reset password API complete

backend/apis/nodejs/src/models/person_model.js

@@ -139,7 +139,7 @@ async function remove(personId) {
 
 async function confirmActivation(personId) {
   await knex.transaction(async (tr) => {
-    await knex('Person')
+    await tr('Person')
       .where('id', personId)
       .update({
         enabled: true
@@ -149,7 +149,6 @@ async function confirmActivation(personId) {
       .where('person_id', personId)
       .del();
   });
-
 }
 
 // Exporting a function

backend/apis/nodejs/src/models/reset_password_model.js

@@ -13,7 +13,7 @@
 
 const knex = require('../utils/knex_config');
 
-async function add(email, secret){
+async function add(email, secret) {
     await knex('RequestResetPassword')
         .insert({
             email,
@@ -21,6 +21,39 @@ async function add(email, secret){
         });
 }
 
-module.exports = {
+async function findBySecret(secret) {
-    add
+    return await knex('RequestResetPassword').where({
+        secret
+    }).first();
+}
+
+/**
+ * Given a secret and a new password, update the Peron's personal password
+ *
+ * @param {*} password The new (hashed) password
+ * @param {*} secret The secret received via e-mail (table RequestResetPassword)
+ * @returns 
+ */
+async function resetPassword(password, secret) {
+    const request = await findBySecret(secret);
+    if (!request) {
+        return;
+    }
+    await knex.transaction(async tr => {
+        await tr('Person').where({
+            email: request.email
+        }).update({
+            password
+        });
+
+        await tr('RequestResetPassword').where({
+            email
+        }).del();
+    });
+}
+
+module.exports = {
+    add,
+    findBySecret,
+    resetPassword
 }

backend/apis/nodejs/src/routes/reset_password_routes.js

@@ -13,21 +13,22 @@
 
 const Person = require('../models/person_model');
 const mailUtils = require('../utils/mail_utils');
-const RequestResetPassword = require('../models/reset_password_model');
+const ResetPassword = require('../models/reset_password_model');
 const crypto = require('crypto');
 const express = require('express');
+const bcrypt = require('bcrypt');
 
 async function add(req, res) {
     try {
         const userExists = await Person.findByEmail(req.body.email);
         // If the user does not exist, do not inform them of the absence
-        // of the user
         if (userExists) {
             const secret = crypto.randomBytes(16).toString('hex');
-            await RequestResetPassword.add(req.body.email, secret);
+            await ResetPassword.add(req.body.email, secret);
-            mailUtils.sendMail(req.body.email, 'Blink Reset Password', secret, null);
+            const body = `Click on this link: ...${secret} to reset your Blink password. If you did not ask for such a change, simply ignore this e-mail.`;
+            mailUtils.sendMail(req.body.email, 'Blink Reset Password', body, null);
         }
-        return res.status(204).send();
+        res.status(204).send();
     } catch (error) {
         console.error(`Error in function ${registerPerson.name}: ${error}`);
         res.status(500).json({
@@ -36,8 +37,31 @@ async function add(req, res) {
     }
 }
 
+async function reset(req, res) {
+    try {
+        const requester = await ResetPassword.findBySecret(req.body.secret);
+        if (requester) {
+            const diffMilliseconds = Date.now() - requester.time_of_request.getTime();
+            // Check whether the request was not performed more than 30 minutes ago
+            if(diffMilliseconds / (1000 * 60) <= 30){
+                const newPassword = await bcrypt.hash(req.body.password, 10);
+                ResetPassword.resetPassword(newPassword, req.body.secret);
+                return res.status(204).send();
+            }
+        }
+        return res.status(400).send("Request either invalid or expired");
+        
+    } catch (error) {
+        console.error(`Error in function ${reset.name}: ${error}`);
+        res.status(500).json({
+            error: 'Internal server error'
+        });
+    }
+}
+
 const routes = express.Router();
 routes.post('/request', add);
+routes.post('/reset', reset);
 
 module.exports = {
     routes