Added confirm account functionality.

Author: maitraysuthar

.env.example

@@ -1,3 +1,18 @@
 MONGODB_URL=YourConnectionString
+# Example Connection String:-  
+# mongodb://127.0.0.1:27017/rest-api-nodejs-mongodb
+# mongodb://[MongodbHost]:[PORT]/[DatabaseName]
+
 JWT_SECRET=YourSecret
-JWT_TIMEOUT_DURATION="2 hours"
+# Example Secret:-  abcdefghijklmnopqrstuvwxyz1234567890
+
+JWT_TIMEOUT_DURATION="2 hours"
+# You can place duration available here: https://github.com/auth0/node-jsonwebtoken#usage
+# Seach for "expiresIn" option on above link.
+
+EMAIL_SMTP_HOST=YourSMTPHost
+EMAIL_SMTP_PORT=YourSMTPPort
+EMAIL_SMTP_USERNAME=YourSMTPUsername
+EMAIL_SMTP_PASSWORD=YourSMTPPassword
+# true for 465, false for other ports
+EMAIL_SMTP_SECURE=false

controllers/AuthController.js

@@ -5,6 +5,8 @@ const { sanitizeBody } = require("express-validator");
 const apiResponse = require("../helpers/apiResponse");
 const bcrypt = require("bcrypt");
 const jwt = require("jsonwebtoken");
+const mailer = require("../helpers/mailer");
+const { constants } = require("../helpers/constants");
 
 /**
  * User registration.
@@ -47,27 +49,42 @@ exports.register = [
         }else {
             //hash input password
             bcrypt.hash(req.body.password,10,function(err, hash) {
+                // generate OTP for confirmation
+                let otp = randomNumber(4);
                 // Create User object with escaped and trimmed data
                 var user = new UserModel(
                     {
                         firstName: req.body.firstName,
                         lastName: req.body.lastName,
                         email: req.body.email,
-                        password: hash
+                        password: hash,
+                        confirmOTP: otp
                     }
                 );
-
-                // Save user.
-                user.save(function (err) {
-                    if (err) { return apiResponse.ErrorResponse(res, err); }
-                    let userData = {
-                        _id: user._id,
-                        firstName: user.firstName,
-                        lastName: user.lastName,
-                        email: user.email
-                    }
-                    return apiResponse.successResponseWithData(res,"Registration Success.", userData);
-                });
+                // Html email body
+                let html = '<p>Please Confirm your Account.</p><p>OTP: '+otp+'</p>';
+                // Send confirmation email
+                mailer.send(
+                    constants.confirmEmails.from, 
+                    req.body.email,
+                    'Confirm Account',
+                    html
+                ).then(function(response){
+                    // Save user.
+                    user.save(function (err) {
+                        if (err) { return apiResponse.ErrorResponse(res, err); }
+                        let userData = {
+                            _id: user._id,
+                            firstName: user.firstName,
+                            lastName: user.lastName,
+                            email: user.email
+                        }
+                        return apiResponse.successResponseWithData(res,"Registration Success.", userData);
+                    });
+                }).catch(err => {
+                    console.log(err)
+                    return apiResponse.ErrorResponse(res,err);
+                }) ;
             });
         }
     } catch (err) {
@@ -101,21 +118,31 @@ exports.login = [
                     //Compare given password with db's hash.
                     bcrypt.compare(req.body.password,user.password,function (err,same) {
                         if(same){
-                            let userData = {
-                                _id: user._id,
-                                firstName: user.firstName,
-                                lastName: user.lastName,
-                                email: user.email,
+                            //Check account confirmation.
+                            if(user.isConfirmed){
+                                // Check User's account active or not.
+                                if(user.status) {
+                                    let userData = {
+                                        _id: user._id,
+                                        firstName: user.firstName,
+                                        lastName: user.lastName,
+                                        email: user.email,
+                                    }
+                                    //Prepare JWT token for authentication
+                                    const jwtPayload = userData;
+                                    const jwtData = {
+                                        expiresIn: process.env.JWT_TIMEOUT_DURATION,
+                                    };
+                                    const secret = process.env.JWT_SECRET;
+                                    //Generated JWT token with Payload and secret.
+                                    userData.token = jwt.sign(jwtPayload, secret, jwtData);
+                                    return apiResponse.successResponseWithData(res,"Login Success.", userData);
+                                }else {
+                                    return apiResponse.unauthorizedResponse(res, "Account is not active. Please contact admin.");
+                                }
+                            }else{
+                                return apiResponse.unauthorizedResponse(res, "Account is not confirmed. Please confirm your account.");
                             }
-                            //Prepare JWT token for authentication
-                            const jwtPayload = userData;
-                            const jwtData = {
-                                expiresIn: process.env.JWT_TIMEOUT_DURATION,
-                            };
-                            const secret = process.env.JWT_SECRET;
-                            //Generated JWT token with Payload and secret.
-                            userData.token = jwt.sign(jwtPayload, secret, jwtData);
-                            return apiResponse.successResponseWithData(res,"Login Success.", userData);
                         }else{
                             return apiResponse.unauthorizedResponse(res, "Email or Password wrong.");
                         }
@@ -128,4 +155,68 @@ exports.login = [
     } catch (err) {
         return apiResponse.ErrorResponse(res, err);
     }
-}];
+}];
+
+/**
+ * OTP generator.
+ *
+ * @param {intiger}      length
+ *
+ * @returns {Interger}
+ */
+function randomNumber(length) {
+    var text = "";
+    var possible = "123456789";
+    for (var i = 0; i < length; i++) {
+      var sup = Math.floor(Math.random() * possible.length);
+      text += i > 0 && sup == i ? "0" : possible.charAt(sup);
+    }
+    return Number(text);
+}
+
+/**
+ * Verify Confirm otp.
+ *
+ * @param {string}      email
+ * @param {string}      otp
+ *
+ * @returns {Object}
+ */
+exports.verifyConfirm = [
+    body("email").isLength({ min: 1 }).trim().withMessage("Email must be specified.")
+        .isEmail().withMessage("Email must be a valid email address."),
+    body("otp").isLength({ min: 1 }).trim().withMessage("OTP must be specified."),
+    sanitizeBody("email").escape(),
+    sanitizeBody("otp").escape(),
+    (req, res, next) => {
+    try {
+        const errors = validationResult(req);
+        if (!errors.isEmpty()) {
+            return apiResponse.validationErrorWithData(res, "Validation Error.", errors.array());
+        }else {
+            var query = {email : req.body.email};
+            UserModel.findOne(query).then(user => {
+                if (user) {
+                    //Compare given password with db's hash.
+                   if(user.isConfirmed){
+                        //Check account confirmation.
+                        if(user.confirmOTP == req.body.otp){
+                            UserModel.findOneAndUpdate(query, { 
+                                name: 'jason bourne' 
+                            }, options, callback)
+                            return apiResponse.successResponseWithData(res,"Login Success.", userData);
+                        }else{
+                            return apiResponse.unauthorizedResponse(res, "Otp does not match");
+                        }
+                    }else{
+                        return apiResponse.unauthorizedResponse(res, "Account already confirmed.");
+                    }
+                }else{
+                    return apiResponse.unauthorizedResponse(res, "Specified email not found.");
+                }
+            });
+        }
+    } catch (err) {
+        return apiResponse.ErrorResponse(res, err);
+    }
+}];

helpers/constants.js

@@ -0,0 +1,9 @@
+exports.constants = {
+    admin: {
+        name: "admin",
+        email: "[email protected]"
+    },
+    confirmEmails: {
+        from : "[email protected]"
+    }
+}

helpers/mailer.js

@@ -0,0 +1,25 @@
+const nodemailer = require('nodemailer');
+
+// create reusable transporter object using the default SMTP transport
+let transporter = nodemailer.createTransport({
+    host: process.env.EMAIL_SMTP_HOST,
+    port: process.env.EMAIL_SMTP_PORT,
+    //secure: process.env.EMAIL_SMTP_SECURE, // lack of ssl commented this. You can uncomment it.
+    auth: {
+        user: process.env.EMAIL_SMTP_USERNAME,
+        pass: process.env.EMAIL_SMTP_PASSWORD
+    }
+});
+
+exports.send = function (from, to, subject, html)
+{
+    // send mail with defined transport object
+    // visit https://nodemailer.com/ for more options
+    return transporter.sendMail({
+        from: from, // sender address e.g. [email protected] or "Fred Foo 👻" <[email protected]>
+        to: to, // list of receivers e.g. bar@example.com, [email protected]
+        subject: subject, // Subject line e.g. 'Hello ✔'
+        //text: text, // plain text body e.g. Hello world?
+        html: html // html body e.g. '<b>Hello world?</b>'
+    });
+}

models/UserModel.js

@@ -5,6 +5,9 @@ var UserSchema = new mongoose.Schema({
   lastName: {type: String, required: true},
   email: {type: String, required: true},
   password: {type: String, required: true},
+  isConfirmed: {type: Boolean, required: true, default: 0},
+  confirmOTP: {type: String, required:false},
+  otpTries: {type: Number, required:false, default: 0},
   status: {type: Boolean, required: true, default: 1}
 }, {timestamps: true});