Forgot password and Reset password feature (#112)

iamrahulrnair · web-flow · commit ba47389deaa9 · 2021-12-17T10:32:11.000+05:30
* add controller for forgot password and reset password

* add password change specific route

* add instance method

* add route for password change specific routers

* Update pwd.controllers.js

updated controller, and removed comments

* Update server.js

removed comments

* Update pwd.route.js

Added middleware for rate limiting

* Create ratelimiter.middleware.js

Added a middleware which returns the rate limit function, configuration change can be addressed in a single location
diff --git a/server/controllers/pwd.controllers.js b/server/controllers/pwd.controllers.js
@@ -0,0 +1,87 @@
+const asyncHandler = require('express-async-handler');
+const User = require('../models/user.modal');
+const nodemailer = require('nodemailer');
+const jwt = require('jsonwebtoken');
+const bcrypt = require('bcryptjs');
+
+module.exports.forgotPwdController = asyncHandler(async (req, res, next) => {
+  const { email } = req.body;
+  const user = await User.findOne({ email });
+
+  if (!user) {
+    res.status(400).send({ status: 'user not found' });
+    throw new Error('User not found');
+  }
+
+  const token = await user.createPWDresetToken();
+  const resetURL = `${process.env.FRONTEND_URL}/_reset_password/${token}`;
+
+  var transporter = nodemailer.createTransport({
+    service: 'gmail',
+    auth: {
+      user: process.env.OUR_EMAIL,
+      pass: process.env.EMAIL_PASS,
+    },
+    from: 'codesync.live',
+  });
+
+  var mailOptions = {
+    from: process.env.OUR_EMAIL,
+    to: user.email,
+    cc: 'codedeeper.work@gmail.com',
+    subject: 'Codedeeper password reset Token',
+    html: `<p>Hello , ${user.name} here is your token link. <a href="${resetURL}">Click Here</a> to reset the password</p>`,
+    text: `<p>Hello , ${user.name} here is your token link. <a href="${resetURL}">Click Here</a> to reset the password</p>`,
+  };
+
+  transporter.sendMail(mailOptions, function (error, info) {
+    if (error) {
+      console.log(error);
+      res.status(200).send({
+        status: 'failed',
+      });
+    } else {
+      console.log('Email sent: ' + info.response);
+      if (process.env.NODE_ENV == 'development') {
+        res.status(200).send({
+          status: 'success',
+          resetURL,
+        });
+      } else {
+        res.status(200).send({status:"mail sent successfully"});
+      }
+    }
+  });
+});
+
+module.exports.resetPasswordController = asyncHandler(async (req, res) => {
+  const reset_token = req.params.JWT_TOKEN;
+  try {
+    const payload = jwt.verify(reset_token, process.env.JWT_SECRET_KEY);
+    const { password, confirmpassword } = req.body;
+    if (!password || !confirmpassword)
+      throw new Error('Password should be provided!');
+
+    if (password !== confirmpassword) throw new Error("Password doesn't match");
+
+    const user = await User.findById(payload.id);
+    if (!user) throw new Error('No user exists with this id');
+
+    if (user.passwordChangedAt && user.passwordChangedAt > payload.iat * 1000)
+      throw new Error(
+        'Please raise a new Reset Request,this token was used earlier'
+      );
+
+    const newPassword = await bcrypt.hash(password, 12);
+    user.set({ password: newPassword, passwordChangedAt: new Date() });
+    await user.save();
+
+    return res.status(200).send({
+      status: 'password changed successfully',
+    });
+  } catch (err) {
+    res.status(400).send({
+      err: err.message,
+    });
+  }
+});
diff --git a/server/middleware/ratelimiter.middleware.js b/server/middleware/ratelimiter.middleware.js
@@ -0,0 +1,6 @@
+const rateLimit = require('express-rate-limit');
+
+const rateLimiter = ({ windowMs, max, message }) => {
+  return rateLimit({ windowMs, max, message });
+};
+module.exports = rateLimiter;
diff --git a/server/models/user.modal.js b/server/models/user.modal.js
@@ -1,29 +1,39 @@
-const mongoose = require("mongoose");
+const mongoose = require('mongoose');
+const jwt = require('jsonwebtoken');
 
-const User = mongoose.model("User", {
-    name: {
-        type: "String",
-        required: true,
-    },
-    email: {
-        type: "String",
-        required: true,
-    },
-    password: {
-        type: "String",
-        required: true,
-    },
-    id: {
-        type: "String",
-    },
-    googleLogin: {
-        type: "Boolean",
-        default: false,
-    },
-    imageUrl: {
-        type: "String",
-        
-    }
-}); 
+const userSchema = new mongoose.Schema({
+  name: {
+    type: String,
+    required: true,
+  },
+  email: {
+    type: String,
+    required: true,
+  },
+  password: {
+    type: String,
+    required: true,
+  },
+  passwordChangedAt: Date,
+  id: {
+    type: String,
+  },
+  googleLogin: {
+    type: Boolean,
+    default: false,
+  },
+  imageUrl: {
+    type: String,
+  },
+});
 
+userSchema.methods.createPWDresetToken = async function () {
+  return jwt.sign(
+    { email: this.email, id: this._id },
+    process.env.JWT_SECRET_KEY,
+    { expiresIn: 600 }
+  );
+};
+
+const User = mongoose.model('User', userSchema);
 module.exports = User;
diff --git a/server/routes/pwd.route.js b/server/routes/pwd.route.js
@@ -0,0 +1,20 @@
+const express = require('express');
+const rateLimiter = require('../middleware/ratelimiter.middleware');
+
+const forgotPasswordRateLimit = rateLimiter({
+  windowMs: 10 * 60 * 1000,
+  max: 1,
+  message: 'Too many requests, please try again later for resetting password.',
+});
+
+const {
+  forgotPwdController,
+  resetPasswordController,
+} = require('../controllers/pwd.controllers');
+
+const router = express.Router();
+
+router.get('/_reset_password/:JWT_TOKEN', resetPasswordController);
+router.post('/_forgot_password', forgotPasswordRateLimit, forgotPwdController);
+
+module.exports = router;
diff --git a/server/server.js b/server/server.js
@@ -35,6 +35,8 @@ app.use(express.json());
 app.get("/", (req, res) => {
   res.send("API IS RUNNING")
 })
+
+app.use('/api',require('./routes/pwd.route'))
 app.use('/api/room/', require('./routes/room.route'));
 app.use('/api/user/', require('./routes/user.route'));
 
@@ -163,4 +165,4 @@ app.post('/sendMail', (req, res) => {
 // }
 server.listen(port, () => {
   console.log(`Example app listening at http://localhost:${port}`)
-})
+})
