value = group);
   }
 
 }

src/main/angular/src/app/pages/group/groups/groups.component.ts

@@ -1,8 +1,8 @@
-import {Component, OnInit} from '@angular/core';
+import {Component} from '@angular/core';
 import {GroupListComponent} from "../shared/group-list/group-list.component";
 import {UserService} from "../../../api/User/user.service";
 import {NgIf} from "@angular/common";
-import {GroupService} from "../../../api/group/GroupService";
+import {GroupService} from "../../../api/group/group.service";
 
 @Component({
   selector: 'app-groups',
@@ -14,7 +14,7 @@ import {GroupService} from "../../../api/group/GroupService";
   templateUrl: './groups.component.html',
   styleUrl: './groups.component.less'
 })
-export class GroupsComponent implements OnInit {
+export class GroupsComponent {
 
   constructor(
     protected readonly userService: UserService,
@@ -23,10 +23,6 @@ export class GroupsComponent implements OnInit {
     // -
   }
 
-  ngOnInit(): void {
-    this.userService.refresh();
-  }
-
   create(): void {
     this.groupService.create(group => this.groupService.goto(group));
   }

src/main/angular/src/app/pages/group/shared/group-list/group-list.component.ts

@@ -2,7 +2,7 @@ import {Component, Input} from '@angular/core';
 import {UserService} from "../../../../api/User/user.service";
 import {Group} from "../../../../api/group/Group";
 import {DatePipe, NgForOf} from "@angular/common";
-import {GroupService} from "../../../../api/group/GroupService";
+import {GroupService} from "../../../../api/group/group.service";
 
 @Component({
   selector: 'app-group-list',

src/main/angular/src/app/pages/profile/profile.component.html

@@ -1,5 +1,60 @@
 <ng-container *ngIf="userService.user !== null">
   <h1>Profil</h1>
-  <app-text [initial]="userService.user.name" (onChange)="userService.changeName($event)"></app-text>
+  <table>
+    <tr>
+      <th>
+        Name:
+      </th>
+      <td>
+        <app-text [initial]="userService.user.name" [editable]="true" (onChange)="userService.changeName($event)" [validator]="nameValidator"></app-text>
+      </td>
+      <td class="hint">
+        Mindestens {{ USER_NAME_MIN_LENGTH }} Zeichen. Keine Leerzeichen. Buchstaben oder Zahlen müssen enthalten sein.
+      </td>
+    </tr>
+
+    <tr>
+      <th colspan="3">&nbsp;</th>
+    </tr>
+
+    <tr>
+      <th>
+        Passwort:
+      </th>
+      <td>
+        <div *ngIf="!userService.user.password" class="passwordNotSet">Nicht gesetzt</div>
+        <div *ngIf="userService.user.password" class="passwordSet">Gesetzt</div>
+      </td>
+    </tr>
+    <tr>
+      <th>
+        Neues Passwort:
+      </th>
+      <td>
+        <input #p0 type="text" [(ngModel)]="password0" [class.passwordInvalid]="p0Invalid()" [class.passwordValid]="p0Valid()" (keydown.enter)="p0Enter()">
+      </td>
+      <td class="hint">
+        Mindestens {{ USER_PASSWORD_MIN_LENGTH }} Zeichen. Nicht nur Zahlen. Nicht nur Buchstaben.
+      </td>
+    </tr>
+    <tr>
+      <th>
+        Wiederholung:
+      </th>
+      <td>
+        <input #p1 type="text" [(ngModel)]="password1" [class.passwordInvalid]="p1Invalid()" [class.passwordValid]="p1Valid()" (keydown.enter)="p1Enter()">
+      </td>
+      <td class="hint">
+        &nbsp;
+      </td>
+    </tr>
+
+    <tr>
+      <th colspan="3">&nbsp;</th>
+    </tr>
+
+  </table>
+
   <app-group-list [groups]="userService.user.groups"></app-group-list>
+  
 </ng-container>

src/main/angular/src/app/pages/profile/profile.component.less

@@ -0,0 +1,23 @@
+th {
+  text-align: left;
+}
+
+.passwordSet {
+  color: green;
+}
+
+.passwordNotSet {
+  color: darkred;
+}
+
+input {
+  -webkit-text-security: disc;
+}
+
+.passwordInvalid {
+  background-color: indianred;
+}
+
+.passwordValid {
+  background-color: lightgreen;
+}

src/main/angular/src/app/pages/profile/profile.component.ts

@@ -1,10 +1,14 @@
-import {Component, OnInit} from '@angular/core';
+import {Component, ElementRef, ViewChild} from '@angular/core';
 import {NgForOf, NgIf} from "@angular/common";
 import {UserService} from "../../api/User/user.service";
 import {FormsModule} from "@angular/forms";
 import {TextComponent} from "../../shared/text/text.component";
 import {GroupListComponent} from "../group/shared/group-list/group-list.component";
 
+const USER_NAME_MIN_LENGTH = 2;
+
+const USER_PASSWORD_MIN_LENGTH = 10;
+
 @Component({
   selector: 'app-profile',
   standalone: true,
@@ -18,7 +22,18 @@ import {GroupListComponent} from "../group/shared/group-list/group-list.componen
   templateUrl: './profile.component.html',
   styleUrl: './profile.component.less'
 })
-export class ProfileComponent implements OnInit {
+export class ProfileComponent {
+
+  protected readonly USER_NAME_MIN_LENGTH = USER_NAME_MIN_LENGTH;
+
+  protected readonly USER_PASSWORD_MIN_LENGTH = USER_PASSWORD_MIN_LENGTH;
+
+  protected password0: string = "";
+
+  protected password1: string = "";
+
+  @ViewChild('p1')
+  p1!: ElementRef;
 
   constructor(
     protected readonly userService: UserService,
@@ -26,8 +41,50 @@ export class ProfileComponent implements OnInit {
     // -
   }
 
-  ngOnInit(): void {
-    this.userService.refresh();
+  protected nameValidator(name: string): boolean {
+    console.log(name);
+    return name.length >= USER_NAME_MIN_LENGTH && !/\s+|^[^a-zA-Z0-9]+$/.test(name);
+  }
+
+  protected passwordValidator(password: string) {
+    return password.length >= USER_PASSWORD_MIN_LENGTH && !/^[a-zA-Z]+$|^[0-9]+$/.test(password);
+  }
+
+  protected p0Invalid(): boolean {
+    return this.password0 !== '' && !this.passwordValidator(this.password0);
+  }
+
+  protected p0Valid(): boolean {
+    return this.password0 !== '' && this.passwordValidator(this.password0);
+  }
+
+  protected p1Invalid(): boolean {
+    return this.p0Invalid() || this.password0 !== this.password1;
+  }
+
+  protected p1Valid(): boolean {
+    return this.p0Valid() && this.password0 === this.password1;
+  }
+
+  protected p0Enter() {
+    if (this.p1Valid()) {
+      this.doChangePassword();
+    } else if (this.p0Valid()) {
+      this.p1.nativeElement.focus();
+    }
+  }
+
+  protected p1Enter() {
+    if (this.p1Valid()) {
+      this.doChangePassword();
+    }
+  }
+
+  private doChangePassword() {
+    this.userService.changePassword(this.password0, _ => {
+      this.password0 = "";
+      this.password1 = "";
+    });
   }
 
 }

src/main/angular/src/app/shared/text/text.component.html

@@ -1,2 +1,12 @@
-<input *ngIf="editable" [(ngModel)]="model" (focus)="begin()" (blur)="apply()" (keydown.enter)="apply()" (keydown.escape)="abort()">
+<input
+  *ngIf="editable"
+  [(ngModel)]="model"
+  (focus)="begin()"
+  (blur)="apply()"
+  (keydown.enter)="apply()"
+  (keydown.escape)="abort()"
+  [class.invalid]="validator !== null && !validator(model)"
+  [class.unsaved]="model !== _initial"
+>
+
 <div *ngIf="!editable">{{ _initial }}</div>

src/main/angular/src/app/shared/text/text.component.less

@@ -1 +1,9 @@
 @import "../../../common.less";
+
+.unsaved {
+  background-color: yellow;
+}
+
+.invalid {
+  background-color: indianred;
+}

src/main/angular/src/app/shared/text/text.component.ts

@@ -34,6 +34,9 @@ export class TextComponent implements OnInit {
   @Input()
   editable: boolean = false;
 
+  @Input()
+  validator: ((password: string) => boolean) | null = null;
+
   ngOnInit(): void {
     this.model = this._initial;
   }
@@ -43,7 +46,7 @@ export class TextComponent implements OnInit {
   }
 
   apply() {
-    if (this.model !== this._initial) {
+    if (this.model !== this._initial && (!this.validator || this.validator(this.model))) {
       this.onChange.emit(this.model);
     }
     this.end();

src/main/angular/src/user.less

@@ -1,7 +1,6 @@
 @import "./config.less";
 
 .user {
-  clear: left;
   float: left;
   padding: @halfSpace;
   background-color: lightskyblue;

src/main/java/de/ph87/tools/Backend.java

@@ -3,6 +3,9 @@ package de.ph87.tools;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 @SpringBootApplication
 public class Backend extends SpringBootServletInitializer {
@@ -11,4 +14,9 @@ public class Backend extends SpringBootServletInitializer {
     SpringApplication.run(Backend.class, args);
   }
 
+  @Bean
+  public PasswordEncoder passwordEncoder() {
+    return new BCryptPasswordEncoder();
+  }
+
 }

src/main/java/de/ph87/tools/group/GroupDto.java

@@ -1,17 +1,19 @@
 package de.ph87.tools.group;
 
 import de.ph87.tools.user.UserPublicDto;
+import de.ph87.tools.web.IWebSocketMessage;
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.ToString;
 
 import java.time.ZonedDateTime;
+import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
 
 @Getter
 @ToString
-public class GroupDto {
+public class GroupDto implements IWebSocketMessage {
 
   @NonNull
   public final String uuid;
@@ -43,4 +45,9 @@ public class GroupDto {
     this.initial = group.isInitial();
   }
 
+  @Override
+  public List<Object> getWebsocketTopic() {
+    return List.of("Group", uuid);
+  }
+
 }

src/main/java/de/ph87/tools/group/GroupService.java

@@ -79,7 +79,7 @@ public class GroupService {
   public GroupDto changePassword(@NonNull final String privateUuid, @NonNull final GroupChangePasswordInbound request) {
     final User user = userService.getByPrivateUuidOrThrow(privateUuid);
     final Group group = groupOfUserService.getGroupOfUser(request.uuid, user);
-    if (group.isOwnedBy(user)) {
+    if (!group.isOwnedBy(user)) {
       throw new ResponseStatusException(HttpStatus.FORBIDDEN);
     }
     group.setPassword(request.password);

src/main/java/de/ph87/tools/user/LoginRequest.java

@@ -0,0 +1,16 @@
+package de.ph87.tools.user;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.ToString;
+
+@Getter
+@ToString
+@RequiredArgsConstructor
+public class LoginRequest {
+
+  public final String name;
+
+  public final String password;
+
+}

src/main/java/de/ph87/tools/user/User.java

@@ -6,6 +6,7 @@ import jakarta.persistence.Entity;
 import jakarta.persistence.Id;
 import jakarta.persistence.Table;
 import lombok.*;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 import java.time.ZonedDateTime;
 import java.util.List;
@@ -37,8 +38,19 @@ public class User implements IWebSocketMessage {
 
   @Setter
   @NonNull
+  @Column(nullable = false, unique = true)
+  private String name;
+
   @Column(nullable = false)
-  private String name = "Neuer Benutzer";
+  private boolean admin = false;
+
+  @NonNull
+  @Column(nullable = false)
+  private String password = "";
+
+  public User(@NonNull final String name) {
+    this.name = name;
+  }
 
   public void touch() {
     lastAccess = ZonedDateTime.now();
@@ -62,4 +74,8 @@ public class User implements IWebSocketMessage {
     return privateUuid.hashCode();
   }
 
+  public void setPassword(@NonNull final PasswordEncoder passwordEncoder, @NonNull final String password) {
+    this.password = passwordEncoder.encode(password);
+  }
+
 }

src/main/java/de/ph87/tools/user/UserController.java

@@ -24,12 +24,24 @@ public class UserController {
     return userService.getUserByPrivateUuidOrNull(userUuid, response);
   }
 
+  @Nullable
+  @GetMapping("login")
+  public UserPrivateDto login(@NonNull @RequestBody final LoginRequest loginRequest, @NonNull final HttpServletResponse response) {
+    return userService.login(loginRequest, response);
+  }
+
   @NonNull
   @PostMapping("changeName")
   public UserPrivateDto changeName(@CookieValue(name = USER_UUID_COOKIE_NAME) @NonNull final String userUuid, @NonNull @RequestBody final String name) {
     return userService.changeName(userUuid, name);
   }
 
+  @NonNull
+  @PostMapping("changePassword")
+  public UserPrivateDto changePassword(@CookieValue(name = USER_UUID_COOKIE_NAME) @NonNull final String userUuid, @NonNull @RequestBody final String password) {
+    return userService.changePassword(userUuid, password);
+  }
+
   @NonNull
   @PostMapping("getCommonByUuid")
   public UserCommonDto getCommonByUuid(@CookieValue(name = USER_UUID_COOKIE_NAME) @NonNull final String userUuid, @NonNull @RequestBody final String targetUuid) {

src/main/java/de/ph87/tools/user/UserPrivateDto.java

@@ -1,16 +1,18 @@
 package de.ph87.tools.user;
 
 import de.ph87.tools.group.GroupDto;
+import de.ph87.tools.web.IWebSocketMessage;
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.ToString;
 
 import java.time.ZonedDateTime;
+import java.util.List;
 import java.util.Set;
 
 @Getter
 @ToString
-public class UserPrivateDto {
+public class UserPrivateDto implements IWebSocketMessage {
 
   @NonNull
   public final String publicUuid;
@@ -27,12 +29,20 @@ public class UserPrivateDto {
   @NonNull
   private final Set<GroupDto> groups;
 
+  private final boolean password;
+
   public UserPrivateDto(@NonNull final User user, final @NonNull Set<GroupDto> groups) {
     this.publicUuid = user.getPublicUuid();
     this.name = user.getName();
     this.privateUuid = user.getPrivateUuid();
     this.created = user.getCreated();
+    this.password = !user.getPassword().isEmpty();
     this.groups = groups;
   }
 
+  @Override
+  public List<Object> getWebsocketTopic() {
+    return List.of("User", privateUuid);
+  }
+
 }

src/main/java/de/ph87/tools/user/UserPrivateMapper.java

@@ -6,6 +6,7 @@ import jakarta.annotation.Nullable;
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -21,6 +22,8 @@ public class UserPrivateMapper {
 
   private final GroupMapper groupMapper;
 
+  private final ApplicationEventPublisher applicationEventPublisher;
+
   @NonNull
   public UserPrivateDto toPrivateDto(@NonNull final User user) {
     final Set<GroupDto> groups = groupMapper.findAllByUser(user);
@@ -35,4 +38,11 @@ public class UserPrivateMapper {
     return toPrivateDto(user);
   }
 
+  @NonNull
+  public UserPrivateDto publish(@NonNull final User user) {
+    final UserPrivateDto dto = toPrivateDto(user);
+    applicationEventPublisher.publishEvent(dto);
+    return dto;
+  }
+
 }

src/main/java/de/ph87/tools/user/UserRepository.java

@@ -7,6 +7,10 @@ import java.util.Optional;
 
 public interface UserRepository extends ListCrudRepository<User, String> {
 
+  boolean existsByName(@NonNull String name);
+
+  Optional<User> findByName(@NonNull String name);
+
   @NonNull
   Optional<User> findByPublicUuid(@NonNull String publicUuid);
 

src/main/java/de/ph87/tools/user/UserService.java

@@ -10,13 +10,16 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.server.ResponseStatusException;
 
 import java.util.Optional;
+import java.util.Random;
 import java.util.Set;
 import java.util.function.Consumer;
+import java.util.regex.Pattern;
 
 import static de.ph87.tools.UserArgumentResolver.USER_UUID_COOKIE_NAME;
 
@@ -27,6 +30,16 @@ import static de.ph87.tools.UserArgumentResolver.USER_UUID_COOKIE_NAME;
 @RequiredArgsConstructor
 public class UserService {
 
+  private static final String USER_NAME_DEFAULT_BASE = "Neuer Benutzer";
+
+  private static final int NAME_MIN_LENGTH = 2;
+
+  private static final Pattern NAME_NEGATIVE_REGEX = Pattern.compile("\\s+|^[^a-zA-Z0-9]+$");
+
+  private static final int PASSWORD_MIN_LENGTH = 10;
+
+  private static final Pattern PASSWORD_NEGATIVE_REGEX = Pattern.compile("^[a-zA-Z]+$|^[0-9]+$");
+
   private final UserRepository userRepository;
 
   private final UserPrivateMapper userPrivateMapper;
@@ -35,6 +48,20 @@ public class UserService {
 
   private final GroupMapper groupMapper;
 
+  private final PasswordEncoder passwordEncoder;
+
+  @NonNull
+  public UserPrivateDto login(@NonNull final LoginRequest loginRequest, @NonNull final HttpServletResponse response) {
+    final User user = userRepository.findByName(loginRequest.name).orElseThrow(() -> new ResponseStatusException(HttpStatus.BAD_REQUEST));
+    if (passwordEncoder.matches(loginRequest.password, user.getPassword())) {
+      throw new ResponseStatusException(HttpStatus.BAD_REQUEST);
+    }
+    user.touch();
+    writeUserUuidCookie(response, user);
+    userPublicMapper.publish(user);
+    return userPrivateMapper.publish(user);
+  }
+
   @NonNull
   public User getUserByPrivateUuidOrElseCreate(@Nullable final String privateUuid, @NonNull final HttpServletResponse response) {
     final User user = Optional.ofNullable(privateUuid).map(userRepository::findByPrivateUuid).filter(Optional::isPresent).map(Optional::get).orElseGet(this::createUnchecked);
@@ -55,9 +82,41 @@ public class UserService {
   @NonNull
   public UserPrivateDto changeName(@NonNull final String privateUuid, @NonNull final String name) {
     return modify(privateUuid, user -> {
+      if (user.getName().equals(name)) {
+        return;
+      }
+      final User duplicate = userRepository.findByName(name).orElse(null);
+      if (duplicate != null) {
+        log.warn("Cannot change User name because of duplicate: name={}, user={}, duplicate={}", name, user, duplicate);
+        throw new ResponseStatusException(HttpStatus.BAD_REQUEST);
+      }
+      if (name.length() < NAME_MIN_LENGTH) {
+        log.warn("Cannot change User name: too short: length={}/{}, user={}", name.length(), NAME_MIN_LENGTH, user);
+        throw new ResponseStatusException(HttpStatus.BAD_REQUEST);
+      }
+      if (NAME_NEGATIVE_REGEX.matcher(name).find()) {
+        log.warn("Cannot change User name: Matches negative regex: name={}, user={}", name, user);
+        throw new ResponseStatusException(HttpStatus.BAD_REQUEST);
+      }
       user.setName(name);
       log.info("User name changed: user={}", user);
-    }, true);
+    });
+  }
+
+  @NonNull
+  public UserPrivateDto changePassword(@NonNull final String privateUuid, @NonNull final String password) {
+    return modify(privateUuid, user -> {
+      if (password.length() < PASSWORD_MIN_LENGTH) {
+        log.warn("Cannot change User password: too short: length={}/{}, user={}", password.length(), PASSWORD_MIN_LENGTH, user);
+        throw new ResponseStatusException(HttpStatus.BAD_REQUEST);
+      }
+      if (PASSWORD_NEGATIVE_REGEX.matcher(password).find()) {
+        log.warn("Cannot change User password: Matches negative regex: user={}", user);
+        throw new ResponseStatusException(HttpStatus.BAD_REQUEST);
+      }
+      user.setPassword(passwordEncoder, password);
+      log.info("User password changed: user={}", user);
+    });
   }
 
   @NonNull
@@ -77,18 +136,29 @@ public class UserService {
 
   @NonNull
   private User createUnchecked() {
-    final User user = userRepository.save(new User());
+    final String name = generateFreeUserName();
+    final User user = userRepository.save(new User(name));
     log.info("User CREATED: {}", user);
     return user;
   }
 
   @NonNull
-  private UserPrivateDto modify(@NonNull final String privateUuid, @NonNull Consumer<User> modifier, final boolean doPublish) {
+  private String generateFreeUserName() {
+    int index = new Random().nextInt(1234, 5723);
+    String name = USER_NAME_DEFAULT_BASE;
+    while (userRepository.existsByName(name)) {
+      index++;
+      name = "%s #%d".formatted(USER_NAME_DEFAULT_BASE, index);
+    }
+    return name;
+  }
+
+  @NonNull
+  private UserPrivateDto modify(@NonNull final String privateUuid, @NonNull Consumer<User> modifier) {
     final User user = getByPrivateUuidOrThrow(privateUuid);
     modifier.accept(user);
-    if (doPublish) {
     userPublicMapper.publish(user);
-    }
+    userPrivateMapper.publish(user);
     return userPrivateMapper.toPrivateDto(user);
   }
 
@@ -122,7 +192,7 @@ public class UserService {
     if (user != null) {
       cookie.setValue(user.getPrivateUuid());
     }
-    cookie.setMaxAge(10 * 365 * 24 * 60 * 60);
+    cookie.setMaxAge(PASSWORD_MIN_LENGTH * 365 * 24 * 60 * 60);
     cookie.setPath("/");
     response.addCookie(cookie);
   }

src/main/java/de/ph87/tools/web/SubscriptionInterceptor.java

@@ -0,0 +1,28 @@
+package de.ph87.tools.web;
+
+import lombok.NonNull;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.messaging.Message;
+import org.springframework.messaging.MessageChannel;
+import org.springframework.messaging.simp.stomp.StompCommand;
+import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
+import org.springframework.messaging.support.ChannelInterceptor;
+import org.springframework.messaging.support.MessageHeaderAccessor;
+import org.springframework.stereotype.Component;
+
+@Slf4j
+@Component
+public class SubscriptionInterceptor implements ChannelInterceptor {
+
+  @Override
+  public Message<?> preSend(@NonNull final Message<?> message, @NonNull final MessageChannel channel) {
+    final StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
+    if (accessor != null && StompCommand.SUBSCRIBE.equals(accessor.getCommand())) {
+      final String sessionId = accessor.getSessionId();
+      final String destination = accessor.getDestination();
+      log.info("User subscribed with sessionId: {} to destination: {}", sessionId, destination);
+    }
+    return message;
+  }
+
+}