Finished password reset, added email check & profile editing

2021-09-07 13:04:00 -04:00
parent 7216698a96
commit b1a8963952
4 changed files with 172 additions and 12 deletions
--- a/routes/user.route.js
+++ b/routes/user.route.js
@@ -9,6 +9,7 @@ const sessionLength = 25;
 let Session = require('../schema/session.model');
 let User = require('../schema/user.model');
 let Post = require('../schema/post.model');
+let Reset = require('../schema/reset.model');

 /*
    POST - /user/create
@@ -239,21 +240,150 @@ userRoutes.route('/refresh').post((req, res) => {
    utils.account.checkRefresh(req.body.userId, req.body.refresh, valid => {
        if (valid) {
            let s = new Session();
-                s.sessionId = generateSession();
-                s.userId = u._id;
-                s.date = new Date();
+            s.sessionId = generateSession();
+            s.userId = u._id;
+            s.date = new Date();

-                s.save()
-                    .then(() => {
-                        res.json(s);
-                    })
-                    .catch(() => {
-                        res.status(500).send("Error logging in user");
-                    });
+            s.save()
+                .then(() => {
+                    res.json(s);
+                })
+                .catch(() => {
+                    res.status(500).send("Error logging in user");
+                });
        } else {
            res.status(401).send("Incorrect refresh token");
        }
    }
+    )
+});
+
+userRoutes.route('/check-email').post((req, res) => {
+    User.find({email: req.body.email}, (err, arr) => {
+        if (err) {
+            console.log(err);
+        }
+
+        if (arr.length > 0) {
+            res.status(400).send("Email already in use");
+        } else {
+            res.status(200).send("Email not in use");
+        }
+    })
+});
+
+userRoutes.route('/change-name').post((req, res) => {
+    utils.account.checkSession(req.body.userId, req.body.sessionId, valid => {
+        if (valid) {
+            User.findById(req.body.userId, (err, user) => {
+                if (err) {
+                    console.log(err);
+                }
+                if (user) {
+                    user.name = req.body.name;
+                    user.save();
+                    res.status(200).send("Success changing name");
+                } else {
+                    res.status(400).send("No user found with that ID");
+                }
+            })
+        } else {
+            res.status(401).send("Unauthorized");
+        }
+    })
+});
+
+userRoutes.route('/change-email').post((req, res) => {
+    utils.account.checkSession(req.body.userId, req.body.sessionId, valid => {
+        if (valid) {
+            User.findById(req.body.userId, (err, user) => {
+                if (err) {
+                    console.log(err);
+                }
+                if (user) {
+                    user.email = req.body.email;
+                    user.save();
+                    res.status(200).send("Success changing email");
+                } else {
+                    res.status(400).send("No user found with that ID");
+                }
+            })
+        } else {
+            res.status(401).send("Unauthorized");
+        }
+    })
+});
+
+userRoutes.route('/change-password').post((req, res) => {
+    utils.account.checkSession(req.body.userId, req.body.sessionId, valid => {
+        if (valid) {
+            User.findById(req.body.userId, (err, user) => {
+                if (err) {
+                    console.log(err);
+                }
+                if (user) {
+                    user.password = req.body.password;
+                    user.save();
+                    res.status(200).send("Success changing password");
+                } else {
+                    res.status(400).send("No user found with that ID");
+                }
+            })
+        } else {
+            res.status(401).send("Unauthorized");
+        }
+    })
+});
+
+userRoutes.route('/forgot-password').post((req, res) => {
+    if (req.body.email) {
+        User.findOne({ email: req.body.email }, (err, user) => {
+            if (err) {
+                console.log(err);
+            }
+            if (user) {
+                let pin = generatePin();
+                let r = new Reset();
+                r.userId = user._id;
+                r.pin = pin;
+                r.date = new Date();
+                r.save();
+                utils.mail.sendMail(user, "forgotPassword", [{from: "%name%", to: user.name}, {from: "%pin%", to: pin}]);
+                res.status(200).send("Success sending reset email");
+            } else {
+                res.status(400).send("No user found with that email");
+            }
+        }
+        )
+    }
+});
+
+userRoutes.route('/reset-password').post((req, res) => {
+    if (req.body.userId && req.body.pin) {
+        User.findOne({ email: req.body.email }, (err, user) => {
+            if (err) {
+                console.log(err);
+            }
+            if (user) {
+                Reset.findOne({ userId: user._id, pin: req.body.pin}, (err, reset) => {
+                    if (err) {
+                        console.log(err);
+                    }
+                    if (reset) {
+                        reset.remove();
+                        user.password = req.body.password;
+                        user.save();
+                        res.status(200).send("Success resetting password");
+                    } else {
+                        res.status(400).send("Invalid pin");
+                    }
+                })
+            } else {
+                res.status(400).send("No user found with that email");
+            }
+        }
+        )
+    }
 });


@@ -269,3 +399,14 @@ function generateSession() {
    }
    return result.join('');
 }
+
+function generatePin() {
+    var length = pinLength;
+    var result = [];
+    var characters = '0123456789';
+    var charactersLength = characters.length;
+    for (var i = 0; i < length; i++) {
+        result.push(characters.charAt(Math.floor(Math.random() * charactersLength)));
+    }
+    return result.join('');
+}
--- a/schema/reset.model.js
+++ b/schema/reset.model.js
@@ -0,0 +1,19 @@
+const mongoose = require('mongoose');
+const Schema = mongoose.Schema;
+
+// Database schema for a password reset
+let Reset = new Schema({
+    userId: {
+        type: String
+    },
+    PIN: {
+        type: Number
+    },
+    date: {
+        type: Date
+    }
+}, {
+    collection: 'resets'
+});
+
+module.exports = mongoose.model('Reset', Reset);
--- a/templates/forgotPassword.txt
+++ b/templates/forgotPassword.txt
@@ -3,4 +3,4 @@ Hello %name%,

 Someone has requested a password reset for the account connected to your email.

-Reset your password here: https://example.com/reset/%sessionId%
+Please use the following PIN to reset your password: %pin%. Never share this pin with anyone.
--- a/utils/mail.js
+++ b/utils/mail.js
@@ -42,7 +42,7 @@ const loadDefaultTemplates = () => {

 // sendMail(user, message, replacements) send an email with message to the user, making
 // replacements in the message
-// replacements is an array of data {from, to}
+// replacements is an array of data {from: "%example%", to: "replacement"}
 const sendMail = async (user, message, replacements) => {
    console.log("Sending mail...");