Merge pull request #45 from chidimo/ch-release-presentation-166226540

#166226540 Refactor reset password function
chidimo · May 23, 2019 · 62b6310 · 62b6310
2 parents 58db41d + d53bf80
commit 62b6310
Show file tree

Hide file tree

Showing 13 changed files with 238 additions and 153 deletions.
diff --git a/controllers/AuthController.js b/controllers/AuthController.js
@@ -18,13 +18,13 @@ const AuthController = {
 
         if (user_exists) {
             return res
-                .status(404)
+                .status(409)
                 .json({ error: `User with email ${email} already exists` });
         }
         const { rows } = await add_user_to_db(users_model, req, res);
         const [ { id }, ] = rows;
         const clause = `WHERE id=${id}`;
-        const err_msg = `User with id ${id} does not exist.`;
+        const err_msg = `User with id ${id} not found`;
         const user = await get_existing_user(users_model, res, clause, err_msg);
         sendSignUpMessage(user, req);
         return res.status(201).json({ data: { ...user, token: req.token } });
@@ -38,7 +38,7 @@ const AuthController = {
         );
         if (!user_exists) {
             return res.status(404)
-                .json({ error: `User with email ${email} does not exist.` });
+                .json({ error: `User with email ${email} not found` });
         }
         const match = await check_password(users_model, email, password, res);
         if (match) {

diff --git a/controllers/LoansController.js b/controllers/LoansController.js
@@ -7,7 +7,7 @@ import
 { 
     add_loan_to_db,
     get_loan_by_id,
-    loan_repayment_history,
+    repay_history,
     check_loan_existence,
     add_repayment_to_db,
     return_repay_or_error,
@@ -49,7 +49,7 @@ const LoansController = {
                 return res.status(200).json({ data: loan });
             }
             return res.status(404)
-                .json({ error: `Loan with id ${id} does not exist` });
+                .json({ error: `Loan with id ${id} not found` });
         }
         catch (e) { return; }
     },
@@ -73,25 +73,29 @@ const LoansController = {
 
         req.status = status;
         try {
-            const loan = await check_loan_existence(loans_model, req, res);
+            const loan = await check_loan_existence(loans_model, id, res);
             if (loan) {
                 await update_loan_status(loans_model, req, res);
                 const loan = await get_loan_by_id(loans_model, id, res);
                 sendFollowUpMessage(status, loan);
                 return res.status(200).json({ data: loan });
             }
             return res.status(404)
-                .json({ error: `Loan with id ${id} does not exist.` });
+                .json({ error: `Loan with id ${id} not found` });
         }
         catch (e) { return InternalServerError(res, e); }
     },
 
     loan_repayment_history: async (req, res) => {
+        const { id } = req.params;
         try {
-            const loan = await check_loan_existence(loans_model, req, res);
+            const loan = await check_loan_existence(loans_model, id, res);
             if (loan) {
-                return await loan_repayment_history(repayments_model, req, res);
+                const repays = await repay_history(repayments_model, id, res);
+                return res.status(200).json({ data: repays });
             }
+            return res.status(404)
+                .json({ error: `Loan with ${id} not found` });
         }
         catch (e) { return InternalServerError(res, e); }
     },

diff --git a/controllers/UsersController.js b/controllers/UsersController.js
@@ -13,12 +13,36 @@ import { aws_signed_url, } from './helpers/UsersController';
 
 const users_model = new Model('users');
 
+const reset_password = async (model_instance, email, clause, res) => {
+    const new_password = generatePassword();
+    await update_pass(model_instance, new_password, clause, res);
+    sendPassword(email, new_password);
+    return res.status(204)
+        .json({ message: 'Password has been emailed to you.' });
+};
+
+const change_password = async (
+    model_instance, email, current_password, new_pass, res) => {
+    const clause = `WHERE email='${email}'`;
+
+    const knows_pass = await check_password(
+        model_instance, email, current_password, res);
+    if (knows_pass) {
+        await update_pass(users_model, new_pass, clause, res);
+        sendPassword(email, new_pass);
+        return res.status(204)
+            .json({ message: 'Password has been emailed to you.' });
+    }
+    return res.status(404)
+        .json({ error: 'You entered an incorrect password' });
+};
+
 const UsersController = {
     reset_password: async (req, res) => {
         const { email } = req.params;
         const { current_password, confirm_new, new_pass } = req.body;
 
-        const remember_password = (
+        const remembers_password = (
             (current_password !== '') &&
             (new_pass !== '') &&
             (confirm_new !== '')
@@ -28,23 +52,12 @@ const UsersController = {
         try {
             const exists = await check_user_exists(users_model, clause, res);
             if (exists) {
-                if (remember_password) {
-                    const knows_pass = await check_password(
-                        users_model, email, current_password, res);
-
-                    if (knows_pass) {
-                        await update_pass(users_model, new_pass, clause, res);
-                        sendPassword(email, new_pass);
-                        return res.status(204)
-                            .json({ message: 'Password has been emailed to you.' });
-                    }
-                    return res.status(404)
-                        .json({ error: 'You entered an incorrect password' });
+
+                if (remembers_password) {
+                    return await change_password(
+                        users_model, email, current_password, new_pass, res);
                 }
-                const new_password = generatePassword();
-                await update_pass(users_model, new_password, clause, res);
-                sendPassword(email, new_password);
-                return res.status(204).json({ message: 'Password has been emailed to you.' });
+                return await reset_password(users_model, email, clause, res);
             }
             return res.status(404)
                 .json({ error: `User with email ${email} not found` });

diff --git a/controllers/helpers/LoansController.js b/controllers/helpers/LoansController.js
@@ -39,13 +39,13 @@ export const sendFollowUpMessage = (status, loan) => {
     return;
 };
 
-export const check_loan_existence = async (model_instance, req, res) => {
-    const { id } = req.params;
+export const check_loan_existence = async (model_instance, id, res) => {
     try {
         const { rows } = await model_instance.select(
             'id, amount', `WHERE id=${id}`);
         const [ loan, ] = rows;
-        if (loan) return loan;
+        if (loan) return true;
+        return false;
     }
     catch (e) { return InternalServerError(res, e);}
 };
@@ -101,14 +101,13 @@ export const get_loan_by_id = async (model_instance, id, res) => {
 };
 
 // repayments
-export const loan_repayment_history = async (model_instance, req, res) => {
-    const { id } = req.params;
+export const repay_history = async (model_instance, id, res) => {
     try {
         const { rows } = await model_instance.select(
             'id, loanid, adminid, createdon, amount',
             `WHERE loanid=${Number(id)}`
         );
-        return res.status(200).json({ data: rows });
+        return rows;
     }
     catch (e) { return InternalServerError(res, e);}
 };

diff --git a/middleware/authentication.js b/middleware/authentication.js
@@ -11,7 +11,7 @@ const AuthenticationMiddleware = {
     },
 
     verifyToken: (req, res, next) => {
-        if (Settings.skipTokenVerification) {
+        if (Settings.skipTokenVerification()) {
             return next();
         }
         const token = req.headers['x-access-token'];

diff --git a/package.json b/package.json
@@ -17,7 +17,9 @@
         "lint": "./node_modules/.bin/eslint ./",
         "test": "set NODE_ENV=test&set DEBUG=test&set DBNAME=testdb&nyc --reporter=html --reporter=text --reporter=lcov mocha -r @babel/register -r should",
         "cover": "nyc report --reporter=text-lcov | coveralls",
-        "coverage": "nyc report --reporter=text-lcov | coveralls"
+        "coverage": "nyc report --reporter=text-lcov | coveralls",
+        "devtables": "set DEBUG=dev&set DBNAME=quick_credit&node --require @babel/register utils/createTables",
+        "herokutables": "node --require @babel/register utils/createTables"
     },
     "bugs": {
         "url": "https://github.com/chidimo/Quick-Credit/issues"

diff --git a/routes/index.js b/routes/index.js
@@ -26,20 +26,36 @@ router.post('/auth/signin',
     AuthController.signin
 );
 
-router.patch('/users/:id/verify', UsersController.verify_user);
-router.get(
-    '/users/:id/account-confirmation', UsersController.confirm_account);
-router.get('/users', UsersController.get_users);
-router.get('/users/:id', UsersController.get_user);
-router.get('/users?status=verified', UsersController.get_users);
+router.patch('/users/:id/verify',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.verify_user
+);
+router.get('/users/:id/account-confirmation',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.confirm_account
+);
+router.get('/users',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.get_users
+);
+router.get('/users/:id',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.get_user
+);
+router.get('/users?status=verified',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.get_users
+);
 router.patch('/users/:id/update',
     UsersValidators.updateProfileValidator,
     UsersController.update_user_profile
 );
-router.get('/users/:id/photo/upload/', 
+router.get('/users/:id/photo/upload/',
+    AuthenticationMiddleware.verifyToken,
     UsersController.get_aws_signed_url
 );
 router.patch('/users/:id/photo/update',
+    AuthenticationMiddleware.verifyToken,
     UsersController.update_photo_url
 );
 router.post('/users/:email/reset_password',
@@ -49,25 +65,50 @@ router.post('/users/:email/reset_password',
 
 router.get('/loans',
     AuthenticationMiddleware.verifyToken,
-    LoansController.get_all_loans);
-router.get('/loans/:id', LoansController.get_loan);
-router.get(
-    '/loans?status=approved&repaid=false', LoansController.get_all_loans);
-router.get(
-    '/loans?status=approved&repaid=true', LoansController.get_all_loans);
+    LoansController.get_all_loans
+);
+router.get('/loans/:id',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_loan
+);
+router.get('/loans?status=approved&repaid=false',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_all_loans
+);
+router.get('/loans?status=approved&repaid=true',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_all_loans
+);
 router.post('/loans',
+    AuthenticationMiddleware.verifyToken,
     LoansValidators.validateAmount,
     LoansValidators.validateTenor,
-    LoansController.create_loan);
-router.patch('/loans/:id/approve', LoansController.approve_or_reject_loan);
-router.patch('/loans/:id/reject', LoansController.approve_or_reject_loan);
-router.get(
-    '/loans/:id/repayments', LoansController.loan_repayment_history
+    LoansController.create_loan
+);
+router.patch('/loans/:id/approve',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.approve_or_reject_loan
+);
+router.patch('/loans/:id/reject',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.approve_or_reject_loan
+);
+router.get('/loans/:id/repayments',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.loan_repayment_history
 );
 router.post('/loans/:id/repayment',
+    AuthenticationMiddleware.verifyToken,
     LoansValidators.validateRepayAmount,
-    LoansController.post_repayment);
-router.get('/repayments', LoansController.get_all_repayments);
-router.get('/repayments/:id', LoansController.get_repayment);
+    LoansController.post_repayment
+);
+router.get('/repayments',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_all_repayments
+);
+router.get('/repayments/:id',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_repayment
+);
 
 export default router;
diff --git a/test/loans-spec.js b/test/loans-spec.js
@@ -6,8 +6,7 @@ import assert from 'assert';
 import app from '../app';
 
 import { test_logger } from '../utils/loggers';
-import createDB from '../utils/createDB';
-import clearDB from '../utils/clearDB';
+import { createDB, clearDB } from '../utils/localDbOps';
 
 const server = supertest.agent(app);
 
@@ -109,7 +108,7 @@ describe('/api/v1/loans', () => {
                 .end((err, res) => {
                     res.status.should.equal(404);
                     res.body.error.should.equal(
-                        `Loan with id ${id} does not exist`);
+                        `Loan with id ${id} not found`);
                     done();
                 });
         });
@@ -203,7 +202,7 @@ describe('/api/v1/loans', () => {
                 .end((err, res) => {
                     res.status.should.equal(404);
                     res.body.error.should.equal(
-                        `Loan with id ${id} does not exist.`);
+                        `Loan with id ${id} not found`);
                     done();
                 });
         });