feat: added mobile tnc flag in login response
This commit is contained in:
@@ -7,13 +7,14 @@ const { comparePassword } = require('../util/hash');
|
|||||||
const customerController = require('../controllers/customer_details.controller.js');
|
const customerController = require('../controllers/customer_details.controller.js');
|
||||||
const { setJson, getJson } = require('../config/redis');
|
const { setJson, getJson } = require('../config/redis');
|
||||||
|
|
||||||
|
|
||||||
async function login(req, res) {
|
async function login(req, res) {
|
||||||
let { customerNo, userName, password, otp } = req.body;
|
let { customerNo, userName, password, otp } = req.body;
|
||||||
const loginType = req.headers['x-login-type'] || 'standard';
|
const loginType = req.headers['x-login-type'] || 'standard';
|
||||||
|
|
||||||
if ((!customerNo && !userName) || !password) {
|
if ((!customerNo && !userName) || !password) {
|
||||||
return res.status(400).json({ error: 'customerNo and password are required' });
|
return res
|
||||||
|
.status(400)
|
||||||
|
.json({ error: 'customerNo and password are required' });
|
||||||
}
|
}
|
||||||
const currentTime = new Date().toISOString();
|
const currentTime = new Date().toISOString();
|
||||||
const MAX_ATTEMPTS = 3; // Max invalid attempts before lock
|
const MAX_ATTEMPTS = 3; // Max invalid attempts before lock
|
||||||
@@ -23,14 +24,17 @@ async function login(req, res) {
|
|||||||
const blockedKey = `login:blocked:${customerNo}`;
|
const blockedKey = `login:blocked:${customerNo}`;
|
||||||
const attemptsKey = `login:attempts:${customerNo}`;
|
const attemptsKey = `login:attempts:${customerNo}`;
|
||||||
if (!customerNo && userName) {
|
if (!customerNo && userName) {
|
||||||
const result = await db.query('SELECT * FROM users WHERE preferred_name = $1', [
|
const result = await db.query(
|
||||||
userName,
|
'SELECT * FROM users WHERE preferred_name = $1',
|
||||||
]);
|
[userName]
|
||||||
|
);
|
||||||
if (result.rows.length === 0) {
|
if (result.rows.length === 0) {
|
||||||
logger.error("Customer not found with this user name.");
|
logger.error('Customer not found with this user name.');
|
||||||
return res.status(404).json({ error: 'No user found with this username.' });
|
return res
|
||||||
|
.status(404)
|
||||||
|
.json({ error: 'No user found with this username.' });
|
||||||
}
|
}
|
||||||
logger.info("Customer found with user name.");
|
logger.info('Customer found with user name.');
|
||||||
customerNo = result.rows[0].customer_no;
|
customerNo = result.rows[0].customer_no;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -40,7 +44,7 @@ async function login(req, res) {
|
|||||||
// check DB locked flag
|
// check DB locked flag
|
||||||
if (userCheck && userCheck.locked) {
|
if (userCheck && userCheck.locked) {
|
||||||
await setJson(blockedKey, true, BLOCK_DURATION);
|
await setJson(blockedKey, true, BLOCK_DURATION);
|
||||||
logger.error("USER Account Locked");
|
logger.error('USER Account Locked');
|
||||||
return res.status(423).json({
|
return res.status(423).json({
|
||||||
error: 'Your account is locked. Please contact the administrator.',
|
error: 'Your account is locked. Please contact the administrator.',
|
||||||
});
|
});
|
||||||
@@ -61,12 +65,16 @@ async function login(req, res) {
|
|||||||
attempts += 1;
|
attempts += 1;
|
||||||
|
|
||||||
if (attempts >= MAX_ATTEMPTS) {
|
if (attempts >= MAX_ATTEMPTS) {
|
||||||
await db.query('UPDATE users SET locked = true WHERE customer_no = $1', [customerNo]);
|
await db.query(
|
||||||
|
'UPDATE users SET locked = true WHERE customer_no = $1',
|
||||||
|
[customerNo]
|
||||||
|
);
|
||||||
await setJson(blockedKey, true, BLOCK_DURATION);
|
await setJson(blockedKey, true, BLOCK_DURATION);
|
||||||
await setJson(attemptsKey, 0);
|
await setJson(attemptsKey, 0);
|
||||||
|
|
||||||
return res.status(423).json({
|
return res.status(423).json({
|
||||||
error: 'Your account has been locked due to multiple failed login attempts. Please contact the administrator.',
|
error:
|
||||||
|
'Your account has been locked due to multiple failed login attempts. Please contact the administrator.',
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
await setJson(attemptsKey, attempts, BLOCK_DURATION);
|
await setJson(attemptsKey, attempts, BLOCK_DURATION);
|
||||||
@@ -107,6 +115,8 @@ async function login(req, res) {
|
|||||||
// --- Step 7: Generate token and update last login ---
|
// --- Step 7: Generate token and update last login ---
|
||||||
const token = generateToken(user.customer_no);
|
const token = generateToken(user.customer_no);
|
||||||
const loginPswExpiry = user.password_hash_expiry;
|
const loginPswExpiry = user.password_hash_expiry;
|
||||||
|
const mobileTncAccepted = user.tnc_mobile;
|
||||||
|
const tnc = { mobile: mobileTncAccepted };
|
||||||
const rights = {
|
const rights = {
|
||||||
ibAccess: user.ib_access_level,
|
ibAccess: user.ib_access_level,
|
||||||
mbAccess: user.mb_access_level,
|
mbAccess: user.mb_access_level,
|
||||||
@@ -116,7 +126,7 @@ async function login(req, res) {
|
|||||||
customerNo,
|
customerNo,
|
||||||
]);
|
]);
|
||||||
logger.info(`Login successful | Type: ${loginType}`);
|
logger.info(`Login successful | Type: ${loginType}`);
|
||||||
return res.json({ token, FirstTimeLogin, loginPswExpiry, rights });
|
return res.json({ token, FirstTimeLogin, loginPswExpiry, rights, tnc });
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
logger.error(err, `login failed | Type: ${loginType}`);
|
logger.error(err, `login failed | Type: ${loginType}`);
|
||||||
return res.status(500).json({ error: 'something went wrong' });
|
return res.status(500).json({ error: 'something went wrong' });
|
||||||
@@ -319,18 +329,25 @@ async function setUserName(req, res) {
|
|||||||
return res.json({ message: 'All set! Your username has been saved.' });
|
return res.json({ message: 'All set! Your username has been saved.' });
|
||||||
}
|
}
|
||||||
if (userNameIsExits) {
|
if (userNameIsExits) {
|
||||||
const historyRes = await db.query('SELECT preferred_name FROM preferred_name_history WHERE customer_no = $1 ORDER BY changed_at DESC LIMIT 5',
|
const historyRes = await db.query(
|
||||||
|
'SELECT preferred_name FROM preferred_name_history WHERE customer_no = $1 ORDER BY changed_at DESC LIMIT 5',
|
||||||
[customerNo]
|
[customerNo]
|
||||||
);
|
);
|
||||||
// maximum 5 times can changed username
|
// maximum 5 times can changed username
|
||||||
const history = historyRes.rows.map((r) => r.preferred_name.toLowerCase());
|
const history = historyRes.rows.map((r) =>
|
||||||
|
r.preferred_name.toLowerCase()
|
||||||
|
);
|
||||||
if (history.length >= 5) {
|
if (history.length >= 5) {
|
||||||
return res.status(429).json({ error: "Preferred name change limit reached -5 times" });
|
return res
|
||||||
|
.status(429)
|
||||||
|
.json({ error: 'Preferred name change limit reached -5 times' });
|
||||||
}
|
}
|
||||||
// Cannot match last 2
|
// Cannot match last 2
|
||||||
const lastTwo = history.slice(0, 2);
|
const lastTwo = history.slice(0, 2);
|
||||||
if (lastTwo.includes(user_name.toLowerCase())) {
|
if (lastTwo.includes(user_name.toLowerCase())) {
|
||||||
return res.status(409).json({ error: "Preferred name cannot match last 2 preferred names" });
|
return res.status(409).json({
|
||||||
|
error: 'Preferred name cannot match last 2 preferred names',
|
||||||
|
});
|
||||||
}
|
}
|
||||||
await authService.setUserName(customerNo, user_name);
|
await authService.setUserName(customerNo, user_name);
|
||||||
logger.info('User name has been updated.');
|
logger.info('User name has been updated.');
|
||||||
|
|||||||
Reference in New Issue
Block a user