From 6fcb8e6288cc66eb596570c5e6ee63771b2c2126 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9EBAS8243=E2=80=9C?= <gerd.embruch@uni-hamburg.de> Date: Fri, 2 Aug 2024 14:09:09 +0200 Subject: [PATCH] fixed reset password --- __tests__/auth/confirmverification.test.js | 4 ++-- controllers/Auth.js | 6 +++++- utils/handleTokens.js | 20 +++++++++++++------- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/__tests__/auth/confirmverification.test.js b/__tests__/auth/confirmverification.test.js index bfa6ad3..b9578dd 100644 --- a/__tests__/auth/confirmverification.test.js +++ b/__tests__/auth/confirmverification.test.js @@ -96,7 +96,7 @@ describe('user verify registration token', () => { // set response by running route beforeAll(async () => { tokenService.verifyVerificationToken.mockImplementation((req, res, next) => { - return res.status(403).json({ message: 'Token is no longer valid.' }); + return res.status(498).json({ message: 'Token is no longer valid.' }); }); const input = { ...mockedVals.validInput, token: 'invalid-token' }; @@ -107,7 +107,7 @@ describe('user verify registration token', () => { }); it('should return a proper status code', () => { - expect(response.status).toBe(403); + expect(response.status).toBe(498); }); it('should respond with a proper body', () => { expect(response.body).toMatchSnapshot(); diff --git a/controllers/Auth.js b/controllers/Auth.js index 2226855..852d641 100644 --- a/controllers/Auth.js +++ b/controllers/Auth.js @@ -135,12 +135,15 @@ export const renewAccessToken = async (req, res, next) => { export const logout = async (req, res, next) => { try { // delete + console.log("🚀 ~ logout ~ req.cookies.refreshToken:", req.cookies.refreshToken); if (req.cookies.refreshToken) await deleteRefreshToken(req.cookies.refreshToken); // return msg return res.status(200).json({ message: 'See you soon.' }); } catch (error) { next(error); } + + }; @@ -166,8 +169,9 @@ export const requestPasswordReset = async (req, res, next) => { try { let subject = "Password Reset Token"; let to = foundUser.email; - let link = `${process.env.FRONTEND_URL}/reset_password/${passwordToken}/${foundUser._id}`; + let link = `${process.env.FRONTEND_URL}/reset_password/${passwordToken}`; let html = `<p>Hi<p><br><p>Please click on the following <a href="${link}">link</a> to process the password reset. This Token is valid for ${process.env.PASSWORD_TOKEN_TTL}.</p> + <p>${link}</p> <p>${passwordToken}</p> <br><p>If you did not request this, please ignore this email.</p>`; await sendEmail({ to, subject, html }); diff --git a/utils/handleTokens.js b/utils/handleTokens.js index ff5a02f..6c72dbc 100644 --- a/utils/handleTokens.js +++ b/utils/handleTokens.js @@ -170,11 +170,17 @@ export const verifyAccessToken = async (req, res, next) => { * */ export const verifyPasswordToken = async (req, res, next) => { - // fetch user by token - req.document = await findOneRecord(User, { resetPasswordToken: req.body.token }, '+password'); // verify token - jwt.verify(req.body.token, process.env.PASSWORD_TOKEN_KEY + req.document.password, async (error, payload) => { - // if invalid - if (error) return res.status(403).json({ message: 'Token is no longer valid.' }); - next(); - }); + try { + // fetch user by token + req.document = await findOneRecord(User, { resetPasswordToken: req.body.token }, '+password'); // verify token + if (!req.document) return res.status(498).json({ message: 'Token is no longer valid.' }); + // check token validity + jwt.verify(req.body.token, process.env.PASSWORD_TOKEN_KEY + req.document.password, async (error, payload) => { + // if invalid + if (error) return res.status(498).json({ message: 'Token is no longer valid.' }); + next(); + }); + } catch (error) { + next(error); + } }; \ No newline at end of file -- GitLab