feat: Implement reset password rest API endpoint

2024-07-16 16:22:10 +02:00
parent eac2f729a5
commit cf9e09ea7a
4 changed files with 76 additions and 1 deletions
--- a/packages/backend/src/controllers/api/v1/users/reset-password.js
+++ b/packages/backend/src/controllers/api/v1/users/reset-password.js
@@ -0,0 +1,23 @@
+import User from '../../../../models/user.js';
+import { renderError } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  const { token, password } = request.body;
+
+  const user = await User.query()
+    .findOne({
+      reset_password_token: token,
+    })
+    .throwIfNotFound();
+
+  if (!user.isResetPasswordTokenValid()) {
+    return renderError(response, [{ general: [invalidTokenErrorMessage] }]);
+  }
+
+  await user.resetPassword(password);
+
+  response.status(204).end();
+};
+
+const invalidTokenErrorMessage =
+  'Reset password link is not valid or expired. Try generating a new link.';
--- a/packages/backend/src/controllers/api/v1/users/reset-password.test.js
+++ b/packages/backend/src/controllers/api/v1/users/reset-password.test.js
@@ -0,0 +1,49 @@
+import { describe, it, beforeEach } from 'vitest';
+import request from 'supertest';
+import { DateTime } from 'luxon';
+import app from '../../../../app.js';
+import { createUser } from '../../../../../test/factories/user';
+
+describe('POST /api/v1/users/reset-password', () => {
+  let currentUser;
+
+  beforeEach(async () => {
+    currentUser = await createUser({
+      resetPasswordToken: 'sampleResetPasswordToken',
+      resetPasswordTokenSentAt: DateTime.now().toISO(),
+    });
+  });
+
+  it('should respond with no content', async () => {
+    await request(app)
+      .post('/api/v1/users/reset-password')
+      .send({
+        token: currentUser.resetPasswordToken,
+        password: 'newPassword',
+      })
+      .expect(204);
+  });
+
+  it('should return not found response for not existing user', async () => {
+    await request(app)
+      .post('/api/v1/users/reset-password')
+      .send({
+        token: 'nonExistingResetPasswordToken',
+      })
+      .expect(404);
+  });
+
+  it('should return unprocessable entity for existing user with expired reset password token', async () => {
+    const user = await createUser({
+      resetPasswordToken: 'anotherResetPasswordToken',
+      resetPasswordTokenSentAt: DateTime.now().minus({ days: 2 }).toISO(),
+    });
+
+    await request(app)
+      .post('/api/v1/users/reset-password')
+      .send({
+        token: user.resetPasswordToken,
+      })
+      .expect(422);
+  });
+});