diff --git a/.vscode/settings.json b/.vscode/settings.json index 029c1b9..9be9fc9 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,7 +1,9 @@ { "cSpell.words": [ + "MPIN", "otpgenerator", "tpassword", - "tpin" + "tpin", + "TPWORD" ] } \ No newline at end of file diff --git a/src/controllers/admin_auth.controller.js b/src/controllers/admin_auth.controller.js index dbcbb8a..179b5ff 100644 --- a/src/controllers/admin_auth.controller.js +++ b/src/controllers/admin_auth.controller.js @@ -5,7 +5,7 @@ const { logger } = require('../util/logger'); const { hashPassword } = require('../util/hash'); const db = require('../config/db'); const { generateOTP } = require('../otpgenerator'); - +const dayjs = require("dayjs"); async function login(req, res) { const { userName, password } = req.body; @@ -63,61 +63,60 @@ async function getUserDetails(req, res) { } } async function getUserRights(req, res) { - // const { CIF } = req.query; - // if (!CIF) { - // res.status(400).json({ - // error: 'CIF number is required', - // }); - // } - // try { - // const userDetails = await adminAuthService.getCustomerDetails(CIF); - // if (!userDetails) - // return res.status(401).json({ error: 'invalid CIF number' }); - // return res.json(userDetails); - // } catch (error) { - // logger.error('while fetching customer details', error); - // res.status(500).json({ error: 'invalid CIF number'}); - // } -} -async function UserRights(req, res) { - const { CIF, ib_access_level, mb_access_level } = req.body; - const first_time_pass = generateOTP(6); + const { CIF } = req.query; if (!CIF) { res.status(400).json({ error: 'CIF number is required', }); } - const currentTime = new Date().toISOString(); - const user = await authService.findUserByCustomerNo(CIF); - const password = await hashPassword(first_time_pass); - if (user) { - try { - await db.query('UPDATE users SET customer_no = $1,password_hash=$2,updated_at=$5,ib_access_level=$3,mb_access_level=$4 WHERE customer_no = $1', [ - CIF, - password, - ib_access_level, - mb_access_level, - currentTime, - ]); - res.json({otp:`${first_time_pass}`}); - } catch (err) { - console.log(err); - logger.error(err, 'Right Update failed'); - res.status(500).json({ error: 'something went wrong' }); + const userDetails = await adminAuthService.getCustomerDetailsFromDB(CIF); + if (!userDetails) + return res.status(401).json({ error: 'invalid CIF number or No rights is present for the user.' }); + return res.json(userDetails); +} + +async function UserRights(req, res) { + try { + const { CIF, ib_access_level, mb_access_level } = req.body; + + if (!CIF) { + return res.status(400).json({ error: 'CIF number is required' }); } - } - if (!user) { - try { - await db.query('INSERT INTO users (customer_no, password_hash,ib_access_level,mb_access_level) VALUES ($1, $2, $3, $4)', + + const currentTime = new Date().toISOString(); + const user = await authService.findUserByCustomerNo(CIF); + const first_time_pass = generateOTP(6); + const password = await hashPassword(first_time_pass); + if (user) { + const FirstTimeLogin = await authService.CheckFirstTimeLogin(CIF); + // if user did not login within 7 days + if (FirstTimeLogin && dayjs(currentTime).diff(dayjs(user.created_at), 'day') > 8) { + // Password expired, resend + await db.query( + 'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 WHERE customer_no=$1', + [CIF, password, ib_access_level, mb_access_level, currentTime] + ); + return res.json({ otp: first_time_pass }); + } + // Just update access levels and timestamp + await db.query( + 'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 WHERE customer_no=$1', + [CIF, ib_access_level, mb_access_level, currentTime] + ); + return res.json({ message: "User updated successfully." }); + } else { + // User does not exist, insert + await db.query( + 'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level) VALUES ($1, $2, $3, $4)', [CIF, password, ib_access_level, mb_access_level] ); - res.json({otp:`${first_time_pass}`}); - } catch (err) { - console.log(err); - logger.error(err, 'Right Update failed'); - res.status(500).json({ error: 'something went wrong' }); + return res.json({ otp: first_time_pass }); } + } catch (err) { + console.error(err); + logger.error(err, 'UserRights failed'); + return res.status(500).json({ error: 'Something went wrong' }); } } -module.exports = { login, fetchAdminDetails, getUserDetails,UserRights}; +module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights }; diff --git a/src/controllers/otp.controller.js b/src/controllers/otp.controller.js index 2254d5a..c885d50 100644 --- a/src/controllers/otp.controller.js +++ b/src/controllers/otp.controller.js @@ -7,29 +7,31 @@ const templates = require('../util/sms_template'); // Send OTP async function SendOtp(req, res) { - const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date,userOtp } = req.body; + const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date, userOtp } = req.body; if (!mobileNumber || !type) { return res.status(400).json({ error: 'Mobile number and type are required' }); } try { - // const otp = generateOTP(6); - const otp = type === 'REGISTRATION' && userOtp ? userOtp : generateOTP(6); let message; - + let otp = null; // Pick template based on type switch (type) { case 'IMPS': + otp = generateOTP(6); message = templates.IMPS(otp); break; case 'NEFT': + otp = generateOTP(6); message = templates.NEFT(otp, amount, beneficiary); break; case 'RTGS': + otp = generateOTP(6); message = templates.RTGS(otp, amount, beneficiary); break; case 'BENEFICIARY_ADD': + otp = generateOTP(6); message = templates.BENEFICIARY_ADD(otp, beneficiary, ifsc); break; case 'BENEFICIARY_SUCCESS': @@ -39,10 +41,30 @@ async function SendOtp(req, res) { message = templates.NOTIFICATION(acctFrom, acctTo, amount, ref, date); break; case 'FORGOT_PASSWORD': + otp = generateOTP(6); message = templates.FORGOT_PASSWORD(otp); break; + case 'CHANGE_LPWORD': + otp = generateOTP(6); + message = templates.CHANGE_LPWORD(otp); + break; + case 'CHANGE_TPIN': + otp = generateOTP(6); + message = templates.CHANGE_TPIN(otp); + break; + case 'CHANGE_TPWORD': + otp = generateOTP(6); + message = templates.CHANGE_TPWORD(otp); + break; + case 'CHANGE_MPIN': + otp = generateOTP(6); + message = templates.CHANGE_MPIN(otp); + break; case 'REGISTRATION': + otp = userOtp ? userOtp : generateOTP(6); message = templates.REGISTRATION(otp); + case 'RIGHT_UPDATE': + message = templates.RIGHT_UPDATE; break; default: return res.status(400).json({ error: 'Invalid OTP type' }); diff --git a/src/routes/admin_auth.route.js b/src/routes/admin_auth.route.js index d4a9a58..a598831 100644 --- a/src/routes/admin_auth.route.js +++ b/src/routes/admin_auth.route.js @@ -8,4 +8,5 @@ router.post('/login', adminAuthController.login); router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDetails); router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails); router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights); +router.get('/user/rights',adminAuthenticate,adminAuthController.getUserRights); module.exports = router; diff --git a/src/services/admin.auth.service.js b/src/services/admin.auth.service.js index 3f28b16..e6489c8 100644 --- a/src/services/admin.auth.service.js +++ b/src/services/admin.auth.service.js @@ -37,4 +37,11 @@ async function getCustomerDetails(customerNo) { } } -module.exports = { validateAdmin, findAdminByUserName,getCustomerDetails }; +async function getCustomerDetailsFromDB(customerNo) { + const result = await db.query('SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level FROM users WHERE customer_no = $1', [ + customerNo, + ]); + return result.rows[0]; +} + +module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails,getCustomerDetailsFromDB }; diff --git a/src/util/sms_template.js b/src/util/sms_template.js index 1587358..2998655 100644 --- a/src/util/sms_template.js +++ b/src/util/sms_template.js @@ -1,26 +1,41 @@ const templates = { IMPS: (otp) => `Dear Customer, Please complete the fund transfer with OTP ${otp} -KCCB`, - NEFT: (otp, amount, beneficiary) => + NEFT: (otp, amount, beneficiary) => `Dear Customer, Please complete the NEFT of Rs.${amount} to ${beneficiary} with OTP:${otp} -KCCB`, - RTGS: (otp, amount, beneficiary) => + RTGS: (otp, amount, beneficiary) => `Dear Customer, Please complete the RTGS of Rs.${amount} to ${beneficiary} with OTP:${otp} -KCCB`, - BENEFICIARY_ADD: (otp, beneficiary, ifsc) => + BENEFICIARY_ADD: (otp, beneficiary, ifsc) => `Dear Customer, You have added beneficiary ${beneficiary} ${ifsc} for NEFT/RTGS. Please endorse the beneficiary with OTP ${otp} -KCCB`, - BENEFICIARY_SUCCESS: (beneficiary) => + BENEFICIARY_SUCCESS: (beneficiary) => `Dear Customer, Your Beneficiary: ${beneficiary} for Net Banking is added successfully -KCCB`, - NOTIFICATION: (acctFrom, acctTo, amount, ref, date) => + NOTIFICATION: (acctFrom, acctTo, amount, ref, date) => `Your A/c ${acctFrom} is debited for Rs. ${amount} to the credit of A/c ${acctTo} thru Net Banking - ref: ${ref} - ${date} - Kangra Central Co-Operative Bank -KCCB`, - FORGOT_PASSWORD: (otp) => + FORGOT_PASSWORD: (otp) => `Dear Customer, Forgot Password OTP is ${otp} -KCCB`, + CHANGE_LPWORD: (otp) => + `Dear Customer, Change Login Password OTP is ${otp} -KCCB`, + + CHANGE_TPIN: (otp) => + `Dear Customer, Change Transaction pin OTP is ${otp} -KCCB`, + + CHANGE_TPWORD: (otp) => + `Dear Customer, Change Transaction password OTP is ${otp} -KCCB`, + + CHANGE_MPIN: (otp) => + `Dear Customer, Change M-PIN OTP is ${otp} -KCCB`, + REGISTRATION: (otp) => - `Dear Customer, Your CIF is enable.First time login password: ${otp} (valid for 7 days).Please login and change your password -KCCB`, + `Dear Customer, Your CIF is enable.First time login password: ${otp} (valid for 7 days).Please login and change your password -KCCB`, + + RIGHT_UPDATE: + `Dear Customer, Your CIF rights have been updated. Please log in again to access the features. -KCCB`, }; module.exports = templates; \ No newline at end of file