Implement forgotten password funcitonality (#324)

* forgot password and reset forgotten password * included APP_URL_LOCAL in .env file * throw Exceptions on error * new providers into the tests * replaced exception with logger and increase jwt time of expiration * conditional on the value of APP_ENV * renamed functions * renamed functions * template change requested * renamed as requested * exception message * test errors * test errors * throw error instead logger
podkrepi-bg · Aug 14, 2022 · 7bf1f2a · 7bf1f2a · github-actions · Aug 14, 2022
1 parent ff9f1e7
commit 7bf1f2a
Show file tree

Hide file tree

Showing 15 changed files with 301 additions and 2 deletions.
diff --git a/.env b/.env
@@ -16,6 +16,8 @@ TARGET_ENV=development
 ##############
 API_PORT=5010
 APP_URL=https://dev.podkrepi.bg
+APP_URL_LOCAL=http://localhost:3040
+
 
 ## Database ##
 ##############

diff --git a/.env.local.example b/.env.local.example
@@ -4,3 +4,4 @@ STRIPE_SECRET_KEY=stripe-key
 STRIPE_WEBHOOK_SECRET=stripe-secret
 S3_ACCESS_KEY=s3-access-key
 S3_SECRET_ACCESS_KEY=s3-secret-access-key
+JWT_SECRET_KEY = VerySecretPrivetKey
diff --git a/apps/api/src/account/account.controller.spec.ts b/apps/api/src/account/account.controller.spec.ts
@@ -11,6 +11,8 @@ import { HttpService } from '@nestjs/axios'
 import { KEYCLOAK_INSTANCE } from 'nest-keycloak-connect'
 import KeycloakConnect from 'keycloak-connect'
 import { mock, mockDeep } from 'jest-mock-extended'
+import { JwtService } from '@nestjs/jwt'
+import { EmailService } from '../email/email.service'
 
 describe('AccountController', () => {
   let controller: AccountController
@@ -56,6 +58,14 @@ describe('AccountController', () => {
           provide: KEYCLOAK_INSTANCE,
           useValue: mock<KeycloakConnect.Keycloak>(),
         },
+        {
+          provide: JwtService,
+          useValue: mockDeep<JwtService>(),
+        },
+        {
+          provide: EmailService,
+          useValue: mockDeep<EmailService>(),
+        },
       ],
     })
       .overrideProvider(ConfigService)

diff --git a/apps/api/src/account/account.service.spec.ts b/apps/api/src/account/account.service.spec.ts
@@ -1,11 +1,13 @@
 import KeycloakAdminClient from '@keycloak/keycloak-admin-client'
 import { HttpService } from '@nestjs/axios'
 import { ConfigService } from '@nestjs/config'
+import { JwtService } from '@nestjs/jwt'
 import { Test, TestingModule } from '@nestjs/testing'
 import { mock, mockDeep } from 'jest-mock-extended'
 import KeycloakConnect from 'keycloak-connect'
 import { KEYCLOAK_INSTANCE } from 'nest-keycloak-connect'
 import { AuthService } from '../auth/auth.service'
+import { EmailService } from '../email/email.service'
 import { PersonService } from '../person/person.service'
 import { MockPrismaService } from '../prisma/prisma-client.mock'
 import { AccountService } from './account.service'
@@ -43,6 +45,14 @@ describe('AccountService', () => {
           provide: KEYCLOAK_INSTANCE,
           useValue: mock<KeycloakConnect.Keycloak>(),
         },
+        {
+          provide: JwtService,
+          useValue: mockDeep<JwtService>(),
+        },
+        {
+          provide: EmailService,
+          useValue: mockDeep<EmailService>(),
+        },
       ],
     }).compile()
 

diff --git a/apps/api/src/assets/templates/forgot-password.json b/apps/api/src/assets/templates/forgot-password.json
@@ -0,0 +1,3 @@
+{
+  "subject": "Забравена парола за Подкрепи.бг"
+}
diff --git a/apps/api/src/assets/templates/forgot-password.mjml b/apps/api/src/assets/templates/forgot-password.mjml
@@ -0,0 +1,55 @@
+<mjml>
+  <mj-body background-color="#ffffff" font-size="13px">
+    <mj-section
+      background-color="#009FE3"
+      vertical-align="top"
+      padding-bottom="0px"
+      padding-top="0">
+    </mj-section>
+    <mj-section background-color="#009fe3" padding-bottom="20px" padding-top="20px">
+      <mj-column vertical-align="middle" width="100%">
+        <mj-text
+          align="left"
+          color="#ffffff"
+          font-size="22px"
+          font-family="open Sans Helvetica, Arial, sans-serif"
+          padding-left="25px"
+          padding-right="25px">
+          <span style="color: #feeb35"> Здравейте {{firstName}} {{lastName}}, </span>
+          <br /><br />
+        </mj-text>
+        <mj-text
+          align="left"
+          color="#ffffff"
+          font-size="15px"
+          font-family="open Sans Helvetica, Arial, sans-serif"
+          padding-left="25px"
+          padding-right="25px">
+          някой (може би Вие) е пуснал заявка за смяна на парола за достъп до Подкрепи.бг.<br /><br />
+          Ако не сте пускали подобна заявка, не е необходимо да правите нищо.<br /><br />
+          Ако Вие сте поискали възстановяване на паролата, натиснете бутона „Нова парола“.<br /><br />
+        </mj-text>
+        <mj-button
+          align="center"
+          font-size="18px"
+          background-color="#20c5a0"
+          border-radius="8px"
+          color="#fff"
+          font-family="open Sans Helvetica, Arial, sans-serif"
+          href="{{link}}"
+          >Нова парола
+        </mj-button>
+        <mj-text
+          align="left"
+          color="#ffffff"
+          font-size="15px"
+          font-family="open Sans Helvetica, Arial, sans-serif"
+          padding-left="25px"
+          padding-right="25px">
+          Поздрави, <br />
+          Екипът на Подкрепи.бг
+        </mj-text>
+      </mj-column>
+    </mj-section>
+  </mj-body>
+</mjml>
diff --git a/apps/api/src/auth/auth.module.ts b/apps/api/src/auth/auth.module.ts
@@ -10,13 +10,17 @@ import { KeycloakConfigService } from '../config/keycloak-config.service'
 import { RefreshController } from './refresh.controller'
 import { HttpModule } from '@nestjs/axios'
 import { ProviderLoginController } from './provider-login.controller'
+import { JwtModule, JwtService } from '@nestjs/jwt'
+import { EmailService } from '../email/email.service'
+import { TemplateService } from '../email/template.service'
 
 @Module({
   controllers: [LoginController, RegisterController, RefreshController, ProviderLoginController],
-  providers: [AuthService, PrismaService],
+  providers: [AuthService, PrismaService, EmailService, JwtService, TemplateService],
   imports: [
     AppConfigModule,
     HttpModule,
+    JwtModule,
     KeycloakConnectModule.registerAsync({
       useExisting: KeycloakConfigService,
       imports: [AppConfigModule],

diff --git a/apps/api/src/auth/auth.service.spec.ts b/apps/api/src/auth/auth.service.spec.ts
@@ -16,6 +16,9 @@ import { MockPrismaService, prismaMock } from '../prisma/prisma-client.mock'
 import { RefreshDto } from './dto/refresh.dto'
 import { firstValueFrom, Observable } from 'rxjs'
 import { ProviderDto } from './dto/provider.dto'
+import { EmailService } from '../email/email.service'
+import { JwtService } from '@nestjs/jwt'
+import { TemplateService } from '../email/template.service'
 
 jest.mock('@keycloak/keycloak-admin-client')
 
@@ -25,6 +28,9 @@ describe('AuthService', () => {
   let admin: KeycloakAdminClient
   let httpService: HttpService
   let keycloak: KeycloakConnect.Keycloak
+  let sendEmail: EmailService
+  let jwtService: JwtService
+  let templateService: TemplateService
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
@@ -53,6 +59,18 @@ describe('AuthService', () => {
           provide: KEYCLOAK_INSTANCE,
           useValue: mockDeep<KeycloakConnect.Keycloak>(),
         },
+        {
+          provide: JwtService,
+          useValue: mockDeep<JwtService>(),
+        },
+        {
+          provide: EmailService,
+          useValue: mockDeep<EmailService>(),
+        },
+        {
+          provide: TemplateService,
+          useValue: mockDeep<TemplateService>(),
+        },
       ],
     }).compile()
 
@@ -61,6 +79,9 @@ describe('AuthService', () => {
     admin = module.get<KeycloakAdminClient>(KeycloakAdminClient)
     keycloak = module.get<KeycloakConnect.Keycloak>(KEYCLOAK_INSTANCE)
     httpService = module.get<HttpService>(HttpService)
+    sendEmail = module.get<EmailService>(EmailService)
+    jwtService = module.get<JwtService>(JwtService)
+    templateService = module.get<TemplateService>(TemplateService)
   })
 
   it('should be defined', () => {

diff --git a/apps/api/src/auth/auth.service.ts b/apps/api/src/auth/auth.service.ts
@@ -1,8 +1,10 @@
 import {
+  BadRequestException,
   Inject,
   Injectable,
   InternalServerErrorException,
   Logger,
+  NotFoundException,
   UnauthorizedException,
 } from '@nestjs/common'
 import { HttpService } from '@nestjs/axios'
@@ -23,6 +25,11 @@ import { RefreshDto } from './dto/refresh.dto'
 import { KeycloakTokenParsed } from './keycloak'
 import { ProviderDto } from './dto/provider.dto'
 import { UpdatePersonDto } from '../person/dto/update-person.dto'
+import { ForgottenPasswordEmailDto } from './dto/forgot-password.dto'
+import { JwtService } from '@nestjs/jwt'
+import { EmailService } from '../email/email.service'
+import { ForgottenPasswordMailDto } from '../email/template.interface'
+import { NewPasswordDto } from './dto/recovery-password.dto'
 
 type ErrorResponse = { error: string; data: unknown }
 type KeycloakErrorResponse = { error: string; error_description: string }
@@ -50,6 +57,8 @@ export class AuthService {
     private readonly admin: KeycloakAdminClient,
     private readonly prismaService: PrismaService,
     private readonly httpService: HttpService,
+    private jwtService: JwtService,
+    private sendEmail: EmailService,
     @Inject(KEYCLOAK_INSTANCE) private keycloak: KeycloakConnect.Keycloak,
   ) {}
 
@@ -273,4 +282,50 @@ export class AuthService {
       },
     )
   }
+
+  async sendMailForPasswordChange(forgotPasswordDto: ForgottenPasswordEmailDto) {
+    const stage = this.config.get<string>('APP_ENV') === 'development' ? 'APP_URL_LOCAL' : 'APP_URL'
+    const user = await this.prismaService.person.findFirst({
+      where: { email: forgotPasswordDto.email },
+    })
+    if (!user) {
+      throw new NotFoundException('Invalid email')
+    }
+    const payload = { username: user.email, sub: user.keycloakId }
+    const jtwSecret = process.env.JWT_SECRET_KEY
+    const access_token = this.jwtService.sign(payload, {
+      secret: jtwSecret,
+      expiresIn: '60m',
+    })
+    const appUrl = this.config.get<string>(stage)
+    const link = `${appUrl}/change-password?token=${access_token}`
+    const profile = {
+      email: user.email,
+      firstName: user.firstName,
+      lastName: user.lastName,
+      link: link,
+    }
+    const userEmail = { to: [user.email] }
+    const mail = new ForgottenPasswordMailDto(profile)
+    await this.sendEmail.sendFromTemplate(mail, userEmail)
+  }
+
+  async updateForgottenPassword(recoveryPasswordDto: NewPasswordDto) {
+    try {
+      const { sub: keycloakId } = this.jwtService.verify(recoveryPasswordDto.token, {
+        secret: process.env.JWT_SECRET_KEY,
+      })
+      return await this.updateUserPassword(keycloakId, recoveryPasswordDto)
+    } catch (error) {
+      const response = {
+        error: error.message,
+        data: error?.response?.data,
+      }
+      throw response.data
+        ? new NotFoundException(response.data)
+        : new BadRequestException(
+            'The forgotten password link has expired, request a new link and try again!',
+          )
+    }
+  }
 }
diff --git a/apps/api/src/auth/dto/forgot-password.dto.ts b/apps/api/src/auth/dto/forgot-password.dto.ts
@@ -0,0 +1,11 @@
+import { ApiProperty } from '@nestjs/swagger'
+import { Expose } from 'class-transformer'
+import { IsEmail, IsNotEmpty } from 'class-validator'
+
+export class ForgottenPasswordEmailDto {
+  @ApiProperty()
+  @Expose()
+  @IsNotEmpty()
+  @IsEmail()
+  public readonly email: string
+}
diff --git a/apps/api/src/auth/dto/recovery-password.dto.ts b/apps/api/src/auth/dto/recovery-password.dto.ts
@@ -0,0 +1,17 @@
+import { ApiProperty } from '@nestjs/swagger'
+import { Expose } from 'class-transformer'
+import { IsJWT, IsNotEmpty, IsString } from 'class-validator'
+
+export class NewPasswordDto {
+  @ApiProperty()
+  @Expose()
+  @IsNotEmpty()
+  @IsJWT()
+  public readonly token: string
+
+  @ApiProperty()
+  @Expose()
+  @IsNotEmpty()
+  @IsString()
+  public readonly password: string
+}
diff --git a/apps/api/src/auth/login.controller.ts b/apps/api/src/auth/login.controller.ts
@@ -2,7 +2,9 @@ import { Body, Controller, Post } from '@nestjs/common'
 import { Public, Resource, Scopes } from 'nest-keycloak-connect'
 
 import { AuthService } from './auth.service'
+import { ForgottenPasswordEmailDto } from './dto/forgot-password.dto'
 import { LoginDto } from './dto/login.dto'
+import { NewPasswordDto } from './dto/recovery-password.dto'
 
 @Controller('login')
 @Resource('login')
@@ -15,4 +17,15 @@ export class LoginController {
   async login(@Body() loginDto: LoginDto) {
     return await this.authService.login(loginDto)
   }
+
+  @Post('/forgot-password')
+  @Public()
+  async forgotPassword(@Body() forgotPasswordDto: ForgottenPasswordEmailDto) {
+    return await this.authService.sendMailForPasswordChange(forgotPasswordDto)
+  }
+  @Post('/reset-password')
+  @Public()
+  async recoveryPassword(@Body() RecoveryPasswordDto: NewPasswordDto) {
+    return await this.authService.updateForgottenPassword(RecoveryPasswordDto)
+  }
 }
diff --git a/apps/api/src/email/template.interface.ts b/apps/api/src/email/template.interface.ts
@@ -1,3 +1,4 @@
+import { CreatePersonDto } from '../person/dto/create-person.dto'
 import { CreateInquiryDto } from '../support/dto/create-inquiry.dto'
 import { CreateRequestDto } from '../support/dto/create-request.dto'
 
@@ -6,6 +7,7 @@ export enum TemplateType {
   welcomeInternal = 'welcome-internal',
   inquiryReceived = 'inquiry-received',
   inquiryReceivedInternal = 'inquiry-received-internal',
+  forgotPass = 'forgot-password',
 }
 export type TemplateTypeKeys = keyof typeof TemplateType
 export type TemplateTypeValues = typeof TemplateType[TemplateTypeKeys]
@@ -28,6 +30,10 @@ export abstract class EmailTemplate<C> {
   }
 }
 
+export class ForgottenPasswordMailDto extends EmailTemplate<CreatePersonDto> {
+  name = TemplateType.forgotPass
+}
+
 export class WelcomeEmailDto extends EmailTemplate<CreateRequestDto> {
   name = TemplateType.welcome
 }

diff --git a/package.json b/package.json
@@ -32,6 +32,7 @@
     "@nestjs/common": "8.4.5",
     "@nestjs/config": "2.0.0",
     "@nestjs/core": "8.4.5",
+    "@nestjs/jwt": "^9.0.0",
     "@nestjs/platform-express": "8.4.5",
     "@nestjs/swagger": "5.2.1",
     "@nestjs/terminus": "8.0.6",
St.^❔	Category	Percentage	Covered / Total
🟡	Statements	72.42%	1804/2491
🔴	Branches	44.81%	216/482
🔴	Functions	45.02%	217/482
🟡	Lines	70.49%	1593/2260