Changed emails templates and link from application validation expiration time

Co-authored-by: Daniel Ferreira <dsantosferreira@users.noreply.github.com>

Author: FranciscoCardoso913

.env

@@ -20,8 +20,8 @@ JWT_SECRET=Lendas contam que o Rui foi membro do IEEE.
 # Frontend Password Recovery Base Route
 PASSWORD_RECOVERY_LINK=https://localhost:3000/recover
 
-# Froantend Application Confirmation Base Route
-APPLICATION_CONFIRMATION_LINK=https://localhost:8087/apply/company/validate/
+# Frontend Application Confirmation Base Route
+APPLICATION_CONFIRMATION_LINK=https://localhost:3000/apply/company/validate/
 
 # Specifies the port in which the app will be exposed
 PORT=8087
@@ -36,17 +36,17 @@ TEST_LOG_REQUESTS=false
 ADMIN_EMAIL=ni@aefeup.pt
 ADMIN_PASSWORD=n1j0bs_ftw.12345
 #CORS allowed origin - OVERRIDE IN PRODUCTION
-ACCESS_CONTROL_ALLOW_ORIGIN=
+ACCESS_CONTROL_ALLOW_ORIGIN=https://localhost
 
 # Mail service information. If you don't provide a MAIL_FROM, no emails will be sent. The app will execute no-ops and won't crash
 # However, if you want to send emails, you need to fill all of the following 2 fields
 # Check this for details on how to configure your personal account for testing (https://support.google.com/accounts/answer/185833?p=InvalidSecondFactor&visit_id=637446218993181653-2339409452&rd=1)
 
 # The email address from which the emails are sent
-MAIL_FROM=jacky88@ethereal.email
+MAIL_FROM=
 
 # Password for email above
-MAIL_FROM_PASSWORD=PgAnnVsAa6Sg8zJp6t
+MAIL_FROM_PASSWORD=
 
 # Cloudinary API URL to save images
 CLOUDINARY_URL=

src/api/middleware/application.js

@@ -1,17 +1,13 @@
 import CompanyApplication, { CompanyApplicationRules } from "../../models/CompanyApplication.js";
 import { APIError, ErrorTypes } from "./errorHandler.js";
 import { StatusCodes as HTTPStatus } from "http-status-codes/build/cjs/status-codes.js";
-export const exceededCreationTimeLimit = async (email) => {
-    const cursor = await CompanyApplication.findOne({ email, isVerified: false }).exec();
-    if (cursor !== null && Date.now() - cursor.submittedAt < 5000 * 60) {
-        throw new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, CompanyApplicationRules.APPLICATION_RECENTLY_CREATED);
-    }
-    return true;
-};
+import { VALIDATION_LINK_EXPIRATION } from "../../models/constants/ApplicationStatus.js";
+import { SECOND_IN_MS } from "../../models/constants/TimeConstants.js";
 
-export const deleteApplications = async (email) => {
-    await CompanyApplication.deleteMany({ email: email, isVerified: false }).catch(function(error) {
-        console.error(error);
-        throw (error); // Failure
-    });
+export const exceededCreationTimeLimit = async (req, res, next) => {
+    const application = await CompanyApplication.findOne({ email: req.body.email, isVerified: false });
+    if (application !== null && Date.now() < application.submittedAt.getTime() + (VALIDATION_LINK_EXPIRATION * SECOND_IN_MS)) {
+        return next(new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, CompanyApplicationRules.APPLICATION_RECENTLY_CREATED.msg));
+    }
+    return next();
 };

src/api/middleware/auth.js

@@ -79,15 +79,19 @@ export const hasAdminPrivileges = async (req, res, next) => {
 
 export const validToken = (req, res, next) => {
     try {
-        const decoded = verifyAndDecodeToken(req.params.token, config.jwt_secret, next);
+        const decoded = verifyAndDecodeToken(req.params.token, config.jwt_secret);
 
         storeInLocals(req, {
             token: decoded,
         });
 
         return next();
-    } catch (err) {
-        console.log(err);
-        return next(err);
+    } catch (jwtErr) {
+        console.log(jwtErr);
+        if (jwtErr.name === "TokenExpiredError") {
+            return next(new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, ValidationReasons.EXPIRED_TOKEN));
+        } else {
+            return next(new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, ValidationReasons.INVALID_TOKEN));
+        }
     }
 };

src/api/middleware/validators/validationReasons.js

@@ -49,7 +49,6 @@ const ValidationReasons = Object.freeze({
     IMAGE_FORMAT: "formats-supported-png-jpeg-jpg",
     OFFER_BLOCKED_ADMIN: "offer-blocked-by-admin",
     OFFER_HIDDEN: "offer-is-hidden",
-    ALREADY_VALIDATED: "application-already-validated",
     NON_EXISTING_APPLICATION: "application-does-not-exist",
     FILE_TOO_LARGE: (max) => `file-cant-be-larger-than-${max}MB`
 });

src/api/routes/application.js

@@ -1,9 +1,10 @@
 import { Router } from "express";
 import * as validators from "../middleware/validators/application.js";
-import ApplicationService from "../../services/application.js";
+import ApplicationService, { CompanyApplicationAlreadyValidated } from "../../services/application.js";
 import * as applicationMiddleware from "../middleware/application.js";
 import { validToken } from "../middleware/auth.js";
 import { StatusCodes as HTTPStatus } from "http-status-codes/build/cjs/status-codes.js";
+import { buildErrorResponse, ErrorTypes } from "../middleware/errorHandler.js";
 
 const router = Router();
 
@@ -13,11 +14,10 @@ export default (app) => {
     /**
      * Creates a new Company Application
      */
-    router.post("/", validators.create, async (req, res, next) => {
+    router.post("/", validators.create, applicationMiddleware.exceededCreationTimeLimit, async (req, res, next) => {
         try {
-            await applicationMiddleware.exceededCreationTimeLimit(req.body.email);
-            await applicationMiddleware.deleteApplications(req.body.email);
             const applicationService = new ApplicationService();
+            await applicationService.deleteApplications(req.body.email);
             // This is safe since the service is destructuring the passed object and the fields have been validated
             const application = await applicationService.create(req.body);
             return res.json(application);
@@ -32,6 +32,11 @@ export default (app) => {
             await new ApplicationService().applicationValidation(id);
             return res.status(HTTPStatus.OK).json({});
         } catch (err) {
+            if (err instanceof CompanyApplicationAlreadyValidated) {
+                return res
+                    .status(HTTPStatus.CONFLICT)
+                    .json(buildErrorResponse(ErrorTypes.FORBIDDEN, [{ msg: err.message }]));
+            }
             console.error(err);
             return next(err);
         }

src/email-templates/companyApplicationApproval.js

@@ -23,4 +23,3 @@ export const REJECTION_NOTIFICATION = (companyName) => ({
     template: "rejection_notification",
     context: { companyName },
 });
-

src/email-templates/confirm-application.handlebars

@@ -1,5 +1,6 @@
 <h1>Confirm your NIJobs application</h1>
-<p>Please follow this <a href="{{link}}" target="_blank">link</a> to finish the process. Note that the link will be expired in 5 minutes.</p>    
+<p>We have successfully received your application!</p>
+<p>Please follow this <a href="{{link}}" target="_blank">link</a> to finish the process. Note that the link will expire in 10 minutes.</p>    
 <br>
 <p>If you did not request this or need anything else, please contact us at <a href="mailto:nijobs@aefeup.pt">nijobs@aefeup.pt</a>!</p><br>
 <p>Sincerely,</p>

src/email-templates/new_company_application_company.handlebars

@@ -1,8 +1,9 @@
-<h1>We have successfully received your application!</h1>
-<p>We will now review your application, and in case you're approved, you will receive another email with further instructions in order to complete your registration.</p>    
+<h1>Your application has been validated!</h1>
+<p>We will now review your application, and in case you're approved, you will receive another email with further instructions in order to complete your registration.</p>
 <p>Your Application ID is {{applicationId}} and you registered {{companyName}}</p>
+<p>Once you're approved, you will receive an email, and then you can log into NIJobs! Do not forget your password, you will need it on the first login.</p>
 <br>
 <p>If you did not request this or if you need anything else, don't hesitate to contact us at <a href="mailto:nijobs@aefeup.pt">nijobs@aefeup.pt</a>!</p>
 <br>
 <p>Sincerely,</p>
-<p>NIJobs team at NIAEFEUP</p>
+<p>NIJobs team at NIAEFEUP</p>

src/lib/emailService.js

@@ -6,24 +6,13 @@ export class EmailService {
 
     async init({ email: user, password: pass }) {
         this.email = user;
-        /* const transporter = await nodemailer.createTransport({
-            pool: true,
-            host: "smtp.gmail.com",
-            port: 465,
-            secure: true,
-            auth: {
-                user,
-                pass
-            },
-            connectionTimeout: 30000
-        });
-        console.log("transporter");*/
         const transporter = nodemailer.createTransport({
-            host: "smtp.ethereal.email",
+            host: 'smtp.ethereal.email',
             port: 587,
+            secure: false, // true for 465, false for other ports
             auth: {
-                user: "naomie.koelpin2@ethereal.email",
-                pass: "NGEVbMnTZzyA3MQD3V"
+                user: "magdalen.labadie@ethereal.email", // generated ethereal user
+                pass: "GjdJdafFyj5svQBzJJ"// generated ethereal password
             }
         });
 

src/lib/token.js

@@ -1,22 +1,9 @@
 import jwt from "jsonwebtoken";
-import { APIError, ErrorTypes } from "../api/middleware/errorHandler.js";
-import { StatusCodes as HTTPStatus } from "http-status-codes/build/cjs/status-codes.js";
-import ValidationReasons from "../api/middleware/validators/validationReasons.js";
 
 export const generateToken = (data, secret, expiresInSeconds) => jwt.sign(
     { ...data },
     secret,
     { expiresIn: `${expiresInSeconds} seconds`, algorithm: "HS256" }
 );
 
-export const verifyAndDecodeToken = (token, secret, next) => {
-    try {
-        return jwt.verify(token, secret, { algorithm: "HS256" });
-    } catch (jwtErr) {
-        if (jwtErr.name === "TokenExpiredError") {
-            return next(new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, ValidationReasons.EXPIRED_TOKEN));
-        } else {
-            return next(new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, ValidationReasons.INVALID_TOKEN));
-        }
-    }
-};
+export const verifyAndDecodeToken = (token, secret) => jwt.verify(token, secret, { algorithm: "HS256" });