add account reset
This commit is contained in:
@@ -1,8 +1,6 @@
|
||||
import mongoose from "mongoose";
|
||||
import { AuthenticatedUser } from "../auth";
|
||||
import { orgModel } from "../organization/organization.schema";
|
||||
import { getFilterObject, getSortObject, PageQueryParams } from "../pagination";
|
||||
import { userModel } from "../user/user.schema";
|
||||
import {
|
||||
processedFields,
|
||||
processedModel,
|
||||
|
||||
@@ -4,8 +4,10 @@ import {
|
||||
deleteUser,
|
||||
ErrMissingOrdId,
|
||||
ErrOpNotValid,
|
||||
ErrUserNotFound,
|
||||
getUser,
|
||||
listUsers,
|
||||
resetUser,
|
||||
updateUser,
|
||||
} from "./user.service";
|
||||
import { CreateUserInput, UpdateUserInput } from "./user.schema";
|
||||
@@ -30,6 +32,23 @@ export async function createUserHandler(
|
||||
}
|
||||
}
|
||||
|
||||
export async function resetUserHandler(req: FastifyRequest, res: FastifyReply) {
|
||||
const { userId } = req.params as { userId: string };
|
||||
|
||||
try {
|
||||
await resetUser(userId, req.user);
|
||||
return res.code(200).send({ msg: "Account reset mail sent" });
|
||||
} catch (err) {
|
||||
if (
|
||||
err instanceof Error &&
|
||||
(err.message == ErrOpNotValid.message ||
|
||||
err.message == ErrUserNotFound.message)
|
||||
)
|
||||
return res.code(400).send({ error: err.message });
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
export async function getCurrentUserHandler(
|
||||
req: FastifyRequest,
|
||||
res: FastifyReply
|
||||
|
||||
@@ -5,6 +5,7 @@ import {
|
||||
getCurrentUserHandler,
|
||||
getUserHandler,
|
||||
listUserHandler,
|
||||
resetUserHandler,
|
||||
updateUserHandler,
|
||||
} from "./user.controller";
|
||||
import { $user } from "./user.schema";
|
||||
@@ -25,6 +26,15 @@ export default async function userRoutes(fastify: FastifyInstance) {
|
||||
createUserHandler
|
||||
);
|
||||
|
||||
fastify.post(
|
||||
"/:userId/reset",
|
||||
{
|
||||
config: { requiredClaims: ["user:write"] },
|
||||
preHandler: [fastify.authorize],
|
||||
},
|
||||
resetUserHandler
|
||||
);
|
||||
|
||||
fastify.get(
|
||||
"/me",
|
||||
{
|
||||
|
||||
@@ -4,6 +4,7 @@ import { CreateUserInput, UpdateUserInput, userModel } from "./user.schema";
|
||||
import { sendMail } from "../utils/mail";
|
||||
import { AuthenticatedUser } from "../auth";
|
||||
|
||||
export const ErrUserNotFound = new Error("user not found");
|
||||
export const ErrOpNotValid = new Error("operation is not valid");
|
||||
export const ErrMissingOrdId = new Error(
|
||||
"orgId is required when role is client"
|
||||
@@ -57,6 +58,42 @@ export async function createUser(
|
||||
.populate({ path: "orgId", select: "pid name avatar" });
|
||||
}
|
||||
|
||||
export async function resetUser(userId: string, user: AuthenticatedUser) {
|
||||
if (user.role !== "superAdmin") {
|
||||
throw ErrOpNotValid;
|
||||
}
|
||||
|
||||
const token = await generateToken();
|
||||
const userInDb = await userModel.findOneAndUpdate(
|
||||
{ pid: userId, tenantId: user.tenantId },
|
||||
{
|
||||
$set: {
|
||||
token: {
|
||||
value: token,
|
||||
expiry: new Date(Date.now() + 3600 * 48 * 1000),
|
||||
},
|
||||
},
|
||||
},
|
||||
{ new: true }
|
||||
);
|
||||
|
||||
if (!userInDb) {
|
||||
throw ErrUserNotFound;
|
||||
}
|
||||
|
||||
const sent = await sendMail(
|
||||
userInDb.email,
|
||||
"Quicker Permits account reset",
|
||||
`Click <a href="${
|
||||
process.env.SERVER_DOMAIN +
|
||||
"/auth/webauthn/register?token=" +
|
||||
token +
|
||||
"&email=" +
|
||||
userInDb.email
|
||||
}">here</a> to reset.`
|
||||
);
|
||||
}
|
||||
|
||||
export async function getUser(userId: string) {
|
||||
if (mongoose.Types.ObjectId.isValid(userId)) {
|
||||
return await userModel
|
||||
|
||||
Reference in New Issue
Block a user