From 5e908fefa21d223bd84a81fc32742b95b1855a3d Mon Sep 17 00:00:00 2001
From: sudip22-p <paudelsudip134@gmail.com>
Date: Tue, 18 Mar 2025 21:29:33 +0545
Subject: [PATCH] Fix: Handle unregistered email in forgot password route with
 404

---
 backend/package-lock.json                     |   4 +-
 .../createAuthMiddleware/forgetPassword.js    | 130 ++++++++++--------
 2 files changed, 73 insertions(+), 61 deletions(-)

diff --git a/backend/package-lock.json b/backend/package-lock.json
index 3635c8039..73eb533c4 100644
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "idurar-erp-crm",
-  "version": "4.0.0",
+  "version": "4.1.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "idurar-erp-crm",
-      "version": "4.0.0",
+      "version": "4.1.0",
       "license": "Fair-code License",
       "dependencies": {
         "@aws-sdk/client-s3": "^3.509.0",
diff --git a/backend/src/controllers/middlewaresControllers/createAuthMiddleware/forgetPassword.js b/backend/src/controllers/middlewaresControllers/createAuthMiddleware/forgetPassword.js
index 176cdd1ce..76bdd010b 100644
--- a/backend/src/controllers/middlewaresControllers/createAuthMiddleware/forgetPassword.js
+++ b/backend/src/controllers/middlewaresControllers/createAuthMiddleware/forgetPassword.js
@@ -1,79 +1,91 @@
 const Joi = require('joi');
-
 const mongoose = require('mongoose');
-
 const checkAndCorrectURL = require('./checkAndCorrectURL');
 const sendMail = require('./sendMail');
 const shortid = require('shortid');
-const { loadSettings } = require('@/middlewares/settings');
-
 const { useAppSettings } = require('@/settings');
 
 const forgetPassword = async (req, res, { userModel }) => {
-  const UserPassword = mongoose.model(userModel + 'Password');
-  const User = mongoose.model(userModel);
-  const { email } = req.body;
+  try {
+    const UserPassword = mongoose.model(userModel + 'Password');
+    const User = mongoose.model(userModel);
+    const { email } = req.body;
+    // validate email
 
-  // validate
-  const objectSchema = Joi.object({
-    email: Joi.string()
-      .email({ tlds: { allow: true } })
-      .required(),
-  });
+    const { error } = Joi.object({
+      email: Joi.string()
+        .email({ tlds: { allow: true } })
+        .required(),
+    }).validate({ email });
 
-  const { error, value } = objectSchema.validate({ email });
-  if (error) {
-    return res.status(409).json({
-      success: false,
-      result: null,
-      error: error,
-      message: 'Invalid email.',
-      errorMessage: error.message,
-    });
-  }
-
-  const user = await User.findOne({ email: email, removed: false });
-  const databasePassword = await UserPassword.findOne({ user: user._id, removed: false });
-
-  // console.log(user);
-  if (!user)
-    return res.status(404).json({
-      success: false,
-      result: null,
-      message: 'No account with this email has been registered.',
-    });
+    if (error) {
+      return res.status(400).json({
+        success: false,
+        result: null,
+        error: error,
+        message: 'Invalid email.',
+        errorMessage: error.message,
+      });
+    }
+    const user = await User.findOne({ email: email, removed: false });
+    // console.log(user);
+    if (!user) {
+      return res.status(404).json({
+        success: false,
+        result: null,
+        message: 'No account with this email has been registered.',
+      });
+    }
 
-  const resetToken = shortid.generate();
-  await UserPassword.findOneAndUpdate(
-    { user: user._id },
-    { resetToken },
-    {
-      new: true,
+    const resetToken = shortid.generate();
+    const userPassword = await UserPassword.findOneAndUpdate(
+      { user: user._id },
+      { resetToken },
+      {
+        new: true,
+        upsert: true,
+      }
+    ).exec();
+    // Check if update was successful
+    if (!userPassword) {
+      return res.status(500).json({
+        success: false,
+        result: null,
+        message: 'Error updating reset token. Please try again.',
+      });
     }
-  ).exec();
 
-  const settings = useAppSettings();
-  const idurar_app_email = settings['idurar_app_email'];
-  const idurar_base_url = settings['idurar_base_url'];
+    const settings = useAppSettings();
+    const idurar_app_email = settings['idurar_app_email'];
+    const idurar_base_url = settings['idurar_base_url'];
 
-  const url = checkAndCorrectURL(idurar_base_url);
+    const url = checkAndCorrectURL(idurar_base_url);
 
-  const link = url + '/resetpassword/' + user._id + '/' + resetToken;
+    const link = `${url}/resetpassword/${user._id}/${resetToken}`;
 
-  await sendMail({
-    email,
-    name: user.name,
-    link,
-    subject: 'Reset your password | idurar',
-    idurar_app_email,
-    type: 'passwordVerfication',
-  });
+    await sendMail({
+      email,
+      name: user.name,
+      link,
+      subject: 'Reset your password | idurar',
+      idurar_app_email,
+      type: 'passwordVerification',
+    });
 
-  return res.status(200).json({
-    success: true,
-    result: null,
-    message: 'Check your email inbox , to reset your password',
-  });
+    return res.status(200).json({
+      success: true,
+      result: null,
+      message: 'Check your email inbox to reset your password',
+    });
+  } catch (err) {
+    console.error('Forget Password Error:', err);
+    return res.status(500).json({
+      success: false,
+      result: null,
+      message: 'An unexpected error occurred. Please try again later.',
+      error: err.message,
+    });
+  }
 };
 
 module.exports = forgetPassword;