Group-5 · emilfa · Apr 14, 2026 · Apr 14, 2026 · Apr 14, 2026 · Apr 14, 2026
diff --git a/src/main/java/edu/group5/app/control/LoginController.java b/src/main/java/edu/group5/app/control/LoginController.java
@@ -5,6 +5,12 @@
 import edu.group5.app.model.user.UserService;
 import edu.group5.app.view.loginpage.LoginPageView;
 import edu.group5.app.view.loginpage.SignInPageView;
+import javafx.scene.control.Alert;
+import javafx.scene.control.Button;
+import javafx.scene.control.ButtonType;
+
+import java.util.Arrays;
+
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 public class LoginController {
@@ -27,21 +33,38 @@ public void handleSignIn(SignInPageView view, String firstName, String lastName,
       return;
     }
 
-    String password = new String(passwordChars);
     BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
-    String hashedPassword = encoder.encode(password);
 
-    boolean success = userService.registerUser(
-        "Customer", firstName, lastName, email, hashedPassword);
+    // Clears password char array after creating a hash.
+    String hashedPassword = encoder.encode(new String(passwordChars));
+    for (int i = 0; i < passwordChars.length; i++) {
+      passwordChars[0] = '0';
+    }
 
-    if (success) {
-      User user = userService.getUserByEmail(email);
+    Alert privacyPolicy = new Alert(Alert.AlertType.CONFIRMATION);
+    privacyPolicy.setTitle("Accept Privacy Policy");
+    privacyPolicy.setHeaderText("Accept Privacy Policy");
+    privacyPolicy.setContentText(
+        "Your user information like:\n" +
+            "Name and email—as well as donations tied to your account—will be saved locally on your machine.\n" +
+            "By creating an account, you accept the right of our app to store this information.");
 
-      appState.setCurrentUser(user);
-      nav.showHomePage();
+    if (privacyPolicy.showAndWait().orElse(ButtonType.CANCEL) == ButtonType.OK) {
+      boolean success = userService.registerUser(
+          "Customer", firstName, lastName, email, hashedPassword);
+
+      if (success) {
+        User user = userService.getUserByEmail(email);
+
+        appState.setCurrentUser(user);
+        nav.showHomePage();
+      } else {
+        view.showError("Registration failed. Email may already be in use.");
+      }
     } else {
-      view.showError("Registration failed. Email may already be in use.");
+      view.showError("Registration failed. Must Accept Privacy Policy to create account.");
     }
+
   }
 
   public void handleLogin(LoginPageView view, String email, char[] passwordChars) {

diff --git a/src/main/java/edu/group5/app/model/user/UserService.java b/src/main/java/edu/group5/app/model/user/UserService.java
@@ -1,16 +1,21 @@
 package edu.group5.app.model.user;
 
 /**
- * Service class for managing user-related operations, such as registration and login.
- * It interacts with the UserRepository to perform these operations and contains the business logic
- * associated with user management, including validation of input data and handling of user authentication.
+ * Service class for managing user-related operations, such as registration and
+ * login.
+ * It interacts with the UserRepository to perform these operations and contains
+ * the business logic
+ * associated with user management, including validation of input data and
+ * handling of user authentication.
  */
 public class UserService {
   private UserRepository userRepository;
 
   /**
    * Constructs a UserService with the given UserRepository.
-   * @param userRepository the UserRepository to use for managing user data; must not be null
+   * 
+   * @param userRepository the UserRepository to use for managing user data; must
+   *                       not be null
    * @throws IllegalArgumentException if userRepository is null
    */
   public UserService(UserRepository userRepository) {
@@ -22,39 +27,49 @@ public UserService(UserRepository userRepository) {
 
   /**
    * Getter for the UserRepository used by this service.
-   * This method allows access to the user repository for managing user data and performing operations such as registration and login.
+   * This method allows access to the user repository for managing user data and
+   * performing operations such as registration and login.
+   * 
    * @return the UserRepository instance used by this service
    */
   public UserRepository getUserRepository() {
     return this.userRepository;
   }
 
   /**
-   * Registers a new user with the given information. Validates the input data and creates a new User object
-   * based on the specified role. Currently supports registration for customers only.
-   * @param role the role of the user (e.g., "Customer"); must not be null or empty
-   * @param firstName the first name of the user; must not be null or empty
-   * @param lastName the last name of the user; must not be null or empty
-   * @param email the email address of the user; must not be null or empty
-   * @param passwordHash the hashed password of the user; must not be null or empty
-   * @return true if the user was successfully registered, false if any input is invalid or
-   * if the role is not supported
-   * @throws IllegalArgumentException if any of the input parameters are null or empty
-   * or if the role is not supported
+   * Registers a new user with the given information. Validates the input data and
+   * creates a new User object
+   * based on the specified role. Currently supports registration for customers
+   * only.
+   * 
+   * @param role         the role of the user (e.g., "Customer"); must not be null
+   *                     or empty
+   * @param firstName    the first name of the user; must not be null or empty
+   * @param lastName     the last name of the user; must not be null or empty
+   * @param email        the email address of the user; must not be null or empty
+   * @param passwordHash the hashed password of the user; must not be null or
+   *                     empty
+   * @return true if the user was successfully registered, false if any input is
+   *         invalid or
+   *         if the role is not supported
+   * @throws IllegalArgumentException if any of the input parameters are null or
+   *                                  empty
+   *                                  or if the role is not supported
    */
   public boolean registerUser(String role, String firstName, String lastName,
-                          String email, String passwordHash) {
+      String email, String passwordHash) {
     if (role == null || role.trim().isEmpty() ||
         firstName == null || firstName.trim().isEmpty() ||
         lastName == null || lastName.trim().isEmpty() ||
         email == null || email.trim().isEmpty() ||
-        passwordHash == null || passwordHash.trim().isEmpty()) {
+        passwordHash == null || passwordHash.trim().isEmpty() ||
+        this.getUserByEmail(email) != null) {
       return false;
     }
     User user;
     if (role.equalsIgnoreCase("Customer")) {
       user = new Customer(userRepository.getNextUserId(), firstName, lastName, email, passwordHash);
-    } else { /* TODO  when you switch to a real DB, replace getNextUserId with DB auto-increment/identity and ignore manual ID generation in service*/
+    } else {
       return false;
     }
     this.userRepository.addContent(user);
@@ -63,15 +78,19 @@ public boolean registerUser(String role, String firstName, String lastName,
 
   /**
    * Authenticates a user based on the provided email and password.
-   * @param email the email address of the user attempting to log in; must not be null or empty
-   * @param password the plaintext password of the user attempting to log in; must not be null or empty
+   * 
+   * @param email    the email address of the user attempting to log in; must not
+   *                 be null or empty
+   * @param password the plaintext password of the user attempting to log in; must
+   *                 not be null or empty
    * @return the authenticated User object if the login is successful
-   * (i.e., the user exists and the password is correct), null otherwise
-   * @throws IllegalArgumentException if email is null or empty, or if password is null or empty
+   *         (i.e., the user exists and the password is correct), null otherwise
+   * @throws IllegalArgumentException if email is null or empty, or if password is
+   *                                  null or empty
    */
   public User login(String email, char[] password) {
     if (email == null || email.trim().isEmpty() || password == null || password.length == 0) {
-        return null;
+      return null;
     }
     User user = this.userRepository.findUserByEmail(email);
     if (user != null && user.verifyPassword(password)) {
@@ -82,6 +101,7 @@ public User login(String email, char[] password) {
 
   /**
    * Retrieves a user by email address.
+   * 
    * @param email the email address of the user to find; must not be null or empty
    * @return the User object if found, null otherwise
    */