fixed reset password

6fcb8e62 · Embruch, Gerd · 719e2512 · 6fcb8e62 · 6fcb8e62 · 6fcb8e62
Commit 6fcb8e62 authored 11 months ago by Embruch, Gerd
--- a/__tests__/auth/confirmverification.test.js
+++ b/__tests__/auth/confirmverification.test.js
@@ -96,7 +96,7 @@ describe('user verify registration token', () => {
    // set response by running route
    beforeAll(async () => {
      tokenService.verifyVerificationToken.mockImplementation((req, res, next) => {
-        return res.status(403).json({ message: 'Token is no longer valid.' });
+        return res.status(498).json({ message: 'Token is no longer valid.' });
      });

      const input = { ...mockedVals.validInput, token: 'invalid-token' };
@@ -107,7 +107,7 @@ describe('user verify registration token', () => {
    });

    it('should return a proper status code', () => {
-      expect(response.status).toBe(403);
+      expect(response.status).toBe(498);
    });
    it('should respond with a proper body', () => {
      expect(response.body).toMatchSnapshot();

--- a/controllers/Auth.js
+++ b/controllers/Auth.js
@@ -135,12 +135,15 @@ export const renewAccessToken = async (req, res, next) => {
 export const logout = async (req, res, next) => {
  try {
    // delete 
+    console.log("🚀 ~ logout ~ req.cookies.refreshToken:", req.cookies.refreshToken);
    if (req.cookies.refreshToken) await deleteRefreshToken(req.cookies.refreshToken);
    // return msg
    return res.status(200).json({ message: 'See you soon.' });
  } catch (error) {
    next(error);
  }
+
+
 };


@@ -166,8 +169,9 @@ export const requestPasswordReset = async (req, res, next) => {
      try {
        let subject = "Password Reset Token";
        let to = foundUser.email;
-        let link = `${process.env.FRONTEND_URL}/reset_password/${passwordToken}/${foundUser._id}`;
+        let link = `${process.env.FRONTEND_URL}/reset_password/${passwordToken}`;
        let html = `<p>Hi<p><br><p>Please click on the following <a href="${link}">link</a> to process the password reset. This Token is valid for ${process.env.PASSWORD_TOKEN_TTL}.</p>
+        <p>${link}</p>
        <p>${passwordToken}</p>
         <br><p>If you did not request this, please ignore this email.</p>`;
        await sendEmail({ to, subject, html });

--- a/utils/handleTokens.js
+++ b/utils/handleTokens.js
@@ -170,11 +170,17 @@ export const verifyAccessToken = async (req, res, next) => {
 *
 */
 export const verifyPasswordToken = async (req, res, next) => {
+  try {
    // fetch user by token
    req.document = await findOneRecord(User, { resetPasswordToken: req.body.token }, '+password');  // verify token
+    if (!req.document) return res.status(498).json({ message: 'Token is no longer valid.' });
+    // check token validity
    jwt.verify(req.body.token, process.env.PASSWORD_TOKEN_KEY + req.document.password, async (error, payload) => {
      // if invalid
-    if (error) return res.status(403).json({ message: 'Token is no longer valid.' });
+      if (error) return res.status(498).json({ message: 'Token is no longer valid.' });
      next();
    });
+  } catch (error) {
+    next(error);
+  }
 };
\ No newline at end of file