How to restrict user to verify the mobile by OTP after 4 hours of OTPgeneration

Question

I have created Api for Verify mobile and i want to put some logic so that i can restrict the user who try to verify otp after 4 hours. I have created two Apis first one send otp to user and the input parameter is mobile number. Second API verify that mobile number by comparing the otp inserted by user and that stored in database during first API

@RestController
@RequestMapping("/api/v1")
public class MobileController2 {


    private String To = null;
    OtpGenerator otp = new OtpGenerator();
    @Autowired
    private MobileRepository mobileRepository;
    Sms sms = new Sms();
    Date date = new Date();
    Timestamp timestamp1 = new Timestamp(date.getTime());
    Calendar cal = Calendar.getInstance();
    SimpleDateFormat format = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss");


    @PostMapping(value = "/mobile", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
    public ResponseEntity<Mobile> createMobile(@RequestBody Mobile mobile) {
        int hashcode = otp.RandomOtp();
        this.To = mobile.getMob();
        String Message = hashcode + " is your Pharmerz verification code ";

        if (mobileRepository.findByUserid(mobile.getUserid()) != null) {
            Mobile mobileprevious = mobileRepository.findByUserid(mobile.getUserid());
            mobileprevious.setMob(mobile.getMob());
            mobileprevious.setHASHCODE("" + hashcode);
            mobileprevious.setUpdated(mobile.getUpdated());
            mobileprevious.setVERIFIED(0);
            mobileRepository.save(mobileprevious);
            sms.sms_generation(To, Message);
            return new ResponseEntity<Mobile>(mobileprevious, HttpStatus.OK);
        } else {
            mobile.setHASHCODE("" + hashcode);
            mobile.setVERIFIED(0);
            mobileRepository.save(mobile);

            sms.sms_generation(To, Message);
            return new ResponseEntity<Mobile>(mobile, HttpStatus.OK);

        }
    }



    @PostMapping(value = "/verifymobile", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
    public ResponseEntity<Mobile> verifyMobile(@RequestBody Mobile mobile) {

        String userid = mobile.getUserid();
        String userotp = mobile.getHASHCODE();
        Mobile mobileobject = mobileRepository.findByUserid(userid);
        if (mobileobject.getHASHCODE().equals(userotp)) {
            System.out.println("Matched");
            mobileobject.setHASHCODE("");
            mobileobject.setVERIFIED(1);

            mobileRepository.save(mobileobject);
            String Acknowledge = "Thank you for verifying on Pharmerz";
            sms.sms_generation(To, Acknowledge);

            return new ResponseEntity<Mobile>(mobileobject, HttpStatus.OK);

        } else {
            System.out.println("Miss matched");
            return new ResponseEntity<Mobile>(HttpStatus.BAD_REQUEST);
        }
    }

}

Answer 1

Giving you a non-answer here: learn how to write helpful log messages and how to make use of tools such as debuggers or profilers.

Meaning: nobody can debug such a problem from remote. There could be all kinds of root causes giving you this behavior.

You have to step back and

• understand that putting the string "error log" into your error log doesn't help anything.
• understand that printing to the console ... is also not a reliable way to attain "logs" of your code. Especially when having the same message "Wrong or Old Otp" in three different places. That's called code duplication and per se a bad practice!
• learn to use tools that give you insights about the health of your application.

In other words: the primary goal of logging information within your application is to enable you to debug problems after they took place. Exactly to support you in situations such as this.