From 2d434b9198b069e28361f43850c4f5424f7ec489 Mon Sep 17 00:00:00 2001
From: "tomosa.sarkar" <tomosa.sarkar@tcs.com>
Date: Fri, 10 Oct 2025 17:27:00 +0530
Subject: [PATCH] feat: login IB by two step verification chore: add message
 template

---
 src/controllers/auth.controller.js | 19 ++++++++++++++++++-
 src/controllers/otp.controller.js  | 15 +++++++++++++--
 src/util/sms_template.js           | 12 ++++++++++--
 3 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
index 909d48a..ab47161 100644
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -4,9 +4,10 @@ const { logger } = require('../util/logger');
 const db = require('../config/db');
 const dayjs = require('dayjs');
 const { comparePassword } = require('../util/hash');
+const customerController = require('../controllers/customer_details.controller.js');
 
 async function login(req, res) {
-  const { customerNo, password } = req.body;
+  const { customerNo, password, otp } = req.body;
   const loginType = req.headers['x-login-type'] || 'standard';
 
   if (!customerNo || !password) {
@@ -30,6 +31,22 @@ async function login(req, res) {
         .status(401)
         .json({ error: 'Password Expired.Please Contact with Administrator' });
 
+    // if present then get his phone number from CBS
+    const userDetails = await customerController.getDetails(customerNo);
+    const singleUserDetail = userDetails[0];
+    if (!singleUserDetail?.mobileno)
+      return res.status(400).json({ error: 'USER_PHONE_NOT_FOUND' });
+    const mobileNumber = singleUserDetail.mobileno;
+
+    // For otp generate in IB
+    if (loginType.toUpperCase() === "IB" && !otp) {
+      logger.info(`credential verified but otp required | Type: ${loginType}`);
+      return res.status(202).json({
+        status: "OTP_REQUIRED",
+        mobile: mobileNumber
+      });
+    }
+
     const token = generateToken(user.customer_no);
     const loginPswExpiry = user.password_hash_expiry;
     const rights = {
diff --git a/src/controllers/otp.controller.js b/src/controllers/otp.controller.js
index b88775e..33cc689 100644
--- a/src/controllers/otp.controller.js
+++ b/src/controllers/otp.controller.js
@@ -10,6 +10,7 @@ const templates = require('../util/sms_template');
 // Send OTP
 async function SendOtp(req, res) {
   const {
+    username,
     mobileNumber,
     type,
     amount,
@@ -33,6 +34,10 @@ async function SendOtp(req, res) {
     let otp = null;
     // Pick template based on type
     switch (type) {
+      case 'LOGIN_OTP':
+        otp = generateOTP(6);
+        message = templates.LOGIN_OTP(otp, username);
+        break;
       case 'IMPS':
         otp = generateOTP(6);
         message = templates.IMPS(otp);
@@ -52,6 +57,10 @@ async function SendOtp(req, res) {
       case 'BENEFICIARY_SUCCESS':
         message = templates.BENEFICIARY_SUCCESS(beneficiary);
         break;
+      case 'BENEFICIARY_DELETE':
+        otp = generateOTP(6);
+        message = templates.BENEFICIARY_DELETE(otp, beneficiary);
+        break;
       case 'NOTIFICATION':
         message = templates.NOTIFICATION(acctFrom, acctTo, amount, ref, date);
         break;
@@ -71,6 +80,10 @@ async function SendOtp(req, res) {
         otp = generateOTP(6);
         message = templates.CHANGE_TPWORD(otp);
         break;
+      case 'SET_TPWORD':
+        otp = generateOTP(6);
+        message = templates.SET_TPWORD(otp);
+        break;
       case 'CHANGE_MPIN':
         otp = generateOTP(6);
         message = templates.CHANGE_MPIN(otp);
@@ -104,10 +117,8 @@ async function SendOtp(req, res) {
       if (message.includes('OTP')) {
         await setJson(`otp:${mobileNumber}`, otp, 300);
       }
-
       logger.info(`Sent OTP [${otp}] for type [${type}] to ${mobileNumber}`);
     }
-
     return res.status(200).json({ message: 'Message sent successfully' });
   } catch (err) {
     logger.error(err, 'Error sending OTP');
diff --git a/src/util/sms_template.js b/src/util/sms_template.js
index dd721e8..bdf95cc 100644
--- a/src/util/sms_template.js
+++ b/src/util/sms_template.js
@@ -1,4 +1,6 @@
 const templates = {
+  LOGIN_OTP :(otp,username) =>`Dear Customer, Your username ${username} have been verified. Please enter the OTP: ${otp} to complete your login. -KCCB `,
+
   IMPS: (otp) => `Dear Customer, Please complete the fund transfer with OTP ${otp} -KCCB`,
 
   NEFT: (otp, amount, beneficiary) =>
@@ -8,7 +10,10 @@ const templates = {
     `Dear Customer, Please complete the RTGS of Rs.${amount} to ${beneficiary} with OTP:${otp} -KCCB`,
 
   BENEFICIARY_ADD: (otp, beneficiary, ifsc) =>
-    `Dear Customer, You have added beneficiary ${beneficiary} ${ifsc} for NEFT/RTGS. Please endorse the beneficiary with OTP ${otp} -KCCB`,
+    `Dear Customer, You have added beneficiary ${beneficiary} ${ifsc} for IMPS/NEFT/RTGS. Please endorse the beneficiary with OTP ${otp} -KCCB`,
+
+  BENEFICIARY_DELETE: (otp, beneficiary) =>
+    `Dear Customer, you have deleted the beneficiary ${beneficiary} for IMPS/NEFT/RTGS. Please confirm the deletion using OTP ${otp}. - KCCB`,
 
   BENEFICIARY_SUCCESS: (beneficiary) =>
     `Dear Customer, Your Beneficiary: ${beneficiary} for Net Banking is added successfully -KCCB`,
@@ -28,7 +33,10 @@ const templates = {
   CHANGE_TPWORD: (otp) =>
     `Dear Customer, Change Transaction password OTP is ${otp} -KCCB`,
 
-   CHANGE_MPIN: (otp) =>
+  SET_TPWORD: (otp) =>
+    `Dear Customer, Your Set New Transaction password OTP is ${otp} -KCCB`,
+
+  CHANGE_MPIN: (otp) =>
     `Dear Customer, Change M-PIN OTP is ${otp} -KCCB`,
 
   REGISTRATION: (otp) =>