✨ Add support for auth/login

AnandChowdhary · AnandChowdhary · commit bd33c98469eb · 2019-04-28T12:39:32.000+05:30
diff --git a/src/helpers/jwt.ts b/src/helpers/jwt.ts
@@ -9,7 +9,8 @@ export const generateToken = (
 ) =>
   new Promise((resolve, reject) => {
     sign(
-      payload,
+      // Payload is expected to be a plain object
+      JSON.parse(JSON.stringify(payload)),
       JWT_SECRET,
       {
         expiresIn,
diff --git a/src/helpers/middleware.ts b/src/helpers/middleware.ts
@@ -9,7 +9,7 @@ export const errorHandler = (
   res: Response,
   next: NextFunction
 ) => {
-  console.log(error);
+  console.log(error.toString());
   const response = safeError(error.toString().replace("Error: ", ""));
   res.status(response.status);
   res.json({ error: response.code, message: response.message });
diff --git a/src/helpers/mysql.ts b/src/helpers/mysql.ts
@@ -11,6 +11,7 @@ import { BackupCode } from "../interfaces/tables/backup-codes";
 import { Email } from "../interfaces/tables/emails";
 import { Membership } from "../interfaces/tables/memberships";
 import { Organization } from "../interfaces/tables/organization";
+import { Event } from "../interfaces/tables/events";
 
 export const pool = createPool({
   host: DB_HOST,
diff --git a/src/interfaces/enum.ts b/src/interfaces/enum.ts
@@ -31,6 +31,6 @@ export enum ErrorCode {
   MISSING_PASSWORD = "422/missing-password",
   MISSING_FIELD = "422/missing-field",
   USER_NOT_FOUND = "404/user-not-found",
-  INVALID_LOGIN = "301/invalid-login",
+  INVALID_LOGIN = "401/invalid-login",
   DEFAULT = "500/server-error"
 }
diff --git a/src/rest/auth.ts b/src/rest/auth.ts
@@ -12,7 +12,7 @@ import {
 import { KeyValue, Locals } from "../interfaces/general";
 import { createEvent } from "../crud/event";
 import { EventType, ErrorCode, UserRole } from "../interfaces/enum";
-import { compare } from "bcrypt";
+import { compare, hash } from "bcrypt";
 import { deleteSensitiveInfoUser } from "../helpers/utils";
 import { createMembership } from "../crud/membership";
 
@@ -83,7 +83,8 @@ export const sendPasswordReset = async (email: string, locals: Locals) => {
   await createEvent(
     {
       userId: user.id,
-      type: EventType.AUTH_PASSWORD_RESET_REQUESTED
+      type: EventType.AUTH_PASSWORD_RESET_REQUESTED,
+      data: { token }
     },
     locals
   );
@@ -103,3 +104,21 @@ export const verifyEmail = async (token: string, locals: Locals) => {
   );
   return await updateEmail(emailId, { isVerified: true });
 };
+
+export const updatePassword = async (
+  token: string,
+  password: string,
+  locals: Locals
+) => {
+  const userId = (<KeyValue>await verifyToken(token, "password-reset")).id;
+  const hashedPassword = await hash(password || "", 8);
+  await updateUser(userId, { password: hashedPassword });
+  await createEvent(
+    {
+      userId,
+      type: EventType.AUTH_PASSWORD_CHANGED
+    },
+    locals
+  );
+  return;
+};
diff --git a/src/routes/auth.ts b/src/routes/auth.ts
@@ -1,6 +1,6 @@
 import { Request, Response } from "express";
 import { ErrorCode } from "../interfaces/enum";
-import { sendPasswordReset, login } from "../rest/auth";
+import { sendPasswordReset, login, updatePassword } from "../rest/auth";
 import { verifyToken } from "../helpers/jwt";
 
 export const routeAuthVerifyToken = async (req: Request, res: Response) => {
@@ -28,9 +28,24 @@ export const routeAuthLogin = async (req: Request, res: Response) => {
   }
 };
 
-export const routeAuthResetPassword = async (req: Request, res: Response) => {
+export const routeAuthResetPasswordRequest = async (
+  req: Request,
+  res: Response
+) => {
   const email = req.body && req.body.email;
   if (!email) throw new Error(ErrorCode.MISSING_FIELD);
   res.json({ queued: true });
   return await sendPasswordReset(email, res.locals);
 };
+
+export const routeAuthResetPasswordRecover = async (
+  req: Request,
+  res: Response
+) => {
+  const token =
+    req.body.token || (req.get("Authorization") || "").replace("Bearer ", "");
+  const password = req.body.password;
+  if (!token || !password) throw new Error(ErrorCode.MISSING_FIELD);
+  await updatePassword(token, password, res.locals);
+  res.json({ success: true });
+};
diff --git a/src/routes/index.ts b/src/routes/index.ts
@@ -5,9 +5,10 @@ import { routeEmailVerify } from "./emails";
 import { routeOrganizationCreate } from "./organizations";
 import { authHandler } from "../helpers/middleware";
 import {
-  routeAuthResetPassword,
   routeAuthVerifyToken,
-  routeAuthLogin
+  routeAuthLogin,
+  routeAuthResetPasswordRequest,
+  routeAuthResetPasswordRecover
 } from "./auth";
 
 export const router = (app: Application) => {
@@ -24,7 +25,14 @@ export const router = (app: Application) => {
 const routesAuth = (app: Application) => {
   app.post("/auth/login", asyncHandler(routeAuthLogin));
   app.post("/auth/verify-token", asyncHandler(routeAuthVerifyToken));
-  app.post("/auth/reset-password", asyncHandler(routeAuthResetPassword));
+  app.post(
+    "/auth/reset-password/request",
+    asyncHandler(routeAuthResetPasswordRequest)
+  );
+  app.post(
+    "/auth/reset-password/recover",
+    asyncHandler(routeAuthResetPasswordRecover)
+  );
 };
 
 const routesUser = (app: Application) => {

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,6 @@ export enum ErrorCode {`
`31`	`31`	`MISSING_PASSWORD = "422/missing-password",`
`32`	`32`	`MISSING_FIELD = "422/missing-field",`
`33`	`33`	`USER_NOT_FOUND = "404/user-not-found",`
`34`		`- INVALID_LOGIN = "301/invalid-login",`
	`34`	`+ INVALID_LOGIN = "401/invalid-login",`
`35`	`35`	`DEFAULT = "500/server-error"`
`36`	`36`	`}`