Issue with implementing token refresh functionality

[chandel-aman]

Describe the bug
Currently, the talawa-api lacks the functionality to handle token refresh using the provided refreshToken. The missing functionalities include but are not limited to saving the refreshed tokens in the database, revoking tokens after single use, and implementing security measures for secure token exchange.

To Reproduce
Steps to reproduce the behavior:

1. Login a user.
2. Check the database if the refresh token has been stored in user document (it is not getting stored now).
3. Let the user get logged out automatically after the access token has expired.
4. Check if a new refresh and access token is generated and set to the user.

Expected behavior

1. Save refreshed tokens in the database.
2. Revoke used tokens after a single exchange.
3. Send the newly generated access token and refresh token to the user.

Actual behavior
The talawa-api code currently lacks the aforementioned functionalities for token refresh, leading to an inability to perform the intended token exchange.

Screenshots
N/A

Additional details
The token refresh functionality in the talawa-api is partially implemented but lacks the final steps for saving tokens in the database, revocation after single use, and implementing essential security measures.

Potential internship candidates
Please read this if you are planning to apply for a Palisadoes Foundation internship PalisadoesFoundation/talawa#359

[chandel-aman]

@palisadoes please assign me this issue

[github-actions]

Congratulations on making your first Issue! 🎊 If you haven't already, check out our Contributing Guidelines and Issue Reporting Guidelines to ensure that you are following our guidelines for contributing and making issues.

[palisadoes]

@rishav-jha-mech @kb-0311 Please comment on this.

[chandel-aman]

@palisadoes @kb-0311

I've added an environment variable in env file.

Added/Modified:
NODE_ENV - This variable is now used to determine the development or production environment.

NODE_ENV=development

Purpose:

• To check the environment and restrict access to the backend server. If NODE_ENV is set to 'production', the backend will only allow requests from specified origins, such as talawa-admin.

Note: No changes are required in the README since the default value is clearly specified.

So should I update the sample env too?

[kb-0311]

Yes add them in the sample file too.

[github-actions]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.