diff --git a/src/controllers/userController.js b/src/controllers/userController.js index f63fccb3..6386f657 100644 --- a/src/controllers/userController.js +++ b/src/controllers/userController.js @@ -280,35 +280,49 @@ exports.addUser = async (req, reply) => { // Accepts a user , password , and checks in the system to see if user exists , and password is valid // returns a user object so that jwt token can be created and sent back to the client -exports.loginUser = async (req, fcmId, deviceId) => { +exports.loginUser = async (req, fcmIds, deviceId) => { try { - const phone = req.body.phone; - const password = req.body.password; - - const user = await User.findOne({ phone: phone }); - if (user) { - const isSame = await bcryptComparePassword( - password, - user.services.password.bcrypt - ); - if (isSame) { - // Optionally, you can save/update fcmId and deviceId here - user.fcmId = fcmId; - user.deviceId = deviceId; - await user.save(); - - return { same: true, user: user }; - } else { - return { same: false }; + const { phone, password } = req.body; + let user = await User.findOne({ phone }); + let isStaff = false; + let staffMember = null; + + // If not a main user, check staff inside all users + if (!user) { + const users = await User.find({ "staff.staff.phone": phone }); + for (const u of users) { + const foundStaff = u.staff.staff.find((s) => s.phone === phone); + if (foundStaff) { + user = u; // Assign user as the main user under which the staff exists + staffMember = foundStaff; + isStaff = true; + break; + } } + } + + // If no user or staff found, return invalid credentials + if (!user) return { same: false }; + + // Validate password + let isSame = false; + if (isStaff) { + isSame = password === staffMember.password; // Plain text comparison for staff } else { - return { same: false }; + isSame = await bcrypt.compare(password, user.services.password.bcrypt); // Bcrypt for main users } + + if (!isSame) return { same: false }; + + // Update deviceId + user.deviceId = deviceId; + await user.save(); + + return { same: true, user, isStaff, staffMember }; } catch (err) { throw boom.boomify(err); } }; - exports.loginUserWithOTP = async (req) => { try { const phone = req.body.phone; diff --git a/src/index.js b/src/index.js index f90f4a78..54541cde 100644 --- a/src/index.js +++ b/src/index.js @@ -166,120 +166,18 @@ fastify.post("/api/login", { properties: { phone: { type: "string" }, password: { type: "string" }, - // fcmId: { type: "string" }, // Add this line - fcmIds: { - type: "array", // Change this to allow an array - items: { type: "string" }, // Each item in the array is a string - default: [], // Default value if not provided - }, - deviceId: { type: "string" } // Add this line + fcmIds: { type: "array", items: { type: "string" }, default: [] }, + deviceId: { type: "string" }, }, }, }, async handler(req, reply) { - // Pass fcmId and deviceId to the loginUser function const { phone, password, fcmIds, deviceId } = req.body; - console.log(password,phone) - const loginObject = await userController.loginUser(req, fcmIds, deviceId); + console.log(password, phone); - if (loginObject.same) { - console.log("entered 1st loop") - const phoneVerified = loginObject.user.phoneVerified; - const oneTimePasswordSetFlag = loginObject.user.oneTimePasswordSetFlag; - console.log( - "oneTimePasswordSetFlag is ......", - oneTimePasswordSetFlag, - typeof oneTimePasswordSetFlag, - typeof phoneVerified - ); - if (fcmIds && fcmIds.length > 0) { - await User.updateOne( - { customerId: loginObject.user.customerId }, - { $addToSet: { fcmIds: { $each: fcmIds } } } // Add multiple FCM IDs, avoiding duplicates - ); - } - if (!phoneVerified) { - reply.send({ - simplydata: { - error: false, - phoneVerified: false, - phone: loginObject.user.phone, - oneTimePasswordSetFlag: oneTimePasswordSetFlag, - message: "Please Verify your phone number", - }, - }); - } else if (oneTimePasswordSetFlag) { - reply.send({ - simplydata: { - error: false, - phoneVerified: phoneVerified, - phone: loginObject.user.phone, - oneTimePasswordSetFlag: true, - message: "Password must be reset", - }, - }); - } else { - const token = fastify.jwt.sign( - { - username: loginObject.user.username, - userId: loginObject.user._id, - roles: loginObject.user.profile.role, - }, - { expiresIn: "30d" } - ); - const arr = loginObject.user.profile.role; - const arrayToString = JSON.stringify(Object.assign({}, arr)); // convert array to string - const stringToJsonObject = JSON.parse(arrayToString); // convert string to json object - const c_id = loginObject.user.customerId; - const profilePicture = await ProfilePicture.findOne({ customerId: c_id }); - - if (!profilePicture) { - reply.send({ - simplydata: { - error: false, - apiversion: fastify.config.APIVERSION, - access_token: token, - buildingName: loginObject.user.buildingName, - email: loginObject.user.emails, - phone: loginObject.user.phone, - customerId: loginObject.user.customerId, - username: loginObject.user.username, - address1: loginObject.user.profile.address1, - address2: loginObject.user.profile.address2, - phoneVerified: loginObject.user.phoneVerified, - oneTimePasswordSetFlag: loginObject.user.oneTimePasswordSetFlag, - latitude: loginObject.user.latitude, - longitude: loginObject.user.longitude, - type: loginObject.user.profile.role, - typeasobj: stringToJsonObject, - }, - }); - } else { - reply.send({ - simplydata: { - error: false, - apiversion: fastify.config.APIVERSION, - access_token: token, - picture: profilePicture.picture, - email: loginObject.user.emails, - phone: loginObject.user.phone, - buildingName: loginObject.user.buildingName, - customerId: loginObject.user.customerId, - username: loginObject.user.username, - address1: loginObject.user.profile.address1, - address2: loginObject.user.profile.address2, - phoneVerified: loginObject.user.phoneVerified, - oneTimePasswordSetFlag: loginObject.user.oneTimePasswordSetFlag, - latitude: loginObject.user.latitude, - longitude: loginObject.user.longitude, - type: loginObject.user.profile.role, - typeasobj: stringToJsonObject, - }, - }); - } - } - } else { - reply.send({ + const loginObject = await userController.loginUser(req, fcmIds, deviceId); + if (!loginObject.same) { + return reply.send({ simplydata: { error: true, code: 400, @@ -287,10 +185,83 @@ fastify.post("/api/login", { }, }); } + + const user = loginObject.user; + const phoneVerified = user.phoneVerified; + const oneTimePasswordSetFlag = user.oneTimePasswordSetFlag; + + if (fcmIds.length > 0) { + await User.updateOne( + { customerId: user.customerId }, + { $addToSet: { fcmIds: { $each: fcmIds } } } + ); + } + + if (!phoneVerified) { + return reply.send({ + simplydata: { + error: false, + phoneVerified: false, + phone: user.phone, + oneTimePasswordSetFlag, + message: "Please Verify your phone number", + }, + }); + } + + if (oneTimePasswordSetFlag) { + return reply.send({ + simplydata: { + error: false, + phoneVerified, + phone: user.phone, + oneTimePasswordSetFlag: true, + message: "Password must be reset", + }, + }); + } + + const tokenPayload = { + username: loginObject.isStaff ? loginObject.staffMember.name : user.username, + userId: user._id, + roles: user.profile.role, + }; + + const token = fastify.jwt.sign(tokenPayload, { expiresIn: "30d" }); + + const profilePicture = await ProfilePicture.findOne({ customerId: user.customerId }); + const responsePayload = { + simplydata: { + error: false, + apiversion: fastify.config.APIVERSION, + access_token: token, + buildingName: user.buildingName, + email: user.emails, + phone: user.phone, + customerId: user.customerId, + username: loginObject.isStaff ? loginObject.staffMember.name : user.username, + address1: user.profile.address1, + address2: user.profile.address2, + phoneVerified: user.phoneVerified, + oneTimePasswordSetFlag: user.oneTimePasswordSetFlag, + latitude: user.latitude, + longitude: user.longitude, + type: user.profile.role, + loginType: loginObject.isStaff ? "staff" : "user", + }, + }; + + if (profilePicture) { + responsePayload.simplydata.picture = profilePicture.picture; + } + + reply.send(responsePayload); }, }); + + fastify.post("/api/installotplogin", { schema: { description: "This is for Login Otp Installation",