Add reset password

Author: njxue

backend/user-service/config/authConfig.js

@@ -9,8 +9,12 @@ export const jwtConfig = {
   accessTokenOptions: {
     expiresIn: process.env.ENV === "production" ? "15m" : "30s", // Shorter duration in dev for testing
   },
+  resetTokenOptions: {
+    expiresIn: "15m",
+  },
   accessTokenSecret: process.env.JWT_ACCESS_TOKEN_SECRET,
   refreshTokenSecret: process.env.JWT_REFRESH_TOKEN_SECRET,
+  resetTokenSecret: process.env.JWT_RESET_TOKEN_SECRET,
 };
 
 export const REFRESH_TOKEN_COOKIE_KEY = "refreshToken";

backend/user-service/controller/auth-controller.js

@@ -43,7 +43,7 @@ export async function handleLogout(req, res, next) {
     }
     const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_KEY];
     const decodedToken = await TokenService.verifyToken(refreshToken, jwtConfig.refreshTokenSecret);
-    await TokenService.blacklistToken(decodedToken);
+    await TokenService.blacklistRefreshToken(decodedToken);
     return res.sendStatus(204);
   } catch (err) {
     next(err);
@@ -82,7 +82,7 @@ export async function refresh(req, res, next) {
     const accessToken = TokenService.generateAccessToken(dbUser);
     const newRefreshToken = TokenService.generateRefreshToken(dbUser);
     res.cookie(REFRESH_TOKEN_COOKIE_KEY, newRefreshToken, refreshTokenCookieOptions);
-    await TokenService.blacklistToken(decodedRefreshToken);
+    await TokenService.blacklistRefreshToken(decodedRefreshToken);
 
     return res.status(200).json({
       message: "Access token refreshed",
@@ -92,11 +92,3 @@ export async function refresh(req, res, next) {
     next(err);
   }
 }
-
-export async function sendResetPasswordLinkToEmail(req, res, next) {
-  try {
-
-  } catch (err) {
-    next(err);
-  }
-}

backend/user-service/controller/user-controller.js

@@ -1,5 +1,4 @@
 import bcrypt from "bcrypt";
-import jwt from "jsonwebtoken";
 import { jwtConfig, REFRESH_TOKEN_COOKIE_KEY, refreshTokenCookieOptions } from "../config/authConfig.js";
 import { isValidObjectId } from "mongoose";
 import {
@@ -12,12 +11,13 @@ import {
   findUserByUsernameOrEmail as _findUserByUsernameOrEmail,
   updateUserById as _updateUserById,
   updateUserPrivilegeById as _updateUserPrivilegeById,
+  findUserByEmail,
 } from "../model/repository.js";
-import { BadRequestError, ConflictError, NotFoundError } from "../utils/httpErrors.js";
+import { BadRequestError, ConflictError, NotFoundError, UnauthorisedError } from "../utils/httpErrors.js";
 import TokenService from "../services/tokenService.js";
 import { sendEmail } from "../services/emailService.js";
-import redisService from "../services/redisService.js";
 
+const PASSWORD_SALT = 10;
 export async function createUser(req, res, next) {
   try {
     const { username, email, password } = req.body;
@@ -30,7 +30,7 @@ export async function createUser(req, res, next) {
       throw new ConflictError("Username or email already exists");
     }
 
-    const salt = bcrypt.genSaltSync(10);
+    const salt = bcrypt.genSaltSync(PASSWORD_SALT);
     const hashedPassword = bcrypt.hashSync(password, salt);
     const createdUser = await _createUser(username, email, hashedPassword);
 
@@ -102,7 +102,7 @@ export async function updateUser(req, res, next) {
 
       let hashedPassword;
       if (password) {
-        const salt = bcrypt.genSaltSync(10);
+        const salt = bcrypt.genSaltSync(PASSWORD_SALT);
         hashedPassword = bcrypt.hashSync(password, salt);
       }
       const updatedUser = await _updateUserById(userId, username, email, hashedPassword);
@@ -166,10 +166,8 @@ export async function deleteUser(req, res, next) {
 export async function forgetPassword(req, res, next) {
   try {
     const { email } = req.body;
-    const emailToken = TokenService.generateEmailToken(email);
-    redisService.setKeyWithExpiration(email, emailToken, 300);
-
-    const resetPasswordLink = `http://localhost:3000/reset-password/${emailToken}`;
+    const resetToken = await TokenService.generateResetToken(email);
+    const resetPasswordLink = `http://localhost:3000/reset-password?token=${resetToken}`;
     await sendEmail({
       to: email,
       subject: "Reset password",
@@ -182,6 +180,38 @@ export async function forgetPassword(req, res, next) {
   }
 }
 
+export async function resetPassword(req, res, next) {
+  try {
+    const { password, token } = req.body;
+    if (password) {
+      const decoded = await TokenService.verifyResetToken(token, jwtConfig.resetTokenSecret);
+
+      if (await TokenService.isResetTokenBlacklisted(decoded)) {
+        throw new UnauthorisedError("Reset token is invalid");
+      }
+
+      const email = decoded.email;
+      const user = await findUserByEmail(email);
+      if (!user) {
+        throw new NotFoundError(`No user with the email ${email} is found`);
+      }
+      const salt = bcrypt.genSaltSync(PASSWORD_SALT);
+      const hashedPassword = bcrypt.hashSync(password, salt);
+      const updatedUser = await _updateUserById(user.id, user.username, user.email, hashedPassword);
+
+      await TokenService.blacklistResetToken(decoded);
+
+      return res.status(200).json({
+        message: "Password has been resetted",
+        data: formatUserResponse(updatedUser),
+      });
+    }
+  } catch (err) {
+    console.error(err);
+    next(err);
+  }
+}
+
 export function formatUserResponse(user) {
   return {
     _id: user.id,

backend/user-service/routes/user-routes.js

@@ -5,6 +5,7 @@ import {
   forgetPassword,
   getAllUsers,
   getUser,
+  resetPassword,
   updateUser,
   updateUserPrivilege,
 } from "../controller/user-controller.js";
@@ -183,4 +184,6 @@ router.delete("/:id", verifyAccessToken, verifyIsOwnerOrAdmin, deleteUser);
 
 router.post("/forgetPassword", forgetPassword);
 
+router.post("/resetPassword", resetPassword);
+
 export default router;

backend/user-service/services/redisService.js

@@ -22,7 +22,15 @@ class RedisService {
       await this.redisClient.set(key, value, { EX: expiration });
       console.log(`Set ${key}: ${value}`);
     } catch (error) {
-      console.error("Error setting key in Redis:", error);
+      console.error(`Error setting key "${key}"`, error);
+    }
+  }
+
+  async get(key) {
+    try {
+      return await this.redisClient.get(key);
+    } catch (error) {
+      console.error(`Error retrieving value associated with the key "${key}": `, error);
     }
   }
 
@@ -31,7 +39,7 @@ class RedisService {
       const count = await this.redisClient.exists(key);
       return count === 1;
     } catch (error) {
-      console.error("Error checking key existence in Redis:", error);
+      console.error(`Error checking key existence for the key "${key}":`, error);
       return false;
     }
   }

backend/user-service/services/tokenService.js

@@ -1,4 +1,4 @@
-import jwt from "jsonwebtoken";
+import jwt, { decode } from "jsonwebtoken";
 import { jwtConfig } from "../config/authConfig.js";
 import { v4 as uuidv4 } from "uuid";
 import redisService from "./redisService.js";
@@ -14,11 +14,6 @@ class TokenService {
     return accessToken;
   }
 
-  static generateEmailToken(email) {
-    const emailToken = jwt.sign({ email, jti: uuidv4() }, jwtConfig.accessTokenSecret, { expiresIn: "5m" }); // TODO: change
-    return emailToken;
-  }
-
   static generateRefreshToken(user) {
     const refreshToken = jwt.sign(
       { id: user.id, jti: uuidv4() },
@@ -28,6 +23,13 @@ class TokenService {
     return refreshToken;
   }
 
+  static async generateResetToken(email) {
+    const jti = uuidv4();
+    const resetToken = jwt.sign({ email, jti }, jwtConfig.resetTokenSecret, jwtConfig.resetTokenOptions);
+    await redisService.setKeyWithExpiration(this.generateResetTokenKey(email), jti, 900);
+    return resetToken;
+  }
+
   static async verifyToken(token, secret) {
     return new Promise((resolve, reject) => {
       jwt.verify(token, secret, (err, decoded) => {
@@ -39,26 +41,60 @@ class TokenService {
     });
   }
 
-  static async blacklistToken(decodedRefreshToken) {
+  static async verifyResetToken(token) {
+    const decoded = await this.verifyToken(token, jwtConfig.resetTokenSecret);
+    const { email, jti } = decoded;
+    const expectedResetToken = await redisService.get(this.generateResetTokenKey(email));
+    if (expectedResetToken !== jti) {
+      throw new UnauthorisedError("Reset token is invalid or has expired");
+    }
+    return decoded;
+  }
+
+  static async blacklistRefreshToken(decodedRefreshToken) {
     const { id, jti, exp } = decodedRefreshToken;
+    const blacklistTokenKey = this.generateBlacklistedRefreshTokenKey(id, jti);
+    this.blacklistToken(exp, blacklistTokenKey);
+  }
+
+  static async blacklistResetToken(decodedResetToken) {
+    const { email, jti, exp } = decodedResetToken;
+    const blacklistTokenKey = this.generateBlacklistedResetTokenKey(email, jti);
+    this.blacklistToken(exp, blacklistTokenKey);
+  }
+
+  static async blacklistToken(exp, key) {
     const currentTime = Math.floor(Date.now() / 1000);
     const remainingTime = exp - currentTime;
-    const blacklistTokenKey = this.generateBlacklistedTokenKey(id, jti);
     if (remainingTime > 0) {
-      await redisService.setKeyWithExpiration(blacklistTokenKey, "blacklisted", remainingTime);
-      console.log(`Blacklisted token: ${jti}`);
+      await redisService.setKeyWithExpiration(key, "blacklisted", remainingTime);
+      console.log(`Blacklisted token: ${key}`);
     }
   }
 
   static async isRefreshTokenBlacklisted(decodedRefreshToken) {
     const { id, jti } = decodedRefreshToken;
-    const blacklistTokenKey = this.generateBlacklistedTokenKey(id, jti);
+    const blacklistTokenKey = this.generateBlacklistedRefreshTokenKey(id, jti);
+    return await redisService.exists(blacklistTokenKey);
+  }
+
+  static async isResetTokenBlacklisted(decodedResetToken) {
+    const { email, jti } = decodedResetToken;
+    const blacklistTokenKey = this.generateBlacklistedResetTokenKey(email, jti);
     return await redisService.exists(blacklistTokenKey);
   }
 
-  static generateBlacklistedTokenKey(userId, jti) {
+  static generateBlacklistedRefreshTokenKey(userId, jti) {
     return `${userId}:${jti}`;
   }
+
+  static generateBlacklistedResetTokenKey(email, jti) {
+    return `${email}:${jti}`;
+  }
+
+  static generateResetTokenKey(email) {
+    return `resetToken:${email}`;
+  }
 }
 
 export default TokenService;

frontend/src/data/users/UserImpl.ts

@@ -37,6 +37,10 @@ export class UserImpl implements IUser {
     async forgetPassword(email: string): Promise<any> {
         return this.dataSource.forgetPassword(email);
     }
+
+    async resetPassword(password: string, token: string) {
+        return this.dataSource.resetPassword(password, token);
+    }
 }
 
 export const userImpl = new UserImpl();

frontend/src/data/users/UserRemoteDataSource.ts

@@ -54,6 +54,10 @@ export class UserRemoteDataSource extends BaseApi {
     async forgetPassword(email: string) {
         return await this.post<any>("/users/forgetPassword", { email });
     }
+
+    async resetPassword(password: string, token: string) {
+        return await this.post<any>("/users/resetPassword", { password, token });
+    }
 }
 
 export const userRemoteDataSource = new UserRemoteDataSource();

frontend/src/data/users/mockUser.ts

@@ -156,9 +156,9 @@ export class MockUser {
         });
     }
 
-    async forgetPassword(email: string): Promise<any> {
-        
-    }
+    async forgetPassword(email: string): Promise<any> {}
+
+    async resetPassword(password: string, token: string): Promise<any> {}
 }
 
 export const mockUser = new MockUser();

frontend/src/domain/usecases/UserUseCases.ts

@@ -117,6 +117,10 @@ export class UserUseCases {
     async forgetPassword(email: string): Promise<void> {
         await this.user.forgetPassword(email);
     }
+
+    async resetPassword(password: string, token: string): Promise<void> {
+        await this.user.resetPassword(password, token);
+    }
 }
 
 export const userUseCases = new UserUseCases(userImpl);