diff --git a/model/user.js b/model/user.js index 01c6015..9f12416 100644 --- a/model/user.js +++ b/model/user.js @@ -31,6 +31,8 @@ const userSchema = new mongoose.Schema({ approved: { type: Boolean, default: false }, // googleId: String, // profile: String, + resetTokenExpiration: Date, + resetToken:String }); const User = new mongoose.model("User", userSchema); diff --git a/routers/userRoutes.js b/routers/userRoutes.js index 673704c..0fbf5bb 100644 --- a/routers/userRoutes.js +++ b/routers/userRoutes.js @@ -1,5 +1,6 @@ const express = require("express"); const router = new express.Router(); +const path =require("path"); const bcrypt = require("bcrypt"); const saltRounds = 10; @@ -83,83 +84,6 @@ router.post("/login", async function (req, res) { } }); -router.route("/forgot-password").get(async (req, res) => { - res.render("forget-password"); -}); - -router.route("/reset-password").get(async (req, res) => { - const { email, token } = req.query; - - try { - const user = await User.findOne({ - email, - resetToken: token, - resetTokenExpiration: { $gt: Date.now() }, - }); - - if (!user) { - return res.status(400).send("Invalid or expired reset token"); - } - - // Verify the token - try { - const decodedToken = jwt.verify(token, process.env.ACCESS_TOKEN_SECRET); - // Process the decoded token (e.g., extract information from it) - console.log(decodedToken); - // Continue with the reset-password logic - res.render("reset-password", { email, token }); - } catch (error) { - // Handle JWT verification errors - console.error("JWT verification error:", error.message); - // You might want to send an error response or redirect the user - res.status(401).send("Unauthorized"); - } - } catch (error) { - console.error(error); - res.status(500).send("Internal Server Error"); - } -}); - -router.post(async (req, res) => { - const { email, token, newPassword } = req.body; - - try { - // Verify the token again - const user = await User.findOne({ - email, - resetToken: token, - resetTokenExpiration: { $gt: Date.now() }, - }); - - if (!user) { - return res.status(400).send("Invalid or expired reset token"); - } - - try { - const decodedToken = jwt.verify(token, process.env.ACCESS_TOKEN_SECRET); - // Process the decoded token (e.g., extract information from it) - console.log(decodedToken); - - // Update the user's password and reset the resetToken fields - const hash = await bcrypt.hash(newPassword, saltRounds); - user.password = hash; - user.resetToken = null; - user.resetTokenExpiration = null; - await user.save(); - - res.redirect("/login"); // Redirect to login page or any other desired page - } catch (error) { - // Handle JWT verification errors - console.error("JWT verification error:", error.message); - // You might want to send an error response or redirect the user - res.status(401).send("Unauthorized"); - } - } catch (error) { - console.error(error); - res.status(500).send("Internal Server Error"); - } -}); - // extra details added for the user router.post("/add-details", async (req, res) => { try { @@ -354,7 +278,12 @@ router.post("/User_singUp", async function (req, res) { } }); -router.post(async (req, res) => { +router.route("/forgot-password").get(async (req, res) => { + res.render("forget-password"); +}); + +//send Email for the reset password +router.route("/forgot-password").post(async (req, res) => { const { email } = req.body; try { const user = await User.findOne({ email }); @@ -370,6 +299,9 @@ router.post(async (req, res) => { ); user.resetTokenExpiration = Date.now() + 300000; // 5 minutes + user.resetToken = resetToken; + + console.log("use after setting ",user); await user.save(); // Send the reset link to the user via email @@ -393,7 +325,7 @@ router.post(async (req, res) => { attachments: [ { filename: "logo.png", - path: path.join(__dirname, "public", "img", "logo.png"), + path: path.join( "public", "img", "logo.png"), cid: "logo", }, ], @@ -414,4 +346,88 @@ router.post(async (req, res) => { } }); +// verify Email and render reset password page +router.route("/reset-password").get(async (req, res) => { + const { email, token } = req.query; + try { + const user = await User.findOne({ + email, + resetToken: token, + resetTokenExpiration: { $gt: Date.now() }, + }); + + if (!user) { + return res.status(400).send("Invalid or expired reset token"); + } + + // Verify the token + try { + const decodedToken = jwt.verify(token, process.env.ACCESS_TOKEN_SECRET); + // Process the decoded token (e.g., extract information from it) + console.log(decodedToken); + // Continue with the reset-password logic + res.render("set_password", { email, token }); + } catch (error) { + // Handle JWT verification errors + console.error("JWT verification error:", error.message); + // You might want to send an error response or redirect the user + res.status(401).send("Unauthorized"); + } + } catch (error) { + console.error(error); + res.status(500).send("Internal Server Error"); + } +}); + + +//verify the password +router.route("/reset-password").post(async (req, res) => { + const {email,token} =req.query; + const { newPassword } = req.body; + // console.log(" User Info",email,token,newPassword); + + try { + // Verify the token again + const user = await User.findOne({ + email, + resetToken: token, + resetTokenExpiration: { $gt: Date.now() }, + }); + + if (!user) { + return res.status(400).send("Invalid or expired reset token"); + } + + try { + const decodedToken = jwt.verify(token, process.env.ACCESS_TOKEN_SECRET); + // Process the decoded token (e.g., extract information from it) + console.log(decodedToken); + + // Update the user's password and reset the resetToken fields + const hash = await bcrypt.hash(newPassword, saltRounds); + user.password = hash; + user.resetToken = null; + user.resetTokenExpiration = null; + await user.save(); + + return res.render("UserDashBoard", { + fullName: user.fullName, + email: user.email, + phoneNo: user.Mobile, + address: user.address, + }); + + // Redirect to login page or any other desired page + } catch (error) { + // Handle JWT verification errors + console.error("JWT verification error:", error.message); + // You might want to send an error response or redirect the user + res.status(401).send("Unauthorized"); + } + } catch (error) { + console.error(error); + res.status(500).send("Internal Server Error"); + } +}); + module.exports = router; diff --git a/views/forget-password.ejs b/views/forget-password.ejs index 1ec00f2..e2a37b5 100644 --- a/views/forget-password.ejs +++ b/views/forget-password.ejs @@ -125,8 +125,7 @@