diff --git a/src/handlers/userHandler.js b/src/handlers/userHandler.js index ae23d3c2..0b91141d 100644 --- a/src/handlers/userHandler.js +++ b/src/handlers/userHandler.js @@ -308,61 +308,203 @@ exports.fieldCheck = async (req, reply) => { exports.verifyPhone = async (req, reply) => { console.log("-------------------------------------------------"); try { - phone = req.body.phone; - phoneVerificationCode = req.body.phoneVerificationCode; + const { phone, phoneVerificationCode } = req.body; - // check if user exists in the system. If user exists , display message that - // username is not available console.log( - "this is the phone and verification code", + "Received phone and verification code:", phone, phoneVerificationCode ); - userExists = await User.findOne({ - phone: phone, - phoneVerified: false, - phoneVerificationCode: phoneVerificationCode, + + // Check if the user exists + const userExists = await User.findOne({ + phone, + phoneVerificationCode, + // phoneVerified: false, }); - console.log(userExists); + + console.log("Matching user:", userExists); + if (userExists) { - // update the phoneVerified flag to true. - const filter = { - phone: phone, - phoneVerificationCode: phoneVerificationCode, - }; - const update = { phoneVerified: true }; - const doc = await User.findOneAndUpdate(filter, update); - updatedUser = await User.findOne({ phone: phone }); + // Update the phoneVerified flag to true + const filter = { phone, phoneVerificationCode }; + const update = { $set: { phoneVerified: true } }; + + const doc = await User.findOneAndUpdate(filter, update, { new: true }); - if (updatedUser.phoneVerified) { - reply.send('{"armintatankdata":{"error":false,"verified": true}}'); + console.log("Updated user:", doc); + + if (doc && doc.phoneVerified) { + reply.send({ doc, + armintatankdata: { + error: false, + verified: true, + }, + }); } else { - error = { + reply.send({ armintatankdata: { error: true, code: 10005, message: "10005 - Verification code entered cannot be validated.", }, - }; - req.body.regError = error; - reply.send(error); + }); } } else { - error = { + reply.send({ armintatankdata: { error: true, code: 10005, message: "10005 - Verification code entered cannot be validated.", }, - }; - req.body.regError = error; - reply.send(error); + }); } } catch (err) { + console.error("Error in verifyPhone:", err); throw boom.boomify(err); } }; +exports.changePassword = async (req, reply) => { + try { + const { phone, newPassword, confirmPassword } = req.body; + + // Check if newPassword and confirmPassword match + if (newPassword !== confirmPassword) { + return reply.send({ + armintatankdata: { + error: true, + code: 10010, + message: "Passwords do not match.", + }, + }); + } + + // Hash the new password + const hash = await bcryptPassword(newPassword); + + // Check if user exists + const userExists = await User.findOne({ phone }); + if (!userExists) { + return reply.send({ + armintatankdata: { + error: true, + code: 10009, + message: "User not found.", + }, + }); + } + + // Update the password in the database + const updateResult = await User.updateOne( + { phone }, + { + $set: { + "services.password.bcrypt": hash, + oneTimePasswordSetFlag: false, + }, + } + ); + + // Check the result of the update operation + if (updateResult.nModified > 0) { + // Fetch the updated user data + const updatedUser = await User.findOne({ phone }); + + return reply.send({ + armintatankdata: { + error: false, + passwordChanged: true, + userData: updatedUser, // Include updated user data + message: "Password updated successfully.", + }, + }); + } else { + return reply.send({ + armintatankdata: { + error: true, + code: 10011, + message: "Failed to update the password. Try again.", + }, + }); + } + } catch (err) { + console.error("Error in changePassword:", err); + throw boom.boomify(err); + } +}; + +exports.verifyOldNewPassword = async (req, reply) => { + try { + const { phone, oldPassword, newPassword } = req.body; + + // Check if the user exists with the provided mobile number + const user = await User.findOne({ phone }); + if (!user) { + return reply.send({ + armintatankdata: { + error: true, + code: 10009, + message: "User not found.", + }, + }); + } + + // Verify the old password + const isOldPasswordCorrect = await bcrypt.compare(oldPassword, user.services.password.bcrypt); + if (!isOldPasswordCorrect) { + return reply.send({ + armintatankdata: { + error: true, + code: 10012, + message: "Old password is incorrect.", + }, + }); + } + + // Hash the new password + const hashedNewPassword = await bcrypt.hash(newPassword, 10); // Ensure you use bcrypt.hash here + + // Update the password in the database + const updateResult = await User.updateOne( + { phone }, + { + $set: { + "services.password.bcrypt": hashedNewPassword, + oneTimePasswordSetFlag: false, + }, + } + ); + + // Check if the update was successful + if (updateResult.nModified > 0) { + // Fetch the updated user details to send back in the response + const updatedUser = await User.findOne({ phone }).select('-services.password.bcrypt'); // Exclude the password + + return reply.send({ + armintatankdata: { + error: false, + message: "Password changed successfully.", + updatedUser, // Include the updated user details + }, + }); + } else { + return reply.send({ + armintatankdata: { + error: true, + code: 10011, + message: "Failed to update the password. Try again.", + }, + }); + } + } catch (err) { + console.error("Error in changePassword:", err); + throw boom.boomify(err); + } +}; + + + exports.sendPhoneVerificationCode = async (req, reply) => { // Setting a regError in request so a user is not sent a verificaiton code if registration is not successful // checkign if regError property is available in the req body, if it exists , do not send the message @@ -603,7 +745,7 @@ exports.resetPassword = async (req, reply) => { userExists = await User.findOne({ phone: phone, - // phoneVerificationCode: phoneVerificationCode, + phoneVerificationCode: phoneVerificationCode, }); console.log("userExists===", userExists); if (userExists) { @@ -611,7 +753,7 @@ exports.resetPassword = async (req, reply) => { const filter = { phone: phone, - //phoneVerificationCode: phoneVerificationCode, + phoneVerificationCode: phoneVerificationCode, }; console.log("filter", filter); diff --git a/src/routes/usersRoute.js b/src/routes/usersRoute.js index c5d03084..461cd335 100644 --- a/src/routes/usersRoute.js +++ b/src/routes/usersRoute.js @@ -215,6 +215,82 @@ module.exports = function (fastify, opts, next) { handler: validationHandler.verifyPhone, }); + fastify.route({ + method: "POST", + url: "/api/forgot-change-password", + schema: { + tags: ["User"], + description: "After OTP validation Change user password using mobile number and confirmation.", + summary: "After OTP validation Change user password using mobile number and confirmation.", + body: { + type: "object", + required: ["phone", "newPassword", "confirmPassword"], + properties: { + phone: { type: "string" }, + newPassword: { type: "string" }, + confirmPassword: { type: "string"}, + }, + }, + security: [ + { + basicAuth: [], + }, + ], + }, + handler: validationHandler.changePassword, + }); + + + fastify.route({ + method: "POST", + url: "/api/change-password", + schema: { + tags: ["User"], + description: "Users to change their password using mobile number, old password, and new password.", + summary: "Users to change their password using mobile number, old password, and new password.", + body: { + type: "object", + required: ["phone", "oldPassword", "newPassword"], + properties: { + phone: { type: "string"}, + oldPassword: { type: "string"}, + newPassword: { type: "string" }, + //confirmPassword: { type: "string", minLength: 6 }, + }, + }, + }, + handler: validationHandler.verifyOldNewPassword, // Adjust the path to your handler + }); + + + // fastify.route({ + // method: "POST", + // url: "/api/forgotpassword", + // schema: { + // tags: ["User"], + // description: "This is for forget password for the User.", + // summary: "This is for forget User Password.", + // body: { + // type: "object", + // required: ["phone"], + // properties: { + // phone: { type: "string" }, + // }, + // }, + // security: [ + // { + // basicAuth: [], + // }, + // ], + // }, + // // preHandler: [validationHandler.], + // handler: userController.forgotPassword, + // onResponse: (request, reply) => { + // validationHandler.sendPasswordResetCode(request, reply); + // }, + // }); + + fastify.route({ method: "POST", url: "/api/forgotpassword", @@ -235,11 +311,7 @@ module.exports = function (fastify, opts, next) { }, ], }, - // preHandler: [validationHandler.], handler: userController.forgotPassword, - onResponse: (request, reply) => { - validationHandler.sendPasswordResetCode(request, reply); - }, }); @@ -279,10 +351,10 @@ module.exports = function (fastify, opts, next) { summary: "This is for Reset User Password.", body: { type: "object", - required: ["phone", "resetPasswordCode", "newPassword"], + //required: ["phone", "passwordResetCode", "newPassword"], properties: { phone: { type: "string" }, - resetPasswordCode: { type: "string" }, + phoneVerificationCode: { type: "string" }, newPassword: { type: "string" }, }, },