feat: reject emails tokens JWT

backend/src/main/java/online/wesal/wesal/service/UserDetailsServiceImpl.java

@@ -12,6 +12,7 @@ import org.springframework.stereotype.Service;
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Optional;
 
 @Service
 public class UserDetailsServiceImpl implements UserDetailsService {
@@ -20,9 +21,17 @@ public class UserDetailsServiceImpl implements UserDetailsService {
     private UserRepository userRepository;
     
     @Override
-    public UserDetails loadUserByUsername(String phoneNumber) throws UsernameNotFoundException {
-        User user = userRepository.findByPhoneNumber(phoneNumber)
-                .orElseThrow(() -> new UsernameNotFoundException("User not found: " + phoneNumber));
+    public UserDetails loadUserByUsername(String identifier) throws UsernameNotFoundException {
+        // Try to find by phone number first
+        Optional<User> userOpt = userRepository.findByPhoneNumber(identifier);
+        
+        // If not found, try username
+        if (userOpt.isEmpty()) {
+            userOpt = userRepository.findByUsername(identifier);
+        }
+        
+        // If still not found, throw exception (this will invalidate old email-based tokens)
+        User user = userOpt.orElseThrow(() -> new UsernameNotFoundException("User not found: " + identifier));
         
         Collection<GrantedAuthority> authorities = new ArrayList<>();
         authorities.add(new SimpleGrantedAuthority("ROLE_" + user.getRole()));