banana/definma-api
Archived
2
Fork 0
Code Releases Activity

added passreset and mail helper

Browse Source
This commit is contained in:
VLE2FE
2020-04-23 17:46:00 +02:00
parent 1a3fdc567d
commit 4e68267bfd
8 changed files with 220 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
src/routes/user.spec.ts
View File

@ -105,4 +105,96 @@ describe('/user/new', () => {
done();
});
});
});
describe('/user/passreset', () => {
let server;
before(done => {
process.env.port = '2999';
process.env.NODE_ENV = 'test';
db.connect('test', done);
});
beforeEach(done => {
delete require.cache[require.resolve('../index')]; // prevent loading from cache
server = require('../index');
db.drop(err => { // reset database
if (err) return done(err);
db.loadJson(require('../test/db.json'), done);
});
});
afterEach(done => {
server.close(done);
});
it('returns the ok response', done => {
supertest(server)
.post('/user/passreset')
.send({
email: 'jane.doe@bosch.com',
name: 'janedoe'
})
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done(err);
should(res.body).be.eql({status: 'OK'});
done();
});
});
it('returns 404 for wrong username/email combo', done => {
supertest(server)
.post('/user/passreset')
.send({
email: 'jane.doe@bosch.com',
name: 'admin'
})
.expect('Content-type', /json/)
.expect(404)
.end((err, res) => {
if (err) done(err);
should(res.body).be.eql({status: 'Not found'});
done();
});
});
it('returns 404 for unknown username', done => {
supertest(server)
.post('/user/passreset')
.send({
email: 'jane.doe@bosch.com',
name: 'admin'
})
.expect('Content-type', /json/)
.expect(404)
.end((err, res) => {
if (err) done(err);
should(res.body).be.eql({status: 'Not found'});
done();
});
});
it('changes the user password', done => {
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
if (err) return done(err);
const oldpass = data[0].pass;
supertest(server)
.post('/user/passreset')
.send({
email: 'jane.doe@bosch.com',
name: 'janedoe'
})
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done(err);
should(res.body).be.eql({status: 'OK'});
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
if (err) return done(err);
should(data[0].pass).not.eql(oldpass);
done();
});
});
});
});
});

25
src/routes/user.ts
View File

@ -3,6 +3,7 @@ import mongoose from 'mongoose';
import bcrypt from 'bcryptjs';
import UserValidate from './validate/user';
import UserModel from '../models/user';
import mail from '../helpers/mail';
const router = express.Router();
@ -11,7 +12,6 @@ router.get('/users', (req, res) => {
});
router.post('/user/new', (req, res, next) => {
console.log(req.authDetails);
if (!req.auth(res, ['admin'], 'basic')) return;
// validate input
@ -40,4 +40,27 @@ router.post('/user/new', (req, res, next) => {
});
});
router.post('/user/passreset', (req, res, next) => {
// check if user/email combo exists
UserModel.find({name: req.body.name, email: req.body.email}).lean().exec( 'find', (err, data) => {
if (err) next(err);
if (data.length === 1) { // it exists
const newPass = Math.random().toString(36).substring(2);
bcrypt.hash(newPass, 10, (err, hash) => { // password hashing
if (err) next(err);
UserModel.findOneAndUpdate({name: req.body.name, email: req.body.email}, {pass: hash}, err => {
if (err) next(err);
mail(data[0].email, 'Your new password for the DFOP database', 'Hi, <br><br> You requested to reset your password.<br>Your new password is:<br><br>' + newPass + '<br><br>If you did not request a password reset, talk to the sysadmin quickly!<br><br>Have a nice day.<br><br>The DFOP team', err => {
if (err) next(err);
res.json({status: 'OK'});
});
});
});
}
else {
res.status(404).json({status: 'Not found'});
}
});
});
module.exports = router;