Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#187419058 Reset password via email #17

Merged
merged 1 commit into from
Apr 29, 2024
Merged

#187419058 Reset password via email #17

merged 1 commit into from
Apr 29, 2024

Conversation

YvetteNyibuka
Copy link
Collaborator

What does this PR do?

      Enables users who forgot his/her password to reset it and get a new one without creating a new account

Description of Task to be completed?

  1. A user who forgot their password can request resetting it
  2. Sending a reset password email containing a link along with a token to reset the password
  3. Reset the password using the provided token
  4. Token is used only once even if it is not expired

How should this be manually tested?

  1. Chrone Repository into your local machine
  2. Run npm install
  3. Fill all environment variables in .env file as they appear in .env example file
  4. Run npm run dev
  5. Use Postman to create a user on the endpoint: api/v1/users/register
  6. Create another request in Postman to request a password reset on the endpoint: /api/v1/users/forgot-password
  7. Check the message containing the reset link on the email you have provided or the one of the account you are resetting the password for
  8. Add another request for resetting the password by setting the token you have got from the above step in the params on the endpoint: /api/v1/users/reset-password/:token and provide a new password in the body
  9. Try login with both old and new passwords to see if the reset happened successfully on the endpoint: /api/v1/users/login

What are the relevant pivotal tracker/Trello stories?

#187419058

hound[bot]
hound bot reviewed Apr 23, 2024
View reviewed changes
src/controllers/resetPasswort.ts Outdated
@@ -0,0 +1,99 @@
import { Request, Response, NextFunction } from 'express';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'

codeclimate[bot]
codeclimate bot reviewed Apr 23, 2024
View reviewed changes
src/controllers/resetPasswort.ts Outdated
};


export const resetPassword = async (req: Request, res: Response, next: NextFunction) => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function resetPassword has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

src/helpers/security.helpers.ts Outdated

export const generateAccessToken = (userData: TokenData) => {
const token = jwt.sign(userData, ACCESS_TOKEN_SECRET as string, {
expiresIn: "1d",
});
return token;
};
export const generatePasswordResetToken = (userData1: resetTokenData) => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

@YvetteNyibuka YvetteNyibuka changed the title feat(Reset-password):User who forgot password can reset it via email ft(Reset-password):User who forgot password can reset it via email Apr 24, 2024
@YvetteNyibuka YvetteNyibuka changed the title ft(Reset-password):User who forgot password can reset it via email #187419058 User who forgot password can reset it via email Apr 24, 2024
@YvetteNyibuka YvetteNyibuka changed the title #187419058 User who forgot password can reset it via email #187419058 Reset password via email Apr 24, 2024
@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch from 3bba3d8 to d0f87db Compare April 25, 2024 08:21
@gitguardian GitGuardian
Copy link

gitguardian bot commented Apr 25, 2024
edited
Loading

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

codeclimate[bot]
codeclimate bot reviewed Apr 25, 2024
View reviewed changes
src/controllers/resetPasswort.ts Outdated
}
};

export const resetPassword = async (req: Request, res: Response) => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function resetPassword has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

src/middlewares/user.middleware.ts Outdated
try {
if (req.body) {
const { error } = userValidate(req.body);
if (error) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/middlewares/user.middleware.ts Outdated
error.details[0].message.replace(/\"/g, "")
)
);
if (error) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/documention/user/index.ts Outdated
// security: [{ JWT: [] }],
summary: "Request password reset",
parameters: [
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/documention/user/index.ts
},
description: "The reset password token",
},
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch from 643520c to fd3ef65 Compare April 25, 2024 22:08
codeclimate[bot]
codeclimate bot reviewed Apr 25, 2024
View reviewed changes
src/__test__/users.test.ts

resetToken = body.token;
});
it("it should return 404 when user requesting reset is not found in database", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/__test__/users.test.ts Outdated

expect(body.message).toEqual("User not found");
});
it("it should return 200 when email is sent", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/__test__/users.test.ts
expect(401);
expect(body.status).toStrictEqual("UNAUTHORIZED");
expect(body.message).toStrictEqual("Already logged out");
it("should return 400 when no token is provided", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/documention/user/index.ts Outdated
// security: [{ JWT: [] }],
summary: "Request password reset",
parameters: [
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/documention/user/index.ts Outdated
},
description: "The reset password token",
},
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch 10 times, most recently from 6a007d1 to fda81e4 Compare April 26, 2024 10:18
@YvetteNyibuka YvetteNyibuka requested review from Hakizimana-Clement and kwizera-bonheur25 and removed request for Tuyisenge2 April 26, 2024 10:29
leandreAlly
leandreAlly requested changes Apr 26, 2024
View reviewed changes
src/controllers/usedTokens.json Outdated Show resolved Hide resolved
@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch from 2cd8400 to 414d414 Compare April 26, 2024 13:07
hound[bot]
hound bot reviewed Apr 28, 2024
View reviewed changes
src/database/models/resetPassword.ts
@@ -0,0 +1,33 @@
import { DataTypes, Model } from "sequelize";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'

src/validations/reset.validation.ts
@@ -0,0 +1,18 @@
import Joi from "joi";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'

hound[bot]
hound bot reviewed Apr 29, 2024
View reviewed changes
src/validations/newPassword.validations.ts
@@ -0,0 +1,14 @@
import Joi from "joi";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'

@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch from 5678f04 to 4cabfce Compare April 29, 2024 08:48
codeclimate[bot]
codeclimate bot reviewed Apr 29, 2024
View reviewed changes
src/middlewares/user.middleware.ts

next();
};
const isPassword = (req: Request, res: Response, next: NextFunction) => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 3 locations. Consider refactoring.

src/middlewares/user.middleware.ts
@@ -45,7 +47,42 @@ const logInValidated = (req: Request, res: Response, next: NextFunction) => {
next();
};

const resetValidated = (req: Request, res: Response, next: NextFunction) => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 3 locations. Consider refactoring.

src/controllers/resetPasswort.ts
}
};

export const resetPasswort = async (req: Request, res: Response) => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function resetPasswort has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.

src/validations/reset.validation.ts
import Joi from "joi";

const ResetPasswordValidation = Joi.object({
email: Joi.string().required().email().messages({
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 3 locations. Consider refactoring.

src/documention/user/index.ts
// security: [{ JWT: [] }],
summary: "Request password reset",
parameters: [
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch 2 times, most recently from b40cf2a to 92ae79f Compare April 29, 2024 09:28
@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch from 92ae79f to 4ba44f6 Compare April 29, 2024 10:57
codeclimate[bot]
codeclimate bot reviewed Apr 29, 2024
View reviewed changes
src/__test__/users.test.ts
.expect(400);
});

it("it should return 200 when password reset successfully", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/__test__/users.test.ts
.expect(404);
});

it("it should return 400 when new password is the same to old password", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/__test__/users.test.ts Outdated
.send(newPasswordBody)
.expect(200);
});
it("it should return 400 no decoded token is found", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/__test__/users.test.ts
.expect(400);
});

it("it should return 400 when invalid link is provided", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch 2 times, most recently from 6515900 to 50dfa1a Compare April 29, 2024 14:28
codeclimate[bot]
codeclimate bot reviewed Apr 29, 2024
View reviewed changes
src/__test__/users.test.ts
sendEmail: jest.fn(),
}));

it("should send an email with the correct mailOptions", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

src/__test__/users.test.ts
sendEmail: jest.fn(),
}));

it("should send an email with the correct mailOptions", async () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 2 locations. Consider refactoring.

@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch from 50dfa1a to 145cb1d Compare April 29, 2024 19:15
hound[bot]
hound bot reviewed Apr 29, 2024
View reviewed changes
src/database/migrations/20240429163608-reset-password-tokens.js

/** @type {import('sequelize-cli').Migration} */
module.exports = {
async up(queryInterface, Sequelize) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parsing error: Unexpected token up

src/helpers/nodemailer.ts
@@ -0,0 +1,35 @@
import nodemailer from "nodemailer";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'

codeclimate[bot]
codeclimate bot reviewed Apr 29, 2024
View reviewed changes
src/documention/user/index.ts
// security: [{ JWT: [] }],
summary: "Request password reset",
parameters: [
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 3 locations. Consider refactoring.

src/documention/user/index.ts
},
description: "The reset password token",
},
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar blocks of code found in 3 locations. Consider refactoring.

feat(Reset-password):User who forgot password can reset it via email
f011810 
- User who forgot password can request resetting it
- Sending reset-password email containing link along with token to reset password
- Reset password using the provided token
- Token is used only once

[Delivers #187419058]
@YvetteNyibuka YvetteNyibuka force-pushed the ft-reset-user-password-187419058 branch from 145cb1d to f011810 Compare April 29, 2024 20:21
@codeclimate CodeClimate
Copy link

codeclimate bot commented Apr 29, 2024

Code Climate has analyzed commit f011810 and detected 11 issues on this pull request.

Here's the issue category breakdown:

Category Count
Duplication 11

The test coverage on the diff in this pull request is 94.0% (60% is the threshold).

This pull request will bring the total coverage in the repository to 91.0% (1.5% change).

View more on Code Climate.

@leandreAlly leandreAlly self-requested a review April 29, 2024 20:26
@leandreAlly leandreAlly merged commit 570b249 into develop Apr 29, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hound hound[bot] hound[bot] left review comments

@codeclimate codeclimate[bot] codeclimate[bot] left review comments

@leandreAlly leandreAlly leandreAlly approved these changes

@Hakizimana-Clement Hakizimana-Clement Hakizimana-Clement approved these changes

@GarrixA GarrixA GarrixA approved these changes

@dniwemugisha dniwemugisha Awaiting requested review from dniwemugisha

@kwizera-bonheur25 kwizera-bonheur25 Awaiting requested review from kwizera-bonheur25

Assignees
No one assigned
Labels
Ready for Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@YvetteNyibuka @leandreAlly @Hakizimana-Clement @GarrixA