feat: added mobile tnc flag in login response
This commit is contained in:
@@ -7,13 +7,14 @@ const { comparePassword } = require('../util/hash');
|
||||
const customerController = require('../controllers/customer_details.controller.js');
|
||||
const { setJson, getJson } = require('../config/redis');
|
||||
|
||||
|
||||
async function login(req, res) {
|
||||
let { customerNo, userName, password, otp } = req.body;
|
||||
const loginType = req.headers['x-login-type'] || 'standard';
|
||||
|
||||
if ((!customerNo && !userName) || !password) {
|
||||
return res.status(400).json({ error: 'customerNo and password are required' });
|
||||
return res
|
||||
.status(400)
|
||||
.json({ error: 'customerNo and password are required' });
|
||||
}
|
||||
const currentTime = new Date().toISOString();
|
||||
const MAX_ATTEMPTS = 3; // Max invalid attempts before lock
|
||||
@@ -23,14 +24,17 @@ async function login(req, res) {
|
||||
const blockedKey = `login:blocked:${customerNo}`;
|
||||
const attemptsKey = `login:attempts:${customerNo}`;
|
||||
if (!customerNo && userName) {
|
||||
const result = await db.query('SELECT * FROM users WHERE preferred_name = $1', [
|
||||
userName,
|
||||
]);
|
||||
const result = await db.query(
|
||||
'SELECT * FROM users WHERE preferred_name = $1',
|
||||
[userName]
|
||||
);
|
||||
if (result.rows.length === 0) {
|
||||
logger.error("Customer not found with this user name.");
|
||||
return res.status(404).json({ error: 'No user found with this username.' });
|
||||
logger.error('Customer not found with this user name.');
|
||||
return res
|
||||
.status(404)
|
||||
.json({ error: 'No user found with this username.' });
|
||||
}
|
||||
logger.info("Customer found with user name.");
|
||||
logger.info('Customer found with user name.');
|
||||
customerNo = result.rows[0].customer_no;
|
||||
}
|
||||
|
||||
@@ -40,7 +44,7 @@ async function login(req, res) {
|
||||
// check DB locked flag
|
||||
if (userCheck && userCheck.locked) {
|
||||
await setJson(blockedKey, true, BLOCK_DURATION);
|
||||
logger.error("USER Account Locked");
|
||||
logger.error('USER Account Locked');
|
||||
return res.status(423).json({
|
||||
error: 'Your account is locked. Please contact the administrator.',
|
||||
});
|
||||
@@ -61,12 +65,16 @@ async function login(req, res) {
|
||||
attempts += 1;
|
||||
|
||||
if (attempts >= MAX_ATTEMPTS) {
|
||||
await db.query('UPDATE users SET locked = true WHERE customer_no = $1', [customerNo]);
|
||||
await db.query(
|
||||
'UPDATE users SET locked = true WHERE customer_no = $1',
|
||||
[customerNo]
|
||||
);
|
||||
await setJson(blockedKey, true, BLOCK_DURATION);
|
||||
await setJson(attemptsKey, 0);
|
||||
|
||||
return res.status(423).json({
|
||||
error: 'Your account has been locked due to multiple failed login attempts. Please contact the administrator.',
|
||||
error:
|
||||
'Your account has been locked due to multiple failed login attempts. Please contact the administrator.',
|
||||
});
|
||||
} else {
|
||||
await setJson(attemptsKey, attempts, BLOCK_DURATION);
|
||||
@@ -107,6 +115,8 @@ async function login(req, res) {
|
||||
// --- Step 7: Generate token and update last login ---
|
||||
const token = generateToken(user.customer_no);
|
||||
const loginPswExpiry = user.password_hash_expiry;
|
||||
const mobileTncAccepted = user.tnc_mobile;
|
||||
const tnc = { mobile: mobileTncAccepted };
|
||||
const rights = {
|
||||
ibAccess: user.ib_access_level,
|
||||
mbAccess: user.mb_access_level,
|
||||
@@ -116,7 +126,7 @@ async function login(req, res) {
|
||||
customerNo,
|
||||
]);
|
||||
logger.info(`Login successful | Type: ${loginType}`);
|
||||
return res.json({ token, FirstTimeLogin, loginPswExpiry, rights });
|
||||
return res.json({ token, FirstTimeLogin, loginPswExpiry, rights, tnc });
|
||||
} catch (err) {
|
||||
logger.error(err, `login failed | Type: ${loginType}`);
|
||||
return res.status(500).json({ error: 'something went wrong' });
|
||||
@@ -177,7 +187,7 @@ async function changeTpin(req, res) {
|
||||
if (!user.tpin)
|
||||
return res.status(400).json({ error: 'USER_DOESNT_HAVE_A_TPIN' });
|
||||
const { oldTpin, newTpin } = req.body;
|
||||
if(oldTpin !== user.tpin)
|
||||
if (oldTpin !== user.tpin)
|
||||
return res.status(400).json({ error: 'TPIN_DOESNT_MATCH' });
|
||||
|
||||
if (!/^\d{6}$/.test(newTpin))
|
||||
@@ -319,18 +329,25 @@ async function setUserName(req, res) {
|
||||
return res.json({ message: 'All set! Your username has been saved.' });
|
||||
}
|
||||
if (userNameIsExits) {
|
||||
const historyRes = await db.query('SELECT preferred_name FROM preferred_name_history WHERE customer_no = $1 ORDER BY changed_at DESC LIMIT 5',
|
||||
const historyRes = await db.query(
|
||||
'SELECT preferred_name FROM preferred_name_history WHERE customer_no = $1 ORDER BY changed_at DESC LIMIT 5',
|
||||
[customerNo]
|
||||
);
|
||||
// maximum 5 times can changed username
|
||||
const history = historyRes.rows.map((r) => r.preferred_name.toLowerCase());
|
||||
const history = historyRes.rows.map((r) =>
|
||||
r.preferred_name.toLowerCase()
|
||||
);
|
||||
if (history.length >= 5) {
|
||||
return res.status(429).json({ error: "Preferred name change limit reached -5 times" });
|
||||
return res
|
||||
.status(429)
|
||||
.json({ error: 'Preferred name change limit reached -5 times' });
|
||||
}
|
||||
// Cannot match last 2
|
||||
const lastTwo = history.slice(0, 2);
|
||||
if (lastTwo.includes(user_name.toLowerCase())) {
|
||||
return res.status(409).json({ error: "Preferred name cannot match last 2 preferred names" });
|
||||
return res.status(409).json({
|
||||
error: 'Preferred name cannot match last 2 preferred names',
|
||||
});
|
||||
}
|
||||
await authService.setUserName(customerNo, user_name);
|
||||
logger.info('User name has been updated.');
|
||||
|
||||
Reference in New Issue
Block a user