reset password with node prisma and postgresql

Author: wpcodevo

package.json

@@ -5,6 +5,8 @@
   "license": "MIT",
   "scripts": {
     "start": "ts-node-dev --respawn --transpile-only --exit-child src/app.ts",
+    "db:migrate": "npx prisma migrate dev --name user-entity --create-only && yarn prisma generate",
+    "db:push": "npx prisma db push",
     "build": "tsc . -p"
   },
   "devDependencies": {

prisma/migrations/20220522190602_user_entity/migration.sql

@@ -0,0 +1,22 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[email,verificationCode,passwordResetToken]` on the table `users` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- DropIndex
+DROP INDEX "users_email_verificationCode_idx";
+
+-- DropIndex
+DROP INDEX "users_email_verificationCode_key";
+
+-- AlterTable
+ALTER TABLE "users" ADD COLUMN     "passwordResetAt" TIMESTAMP(3),
+ADD COLUMN     "passwordResetToken" TEXT,
+ADD COLUMN     "provider" TEXT;
+
+-- CreateIndex
+CREATE INDEX "users_email_verificationCode_passwordResetToken_idx" ON "users"("email", "verificationCode", "passwordResetToken");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "users_email_verificationCode_passwordResetToken_key" ON "users"("email", "verificationCode", "passwordResetToken");

prisma/schema.prisma

@@ -26,8 +26,12 @@ model User{
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 
-  @@unique([email, verificationCode])
-  @@index([email, verificationCode])
+  provider String?
+  passwordResetToken String?
+  passwordResetAt DateTime?
+
+  @@unique([email, verificationCode, passwordResetToken])
+  @@index([email, verificationCode,passwordResetToken])
 }
 
 enum RoleEnumType {

src/controllers/auth.controller.ts

@@ -2,8 +2,10 @@ import crypto from 'crypto';
 import { CookieOptions, NextFunction, Request, Response } from 'express';
 import bcrypt from 'bcryptjs';
 import {
+  ForgotPasswordInput,
   LoginUserInput,
   RegisterUserInput,
+  ResetPasswordInput,
   VerifyEmailInput,
 } from '../schemas/user.schema';
 import {
@@ -263,3 +265,132 @@ export const verifyEmailHandler = async (
     next(err);
   }
 };
+
+export const forgotPasswordHandler = async (
+  req: Request<
+    Record<string, never>,
+    Record<string, never>,
+    ForgotPasswordInput
+  >,
+  res: Response,
+  next: NextFunction
+) => {
+  try {
+    // Get the user from the collection
+    const user = await findUser({ email: req.body.email.toLowerCase() });
+    const message =
+      'You will receive a reset email if user with that email exist';
+    if (!user) {
+      return res.status(200).json({
+        status: 'success',
+        message,
+      });
+    }
+
+    if (!user.verified) {
+      return res.status(403).json({
+        status: 'fail',
+        message: 'Account not verified',
+      });
+    }
+
+    if (user.provider) {
+      return res.status(403).json({
+        status: 'fail',
+        message:
+          'We found your account. It looks like you registered with a social auth account. Try signing in with social auth.',
+      });
+    }
+
+    const resetToken = crypto.randomBytes(32).toString('hex');
+    const passwordResetToken = crypto
+      .createHash('sha256')
+      .update(resetToken)
+      .digest('hex');
+
+    await updateUser(
+      { id: user.id },
+      {
+        passwordResetToken,
+        passwordResetAt: new Date(Date.now() + 10 * 60 * 1000),
+      },
+      { email: true }
+    );
+
+    try {
+      const url = `${config.get<string>('origin')}/resetPassword/${resetToken}`;
+      await new Email(user, url).sendPasswordResetToken();
+
+      res.status(200).json({
+        status: 'success',
+        message,
+      });
+    } catch (err: any) {
+      await updateUser(
+        { id: user.id },
+        { passwordResetToken: null, passwordResetAt: null },
+        {}
+      );
+      return res.status(500).json({
+        status: 'error',
+        message: 'There was an error sending email',
+      });
+    }
+  } catch (err: any) {
+    next(err);
+  }
+};
+
+export const resetPasswordHandler = async (
+  req: Request<
+    ResetPasswordInput['params'],
+    Record<string, never>,
+    ResetPasswordInput['body']
+  >,
+  res: Response,
+  next: NextFunction
+) => {
+  try {
+    // Get the user from the collection
+    const passwordResetToken = crypto
+      .createHash('sha256')
+      .update(req.params.resetToken)
+      .digest('hex');
+
+    const user = await findUser({
+      passwordResetToken,
+      passwordResetAt: {
+        gt: new Date(),
+      },
+    });
+
+    if (!user) {
+      return res.status(403).json({
+        status: 'fail',
+        message: 'Invalid token or token has expired',
+      });
+    }
+
+    const hashedPassword = await bcrypt.hash(req.body.password, 12);
+    // Change password data
+    await updateUser(
+      {
+        id: user.id,
+      },
+      {
+        password: hashedPassword,
+        passwordResetToken: null,
+        passwordResetAt: null,
+      },
+      { email: true }
+    );
+
+    logout(res);
+    res.status(200).json({
+      status: 'success',
+      message: 'Password data updated successfully',
+    });
+  } catch (err: any) {
+    next(err);
+  }
+};

src/routes/auth.routes.ts

@@ -1,17 +1,21 @@
 import express from 'express';
 import {
+  forgotPasswordHandler,
   loginUserHandler,
   logoutUserHandler,
   refreshAccessTokenHandler,
   registerUserHandler,
+  resetPasswordHandler,
   verifyEmailHandler,
 } from '../controllers/auth.controller';
 import { deserializeUser } from '../middleware/deserializeUser';
 import { requireUser } from '../middleware/requireUser';
 import { validate } from '../middleware/validate';
 import {
+  forgotPasswordSchema,
   loginUserSchema,
   registerUserSchema,
+  resetPasswordSchema,
   verifyEmailSchema,
 } from '../schemas/user.schema';
 
@@ -31,4 +35,16 @@ router.get(
 
 router.get('/logout', deserializeUser, requireUser, logoutUserHandler);
 
+router.post(
+  '/forgotPassword',
+  validate(forgotPasswordSchema),
+  forgotPasswordHandler
+);
+
+router.patch(
+  '/resetPassword/:resetToken',
+  validate(resetPasswordSchema),
+  resetPasswordHandler
+);
+
 export default router;

src/schemas/user.schema.ts

@@ -62,6 +62,31 @@ export const updateUserSchema = object({
     }),
 });
 
+export const forgotPasswordSchema = object({
+  body: object({
+    email: string({
+      required_error: 'Email is required',
+    }).email('Email is invalid'),
+  }),
+});
+
+export const resetPasswordSchema = object({
+  params: object({
+    resetToken: string(),
+  }),
+  body: object({
+    password: string({
+      required_error: 'Password is required',
+    }).min(8, 'Password must be more than 8 characters'),
+    passwordConfirm: string({
+      required_error: 'Please confirm your password',
+    }),
+  }).refine((data) => data.password === data.passwordConfirm, {
+    message: 'Passwords do not match',
+    path: ['passwordConfirm'],
+  }),
+});
+
 export type RegisterUserInput = Omit<
   TypeOf<typeof registerUserSchema>['body'],
   'passwordConfirm'
@@ -70,3 +95,6 @@ export type RegisterUserInput = Omit<
 export type LoginUserInput = TypeOf<typeof loginUserSchema>['body'];
 export type VerifyEmailInput = TypeOf<typeof verifyEmailSchema>['params'];
 export type UpdateUserInput = TypeOf<typeof updateUserSchema>['body'];
+
+export type ForgotPasswordInput = TypeOf<typeof forgotPasswordSchema>['body'];
+export type ResetPasswordInput = TypeOf<typeof resetPasswordSchema>;

src/services/user.service.ts

@@ -35,7 +35,7 @@ export const findUniqueUser = async (
 };
 
 export const updateUser = async (
-  where: Partial<Prisma.UserCreateInput>,
+  where: Partial<Prisma.UserWhereUniqueInput>,
   data: Prisma.UserUpdateInput,
   select?: Prisma.UserSelect
 ) => {