add account reset

src/processed/processed.service.ts

@@ -1,8 +1,6 @@
 import mongoose from "mongoose";
 import { AuthenticatedUser } from "../auth";
-import { orgModel } from "../organization/organization.schema";
 import { getFilterObject, getSortObject, PageQueryParams } from "../pagination";
-import { userModel } from "../user/user.schema";
 import {
   processedFields,
   processedModel,

src/user/user.controller.ts

@@ -4,8 +4,10 @@ import {
   deleteUser,
   ErrMissingOrdId,
   ErrOpNotValid,
+  ErrUserNotFound,
   getUser,
   listUsers,
+  resetUser,
   updateUser,
 } from "./user.service";
 import { CreateUserInput, UpdateUserInput } from "./user.schema";
@@ -30,6 +32,23 @@ export async function createUserHandler(
   }
 }
 
+export async function resetUserHandler(req: FastifyRequest, res: FastifyReply) {
+  const { userId } = req.params as { userId: string };
+
+  try {
+    await resetUser(userId, req.user);
+    return res.code(200).send({ msg: "Account reset mail sent" });
+  } catch (err) {
+    if (
+      err instanceof Error &&
+      (err.message == ErrOpNotValid.message ||
+        err.message == ErrUserNotFound.message)
+    )
+      return res.code(400).send({ error: err.message });
+    return err;
+  }
+}
+
 export async function getCurrentUserHandler(
   req: FastifyRequest,
   res: FastifyReply

src/user/user.route.ts

@@ -5,6 +5,7 @@ import {
   getCurrentUserHandler,
   getUserHandler,
   listUserHandler,
+  resetUserHandler,
   updateUserHandler,
 } from "./user.controller";
 import { $user } from "./user.schema";
@@ -25,6 +26,15 @@ export default async function userRoutes(fastify: FastifyInstance) {
     createUserHandler
   );
 
+  fastify.post(
+    "/:userId/reset",
+    {
+      config: { requiredClaims: ["user:write"] },
+      preHandler: [fastify.authorize],
+    },
+    resetUserHandler
+  );
+
   fastify.get(
     "/me",
     {

src/user/user.service.ts

@@ -4,6 +4,7 @@ import { CreateUserInput, UpdateUserInput, userModel } from "./user.schema";
 import { sendMail } from "../utils/mail";
 import { AuthenticatedUser } from "../auth";
 
+export const ErrUserNotFound = new Error("user not found");
 export const ErrOpNotValid = new Error("operation is not valid");
 export const ErrMissingOrdId = new Error(
   "orgId is required when role is client"
@@ -57,6 +58,42 @@ export async function createUser(
     .populate({ path: "orgId", select: "pid name avatar" });
 }
 
+export async function resetUser(userId: string, user: AuthenticatedUser) {
+  if (user.role !== "superAdmin") {
+    throw ErrOpNotValid;
+  }
+
+  const token = await generateToken();
+  const userInDb = await userModel.findOneAndUpdate(
+    { pid: userId, tenantId: user.tenantId },
+    {
+      $set: {
+        token: {
+          value: token,
+          expiry: new Date(Date.now() + 3600 * 48 * 1000),
+        },
+      },
+    },
+    { new: true }
+  );
+
+  if (!userInDb) {
+    throw ErrUserNotFound;
+  }
+
+  const sent = await sendMail(
+    userInDb.email,
+    "Quicker Permits account reset",
+    `Click <a href="${
+      process.env.SERVER_DOMAIN +
+      "/auth/webauthn/register?token=" +
+      token +
+      "&email=" +
+      userInDb.email
+    }">here</a> to reset.`
+  );
+}
+
 export async function getUser(userId: string) {
   if (mongoose.Types.ObjectId.isValid(userId)) {
     return await userModel