Update config

.env.example

@@ -11,6 +11,10 @@ JWT_SECRET=thisisasamplesecret
 JWT_ACCESS_EXPIRATION_MINUTES=30
 # Number of days after which a refresh token expires
 JWT_REFRESH_EXPIRATION_DAYS=30
+# Number of minutes after which a reset password token expires
+JWT_RESET_PASSSWORD_EXPIRATION_MINUTES=10
+# Number of minutes after which a verify email token expires
+JWT_VERIFY_EMAIL_EXPIRATION_MINUTES=10
 
 # SMTP configuration options for the email service
 # For testing, you can use a fake SMTP service like Ethereal: https://ethereal.email/create

src/config/config.js

@@ -12,6 +12,12 @@ const envVarsSchema = Joi.object()
     JWT_SECRET: Joi.string().required().description('JWT secret key'),
     JWT_ACCESS_EXPIRATION_MINUTES: Joi.number().default(30).description('minutes after which access tokens expire'),
     JWT_REFRESH_EXPIRATION_DAYS: Joi.number().default(30).description('days after which refresh tokens expire'),
+    JWT_RESET_PASSWORD_EXPIRATION_MINUTES: Joi.number()
+      .default(10)
+      .description('minutes after which reset password token expires'),
+    JWT_VERIFY_EMAIL_EXPIRATION_MINUTES: Joi.number()
+      .default(10)
+      .description('minutes after which verify email token expires'),
     SMTP_HOST: Joi.string().description('server that will send the emails'),
     SMTP_PORT: Joi.number().description('port to connect to the email server'),
     SMTP_USERNAME: Joi.string().description('username for email server'),
@@ -39,10 +45,10 @@ module.exports = {
   },
   jwt: {
     secret: envVars.JWT_SECRET,
-    accessExpirationMinutes: envVars.JWT_ACCESS_EXPIRATION_MINUTES,
-    refreshExpirationDays: envVars.JWT_REFRESH_EXPIRATION_DAYS,
-    resetPasswordExpirationMinutes: 10,
-    verificationEmailExpirationMinutes: 10,
+    accessExpirationMinutes: envVars.JWT_ACCESS_EXPIRATION_MINUTES || 30,
+    refreshExpirationDays: envVars.JWT_REFRESH_EXPIRATION_DAYS || 30,
+    resetPasswordExpirationMinutes: envVars.JWT_RESET_PASSWORD_EXPIRATION_MINUTES || 10,
+    verifyEmailExpirationMinutes: envVars.JWT_VERIFY_EMAIL_EXPIRATION_MINUTES || 10,
   },
   email: {
     smtp: {

src/config/roles.js

@@ -1,7 +1,7 @@
 const roles = ['user', 'admin'];
 
 const roleRights = new Map();
-roleRights.set(roles[0], ['verifyEmail']);
+roleRights.set(roles[0], []);
 roleRights.set(roles[1], ['getUsers', 'manageUsers']);
 
 module.exports = {

src/config/tokens.js

@@ -2,7 +2,7 @@ const tokenTypes = {
   ACCESS: 'access',
   REFRESH: 'refresh',
   RESET_PASSWORD: 'resetPassword',
-  VERIFICATION_EMAIL: 'verificationEmail',
+  VERIFY_EMAIL: 'verifyEmail',
 };
 
 module.exports = {

src/models/token.model.js

@@ -16,7 +16,7 @@ const tokenSchema = mongoose.Schema(
     },
     type: {
       type: String,
-      enum: [tokenTypes.REFRESH, tokenTypes.RESET_PASSWORD, tokenTypes.VERIFICATION_EMAIL],
+      enum: [tokenTypes.REFRESH, tokenTypes.RESET_PASSWORD, tokenTypes.VERIFY_EMAIL],
       required: true,
     },
     expires: {

src/routes/v1/auth.route.js

@@ -12,12 +12,7 @@ router.post('/logout', validate(authValidation.logout), authController.logout);
 router.post('/refresh-tokens', validate(authValidation.refreshTokens), authController.refreshTokens);
 router.post('/forgot-password', validate(authValidation.forgotPassword), authController.forgotPassword);
 router.post('/reset-password', validate(authValidation.resetPassword), authController.resetPassword);
-router.post(
-  '/verification-email',
-  auth('verifyEmail'),
-  validate(authValidation.verificationEmail),
-  authController.verificationEmail
-);
+router.post('/verification-email', auth(), validate(authValidation.verificationEmail), authController.verificationEmail);
 router.post('/verify-email', validate(authValidation.verifyEmail), authController.verifyEmail);
 
 module.exports = router;

src/services/auth.service.js

@@ -77,12 +77,12 @@ const resetPassword = async (resetPasswordToken, newPassword) => {
  */
 const verifyEmail = async (emailVarificationToken) => {
   try {
-    const emailVarificationTokenDoc = await tokenService.verifyToken(emailVarificationToken, tokenTypes.VERIFICATION_EMAIL);
+    const emailVarificationTokenDoc = await tokenService.verifyToken(emailVarificationToken, tokenTypes.VERIFY_EMAIL);
     const user = await userService.getUserById(emailVarificationTokenDoc.user);
     if (!user) {
       throw new Error();
     }
-    await Token.deleteMany({ user: user.id, type: tokenTypes.VERIFICATION_EMAIL });
+    await Token.deleteMany({ user: user.id, type: tokenTypes.VERIFY_EMAIL });
     await userService.updateUserById(user.id, { isEmailVarified: true });
   } catch (error) {
     throw new ApiError(httpStatus.UNAUTHORIZED, 'email verification failed');

src/services/token.service.js

@@ -104,9 +104,9 @@ const generateVerificationEmailToken = async (email) => {
   if (!user) {
     throw new ApiError(httpStatus.NOT_FOUND, 'No users found with this email');
   }
-  const expires = moment().add(config.jwt.verificationEmailExpirationMinutes, 'minutes');
+  const expires = moment().add(config.jwt.verifyEmailExpirationMinutes, 'minutes');
   const verificationEmailToken = generateToken(user.id, expires);
-  await saveToken(verificationEmailToken, user.id, expires, tokenTypes.VERIFICATION_EMAIL);
+  await saveToken(verificationEmailToken, user.id, expires, tokenTypes.VERIFY_EMAIL);
   return verificationEmailToken;
 };
 module.exports = {

tests/integration/auth.test.js

@@ -407,9 +407,9 @@ describe('Auth routes', () => {
   describe('POST /v1/auth/verify-email', () => {
     test('should return 204 and verify the email', async () => {
       await insertUsers([userOne]);
-      const expires = moment().add(config.jwt.verificationEmailExpirationMinutes, 'minutes');
+      const expires = moment().add(config.jwt.verifyEmailExpirationMinutes, 'minutes');
       const verificationEmailToken = tokenService.generateToken(userOne._id, expires);
-      await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFICATION_EMAIL);
+      await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFY_EMAIL);
 
       await request(app)
         .post('/v1/auth/verify-email')
@@ -423,7 +423,7 @@ describe('Auth routes', () => {
 
       const dbVerificationEmailTokenCount = await Token.countDocuments({
         user: userOne._id,
-        type: tokenTypes.VERIFICATION_EMAIL,
+        type: tokenTypes.VERIFY_EMAIL,
       });
       expect(dbVerificationEmailTokenCount).toBe(0);
     });
@@ -436,9 +436,9 @@ describe('Auth routes', () => {
 
     test('should return 401 if verification email token is blacklisted', async () => {
       await insertUsers([userOne]);
-      const expires = moment().add(config.jwt.verificationEmailExpirationMinutes, 'minutes');
+      const expires = moment().add(config.jwt.verifyEmailExpirationMinutes, 'minutes');
       const verificationEmailToken = tokenService.generateToken(userOne._id, expires);
-      await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFICATION_EMAIL, true);
+      await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFY_EMAIL, true);
 
       await request(app)
         .post('/v1/auth/verify-email')
@@ -451,7 +451,7 @@ describe('Auth routes', () => {
       await insertUsers([userOne]);
       const expires = moment().subtract(1, 'minutes');
       const verificationEmailToken = tokenService.generateToken(userOne._id, expires);
-      await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFICATION_EMAIL);
+      await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFY_EMAIL);
 
       await request(app)
         .post('/v1/auth/verify-email')
@@ -461,9 +461,9 @@ describe('Auth routes', () => {
     });
 
     test('should return 401 if user is not found', async () => {
-      const expires = moment().add(config.jwt.verificationEmailExpirationMinutes, 'minutes');
+      const expires = moment().add(config.jwt.verifyEmailExpirationMinutes, 'minutes');
       const verificationEmailToken = tokenService.generateToken(userOne._id, expires);
-      await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFICATION_EMAIL);
+      await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFY_EMAIL);
 
       await request(app)
         .post('/v1/auth/verify-email')