Add reset password endpoint

cgtarmenta · Nov 17, 2019 · 3b43f7f · 3b43f7f
1 parent a86073f
commit 3b43f7f
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 0 deletions.
diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
@@ -28,9 +28,15 @@ const forgotPassword = catchAsync(async (req, res) => {
   res.status(httpStatus.NO_CONTENT).send();
 });
 
+const resetPassword = catchAsync(async (req, res) => {
+  await authService.resetPassword(req.query.token, req.body.password);
+  res.status(httpStatus.NO_CONTENT).send();
+});
+
 module.exports = {
   register,
   login,
   refreshTokens,
   forgotPassword,
+  resetPassword,
 };
diff --git a/src/routes/v1/auth.route.js b/src/routes/v1/auth.route.js
@@ -9,5 +9,6 @@ router.post('/register', validate(authValidation.register), authController.regis
 router.post('/login', validate(authValidation.login), authController.login);
 router.post('/refresh-tokens', validate(authValidation.refreshTokens), authController.refreshTokens);
 router.post('/forgot-password', validate(authValidation.forgotPassword), authController.forgotPassword);
+router.post('/reset-password', validate(authValidation.resetPassword), authController.resetPassword);
 
 module.exports = router;
diff --git a/src/services/auth.service.js b/src/services/auth.service.js
@@ -4,6 +4,7 @@ const httpStatus = require('http-status');
 const config = require('../config/config');
 const tokenService = require('./token.service');
 const userService = require('./user.service');
+const Token = require('../models/token.model');
 const AppError = require('../utils/AppError');
 
 const generateAuthTokens = async userId => {
@@ -63,9 +64,22 @@ const generateResetPasswordToken = async email => {
   return resetPasswordToken;
 };
 
+const resetPassword = async (resetPasswordToken, newPassword) => {
+  let userId;
+  try {
+    const resetPasswordTokenDoc = await tokenService.verifyToken(resetPasswordToken, 'resetPassword');
+    userId = resetPasswordTokenDoc.user;
+    await userService.updateUser(userId, { password: newPassword });
+  } catch (error) {
+    throw new AppError(httpStatus.UNAUTHORIZED, 'Password reset failed');
+  }
+  await Token.deleteMany({ user: userId, type: 'resetPassword' });
+};
+
 module.exports = {
   generateAuthTokens,
   loginUser,
   refreshAuthTokens,
   generateResetPasswordToken,
+  resetPassword,
 };
diff --git a/src/validations/auth.validation.js b/src/validations/auth.validation.js
@@ -34,9 +34,21 @@ const forgotPassword = {
   }),
 };
 
+const resetPassword = {
+  query: Joi.object().keys({
+    token: Joi.string().required(),
+  }),
+  body: Joi.object().keys({
+    password: Joi.string()
+      .required()
+      .custom(password),
+  }),
+};
+
 module.exports = {
   register,
   login,
   refreshTokens,
   forgotPassword,
+  resetPassword,
 };