Merge f010bb6 into 532f177

chidimo · May 23, 2019 · b198e55 · b198e55
2 parents 532f177 + f010bb6
commit b198e55
Show file tree

Hide file tree

Showing 15 changed files with 202 additions and 69 deletions.
diff --git a/app.js b/app.js
@@ -18,7 +18,7 @@ app.use(express.urlencoded({ extended: true }));
 app.use(cookieParser());
 app.use(express.static(path.join(__dirname, 'public')));
 app.use(validator());
-app.use(cors());
+app.use(cors('*'));
 
 app.use('/', indexRouter);
 

diff --git a/controllers/LoansController.js b/controllers/LoansController.js
@@ -38,7 +38,7 @@ const LoansController = {
             }
             return res.status(200).json({ data: data.rows });
         }
-        catch (e) { throw InternalServerError(res, e); }
+        catch (e) { return InternalServerError(res, e); }
     },
 
     get_loan: async (req, res) => {
@@ -83,7 +83,7 @@ const LoansController = {
             return res.status(404)
                 .json({ error: `Loan with id ${id} does not exist.` });
         }
-        catch (e) { throw InternalServerError(res, e); }
+        catch (e) { return InternalServerError(res, e); }
     },
 
     loan_repayment_history: async (req, res) => {
@@ -93,7 +93,7 @@ const LoansController = {
                 return await loan_repayment_history(repayments_model, req, res);
             }
         }
-        catch (e) { throw InternalServerError(res, e); }
+        catch (e) { return InternalServerError(res, e); }
     },
 
     post_repayment: async (req, res) => {
@@ -123,7 +123,7 @@ const LoansController = {
             );
             return res.status(200).json({ data: data.rows });
         }
-        catch (e) { throw InternalServerError(res, e); }
+        catch (e) { return InternalServerError(res, e); }
     },
 };
 

diff --git a/controllers/UsersController.js b/controllers/UsersController.js
@@ -1,13 +1,57 @@
+import generatePassword from 'password-generator';
 import Model from '../models/Model';
 import { InternalServerError } from '../utils/errorHandlers';
 import {
-    get_existing_user, check_user_exists, update_if_exists
+    get_existing_user,
+    check_user_exists,
+    update_if_exists,
+    check_password,
+    update_pass,
+    sendPassword
 } from './helpers/AuthController';
 import { aws_signed_url, } from './helpers/UsersController';
 
 const users_model = new Model('users');
 
 const UsersController = {
+    reset_password: async (req, res) => {
+        const { email } = req.params;
+        const { current_password, confirm_new, new_pass } = req.body;
+
+        const remember_password = (
+            (current_password !== '') &&
+            (new_pass !== '') &&
+            (confirm_new !== '')
+        );
+
+        const clause = `WHERE email='${email}'`;
+        try {
+            const exists = await check_user_exists(users_model, clause, res);
+            if (exists) {
+                if (remember_password) {
+                    const knows_pass = await check_password(
+                        users_model, email, current_password, res);
+
+                    if (knows_pass) {
+                        await update_pass(users_model, new_pass, clause, res);
+                        sendPassword(email, new_pass);
+                        return res.status(204)
+                            .json({ message: 'Password has been emailed to you.' });
+                    }
+                    return res.status(404)
+                        .json({ error: 'You entered an incorrect password' });
+                }
+                const new_password = generatePassword();
+                await update_pass(users_model, new_password, clause, res);
+                sendPassword(email, new_password);
+                return res.status(204).json({ message: 'Password has been emailed to you.' });
+            }
+            return res.status(404)
+                .json({ error: `User with email ${email} not found` });
+        }
+        catch (e) { return; }
+    },
+
     confirm_account: async (req, res) => {
         try {
 
@@ -55,12 +99,10 @@ const UsersController = {
                     rows, `WHERE status='${status}'`
                 );
             }
-            else {
-                data = await users_model.select(rows);
-            }
+            else { data = await users_model.select(rows); }
             return res.status(200).json({ data: data.rows });
         }
-        catch (e) { throw InternalServerError(res, e); }
+        catch (e) { return InternalServerError(res, e); }
     },
 
     update_user_profile: async (req, res) => {

diff --git a/controllers/helpers/AuthController.js b/controllers/helpers/AuthController.js
@@ -3,7 +3,7 @@ import titlecase from 'titlecase';
 
 import { InternalServerError } from '../../utils/errorHandlers';
 import sendEmail from '../../utils/sendEmail';
-import { async } from 'rxjs/internal/scheduler/async';
+import hashPassword from '../../utils/hashPassword';
 
 export const sendSignUpMessage = (user, req) => {
     const path = `/users/${user.id}/account-confirmation`;
@@ -22,6 +22,18 @@ export const sendSignUpMessage = (user, req) => {
     return;
 };
 
+export const sendPassword = (email, new_password) => {
+    const template_data = {
+        new_password,
+    };
+    const data = {
+        email,
+        template_name: 'new_password',
+    };
+    sendEmail(data, template_data);
+    return;
+};
+
 export const check_user_exists = async (model_instance, clause, res) => {
     try {
         const { rows } = await model_instance.select(
@@ -30,7 +42,7 @@ export const check_user_exists = async (model_instance, clause, res) => {
         if (user) return true;
         return false;
     }
-    catch (e) { throw InternalServerError(res, e);}
+    catch (e) { return InternalServerError(res, e);}
 };
 
 export const check_password = async (model_instance, email, password, res) => {
@@ -41,21 +53,20 @@ export const check_password = async (model_instance, email, password, res) => {
         if (bcrypt.compareSync(password, user.password)) return true;
         return false;
     }
-    catch (e) { throw InternalServerError(res, e);}
+    catch (e) { return InternalServerError(res, e);}
 };
 
 export const add_user_to_db = async (model_instance, req, res) => {
     const { email, password, firstname, lastname } = req.body;
-    const hashedPassword = bcrypt.hashSync(password, 8);
 
     try {
         return await model_instance.insert_with_return(
             '(email, firstname, lastname, password)',
             `'${email}', '${firstname}', '${lastname}', 
-            '${hashedPassword}'`
+            '${hashPassword(password)}'`
         );                    
     }
-    catch (e) { throw InternalServerError(res, e);}
+    catch (e) { return InternalServerError(res, e);}
 };
 
 export const get_existing_user = async (model_instance, res, clause) => {
@@ -68,7 +79,7 @@ export const get_existing_user = async (model_instance, res, clause) => {
         );
         return rows[0];
     }
-    catch (e) { throw InternalServerError(res, e); }
+    catch (e) { return InternalServerError(res, e); }
 };
 
 export const update_if_exists = async (model_instance, 
@@ -86,3 +97,11 @@ export const update_if_exists = async (model_instance,
     }
     catch (e) { return; }
 };
+
+export const update_pass = async (model_instance, password, clause, res) => {
+    try {
+        await model_instance.update(
+            `password='${hashPassword(password)}'`, clause);
+    }
+    catch (e) { return InternalServerError(res, e); }
+};
diff --git a/controllers/helpers/LoansController.js b/controllers/helpers/LoansController.js
@@ -47,7 +47,7 @@ export const check_loan_existence = async (model_instance, req, res) => {
         const [ loan, ] = rows;
         if (loan) return loan;
     }
-    catch (e) { throw InternalServerError(res, e);}
+    catch (e) { return InternalServerError(res, e);}
 };
 
 export const add_loan_to_db = async (model_instance, req, res) => {
@@ -64,7 +64,7 @@ export const add_loan_to_db = async (model_instance, req, res) => {
             `'${userid}', '${useremail}', '${amount}', '${tenor}', 
             '${interest}', '${balance}', '${paymentinstallment}'`);        
     }
-    catch (e) { throw InternalServerError(res, e);}
+    catch (e) { return InternalServerError(res, e);}
 };
 
 export const update_loan_status = async (model_instance, req, res) => {
@@ -73,7 +73,7 @@ export const update_loan_status = async (model_instance, req, res) => {
         await model_instance.update(
             `status='${req.status}'`, `WHERE id=${id}`);
     }
-    catch (e) { throw InternalServerError(res, e); }
+    catch (e) { return InternalServerError(res, e); }
 };
 
 export const update_loan_balance = async (model_instance, req, res) => {
@@ -83,7 +83,7 @@ export const update_loan_balance = async (model_instance, req, res) => {
         await model_instance.incrementation_update(
             'balance', `${amount}`, `WHERE id=${id}`);
     }
-    catch (e) { throw InternalServerError(res, e); }
+    catch (e) { return InternalServerError(res, e); }
 };
 
 export const get_loan_by_id = async (model_instance, id, res) => {
@@ -96,7 +96,7 @@ export const get_loan_by_id = async (model_instance, id, res) => {
         return rows[0];
     }
     catch (e) {
-        throw InternalServerError(res, e);
+        return InternalServerError(res, e);
     }
 };
 
@@ -110,7 +110,7 @@ export const loan_repayment_history = async (model_instance, req, res) => {
         );
         return res.status(200).json({ data: rows });
     }
-    catch (e) { throw InternalServerError(res, e);}
+    catch (e) { return InternalServerError(res, e);}
 };
 
 export const add_repayment_to_db = async (model_instance, req, res) => {
@@ -121,7 +121,7 @@ export const add_repayment_to_db = async (model_instance, req, res) => {
             '(loanid, adminid, amount)',
             `'${id}', '${adminid}', '${amount}'`);                    
     }
-    catch (e) { throw InternalServerError(res, e);}
+    catch (e) { return InternalServerError(res, e);}
 };
 
 export const get_repayment_from_db = async (model_instance, id, res) => {
@@ -131,7 +131,7 @@ export const get_repayment_from_db = async (model_instance, id, res) => {
         );
         return rows[0];
     }
-    catch (e) { throw InternalServerError(res, e); }
+    catch (e) { return InternalServerError(res, e); }
 };
 
 export const return_repay_or_error = async (model_instance, id, res, code) => {

diff --git a/middleware/authentication.js b/middleware/authentication.js
@@ -10,17 +10,20 @@ const AuthenticationMiddleware = {
         return next();
     },
 
-    // verifyToken: (req, res, next) => {
-    //     const token = req.headers['x-access-token'];
-    //     try {
-    //         req.user = jwt.verify(token, Settings.jwtSecret);
-    //         req.token = token;
-    //         return next();
-    //     }
-    //     catch (e) {
-    //         return res.status(422).json({ error: 'Invalid token' });
-    //     }
-    // }
+    verifyToken: (req, res, next) => {
+        if (Settings.skipTokenVerification) {
+            return next();
+        }
+        const token = req.headers['x-access-token'];
+        try {
+            req.user = jwt.verify(token, Settings.jwtSecret);
+            req.token = token;
+            return next();
+        }
+        catch (e) {
+            return res.status(422).json({ error: 'Invalid token' });
+        }
+    }
 };
 
 export default AuthenticationMiddleware;