ELEVATE-Project · rakeshSgr · Mar 22, 2024 · Mar 19, 2024 · Mar 20, 2024 · Mar 22, 2024
diff --git a/src/constants/common.js b/src/constants/common.js
@@ -28,7 +28,7 @@ module.exports = {
 		'/user/v1/user-role/default',
 	],
 	notificationEmailType: 'email',
-	accessTokenExpiry: `${process.env.ACCESS_TOKEN_EXPIRY}d`,
+	accessTokenExpiry: process.env.ACCESS_TOKEN_EXPIRY,
 	refreshTokenExpiry: `${process.env.REFRESH_TOKEN_EXPIRY}d`,
 	refreshTokenExpiryInMs: Number(process.env.REFRESH_TOKEN_EXPIRY) * 24 * 60 * 60 * 1000,
 	refreshTokenLimit: 3,

diff --git a/src/envVariables.js b/src/envVariables.js
@@ -100,11 +100,11 @@ let enviromentVariables = {
 		optional: process.env.CLOUD_STORAGE === 'AZURE' ? false : true,
 	},
 	ACCESS_TOKEN_EXPIRY: {
-		message: 'Required access token expiry in days',
+		message: 'Required access token expiry',
 		optional: false,
 	},
 	REFRESH_TOKEN_EXPIRY: {
-		message: 'Required refresh token expiry in days',
+		message: 'Required refresh token expiry',
 		optional: false,
 	},
 	API_DOC_URL: {
@@ -241,6 +241,17 @@ let enviromentVariables = {
 		optional: true,
 		default: '*',
 	},
+	PASSWORD_POLICY_REGEX: {
+		message: 'Required password policy',
+		optional: true,
+		default: '/^(?=.*[A-Z])(?=.*d)(?=.*[!@#$%^&*()_+{}|:<>?~`-=[];,./])[^ ]{11,}$/',
+	},
+	PASSWORD_POLICY_MESSAGE: {
+		message: 'Required password policy message',
+		optional: true,
+		default:
+			'Password must have at least one uppercase letter, one number, one special character, and be at least 10 characters long',
+  },
 	DOWNLOAD_URL_EXPIRATION_DURATION: {
 		message: 'Required downloadable url expiration time',
 		optional: true,

diff --git a/src/locales/en.json b/src/locales/en.json
@@ -113,5 +113,7 @@
 	"ROLES_HAS_EMPTY_LIST": "Empty roles list",
 	"COLUMN_DOES_NOT_EXISTS": "Role column does not exists",
 	"PERMISSION_DENIED": "You do not have the required permissions to access this resource. Please contact your administrator for assistance.",
-	"RELATED_ORG_REMOVAL_FAILED": "Requested organization not related the organization. Please check the values."
+	"RELATED_ORG_REMOVAL_FAILED": "Requested organization not related the organization. Please check the values.",
+	"INAVLID_ORG_ROLE_REQ": "Invalid organisation request"
+
 }
diff --git a/src/services/org-admin.js b/src/services/org-admin.js
@@ -237,6 +237,19 @@ module.exports = class OrgAdminHelper {
 			const requestId = bodyData.request_id
 			delete bodyData.request_id
 
+			const requestDetail = await orgRoleReqQueries.requestDetails({
+				id: requestId,
+				organization_id: tokenInformation.organization_id,
+			})
+
+			if (requestDetail.status !== common.REQUESTED_STATUS) {
+				return responses.failureResponse({
+					message: 'INAVLID_ORG_ROLE_REQ',
+					statusCode: httpStatusCode.bad_request,
+					responseCode: 'CLIENT_ERROR',
+				})
+			}
+
 			bodyData.handled_by = tokenInformation.id
 			const rowsAffected = await orgRoleReqQueries.update(
 				{ id: requestId, organization_id: tokenInformation.organization_id },

diff --git a/src/validators/v1/account.js b/src/validators/v1/account.js
@@ -25,7 +25,13 @@ module.exports = {
 			.withMessage('email is invalid')
 			.normalizeEmail({ gmail_remove_dots: false })
 
-		req.checkBody('password').trim().notEmpty().withMessage('password field is empty')
+		req.checkBody('password')
+			.notEmpty()
+			.withMessage('Password field is empty')
+			.matches(process.env.PASSWORD_POLICY_REGEX)
+			.withMessage(process.env.PASSWORD_POLICY_MESSAGE)
+			.custom((value) => !/\s/.test(value))
+			.withMessage('Password cannot contain spaces')
 
 		if (req.body.role) {
 			req.checkBody('role').trim().not().isIn([common.ADMIN_ROLE]).withMessage("User does't have admin access")
@@ -64,7 +70,13 @@ module.exports = {
 
 	resetPassword: (req) => {
 		req.checkBody('email').notEmpty().withMessage('email field is empty').isEmail().withMessage('email is invalid')
-		req.checkBody('password').notEmpty().withMessage('password field is empty')
+		req.checkBody('password')
+			.notEmpty()
+			.withMessage('Password field is empty')
+			.matches(process.env.PASSWORD_POLICY_REGEX)
+			.withMessage(process.env.PASSWORD_POLICY_MESSAGE)
+			.custom((value) => !/\s/.test(value))
+			.withMessage('Password cannot contain spaces')
 
 		req.checkBody('otp')
 			.notEmpty()

diff --git a/src/validators/v1/admin.js b/src/validators/v1/admin.js
@@ -27,7 +27,13 @@ module.exports = {
 			.withMessage('email is invalid')
 			.normalizeEmail()
 
-		req.checkBody('password').trim().notEmpty().withMessage('password field is empty')
+		req.checkBody('password')
+			.notEmpty()
+			.withMessage('Password field is empty')
+			.matches(process.env.PASSWORD_POLICY_REGEX)
+			.withMessage(process.env.PASSWORD_POLICY_MESSAGE)
+			.custom((value) => !/\s/.test(value))
+			.withMessage('Password cannot contain spaces')
 	},
 
 	login: (req) => {