add uuid check to password reset

Peppermint-Lab · Dec 3, 2023 · 975fdfd · 975fdfd
1 parent 3f0b26a
commit 975fdfd
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 13 deletions.
diff --git a/apps/api/src/controllers/auth.ts b/apps/api/src/controllers/auth.ts
@@ -67,7 +67,7 @@ export function authRoutes(fastify: FastifyInstance) {
     }
   );
 
-  // Forgot password
+  // Forgot password & generate code
   fastify.post(
     "/api/v1/auth/password-reset",
     async (request: FastifyRequest, reply: FastifyReply) => {
@@ -92,29 +92,29 @@ export function authRoutes(fastify: FastifyInstance) {
 
       const code = generateRandomCode();
 
-      await prisma.passwordResetToken.create({
+      const uuid = await prisma.passwordResetToken.create({
         data: {
           userId: user!.id,
           code: String(code),
         },
       });
 
-      forgotPassword(email, String(code), link);
+      forgotPassword(email, String(code), link, uuid.id);
 
       reply.send({
         success: true,
       });
     }
   );
 
-  // Generate code and send to email
+  // Check code & uuid us valid
   fastify.post(
     "/api/v1/auth/password-reset/code",
     async (request: FastifyRequest, reply: FastifyReply) => {
-      const { code } = request.body as { code: string };
+      const { code, uuid } = request.body as { code: string; uuid: string };
 
       const reset = await prisma.passwordResetToken.findUnique({
-        where: { code: code },
+        where: { code: code, id: uuid },
       });
 
       if (!reset) {
@@ -316,8 +316,6 @@ export function authRoutes(fastify: FastifyInstance) {
 
       const access_token = data.data;
 
-      console.log(access_token);
-
       if (access_token) {
         const gh = await axios.get(`https://api.github.com/user/emails`, {
           headers: {

diff --git a/apps/api/src/lib/nodemailer/auth/forgot-password.ts b/apps/api/src/lib/nodemailer/auth/forgot-password.ts
@@ -4,14 +4,15 @@ import { prisma } from "../../../prisma";
 export async function forgotPassword(
   email: string,
   code: string,
-  link: string
+  link: string,
+  token: string
 ) {
   try {
     let mail;
 
     const emails = await prisma.email.findMany();
 
-    const resetlink = `${link}/auth/reset-password?code=${code}`;
+    const resetlink = `${link}/auth/reset-password?token=${token}`;
 
     if (emails.length > 0) {
       if (process.env.ENVIRONMENT === "development") {
@@ -41,10 +42,10 @@ export async function forgotPassword(
       console.log("Sending email to: ", email);
 
       let info = await mail.sendMail({
-        from: '"No reply 👻" [email protected]', // sender address
+        from: "[email protected]", // sender address
         to: email, // list of receivers
         subject: `Password Reset Request`, // Subject line
-        text: `Password Reset Code: ${code}, follow this link to reset your password ${link}`, // plain text body
+        text: `Password Reset Code: ${code}, follow this link to reset your password ${resetlink}`, // plain text body
         html: `
       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
         <html lang="en">

diff --git a/apps/client/pages/auth/reset-password.tsx b/apps/client/pages/auth/reset-password.tsx
@@ -15,7 +15,7 @@ export default function Login({}) {
       {
         method: "POST",
         headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ code }),
+        body: JSON.stringify({ code, uuid: router.query.token }),
       }
     )
       .then((res) => res.json())