4nk/lecoffre-back
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Checking sms code in login & hiding password in ressource

Browse Source
This commit is contained in:
Maxime Lalo 2023-11-24 10:21:31 +01:00
parent 220a77e063
commit ee97ccbf46
3 changed files with 36 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -56,7 +56,7 @@
"file-type-checker": "^1.0.8",
"fp-ts": "^2.16.1",
"jsonwebtoken": "^9.0.0",
"le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.95",
"le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.96",
"module-alias": "^2.2.2",
"monocle-ts": "^2.3.13",
"multer": "^1.4.5-lts.1",

45
src/app/api/customer/AuthController.ts
View File

@ -38,11 +38,10 @@ export default class AuthController extends ApiController {
return;
}
// if code has more than 5mn, regenerate it
if (
!customer.smsCodeExpire ||
(customer.smsCodeExpire && new Date().getTime() - customer.smsCodeExpire.getTime() > 5 * 60 * 1000)
) {
// if no sms code has been generated, generate it
// if code has expired, regenerate it
const now = new Date().getTime();
if (!customer.smsCodeExpire || now > customer.smsCodeExpire.getTime()) {
customer = await this.customerService.generateSmsCode(customer);
}
@ -57,7 +56,7 @@ export default class AuthController extends ApiController {
}
try {
this.httpSuccess(response, { email, customer });
this.httpSuccess(response, { info: "Sending a sms for a connection" });
} catch (error) {
console.log(error);
this.httpInternalError(response);
@ -68,12 +67,19 @@ export default class AuthController extends ApiController {
@Post("/api/v1/customer/login")
protected async login(req: Request, response: Response) {
const email = req.body["email"];
const smsCode = req.body["smsCode"];
const password = req.body["password"];
if (!email) {
this.httpBadRequest(response, "Email is required");
return;
}
if (!smsCode) {
this.httpBadRequest(response, "Sms code is required");
return;
}
if (!password) {
this.httpBadRequest(response, "Password is required");
return;
@ -95,6 +101,21 @@ export default class AuthController extends ApiController {
return;
}
if (!customer.smsCode) {
this.httpBadRequest(response, "No sms code found");
return;
}
if (!customer.smsCodeExpire || new Date().getTime() > customer.smsCodeExpire.getTime()) {
this.httpBadRequest(response, "Sms code expired");
return;
}
if (customer.smsCode !== smsCode) {
this.httpBadRequest(response, "Invalid sms code");
return;
}
if (!customer.password) {
this.httpBadRequest(response, "Customer not registered");
return;
@ -108,7 +129,7 @@ export default class AuthController extends ApiController {
}
try {
this.httpSuccess(response, { customer });
this.httpSuccess(response, { customer: Customer.hydrate<Customer>(customer) });
} catch (error) {
console.log(error);
this.httpInternalError(response);
@ -153,6 +174,11 @@ export default class AuthController extends ApiController {
return;
}
if (customer.password) {
this.httpBadRequest(response, "Password already set, please login");
return;
}
if (!customer.smsCode) {
this.httpBadRequest(response, "No sms code found");
return;
@ -163,11 +189,6 @@ export default class AuthController extends ApiController {
return;
}
if (customer.password) {
this.httpBadRequest(response, "Password already set");
return;
}
const hashedPassword = await this.authService.hashPassword(password);
await this.customerService.setPassword(customer, hashedPassword);

3
src/services/customer/CustomersService/CustomersService.ts
View File

@ -32,12 +32,13 @@ export default class CustomersService extends BaseService {
*/
public async generateSmsCode(customer: Customer) {
const smsCode = Math.floor(100000 + Math.random() * 900000);
const now = new Date();
return await this.customerRepository.update(
customer.uid as string,
Customer.hydrate<Customer>({
...customer,
smsCode: smsCode.toString(),
smsCodeExpire: new Date(),
smsCodeExpire: new Date(now.getTime() + 5 * 60 * 1000),
}),
);
}