diff --git a/__tests__/auth/confirmverification.test.js b/__tests__/auth/confirmverification.test.js
index bfa6ad390c01476a4a1930f32b299bdbe5347837..b9578dd63b12866f62c8cccf3df656de19373ada 100644
--- a/__tests__/auth/confirmverification.test.js
+++ b/__tests__/auth/confirmverification.test.js
@@ -96,7 +96,7 @@ describe('user verify registration token', () => {
// set response by running route
beforeAll(async () => {
tokenService.verifyVerificationToken.mockImplementation((req, res, next) => {
- return res.status(403).json({ message: 'Token is no longer valid.' });
+ return res.status(498).json({ message: 'Token is no longer valid.' });
});
const input = { ...mockedVals.validInput, token: 'invalid-token' };
@@ -107,7 +107,7 @@ describe('user verify registration token', () => {
});
it('should return a proper status code', () => {
- expect(response.status).toBe(403);
+ expect(response.status).toBe(498);
});
it('should respond with a proper body', () => {
expect(response.body).toMatchSnapshot();
diff --git a/controllers/Auth.js b/controllers/Auth.js
index 2226855201a0bba422bc127460c1773512a44a1e..852d6415300a509ffaa323df1f8735c62160e47c 100644
--- a/controllers/Auth.js
+++ b/controllers/Auth.js
@@ -135,12 +135,15 @@ export const renewAccessToken = async (req, res, next) => {
export const logout = async (req, res, next) => {
try {
// delete
+ console.log("🚀 ~ logout ~ req.cookies.refreshToken:", req.cookies.refreshToken);
if (req.cookies.refreshToken) await deleteRefreshToken(req.cookies.refreshToken);
// return msg
return res.status(200).json({ message: 'See you soon.' });
} catch (error) {
next(error);
}
+
+
};
@@ -166,8 +169,9 @@ export const requestPasswordReset = async (req, res, next) => {
try {
let subject = "Password Reset Token";
let to = foundUser.email;
- let link = `${process.env.FRONTEND_URL}/reset_password/${passwordToken}/${foundUser._id}`;
+ let link = `${process.env.FRONTEND_URL}/reset_password/${passwordToken}`;
let html = `<p>Hi<p><br><p>Please click on the following <a href="${link}">link</a> to process the password reset. This Token is valid for ${process.env.PASSWORD_TOKEN_TTL}.</p>
+ <p>${link}</p>
<p>${passwordToken}</p>
<br><p>If you did not request this, please ignore this email.</p>`;
await sendEmail({ to, subject, html });
diff --git a/utils/handleTokens.js b/utils/handleTokens.js
index ff5a02fc940dacd9f4822ff646ece6e73c38ecb2..6c72dbc2e9d9c55eff402ed0af0a254b754012fe 100644
--- a/utils/handleTokens.js
+++ b/utils/handleTokens.js
@@ -170,11 +170,17 @@ export const verifyAccessToken = async (req, res, next) => {
*
*/
export const verifyPasswordToken = async (req, res, next) => {
- // fetch user by token
- req.document = await findOneRecord(User, { resetPasswordToken: req.body.token }, '+password'); // verify token
- jwt.verify(req.body.token, process.env.PASSWORD_TOKEN_KEY + req.document.password, async (error, payload) => {
- // if invalid
- if (error) return res.status(403).json({ message: 'Token is no longer valid.' });
- next();
- });
+ try {
+ // fetch user by token
+ req.document = await findOneRecord(User, { resetPasswordToken: req.body.token }, '+password'); // verify token
+ if (!req.document) return res.status(498).json({ message: 'Token is no longer valid.' });
+ // check token validity
+ jwt.verify(req.body.token, process.env.PASSWORD_TOKEN_KEY + req.document.password, async (error, payload) => {
+ // if invalid
+ if (error) return res.status(498).json({ message: 'Token is no longer valid.' });
+ next();
+ });
+ } catch (error) {
+ next(error);
+ }
};
\ No newline at end of file