Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resolved forgot password issues #525

Merged
merged 1 commit into from
Nov 7, 2024
Merged

resolved forgot password issues #525

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 38 additions & 31 deletions backend/controllers/submitFeedback.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
import nodemailer from 'nodemailer';
import User from '../models/User.js';
import { generateOTP , verifyOTP} from '../utils/otputils.js'; // Import the OTP generation function
import { sendOTPEmail } from '../utils/emailUtils.js'; // Import the email sender utility if separated into a different file
import nodemailer from "nodemailer";
import User from "../models/User.js";
import { generateOTP, verifyOTP } from "../utils/otputils.js"; // Import the OTP generation function
import { sendOTPEmail } from "../utils/emailUtils.js"; // Import the email sender utility if separated into a different file

import { hashPassword } from '../utils/authFunctions.js';
import { hashPassword } from "../utils/authFunctions.js";

// Controller to handle user feedback submission
export const submitFeedback = async (req, res) => {
const { rating, comment } = req.body;

try {
// The user is already authenticated and attached to req.user by verifyJWT
const user = req.user;
const user = req.user;

// Update user's rating and comment fields
user.rating = rating || user.rating; // If no rating is provided, keep the existing one
Expand All @@ -20,10 +20,14 @@ export const submitFeedback = async (req, res) => {
// Save the updated user document
await user.save();

return res.status(200).json({ message: 'Feedback submitted successfully', user });
return res
.status(200)
.json({ message: "Feedback submitted successfully", user });
} catch (error) {
console.error('Error submitting feedback:', error);
return res.status(error.statusCode || 500).json({ message: error.message || 'An error occurred while submitting feedback' });
console.error("Error submitting feedback:", error);
return res.status(error.statusCode || 500).json({
message: error.message || "An error occurred while submitting feedback",
});
}
};

Expand All @@ -33,32 +37,34 @@ export const sendOTPToEmail = async (req, res) => {

// Check if email is provided
if (!email) {
return res.status(400).json({ error: 'Email is required' });
return res.status(400).json({ error: "Email is required" });
}

// Find user by email
const user = await User.findOne({ email });

if (!user) {
return res.status(404).json({ error: 'User does not exist' });
return res.status(404).json({ error: "User does not exist" });
}

// Generate OTP and set expiry (10 minutes from now)
const otp = generateOTP();
const otpExpiry = new Date(Date.now() + 10 * 60 * 1000); // OTP expires in 10 minutes

// Store the OTP and expiry in the user's document
// Only update OTP and expiry without modifying the rest of the user document this was causing error
user.otp = otp;
user.otpExpiry = otpExpiry;
await user.save();
await user.updateOne({ otp, otpExpiry });

// Send OTP to user's email using the utility
await sendOTPEmail(email, otp);

res.status(200).json({ message: 'OTP sent to email' });
res.status(200).json({ message: "OTP sent to email" });
} catch (error) {
console.error('Error sending OTP:', error);
return res.status(500).json({ error: error.message || 'Internal Server Error' });
console.error("Error sending OTP:", error);
return res
.status(500)
.json({ error: error.message || "Internal Server Error" });
}
};

Expand All @@ -68,33 +74,32 @@ export const verifyOTPController = async (req, res) => {

// Check if email and OTP are provided
if (!email || !otp) {
return res.status(400).json({ error: 'Email and OTP are required' });
return res.status(400).json({ error: "Email and OTP are required" });
}

// Find user by email
const user = await User.findOne({ email });

if (!user) {
return res.status(404).json({ error: 'User not found' });
return res.status(404).json({ error: "User not found" });
}

// Verify the OTP and check expiration
const isValid = verifyOTP(user, otp);

if (!isValid) {
return res.status(400).json({ error: 'Invalid or expired OTP' });
return res.status(400).json({ error: "Invalid or expired OTP" });
}

// Clear OTP after successful verification (optional, but recommended)
user.otp = null;
user.otpExpiry = null;
await user.save();
// only set otp to null else there will be error
await user.updateOne({ otp: null, otpExpiry: null });

// OTP is valid
res.status(200).json({ message: 'OTP verified successfully' });
res.status(200).json({ message: "OTP verified successfully" });
} catch (error) {
console.error('Error verifying OTP:', error);
res.status(500).json({ error: 'Internal Server Error' });
console.error("Error verifying OTP:", error);
res.status(500).json({ error: "Internal Server Error" });
}
};

Expand All @@ -104,26 +109,28 @@ export const resetPassword = async (req, res) => {

// Check if both email and new password are provided
if (!email || !newPassword) {
return res.status(400).json({ error: 'Email and new password are required' });
return res
.status(400)
.json({ error: "Email and new password are required" });
}

// Find the user by email
const user = await User.findOne({ email });

if (!user) {
return res.status(404).json({ error: 'User not found' });
return res.status(404).json({ error: "User not found" });
}

// Hash the new password
const hashedPassword = await hashPassword(newPassword);

// Update the user's password in the database
user.password = hashedPassword;
await user.save();
await user.updateOne({ password: hashPassword }); // only update the password not the whole user else there will be error

res.status(200).json({ message: 'Password reset successfully' });
res.status(200).json({ message: "Password reset successfully" });
} catch (error) {
console.error('Error resetting password:', error);
res.status(500).json({ error: 'Internal Server Error' });
console.error("Error resetting password:", error);
res.status(500).json({ error: "Internal Server Error" });
}
};
Loading