Fix confirm email (#6)

Matheus Ishiyama · web-flow · commit d284ce35e072 · 2021-04-06T15:26:06.000-03:00
diff --git a/package.json b/package.json
@@ -9,7 +9,8 @@
         "test": "jest"
     },
     "jest": {
-        "testEnvironment": "node"
+        "testEnvironment": "node",
+        "slowTestThreshold": 10
     },
     "repository": {
         "type": "git",
@@ -24,7 +25,7 @@
     "homepage": "https://github.com/MatheusIshiyama/chat-app-backend#readme",
     "dependencies": {
         "bcrypt": "^5.0.1",
-        "crypto": "^1.0.1",
+        "cors": "^2.8.5",
         "dotenv": "^8.2.0",
         "email-validator": "^2.0.4",
         "express": "^4.17.1",
diff --git a/src/app.js b/src/app.js
@@ -1,7 +1,9 @@
 const express = require("express");
+const cors = require('cors');
 
 //* express setup
 const app = express();
+app.use(cors());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
 
diff --git a/src/controllers/user.js b/src/controllers/user.js
@@ -2,17 +2,18 @@ const crypto = require("crypto");
 const User = require("../models/user");
 const sendMail = require("../services/sendMail");
 const password = require("../services/password");
+const generateCode = require("../services/generateCode");
 
 const UserController = {
     async register(req, res) {
         const body = req.body;
         const hashPassword = password.hash(body.password);
-        const verifyCode = crypto.randomBytes(128).toString("base64");
+        const code = generateCode();
         const newUser = new User({
             username: body.username.toLowerCase(),
             name: body.name,
             email: body.email,
-            verifyCode,
+            code,
             verified: false,
             password: hashPassword,
             createdAt: Date.now(),
@@ -25,20 +26,20 @@ const UserController = {
             { _id: false, password: false }
         );
 
-        await sendMail(body.email, verifyCode, "Confirm register");
+        await sendMail(body.email, code, "Confirm register");
 
         return res.status(201).json({ user });
     },
 
     async confirm(req, res) {
-        const { verifyCode } = req.params;
+        const { code } = req.body;
 
         await User.findOneAndUpdate(
-            { verifyCode },
-            { verifyCode: "verified", verified: true }
+            { code },
+            { code: "verified", verified: true }
         );
 
-        return res.status(200).json({ error: "User confirmed" });
+        return res.status(200).json({ message: "User confirmed" });
     },
 
     async addPending(req, res) {
diff --git a/src/middlewares/validateCode.js b/src/middlewares/validateCode.js
@@ -1,11 +1,12 @@
 const validateCode = (req, res, next) => {
-    if (!req.params.verifyCode)
-        return res.status(400).json({ error: "No verifyCode provided" });
+    const { code } = req.body;
 
-    if (req.params.verifyCode.length !== 172)
-        return res.status(400).json({ error: "No verifyCode length accept" });
+    if (!code) return res.status(400).json({ error: "No code provided" });
+
+    if (code.length !== 8)
+        return res.status(400).json({ error: "No code length accept" });
 
     next();
 };
 
-module.exports = validateCode;
+module.exports = validateCode;
diff --git a/src/models/user.js b/src/models/user.js
@@ -5,7 +5,7 @@ const User = new database.Schema(
         username: String,
         name: String,
         email: String,
-        verifyCode: String,
+        code: String,
         verified: Boolean,
         password: String,
         createdAt: Date,
diff --git a/src/routes/auth.js b/src/routes/auth.js
@@ -1,11 +1,11 @@
 const express = require("express");
 const authRoutes = express.Router();
 const authenticate = require("../services/authenticate");
-const validateAuth = require('../middlewares/validateAuth');
+const validateAuth = require("../middlewares/validateAuth");
 
-authRoutes.post("/", validateAuth, (req, res) => {
+authRoutes.post("/", validateAuth, async (req, res) => {
     const { username, password } = req.body;
-    authenticate(username, password, res);
+    await authenticate(username, password, res);
 });
 
 module.exports = authRoutes;
diff --git a/src/routes/user.js b/src/routes/user.js
@@ -12,7 +12,7 @@ userRoutes.post("/register", validateRegister, (req, res) => {
     UserController.register(req, res);
 });
 
-userRoutes.get("/confirm/:verifyCode", validateCode, (req, res) => {
+userRoutes.post("/confirm", validateCode, (req, res) => {
     UserController.confirm(req, res);
 });
 
diff --git a/src/services/authenticate.js b/src/services/authenticate.js
@@ -10,6 +10,8 @@ const authenticate = async (username, password, res) => {
     if (!password)
         return res.status(400).json({ error: "No password provided" });
 
+    username = username.toLowerCase();
+
     const userExists = await User.findOne({ username });
 
     if (userExists) {
@@ -29,9 +31,7 @@ const authenticate = async (username, password, res) => {
             return res.status(202).json({ token });
         }
 
-        return res
-            .status(401)
-            .json({ error: "Invalid username or password" });
+        return res.status(401).json({ error: "Invalid username or password" });
     }
     return res.status(401).json({ error: "Invalid username or password" });
 };
diff --git a/src/services/generateCode.js b/src/services/generateCode.js
@@ -0,0 +1,14 @@
+const generateCode = () => {
+    var result = [];
+    const characters =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    var charactersLength = characters.length;
+    for (var i = 0; i < 8; i++) {
+        result.push(
+            characters.charAt(Math.floor(Math.random() * charactersLength))
+        );
+    }
+    return result.join("");
+};
+
+module.exports = generateCode;
diff --git a/src/services/sendMail.js b/src/services/sendMail.js
@@ -10,9 +10,9 @@ const transporter = nodeMailer.createTransport({
     },
 });
 
-const sendEmail = async (email, verifyCode, subject) => {
+const sendEmail = async (email, code, subject) => {
     if (!email) return "No email provided";
-    if (!verifyCode) return "No verifyCode provided";
+    if (!code) return "No code provided";
     if (!subject) return "No subject provided";
 
     const isValid = validateBody.email(email);
@@ -22,7 +22,7 @@ const sendEmail = async (email, verifyCode, subject) => {
         from: process.env.EMAIL,
         to: email,
         subject,
-        text: `${process.env.CONFIRM_URL}/${verifyCode}`,
+        text: `Verify code is:\n ${code}`,
     };
 
     await transporter.sendMail(mailOptions);
diff --git a/src/tests/integration/userController.test.js b/src/tests/integration/userController.test.js
@@ -1,7 +1,7 @@
 const userController = require("../../controllers/user");
 const User = require("../../models/user");
 const mongoose = require("mongoose");
-const crypto = require("crypto");
+const generateCode = require("../../services/generateCode");
 require("dotenv").config();
 
 const mockRequest = (content) => {
@@ -15,20 +15,20 @@ const mockResponse = () => {
     return res;
 };
 
-const newUser = async (title, code) => {
-    let verifyCode, verified;
+const newUser = async (title, verifyCode) => {
+    let code, verified;
     if (!code) {
-        verifyCode = "verified";
+        code = "verified";
         verified = true;
     } else {
-        verifyCode = code;
+        code = verifyCode;
         verified = false;
     }
     await new User({
         username: title,
         name: title,
         email: `${title}@chatApp.com`,
-        verifyCode,
+        code,
         verified,
         password: title,
         createdAt: Date.now(),
@@ -83,17 +83,17 @@ describe("Test user controller", () => {
     });
 
     test("Test confirm function", async () => {
-        const verifyCode = crypto.randomBytes(128).toString("base64");
+        const code = generateCode();
 
-        await newUser("confirmTest", verifyCode);
+        await newUser("confirmTest", code);
 
-        const req = mockRequest({ params: { verifyCode } });
+        const req = mockRequest({ body: { code } });
         const res = mockResponse();
 
         await userController.confirm(req, res);
         expect(res.status).toHaveBeenCalledWith(200);
         expect(res.json).toHaveBeenCalledWith({
-            error: "User confirmed",
+            message: "User confirmed",
         });
     });
 
diff --git a/src/tests/units/authenticate.test.js b/src/tests/units/authenticate.test.js
@@ -57,7 +57,7 @@ describe("Test authenticate service", () => {
         const res = mockResponse();
         const pwd = await password.hash("testing");
         await new User({
-            username: "authenticateTest1",
+            username: "authenticatetest1",
             name: "test_test",
             email: "test_test@test.com",
             verifyCode: "testtest",
@@ -77,7 +77,7 @@ describe("Test authenticate service", () => {
         const res = mockResponse();
         const pwd = await password.hash("testing");
         await new User({
-            username: "authenticateTest2",
+            username: "authenticatetest2",
             name: "test_test",
             email: "test_test@test.com",
             verifyCode: "testtest",
@@ -95,9 +95,9 @@ describe("Test authenticate service", () => {
 
     test("Valid username and password but not verified", async () => {
         const res = mockResponse();
-        const pwd = await password.hash("testing");
+        const pwd = password.hash("testing");
         await new User({
-            username: "authenticateTest3",
+            username: "authenticatetest3",
             name: "test_test",
             email: "test_test@test.com",
             verifyCode: "testtest",
@@ -117,7 +117,7 @@ describe("Test authenticate service", () => {
         const res = mockResponse();
         const pwd = await password.hash("testing");
         await new User({
-            username: "authenticateTest4",
+            username: "authenticatetest4",
             name: "test_test",
             email: "test_test@test.com",
             verifyCode: "verified",
diff --git a/src/tests/units/sendMail.test.js b/src/tests/units/sendMail.test.js
@@ -6,7 +6,7 @@ test("Test sendMail service", async () => {
     expect(await sendMail(undefined, "test")).toBe("No email provided");
 
     //* verifyCode undefined
-    expect(await sendMail("test", undefined)).toBe("No verifyCode provided");
+    expect(await sendMail("test", undefined)).toBe("No code provided");
 
     //* subject undefined
     expect(await sendMail("test", "test", undefined)).toBe(
diff --git a/src/tests/units/validateCode.spec.js b/src/tests/units/validateCode.spec.js
@@ -1,8 +1,8 @@
 const validateCode = require("../../middlewares/validateCode");
-const crypto = require("crypto");
+const generateCode = require("../../services/generateCode");
 
 const mockRequest = (content) => {
-    return { params: content };
+    return { body: content };
 };
 
 const mockResponse = () => {
@@ -14,30 +14,30 @@ const mockResponse = () => {
 
 describe("Test validateCode middleware", () => {
     test("Code undefined", () => {
-        const req = mockRequest({ verifyCode: undefined });
+        const req = mockRequest({ code: undefined });
         const res = mockResponse();
 
         validateCode(req, res);
         expect(res.status).toHaveBeenCalledWith(400);
         expect(res.json).toHaveBeenCalledWith({
-            error: "No verifyCode provided",
+            error: "No code provided",
         });
     });
 
     test("Invalid code length", () => {
-        const req = mockRequest({ verifyCode: "testtest" });
+        const req = mockRequest({ code: "test" });
         const res = mockResponse();
 
         validateCode(req, res);
         expect(res.status).toHaveBeenCalledWith(400);
         expect(res.json).toHaveBeenCalledWith({
-            error: "No verifyCode length accept",
+            error: "No code length accept",
         });
     });
 
     test("Valid code", () => {
-        const code = crypto.randomBytes(128).toString("base64");
-        const req = mockRequest({ verifyCode: code });
+        const code = generateCode();
+        const req = mockRequest({ code });
         const res = mockResponse();
         const next = jest.fn();
 
diff --git a/yarn.lock b/yarn.lock
@@ -1339,6 +1339,14 @@ core-util-is@1.0.2, core-util-is@~1.0.0:
   resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
   integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=
 
+cors@^2.8.5:
+  version "2.8.5"
+  resolved "https://registry.yarnpkg.com/cors/-/cors-2.8.5.tgz#eac11da51592dd86b9f06f6e7ac293b3df875d29"
+  integrity sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==
+  dependencies:
+    object-assign "^4"
+    vary "^1"
+
 cross-spawn@^6.0.0:
   version "6.0.5"
   resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-6.0.5.tgz#4a5ec7c64dfae22c3a14124dbacdee846d80cbc4"
@@ -1364,11 +1372,6 @@ crypto-random-string@^2.0.0:
   resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-2.0.0.tgz#ef2a7a966ec11083388369baa02ebead229b30d5"
   integrity sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==
 
-crypto@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/crypto/-/crypto-1.0.1.tgz#2af1b7cad8175d24c8a1b0778255794a21803037"
-  integrity sha512-VxBKmeNcqQdiUQUW2Tzq0t377b54N2bMtXO/qiLa+6eRRmmC4qT3D4OnTGoT/U6O9aklQ/jTwbOtRMTTY8G0Ig==
-
 cssom@^0.4.4:
   version "0.4.4"
   resolved "https://registry.yarnpkg.com/cssom/-/cssom-0.4.4.tgz#5a66cf93d2d0b661d80bf6a44fb65f5c2e4e0a10"
@@ -3586,7 +3589,7 @@ oauth-sign@~0.9.0:
   resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455"
   integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==
 
-object-assign@^4.1.0:
+object-assign@^4, object-assign@^4.1.0:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
   integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=
@@ -4898,7 +4901,7 @@ validate-npm-package-license@^3.0.1:
     spdx-correct "^3.0.0"
     spdx-expression-parse "^3.0.0"
 
-vary@~1.1.2:
+vary@^1, vary@~1.1.2:
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc"
   integrity sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=
