wind-explorer/ecoconnect
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔥 Reset password now working

Browse Source
This commit is contained in:
Adam C
2024-07-29 01:36:44 +08:00
parent 3afe173da7
commit 96efff85da
9 changed files with 506 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

316
server/connections/mailersend.js
View File

@@ -49,170 +49,200 @@ async function sendEmail(recipientEmail, title, content) {
}
}
async function sendPasswordResetEmail(email, firstName) {
const ecoconnectEmailLogoUrl =
"https://onedrive.live.com/download?resid=FDC8D8692E9A43C0%21425747&authkey=%21ADT2uhKbMIG4iqw&width=1310&height=212";
async function sendPasswordResetEmail(email, firstName, resetToken) {
let dateTimeNow = new Date().toLocaleString();
let emailContent = `
<!doctype html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>ecoconnect Reset Password</title>
<style>
:root{
font-family: "Arial"
}
a {
all: unset;
}
:root{
font-family: "Arial"
}
a {
all: unset;
}
.m-8 {
margin: 2rem;
}
.mx-auto {
margin-left: auto;
margin-right: auto;
}
.my-auto {
margin-top: auto;
margin-bottom: auto;
}
.mr-auto {
margin-right: auto;
}
.flex {
display: flex;
}
.h-20 {
height: 5rem;
}
.w-40 {
width: 10rem;
}
.w-44 {
width: 11rem;
}
.w-full {
width: 100%;
}
.w-max {
width: max-content;
}
.flex-row {
flex-direction: row;
}
.flex-col {
flex-direction: column;
}
.justify-center {
justify-content: center;
}
.gap-2 {
gap: 0.5rem;
}
.gap-4 {
gap: 1rem;
}
.rounded-xl {
border-radius: 0.75rem;
}
.rounded-b-xl {
border-bottom-right-radius: 0.75rem;
border-bottom-left-radius: 0.75rem;
}
.border-2 {
border-width: 2px;
}
.border-red-200 {
border-color: rgb(254 202 202);
}
.border-red-300 {
border-color: rgb(252 165 165);
}
.bg-red-500 {
background-color: rgb(239 68 68);
}
.bg-white {
background-color: rgb(255 255 255);
}
.p-8 {
padding: 2rem;
}
.px-3 {
padding-left: 0.75rem;
padding-right: 0.75rem;
}
.px-4 {
padding-left: 1rem;
padding-right: 1rem;
}
.py-2 {
padding-top: 0.5rem;
padding-bottom: 0.5rem;
}
.py-3 {
padding-top: 0.75rem;
padding-bottom: 0.75rem;
}
.text-3xl {
font-size: 1.875rem;
line-height: 2.25rem;
}
.text-sm {
font-size: 0.875rem;
line-height: 1.25rem;
}
.font-bold {
font-weight: 700;
}
.text-red-900 {
color: rgb(127 29 29);
}
.text-white {
color: rgb(255 255 255);
}
.opacity-50 {
opacity: 0.5;
}
.shadow-lg {
box-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
}
.shadow-md {
box-shadow: 0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1);
}
.\*\:my-auto > * {
margin-top: auto;
margin-bottom: auto;
}
.\*\:mr-auto > * {
margin-right: auto;
}
.no-underline {
text-decoration-line: none;
}
.h-3 {
height: 1.5rem;
}
margin: 2rem;
}
.mx-auto {
margin-left: auto;
margin-right: auto;
}
.my-auto {
margin-top: auto;
margin-bottom: auto;
}
.mr-auto {
margin-right: auto;
}
.flex {
display: flex;
}
.h-20 {
height: 5rem;
}
.w-40 {
width: 10rem;
}
.w-44 {
width: 11rem;
}
.w-full {
width: 100%;
}
.w-max {
width: max-content;
}
.flex-row {
flex-direction: row;
}
.flex-col {
flex-direction: column;
}
.justify-center {
justify-content: center;
}
.gap-2 {
gap: 0.5rem;
}
.gap-4 {
gap: 1rem;
}
.rounded-xl {
border-radius: 0.75rem;
}
.rounded-b-xl {
border-bottom-right-radius: 0.75rem;
border-bottom-left-radius: 0.75rem;
}
.border-2 {
border-width: 2px;
}
.border-red-200 {
border-color: rgb(254 202 202);
}
.border-red-300 {
border-color: rgb(252 165 165);
}
.bg-red-500 {
background-color: rgb(239 68 68);
}
.bg-white {
background-color: rgb(255 255 255);
}
.p-8 {
padding: 2rem;
}
.px-3 {
padding-left: 0.75rem;
padding-right: 0.75rem;
}
.px-4 {
padding-left: 1rem;
padding-right: 1rem;
}
.py-2 {
padding-top: 0.5rem;
padding-bottom: 0.5rem;
}
.py-3 {
padding-top: 0.75rem;
padding-bottom: 0.75rem;
}
.text-3xl {
font-size: 1.875rem;
line-height: 2.25rem;
}
.text-sm {
font-size: 0.875rem;
line-height: 1.25rem;
}
.font-bold {
font-weight: 700;
}
.text-red-900 {
color: rgb(127 29 29);
}
.text-white {
color: rgb(255 255 255);
}
.opacity-50 {
opacity: 0.5;
}
.shadow-lg {
box-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
}
.shadow-md {
box-shadow: 0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1);
}
.\*\:my-auto > * {
margin-top: auto;
margin-bottom: auto;
}
.\*\:mr-auto > * {
margin-right: auto;
}
.no-underline {
text-decoration-line: none;
}
.h-3 {
height: 1.5rem;
}
</style>
</head>
<body style="background-color: white;">
<div class="m-8 flex flex-col rounded-xl border-2 border-red-200 shadow-lg">
<div class="flex flex-col gap-4 p-8 *:mr-auto">
<img src="https://onedrive.live.com/download?resid=FDC8D8692E9A43C0%21425747&authkey=%21ADT2uhKbMIG4iqw&width=1310&height=212" alt="ecoconnect logo" class="w-44" />
<h1 class="text-3xl font-bold text-red-900">Greetings, ${firstName}!</h1>
<p>We have received your request to reset the password.<br />Click the button below to do so.</p>
<a href="https://example.com/reset-password" class="rounded-xl border-2 border-red-300 bg-red-500 px-4 py-3 text-white shadow-md w-max no-underline">RESET PASSWORD</a>
<p class="text-sm opacity-50">If you have not made a request to reset the password, feel free to ignore this email.</p>
<p>Best regards,<br/><span class="font-bold text-red-900">ecoconnect administrators</span></p>
<img src="${ecoconnectEmailLogoUrl}" alt="ecoconnect logo" class="w-44" />
<h1 class="text-3xl font-bold text-red-900">
Greetings, ${firstName}!
</h1>
<p>
We have received your request to reset the password.<br />Click the
button below to do so.
</p>
<div class="flex flex-col">
<a
href="http://localhost:5173/reset-password/${resetToken}"
class="rounded-xl border-2 border-red-300 bg-red-500 px-4 py-3 text-white font-bold shadow-md w-max no-underline"
>RESET PASSWORD</a
>
<p class="text-sm">This reset portal is opened on ${dateTimeNow}, for 60 minutes.</p>
<p class="text-sm opacity-50">
If you have not made a request to reset the password, feel free to
ignore this email.
</p>
</div>
<p>
Best regards,<br /><span class="font-bold text-red-900"
>ecoconnect administrators</span
>
</p>
</div>
<div class="flex flex-col justify-center h-20 w-full rounded-b-xl bg-red-500 text-white">
<div
class="flex flex-col justify-center h-20 w-full rounded-b-xl bg-red-500 text-white"
>
<div class="mx-auto flex w-max flex-row gap-2 *:my-auto">
<img src="https://onedrive.live.com/download?resid=FDC8D8692E9A43C0%21425747&authkey=%21ADT2uhKbMIG4iqw&width=1310&height=212" alt="ecoconnect logo" class=" h-3 py-2 px-3 bg-white rounded-xl" />
<img
src="${ecoconnectEmailLogoUrl}"
alt="ecoconnect logo"
class="h-3 py-2 px-3 bg-white rounded-xl"
/>
<p>· Connecting neighbourhoods together</p>
</div>
</div>
</div>
</body>
</html>
`;
await sendEmail(
email,

10
server/models/User.js
View File

@@ -43,13 +43,21 @@ module.exports = (sequelize) => {
accountType: {
type: DataTypes.TINYINT(2),
allowNull: false,
defaultValue: 0
defaultValue: 0,
},
isArchived: {
type: DataTypes.BOOLEAN,
allowNull: false,
defaultValue: false,
},
resetPasswordToken: {
type: DataTypes.STRING(64),
allowNull: true,
},
resetPasswordExpireTime: {
type: DataTypes.DATE,
allowNull: true,
},
},
{
tableName: "users",

115
server/routes/users.js
View File

@@ -1,6 +1,6 @@
const express = require("express");
const yup = require("yup");
const { Op } = require("sequelize");
const { Op, Sequelize } = require("sequelize");
const { User } = require("../models");
const { validateToken } = require("../middlewares/auth");
const argon2 = require("argon2");
@@ -8,6 +8,10 @@ const router = express.Router();
const { sign } = require("jsonwebtoken");
const multer = require("multer");
const sharp = require("sharp");
const { sendPasswordResetEmail } = require("../connections/mailersend");
const {
generatePasswordResetToken,
} = require("../security/generatePasswordResetToken");
require("dotenv").config();
@@ -333,4 +337,113 @@ router.put(
}
);
router.put("/request-reset-password/:email", async (req, res) => {
let email = req.params.email;
try {
console.log(email);
let user = await User.findOne({
where: { email: email },
});
if (!user) {
res.sendStatus(404);
return;
}
if (user.isArchived) {
res.status(400).json({
message: `ERR_ACC_IS_ARCHIVED`,
});
} else {
const token = await generatePasswordResetToken();
let num = await User.update(
{
resetPasswordToken: token,
resetPasswordExpireTime: Date.now() + 3600000,
},
{
where: { id: user.id },
}
);
if (num == 1) {
res.json({
message: "User was updated successfully.",
});
} else {
res.status(400).json({
message: `Something went wrong setting token for user with id ${id}.`,
});
}
await sendPasswordResetEmail(user.email, user.firstName, token);
res.status(200).json({ message: "Email sent successfully" });
return;
}
} catch (error) {
// Silence.
}
});
router.post("/reset-password", async (req, res) => {
let token = req.body.token;
let newPassword = req.body.password;
try {
resetPassword(token, newPassword).then(() => {
res.sendStatus(200);
});
} catch (err) {
res.status(400).json({ errors: err.errors });
}
});
router.get("/reset-password/:token", async (req, res) => {
let token = req.params.token;
try {
let user = await validateResetPasswordToken(token);
if (!user) {
console.log("no");
res.sendStatus(404);
return;
} else {
console.log("yes");
res.sendStatus(200);
}
} catch {
res.status(401);
}
});
async function validateResetPasswordToken(token) {
const user = await User.findOne({
where: {
resetPasswordToken: token,
resetPasswordExpireTime: { [Sequelize.Op.gt]: Date.now() },
},
});
if (!user) {
return undefined;
} else {
return user;
}
}
async function resetPassword(token, newPassword) {
const user = await validateResetPasswordToken(token);
if (!user) {
return undefined;
}
const hashedPassword = await argon2.hash(newPassword);
user.password = hashedPassword;
user.resetPasswordToken = null;
user.resetPasswordExpires = null;
await user.save();
}
module.exports = router;

16
server/security/generatePasswordResetToken.js Normal file
View File

@@ -0,0 +1,16 @@
const crypto = require("crypto");
function generatePasswordResetToken() {
return new Promise((resolve, reject) => {
crypto.randomBytes(32, (err, buffer) => {
if (err) {
reject(err);
} else {
const token = buffer.toString("hex");
resolve(token);
}
});
});
}
module.exports = { generatePasswordResetToken };