Merge branch 'development' into BE/stopmatch

Author: jolynloh

backend/user-service/.env.sample

@@ -29,4 +29,8 @@ USER=EMAIL_ADDRESS
 PASS=PASSWORD
 
 # Redis configuration
-REDIS_URI=REDIS_URI
+REDIS_URI=REDIS_URI
+
+# Test
+MONGO_URI_TEST=mongodb://mongo:mongo@test-mongo:27017/
+REDIS_URI_TEST=redis://test-redis:6379

backend/user-service/config/redis.ts

@@ -3,7 +3,10 @@ import dotenv from "dotenv";
 
 dotenv.config();
 
-const REDIS_URI = process.env.REDIS_URI || "redis://localhost:6379";
+const REDIS_URI =
+  process.env.NODE_ENV === "test"
+    ? process.env.REDIS_URI_TEST
+    : process.env.REDIS_URI || "redis://localhost:6379";
 
 const client = createClient({ url: REDIS_URI });
 

backend/user-service/controller/user-controller.ts

@@ -12,6 +12,7 @@ import {
   updateUserById as _updateUserById,
   updateUserPrivilegeById as _updateUserPrivilegeById,
   updateUserVerification as _updateUserVerification,
+  updateUserPassword as _updateUserPassword,
 } from "../model/repository";
 import {
   validateEmail,
@@ -25,8 +26,13 @@ import { upload } from "../config/multer";
 import { uploadFileToFirebase } from "../utils/utils";
 import redisClient from "../config/redis";
 import crypto from "crypto";
-import { sendAccVerificationMail } from "../utils/mailer";
-import { ACCOUNT_VERIFICATION_SUBJ } from "../utils/constants";
+import { sendMail } from "../utils/mailer";
+import {
+  ACCOUNT_VERIFICATION_SUBJ,
+  ACCOUNT_VERIFICATION_TEMPLATE,
+  RESET_PASSWORD_SUBJ,
+  RESET_PASSWORD_TEMPLATE,
+} from "../utils/constants";
 
 export async function createUser(
   req: Request,
@@ -113,11 +119,14 @@ export const sendVerificationMail = async (
     }
 
     const emailToken = crypto.randomBytes(16).toString("hex");
-    await redisClient.set(email, emailToken, { EX: 60 * 5 }); // expire in 5 minutes
-    await sendAccVerificationMail(
+    await redisClient.set(`email_verification:${email}`, emailToken, {
+      EX: 60 * 5,
+    }); // expire in 5 minutes
+    await sendMail(
       email,
       ACCOUNT_VERIFICATION_SUBJ,
       user.username,
+      ACCOUNT_VERIFICATION_TEMPLATE,
       emailToken
     );
 
@@ -145,7 +154,7 @@ export const verifyUser = async (
       return res.status(404).json({ message: `User ${email} not found` });
     }
 
-    const expectedToken = await redisClient.get(email);
+    const expectedToken = await redisClient.get(`email_verification:${email}`);
 
     if (expectedToken !== token) {
       return res
@@ -155,12 +164,10 @@ export const verifyUser = async (
 
     const updatedUser = await _updateUserVerification(email);
     if (!updatedUser) {
-      return res.status(404).json({ message: `User ${email} not verified.` });
+      return res.status(404).json({ message: `User not verified.` });
     }
 
-    return res
-      .status(200)
-      .json({ message: `User ${email} verified successfully.` });
+    return res.status(200).json({ message: `User verified successfully.` });
   } catch (error) {
     return res
       .status(500)
@@ -334,6 +341,93 @@ export async function updateUser(
   }
 }
 
+export const sendResetPasswordMail = async (
+  req: Request,
+  res: Response
+): Promise<Response> => {
+  try {
+    const { email } = req.body;
+    const user = await _findUserByEmail(email);
+
+    if (!user) {
+      return res.status(404).json({ message: `User not found` });
+    }
+
+    if (!user.isVerified) {
+      return res.status(403).json({
+        message: "User is not verified. Please verify your account first.",
+      });
+    }
+
+    const emailToken = crypto.randomBytes(16).toString("hex");
+    await redisClient.set(`password_reset:${email}`, emailToken, {
+      EX: 60 * 5,
+    }); // expire in 5 minutes
+    await sendMail(
+      email,
+      RESET_PASSWORD_SUBJ,
+      user.username,
+      RESET_PASSWORD_TEMPLATE,
+      emailToken
+    );
+
+    return res.status(200).json({
+      message: "Reset password email sent. Please check your inbox.",
+      data: { email, id: user.id },
+    });
+  } catch (error) {
+    return res.status(500).json({
+      message: "Unknown error when sending reset password email!",
+      error,
+    });
+  }
+};
+
+export const resetPassword = async (
+  req: Request,
+  res: Response
+): Promise<Response> => {
+  try {
+    const { email, token, password } = req.body;
+
+    const user = await _findUserByEmail(email);
+    if (!user) {
+      return res.status(404).json({ message: `User not found` });
+    }
+
+    const expectedToken = await redisClient.get(`password_reset:${email}`);
+
+    if (expectedToken !== token) {
+      return res
+        .status(400)
+        .json({ message: "Invalid token. Please request for a new one." });
+    }
+
+    const { isValid: isValidPassword, message: passwordMessage } =
+      validatePassword(password);
+    if (!isValidPassword) {
+      return res.status(400).json({ message: passwordMessage });
+    }
+
+    const salt = bcrypt.genSaltSync(10);
+    const hashedPassword = bcrypt.hashSync(password, salt);
+
+    const updatedUser = await _updateUserPassword(email, hashedPassword);
+
+    if (!updatedUser) {
+      return res.status(404).json({ message: `User's password not reset.` });
+    }
+
+    return res
+      .status(200)
+      .json({ message: `User's password successfully reset.` });
+  } catch (error) {
+    return res
+      .status(500)
+      .json({ message: "Unknown error when resetting user password!", error });
+  }
+};
+
 export async function updateUserPrivilege(
   req: Request,
   res: Response

backend/user-service/model/repository.ts

@@ -31,6 +31,7 @@ export async function createUser(
     email,
     password,
     isAdmin,
+    isVerified,
   });
   return user.save();
 }
@@ -114,6 +115,21 @@ export async function updateUserVerification(
   );
 }
 
+export async function updateUserPassword(
+  email: string,
+  password: string
+): Promise<IUser | null> {
+  return UserModel.findOneAndUpdate(
+    { email },
+    {
+      $set: {
+        password,
+      },
+    },
+    { new: true } // return the updated user
+  );
+}
+
 export async function deleteUserById(userId: string): Promise<IUser | null> {
   return UserModel.findByIdAndDelete(userId);
 }

backend/user-service/routes/user-routes.ts

@@ -10,6 +10,8 @@ import {
   updateUser,
   updateUserPrivilege,
   verifyUser,
+  sendResetPasswordMail,
+  resetPassword,
 } from "../controller/user-controller";
 import {
   verifyAccessToken,
@@ -34,6 +36,10 @@ router.post("/images", createImageLink);
 
 router.post("/send-verification-email", sendVerificationMail);
 
+router.post("/send-reset-password-email", sendResetPasswordMail);
+
+router.post("/reset-password", resetPassword);
+
 router.get("/:id", getUser);
 
 router.get("/verify-email/:email/:token", verifyUser);

backend/user-service/scripts/seed.ts

@@ -38,6 +38,7 @@ export async function seedAdminAccount() {
       adminUsername,
       adminEmail,
       hashedPassword,
+      true,
       true
     );
     console.log("Admin account created successfully.");

backend/user-service/swagger.yml

@@ -71,11 +71,22 @@ components:
         password:
           type: string
           required: true
-    EmailVerification:
+    Email:
       properties:
         email:
           type: string
           required: true
+    ResetPassword:
+      properties:
+        email:
+          type: string
+          required: true
+        token:
+          type: string
+          required: true
+        password:
+          type: string
+          required: true
     UserResponse:
       properties:
         message:
@@ -347,7 +358,73 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/EmailVerification"
+              $ref: "#/components/schemas/Email"
+      responses:
+        200:
+          description: Successful Response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  message:
+                    type: string
+                    description: Message
+        404:
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorResponse"
+        500:
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ServerErrorResponse"
+  /api/users/send-reset-password-email:
+    post:
+      summary: Send reset password email
+      tags:
+        - users
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/Email"
+      responses:
+        200:
+          description: Successful Response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  message:
+                    type: string
+                    description: Message
+        404:
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorResponse"
+        500:
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ServerErrorResponse"
+  /api/users/reset-password:
+    post:
+      summary: Reset password
+      tags:
+        - users
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/ResetPassword"
       responses:
         200:
           description: Successful Response

backend/user-service/tests/authRoutes.spec.ts

@@ -4,6 +4,8 @@ import supertest from "supertest";
 import app from "../app";
 import UserModel from "../model/user-model";
 
+jest.setTimeout(10000);
+
 const request = supertest(app);
 
 const AUTH_BASE_URL = "/api/auth";
@@ -25,6 +27,7 @@ const insertAdminUser = async () => {
     email,
     password: hashedPassword,
     isAdmin: true,
+    isVerified: true,
   }).save();
 
   return { email, password };
@@ -37,6 +40,7 @@ const insertNonAdminUser = async () => {
     lastName,
     email,
     password: hashedPassword,
+    isVerified: true,
   }).save();
 
   return { email, password };

backend/user-service/tests/setup.ts

@@ -3,7 +3,7 @@ import redisClient from "../config/redis";
 
 beforeAll(async () => {
   const mongoUri =
-    process.env.MONGO_URI_TEST || "mongodb://mongo:mongo@mongo:27017/";
+    process.env.MONGO_URI_TEST || "mongodb://mongo:mongo@test-mongo:27017/";
 
   await mongoose.connect(mongoUri, {});
   await redisClient.connect();

backend/user-service/utils/constants.ts

@@ -17,3 +17,23 @@ export const ACCOUNT_VERIFICATION_TEMPLATE = `
   </body>
 </html>
 `;
+
+export const RESET_PASSWORD_SUBJ = "Password Reset Link";
+
+export const RESET_PASSWORD_TEMPLATE = `
+<html>
+  <head>
+    <title>Password Reset</title>
+    <meta charset="utf-8" />
+  </head>
+  <body>
+    <p>Hello {{username}}!</p>
+    <p>
+      You have requested to reset your password. Please use this token: <strong>{{token}}</strong> to reset your password.
+    </p>
+    <p>If you did not request for a password reset, please ignore this email.</p>
+    <p>Regards,</p>
+    <p>Peerprep G28</p>
+  </body>
+</html>
+`;