From 3fd628cb05b49b12008769ba61b6a07f9d5427d2 Mon Sep 17 00:00:00 2001 From: Faruk AYDIN Date: Tue, 16 Jul 2024 15:43:15 +0200 Subject: [PATCH] feat: Implement forgot password rest API endpoint --- .../api/v1/admin/users/delete-user.test.js | 9 +----- .../api/v1/users/forgot-password.js | 13 ++++++++ .../api/v1/users/forgot-password.test.js | 30 +++++++++++++++++++ .../backend/src/graphql/mutation-resolvers.js | 8 +++-- packages/backend/src/models/user.js | 30 +++++++++++++++++++ packages/backend/src/routes/api/v1/users.js | 2 ++ 6 files changed, 81 insertions(+), 11 deletions(-) create mode 100644 packages/backend/src/controllers/api/v1/users/forgot-password.js create mode 100644 packages/backend/src/controllers/api/v1/users/forgot-password.test.js diff --git a/packages/backend/src/controllers/api/v1/admin/users/delete-user.test.js b/packages/backend/src/controllers/api/v1/admin/users/delete-user.test.js index a6dbfd93..8e19a4c3 100644 --- a/packages/backend/src/controllers/api/v1/admin/users/delete-user.test.js +++ b/packages/backend/src/controllers/api/v1/admin/users/delete-user.test.js @@ -1,11 +1,10 @@ -import { vi, describe, it, beforeEach } from 'vitest'; +import { describe, it, beforeEach } from 'vitest'; import request from 'supertest'; import Crypto from 'crypto'; import app from '../../../../../app.js'; import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id'; import { createUser } from '../../../../../../test/factories/user'; import { createRole } from '../../../../../../test/factories/role'; -import * as license from '../../../../../helpers/license.ee.js'; describe('DELETE /api/v1/admin/users/:userId', () => { let currentUser, currentUserRole, anotherUser, token; @@ -20,8 +19,6 @@ describe('DELETE /api/v1/admin/users/:userId', () => { }); it('should soft delete user and respond with no content', async () => { - vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true); - await request(app) .delete(`/api/v1/admin/users/${anotherUser.id}`) .set('Authorization', token) @@ -29,8 +26,6 @@ describe('DELETE /api/v1/admin/users/:userId', () => { }); it('should return not found response for not existing user UUID', async () => { - vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true); - const notExistingUserUUID = Crypto.randomUUID(); await request(app) @@ -40,8 +35,6 @@ describe('DELETE /api/v1/admin/users/:userId', () => { }); it('should return bad request response for invalid UUID', async () => { - vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true); - await request(app) .delete('/api/v1/admin/users/invalidUserUUID') .set('Authorization', token) diff --git a/packages/backend/src/controllers/api/v1/users/forgot-password.js b/packages/backend/src/controllers/api/v1/users/forgot-password.js new file mode 100644 index 00000000..900581ce --- /dev/null +++ b/packages/backend/src/controllers/api/v1/users/forgot-password.js @@ -0,0 +1,13 @@ +import User from '../../../../models/user.js'; + +export default async (request, response) => { + const { email } = request.body; + + const user = await User.query() + .findOne({ email: email.toLowerCase() }) + .throwIfNotFound(); + + await user.sendResetPasswordEmail(); + + response.status(204).end(); +}; diff --git a/packages/backend/src/controllers/api/v1/users/forgot-password.test.js b/packages/backend/src/controllers/api/v1/users/forgot-password.test.js new file mode 100644 index 00000000..4cb441a7 --- /dev/null +++ b/packages/backend/src/controllers/api/v1/users/forgot-password.test.js @@ -0,0 +1,30 @@ +import { describe, it, beforeEach } from 'vitest'; +import request from 'supertest'; +import app from '../../../../app.js'; +import { createUser } from '../../../../../test/factories/user'; + +describe('POST /api/v1/users/forgot-password', () => { + let currentUser; + + beforeEach(async () => { + currentUser = await createUser(); + }); + + it('should respond with no content', async () => { + await request(app) + .post('/api/v1/users/forgot-password') + .send({ + email: currentUser.email, + }) + .expect(204); + }); + + it('should return not found response for not existing user UUID', async () => { + await request(app) + .post('/api/v1/users/forgot-password') + .send({ + email: 'nonexisting@automatisch.io', + }) + .expect(404); + }); +}); diff --git a/packages/backend/src/graphql/mutation-resolvers.js b/packages/backend/src/graphql/mutation-resolvers.js index 5d90f137..988d91bc 100644 --- a/packages/backend/src/graphql/mutation-resolvers.js +++ b/packages/backend/src/graphql/mutation-resolvers.js @@ -10,12 +10,9 @@ import deleteCurrentUser from './mutations/delete-current-user.ee.js'; import deleteFlow from './mutations/delete-flow.js'; import deleteRole from './mutations/delete-role.ee.js'; import deleteStep from './mutations/delete-step.js'; -import deleteUser from './mutations/delete-user.ee.js'; import duplicateFlow from './mutations/duplicate-flow.js'; import executeFlow from './mutations/execute-flow.js'; -import forgotPassword from './mutations/forgot-password.ee.js'; import generateAuthUrl from './mutations/generate-auth-url.js'; -import login from './mutations/login.js'; import registerUser from './mutations/register-user.ee.js'; import resetConnection from './mutations/reset-connection.js'; import resetPassword from './mutations/reset-password.ee.js'; @@ -33,6 +30,11 @@ import upsertSamlAuthProvider from './mutations/upsert-saml-auth-provider.ee.js' import upsertSamlAuthProvidersRoleMappings from './mutations/upsert-saml-auth-providers-role-mappings.ee.js'; import verifyConnection from './mutations/verify-connection.js'; +// Converted mutations +import deleteUser from './mutations/delete-user.ee.js'; +import login from './mutations/login.js'; +import forgotPassword from './mutations/forgot-password.ee.js'; + const mutationResolvers = { createAppAuthClient, createAppConfig, diff --git a/packages/backend/src/models/user.js b/packages/backend/src/models/user.js index 88d61302..bd610d72 100644 --- a/packages/backend/src/models/user.js +++ b/packages/backend/src/models/user.js @@ -20,7 +20,13 @@ import Step from './step.js'; import Subscription from './subscription.ee.js'; import UsageData from './usage-data.ee.js'; import Billing from '../helpers/billing/index.ee.js'; + import deleteUserQueue from '../queues/delete-user.ee.js'; +import emailQueue from '../queues/email.js'; +import { + REMOVE_AFTER_30_DAYS_OR_150_JOBS, + REMOVE_AFTER_7_DAYS_OR_50_JOBS, +} from '../helpers/remove-job-configuration.js'; class User extends Base { static tableName = 'users'; @@ -253,6 +259,30 @@ class User extends Base { await deleteUserQueue.add(jobName, jobPayload, jobOptions); } + async sendResetPasswordEmail() { + await this.generateResetPasswordToken(); + + const jobName = `Reset Password Email - ${this.id}`; + + const jobPayload = { + email: this.email, + subject: 'Reset Password', + template: 'reset-password-instructions.ee', + params: { + token: this.resetPasswordToken, + webAppUrl: appConfig.webAppUrl, + fullName: this.fullName, + }, + }; + + const jobOptions = { + removeOnComplete: REMOVE_AFTER_7_DAYS_OR_50_JOBS, + removeOnFail: REMOVE_AFTER_30_DAYS_OR_150_JOBS, + }; + + await emailQueue.add(jobName, jobPayload, jobOptions); + } + isResetPasswordTokenValid() { if (!this.resetPasswordTokenSentAt) { return false; diff --git a/packages/backend/src/routes/api/v1/users.js b/packages/backend/src/routes/api/v1/users.js index c1432f64..34e8bb55 100644 --- a/packages/backend/src/routes/api/v1/users.js +++ b/packages/backend/src/routes/api/v1/users.js @@ -10,6 +10,7 @@ import getInvoicesAction from '../../../controllers/api/v1/users/get-invoices.ee import getSubscriptionAction from '../../../controllers/api/v1/users/get-subscription.ee.js'; import getPlanAndUsageAction from '../../../controllers/api/v1/users/get-plan-and-usage.ee.js'; import acceptInvitationAction from '../../../controllers/api/v1/users/accept-invitation.js'; +import forgotPasswordAction from '../../../controllers/api/v1/users/forgot-password.js'; const router = Router(); @@ -51,5 +52,6 @@ router.get( ); router.post('/invitation', asyncHandler(acceptInvitationAction)); +router.post('/forgot-password', asyncHandler(forgotPasswordAction)); export default router;