diff --git a/consumerWebsite/functions/api.js b/consumerWebsite/functions/api.js index 4a7a3f5..1103582 100644 --- a/consumerWebsite/functions/api.js +++ b/consumerWebsite/functions/api.js @@ -2,7 +2,7 @@ const { tokenModel } = require("../database/model/tokenModel.js"); const { userModel } = require("../database/model/userModel"); const { hash, compareHash } = require("./bcrypt.js"); const { generateUUID } = require("./generateUUID.js"); -const { isValid } = require("./isValid"); +const { isValid , resetIsValid } = require("./isValid"); async function getTokenByToken(token) { const splitAuthToken = token.split("-"); @@ -53,7 +53,7 @@ async function addToken(userId, permission, isKey ,expiry) { async function addPasswordResetToken(data , token){ let hashtoken = await hash(token); let currentDate = new Date(); - let tokenToLive = new Date(currentDate.getTime() + 15 * 60000); + let tokenToLive = new Date(currentDate.getTime() + 5 * 60000); let tokenRes = await tokenModel.create({ userid: data.id, @@ -62,7 +62,7 @@ async function addPasswordResetToken(data , token){ isKey: "isNotKey", expiration: tokenToLive, }); - return true; + return tokenRes.id } async function checkToken(id) { @@ -77,6 +77,31 @@ async function checkToken(id) { return tokenRes; } +async function checkTokenByrowID(token) { + if (!token) return false; + //split + const splitAuthToken = token.split("-"); + const rowid = splitAuthToken[0]; + const suppliedToken = splitAuthToken.slice(1).join("-"); + + let tokenRes = await tokenModel.findByPk(rowid); + //console.log(tokenRes); + + if (!tokenRes) return false; + + if (!compareHash(suppliedToken, tokenRes.token)) return false; -module.exports = { addToken, getTokenByToken , checkToken , addPasswordResetToken}; + //pass tokemRes.expiration to isValid + if (!isValid(tokenRes.expiration)) { + //add boolean to token table + tokenRes.destroy(); + return false; + } + + return tokenRes; + +} + + +module.exports = { addToken, getTokenByToken , checkToken , addPasswordResetToken , checkTokenByrowID}; diff --git a/consumerWebsite/functions/isValid.js b/consumerWebsite/functions/isValid.js index ae39ce1..394cf16 100644 --- a/consumerWebsite/functions/isValid.js +++ b/consumerWebsite/functions/isValid.js @@ -11,4 +11,16 @@ function isValid(time) { } -module.exports = { isValid }; +//5 minutes +function resetIsValid(time) { + if ( + Math.floor(new Date(time).getTime() / 1000) < + Math.floor(new Date().getTime() / 1000) + ) { + return false; + } + return true; +} + + +module.exports = { isValid , resetIsValid }; diff --git a/consumerWebsite/functions/nodeMail.js b/consumerWebsite/functions/nodeMail.js index a94bde8..bde09b3 100644 --- a/consumerWebsite/functions/nodeMail.js +++ b/consumerWebsite/functions/nodeMail.js @@ -84,7 +84,7 @@ async function sendResetPasswordEmail(email, resetToken) { subject: "Reset Password", html: `

Reset Password

-

Reset Password Link: Reset Password Link

+

Reset Password Link: Reset Password Link

From: Eco Saver

Kindly click on the link to reset your password!

Regards,

diff --git a/consumerWebsite/functions/user.js b/consumerWebsite/functions/user.js index 90d05d2..42ac76f 100644 --- a/consumerWebsite/functions/user.js +++ b/consumerWebsite/functions/user.js @@ -163,6 +163,23 @@ async function checkEmailDetails(email) { } +async function resetPass(userid , data ){ + let hashed = await hash(data.password); + let updateUser = await userModel.update( + { + password: hashed, + }, + { + where: { + id: userid, + }, + } + ); + if (!updateUser) return false; + return true; + +} + module.exports = { getUserByID, @@ -171,5 +188,7 @@ module.exports = { loginUser, updateProfile, checkEmail, - checkEmailDetails + checkEmailDetails, + resetPass, + }; \ No newline at end of file diff --git a/consumerWebsite/routes/auth.js b/consumerWebsite/routes/auth.js index 14116b7..32f2657 100644 --- a/consumerWebsite/routes/auth.js +++ b/consumerWebsite/routes/auth.js @@ -3,13 +3,17 @@ const { loginUser, checkEmail, checkEmailDetails, + resetPass, } = require("../functions/user"); const { sendContactEmail } = require("../functions/nodeMail"); const { generateUUID } = require("../functions/generateUUID"); const { addPasswordResetToken } = require("../functions/api"); const { sendResetPasswordEmail } = require("../functions/nodeMail"); +const { checkTokenByrowID } = require("../functions/api"); + const express = require("express"); +const { render } = require("ejs"); const router = express.Router(); // /user/register @@ -91,13 +95,16 @@ router.post("/checkemail", async (req, res, next) => { let data = await checkEmailDetails(req.body.email); //console.log(data); //token generation and insert into token table - const token = await generateUUID(); + let token = await generateUUID(); let tokenRes = await addPasswordResetToken(data, token); //email user with temp token link if (!tokenRes) return false; + //apend table id to token + token = tokenRes + "-" + token; + //email logic to send reset password link sendResetPasswordEmail(req.body.email, token); @@ -111,15 +118,33 @@ router.post("/checkemail", async (req, res, next) => { } }); -router.get("/resetpassword/:token", async (req, res, next) => { - //pass token to reset password page - -}); //reset password -router.post("/resetpassword", async (req, res, next) => { +router.post("/resetpassword/:token", async (req, res, next) => { + console.log(req.body); + console.log(req.params.token); + + //if token is valid + let tokenRes = await checkTokenByrowID(req.params.token); + + if (!tokenRes) { + let error = new Error("Token not found"); + error.status = 400; + return next(error); + } + //token is valid and reset password + else{ + let Res = await resetPass(tokenRes.userid, req.body); + if (!Res) return false; + else{ + res.json({ + message: "Password reset successfully", + }); + tokenRes.destroy(); + } + } + }); module.exports = router; - diff --git a/consumerWebsite/routes/render.js b/consumerWebsite/routes/render.js index a892814..9b0bac0 100644 --- a/consumerWebsite/routes/render.js +++ b/consumerWebsite/routes/render.js @@ -1,4 +1,5 @@ "use strict"; +const { checkTokenByrowID } = require("../functions/api"); var router = require("express").Router(); @@ -33,7 +34,7 @@ router.get("/forgotpassword", function (req, res, next) { res.render("forgotpassword"); }); -//resetted password page +//resetting password page router.get("/resetpassword", function (req, res, next) { res.render("resetpassword"); }); @@ -63,4 +64,31 @@ router.get("/sensor-data", function (req, res, next) { res.render("sensor-data"); }); +//reset password page +router.get("/resetpassword/:token", async (req, res, next) => { + try{ + //pass token to reset password page + //console.log(req.params.token); + + //check if token is valid + let tokenRes = await checkTokenByrowID(req.params.token); + + if (!tokenRes) { + let error = new Error("Token not found"); + error.status = 400; + return next(error); + } + else { + let token = req.params.token; + console.log(token); + res.render("resetpassword", { token: token }); + } + + }catch(error){ + console.error(error); + next(error); + } +}); + + module.exports = router; \ No newline at end of file diff --git a/consumerWebsite/views/bot.ejs b/consumerWebsite/views/bot.ejs index 4bb9f93..ac8308c 100644 --- a/consumerWebsite/views/bot.ejs +++ b/consumerWebsite/views/bot.ejs @@ -81,7 +81,7 @@

- + diff --git a/consumerWebsite/views/checkemail.ejs b/consumerWebsite/views/checkemail.ejs index 2ff89c4..6fb6178 100644 --- a/consumerWebsite/views/checkemail.ejs +++ b/consumerWebsite/views/checkemail.ejs @@ -7,6 +7,8 @@

Please check your email for the reset password link

+
+

Dont have an account? Sign Up diff --git a/consumerWebsite/views/logintop.ejs b/consumerWebsite/views/logintop.ejs index 984ec1d..881c99d 100644 --- a/consumerWebsite/views/logintop.ejs +++ b/consumerWebsite/views/logintop.ejs @@ -6,14 +6,14 @@ - + - + @@ -30,7 +30,7 @@ - + @@ -66,7 +66,7 @@