From 97b921d1da1643fd0f4fe4181d737aa798a592e2 Mon Sep 17 00:00:00 2001 From: Hagop Jamkojian Date: Tue, 30 Mar 2021 16:17:55 +0200 Subject: [PATCH] Update config --- .env.example | 4 ++++ src/config/config.js | 14 ++++++++++---- src/config/roles.js | 2 +- src/config/tokens.js | 2 +- src/models/token.model.js | 2 +- src/routes/v1/auth.route.js | 7 +------ src/services/auth.service.js | 4 ++-- src/services/token.service.js | 4 ++-- tests/integration/auth.test.js | 16 ++++++++-------- 9 files changed, 30 insertions(+), 25 deletions(-) diff --git a/.env.example b/.env.example index 989d12f8..bf62a879 100644 --- a/.env.example +++ b/.env.example @@ -11,6 +11,10 @@ JWT_SECRET=thisisasamplesecret JWT_ACCESS_EXPIRATION_MINUTES=30 # Number of days after which a refresh token expires JWT_REFRESH_EXPIRATION_DAYS=30 +# Number of minutes after which a reset password token expires +JWT_RESET_PASSSWORD_EXPIRATION_MINUTES=10 +# Number of minutes after which a verify email token expires +JWT_VERIFY_EMAIL_EXPIRATION_MINUTES=10 # SMTP configuration options for the email service # For testing, you can use a fake SMTP service like Ethereal: https://ethereal.email/create diff --git a/src/config/config.js b/src/config/config.js index d70b436b..69918dfa 100644 --- a/src/config/config.js +++ b/src/config/config.js @@ -12,6 +12,12 @@ const envVarsSchema = Joi.object() JWT_SECRET: Joi.string().required().description('JWT secret key'), JWT_ACCESS_EXPIRATION_MINUTES: Joi.number().default(30).description('minutes after which access tokens expire'), JWT_REFRESH_EXPIRATION_DAYS: Joi.number().default(30).description('days after which refresh tokens expire'), + JWT_RESET_PASSWORD_EXPIRATION_MINUTES: Joi.number() + .default(10) + .description('minutes after which reset password token expires'), + JWT_VERIFY_EMAIL_EXPIRATION_MINUTES: Joi.number() + .default(10) + .description('minutes after which verify email token expires'), SMTP_HOST: Joi.string().description('server that will send the emails'), SMTP_PORT: Joi.number().description('port to connect to the email server'), SMTP_USERNAME: Joi.string().description('username for email server'), @@ -39,10 +45,10 @@ module.exports = { }, jwt: { secret: envVars.JWT_SECRET, - accessExpirationMinutes: envVars.JWT_ACCESS_EXPIRATION_MINUTES, - refreshExpirationDays: envVars.JWT_REFRESH_EXPIRATION_DAYS, - resetPasswordExpirationMinutes: 10, - verificationEmailExpirationMinutes: 10, + accessExpirationMinutes: envVars.JWT_ACCESS_EXPIRATION_MINUTES || 30, + refreshExpirationDays: envVars.JWT_REFRESH_EXPIRATION_DAYS || 30, + resetPasswordExpirationMinutes: envVars.JWT_RESET_PASSWORD_EXPIRATION_MINUTES || 10, + verifyEmailExpirationMinutes: envVars.JWT_VERIFY_EMAIL_EXPIRATION_MINUTES || 10, }, email: { smtp: { diff --git a/src/config/roles.js b/src/config/roles.js index 6cfc6d57..fb76ba61 100644 --- a/src/config/roles.js +++ b/src/config/roles.js @@ -1,7 +1,7 @@ const roles = ['user', 'admin']; const roleRights = new Map(); -roleRights.set(roles[0], ['verifyEmail']); +roleRights.set(roles[0], []); roleRights.set(roles[1], ['getUsers', 'manageUsers']); module.exports = { diff --git a/src/config/tokens.js b/src/config/tokens.js index bcc1f59d..77a9976f 100644 --- a/src/config/tokens.js +++ b/src/config/tokens.js @@ -2,7 +2,7 @@ const tokenTypes = { ACCESS: 'access', REFRESH: 'refresh', RESET_PASSWORD: 'resetPassword', - VERIFICATION_EMAIL: 'verificationEmail', + VERIFY_EMAIL: 'verifyEmail', }; module.exports = { diff --git a/src/models/token.model.js b/src/models/token.model.js index b0f7a31a..9ff35e2f 100644 --- a/src/models/token.model.js +++ b/src/models/token.model.js @@ -16,7 +16,7 @@ const tokenSchema = mongoose.Schema( }, type: { type: String, - enum: [tokenTypes.REFRESH, tokenTypes.RESET_PASSWORD, tokenTypes.VERIFICATION_EMAIL], + enum: [tokenTypes.REFRESH, tokenTypes.RESET_PASSWORD, tokenTypes.VERIFY_EMAIL], required: true, }, expires: { diff --git a/src/routes/v1/auth.route.js b/src/routes/v1/auth.route.js index 2e3ea6ba..7856a74a 100644 --- a/src/routes/v1/auth.route.js +++ b/src/routes/v1/auth.route.js @@ -12,12 +12,7 @@ router.post('/logout', validate(authValidation.logout), authController.logout); router.post('/refresh-tokens', validate(authValidation.refreshTokens), authController.refreshTokens); router.post('/forgot-password', validate(authValidation.forgotPassword), authController.forgotPassword); router.post('/reset-password', validate(authValidation.resetPassword), authController.resetPassword); -router.post( - '/verification-email', - auth('verifyEmail'), - validate(authValidation.verificationEmail), - authController.verificationEmail -); +router.post('/verification-email', auth(), validate(authValidation.verificationEmail), authController.verificationEmail); router.post('/verify-email', validate(authValidation.verifyEmail), authController.verifyEmail); module.exports = router; diff --git a/src/services/auth.service.js b/src/services/auth.service.js index a78975e0..295928c6 100644 --- a/src/services/auth.service.js +++ b/src/services/auth.service.js @@ -77,12 +77,12 @@ const resetPassword = async (resetPasswordToken, newPassword) => { */ const verifyEmail = async (emailVarificationToken) => { try { - const emailVarificationTokenDoc = await tokenService.verifyToken(emailVarificationToken, tokenTypes.VERIFICATION_EMAIL); + const emailVarificationTokenDoc = await tokenService.verifyToken(emailVarificationToken, tokenTypes.VERIFY_EMAIL); const user = await userService.getUserById(emailVarificationTokenDoc.user); if (!user) { throw new Error(); } - await Token.deleteMany({ user: user.id, type: tokenTypes.VERIFICATION_EMAIL }); + await Token.deleteMany({ user: user.id, type: tokenTypes.VERIFY_EMAIL }); await userService.updateUserById(user.id, { isEmailVarified: true }); } catch (error) { throw new ApiError(httpStatus.UNAUTHORIZED, 'email verification failed'); diff --git a/src/services/token.service.js b/src/services/token.service.js index 3b29874f..810a5e2c 100644 --- a/src/services/token.service.js +++ b/src/services/token.service.js @@ -104,9 +104,9 @@ const generateVerificationEmailToken = async (email) => { if (!user) { throw new ApiError(httpStatus.NOT_FOUND, 'No users found with this email'); } - const expires = moment().add(config.jwt.verificationEmailExpirationMinutes, 'minutes'); + const expires = moment().add(config.jwt.verifyEmailExpirationMinutes, 'minutes'); const verificationEmailToken = generateToken(user.id, expires); - await saveToken(verificationEmailToken, user.id, expires, tokenTypes.VERIFICATION_EMAIL); + await saveToken(verificationEmailToken, user.id, expires, tokenTypes.VERIFY_EMAIL); return verificationEmailToken; }; module.exports = { diff --git a/tests/integration/auth.test.js b/tests/integration/auth.test.js index 02fd5b3a..de13ade8 100644 --- a/tests/integration/auth.test.js +++ b/tests/integration/auth.test.js @@ -407,9 +407,9 @@ describe('Auth routes', () => { describe('POST /v1/auth/verify-email', () => { test('should return 204 and verify the email', async () => { await insertUsers([userOne]); - const expires = moment().add(config.jwt.verificationEmailExpirationMinutes, 'minutes'); + const expires = moment().add(config.jwt.verifyEmailExpirationMinutes, 'minutes'); const verificationEmailToken = tokenService.generateToken(userOne._id, expires); - await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFICATION_EMAIL); + await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFY_EMAIL); await request(app) .post('/v1/auth/verify-email') @@ -423,7 +423,7 @@ describe('Auth routes', () => { const dbVerificationEmailTokenCount = await Token.countDocuments({ user: userOne._id, - type: tokenTypes.VERIFICATION_EMAIL, + type: tokenTypes.VERIFY_EMAIL, }); expect(dbVerificationEmailTokenCount).toBe(0); }); @@ -436,9 +436,9 @@ describe('Auth routes', () => { test('should return 401 if verification email token is blacklisted', async () => { await insertUsers([userOne]); - const expires = moment().add(config.jwt.verificationEmailExpirationMinutes, 'minutes'); + const expires = moment().add(config.jwt.verifyEmailExpirationMinutes, 'minutes'); const verificationEmailToken = tokenService.generateToken(userOne._id, expires); - await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFICATION_EMAIL, true); + await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFY_EMAIL, true); await request(app) .post('/v1/auth/verify-email') @@ -451,7 +451,7 @@ describe('Auth routes', () => { await insertUsers([userOne]); const expires = moment().subtract(1, 'minutes'); const verificationEmailToken = tokenService.generateToken(userOne._id, expires); - await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFICATION_EMAIL); + await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFY_EMAIL); await request(app) .post('/v1/auth/verify-email') @@ -461,9 +461,9 @@ describe('Auth routes', () => { }); test('should return 401 if user is not found', async () => { - const expires = moment().add(config.jwt.verificationEmailExpirationMinutes, 'minutes'); + const expires = moment().add(config.jwt.verifyEmailExpirationMinutes, 'minutes'); const verificationEmailToken = tokenService.generateToken(userOne._id, expires); - await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFICATION_EMAIL); + await tokenService.saveToken(verificationEmailToken, userOne._id, expires, tokenTypes.VERIFY_EMAIL); await request(app) .post('/v1/auth/verify-email')