Skip to content

Fix #1222: Handle unregistered email in forgot password route with 404 #1232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix #1222: Handle unregistered email in forgot password route with 404 #1232

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions backend/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

130 changes: 71 additions & 59 deletions backend/src/controllers/middlewaresControllers/createAuthMiddleware/forgetPassword.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,79 +1,91 @@
const Joi = require('joi');

const mongoose = require('mongoose');

const checkAndCorrectURL = require('./checkAndCorrectURL');
const sendMail = require('./sendMail');
const shortid = require('shortid');
const { loadSettings } = require('@/middlewares/settings');

const { useAppSettings } = require('@/settings');

const forgetPassword = async (req, res, { userModel }) => {
const UserPassword = mongoose.model(userModel + 'Password');
const User = mongoose.model(userModel);
const { email } = req.body;
try {
const UserPassword = mongoose.model(userModel + 'Password');
const User = mongoose.model(userModel);
const { email } = req.body;
// validate email

// validate
const objectSchema = Joi.object({
email: Joi.string()
.email({ tlds: { allow: true } })
.required(),
});
const { error } = Joi.object({
email: Joi.string()
.email({ tlds: { allow: true } })
.required(),
}).validate({ email });

const { error, value } = objectSchema.validate({ email });
if (error) {
return res.status(409).json({
success: false,
result: null,
error: error,
message: 'Invalid email.',
errorMessage: error.message,
});
}

const user = await User.findOne({ email: email, removed: false });
const databasePassword = await UserPassword.findOne({ user: user._id, removed: false });

// console.log(user);
if (!user)
return res.status(404).json({
success: false,
result: null,
message: 'No account with this email has been registered.',
});
if (error) {
return res.status(400).json({
success: false,
result: null,
error: error,
message: 'Invalid email.',
errorMessage: error.message,
});
}
const user = await User.findOne({ email: email, removed: false });
// console.log(user);
if (!user) {
return res.status(404).json({
success: false,
result: null,
message: 'No account with this email has been registered.',
});
}

const resetToken = shortid.generate();
await UserPassword.findOneAndUpdate(
{ user: user._id },
{ resetToken },
{
new: true,
const resetToken = shortid.generate();
const userPassword = await UserPassword.findOneAndUpdate(
{ user: user._id },
{ resetToken },
{
new: true,
upsert: true,
}
).exec();
// Check if update was successful
if (!userPassword) {
return res.status(500).json({
success: false,
result: null,
message: 'Error updating reset token. Please try again.',
});
}
).exec();

const settings = useAppSettings();
const idurar_app_email = settings['idurar_app_email'];
const idurar_base_url = settings['idurar_base_url'];
const settings = useAppSettings();
const idurar_app_email = settings['idurar_app_email'];
const idurar_base_url = settings['idurar_base_url'];

const url = checkAndCorrectURL(idurar_base_url);
const url = checkAndCorrectURL(idurar_base_url);

const link = url + '/resetpassword/' + user._id + '/' + resetToken;
const link = `${url}/resetpassword/${user._id}/${resetToken}`;

await sendMail({
email,
name: user.name,
link,
subject: 'Reset your password | idurar',
idurar_app_email,
type: 'passwordVerfication',
});
await sendMail({
email,
name: user.name,
link,
subject: 'Reset your password | idurar',
idurar_app_email,
type: 'passwordVerification',
});

return res.status(200).json({
success: true,
result: null,
message: 'Check your email inbox , to reset your password',
});
return res.status(200).json({
success: true,
result: null,
message: 'Check your email inbox to reset your password',
});
} catch (err) {
console.error('Forget Password Error:', err);
return res.status(500).json({
success: false,
result: null,
message: 'An unexpected error occurred. Please try again later.',
error: err.message,
});
}
};

module.exports = forgetPassword;