feat : onboarding new CIF by giving rights through admin portal.
feat : View the user rights and update in admin portal. chore : Add some template message for OTP
This commit is contained in:
4
.vscode/settings.json
vendored
4
.vscode/settings.json
vendored
@@ -1,7 +1,9 @@
|
||||
{
|
||||
"cSpell.words": [
|
||||
"MPIN",
|
||||
"otpgenerator",
|
||||
"tpassword",
|
||||
"tpin"
|
||||
"tpin",
|
||||
"TPWORD"
|
||||
]
|
||||
}
|
||||
@@ -5,7 +5,7 @@ const { logger } = require('../util/logger');
|
||||
const { hashPassword } = require('../util/hash');
|
||||
const db = require('../config/db');
|
||||
const { generateOTP } = require('../otpgenerator');
|
||||
|
||||
const dayjs = require("dayjs");
|
||||
|
||||
async function login(req, res) {
|
||||
const { userName, password } = req.body;
|
||||
@@ -63,61 +63,60 @@ async function getUserDetails(req, res) {
|
||||
}
|
||||
}
|
||||
async function getUserRights(req, res) {
|
||||
// const { CIF } = req.query;
|
||||
// if (!CIF) {
|
||||
// res.status(400).json({
|
||||
// error: 'CIF number is required',
|
||||
// });
|
||||
// }
|
||||
// try {
|
||||
// const userDetails = await adminAuthService.getCustomerDetails(CIF);
|
||||
// if (!userDetails)
|
||||
// return res.status(401).json({ error: 'invalid CIF number' });
|
||||
// return res.json(userDetails);
|
||||
// } catch (error) {
|
||||
// logger.error('while fetching customer details', error);
|
||||
// res.status(500).json({ error: 'invalid CIF number'});
|
||||
// }
|
||||
}
|
||||
async function UserRights(req, res) {
|
||||
const { CIF, ib_access_level, mb_access_level } = req.body;
|
||||
const first_time_pass = generateOTP(6);
|
||||
const { CIF } = req.query;
|
||||
if (!CIF) {
|
||||
res.status(400).json({
|
||||
error: 'CIF number is required',
|
||||
});
|
||||
}
|
||||
const currentTime = new Date().toISOString();
|
||||
const user = await authService.findUserByCustomerNo(CIF);
|
||||
const password = await hashPassword(first_time_pass);
|
||||
if (user) {
|
||||
try {
|
||||
await db.query('UPDATE users SET customer_no = $1,password_hash=$2,updated_at=$5,ib_access_level=$3,mb_access_level=$4 WHERE customer_no = $1', [
|
||||
CIF,
|
||||
password,
|
||||
ib_access_level,
|
||||
mb_access_level,
|
||||
currentTime,
|
||||
]);
|
||||
res.json({otp:`${first_time_pass}`});
|
||||
} catch (err) {
|
||||
console.log(err);
|
||||
logger.error(err, 'Right Update failed');
|
||||
res.status(500).json({ error: 'something went wrong' });
|
||||
const userDetails = await adminAuthService.getCustomerDetailsFromDB(CIF);
|
||||
if (!userDetails)
|
||||
return res.status(401).json({ error: 'invalid CIF number or No rights is present for the user.' });
|
||||
return res.json(userDetails);
|
||||
}
|
||||
|
||||
async function UserRights(req, res) {
|
||||
try {
|
||||
const { CIF, ib_access_level, mb_access_level } = req.body;
|
||||
|
||||
if (!CIF) {
|
||||
return res.status(400).json({ error: 'CIF number is required' });
|
||||
}
|
||||
}
|
||||
if (!user) {
|
||||
try {
|
||||
await db.query('INSERT INTO users (customer_no, password_hash,ib_access_level,mb_access_level) VALUES ($1, $2, $3, $4)',
|
||||
|
||||
const currentTime = new Date().toISOString();
|
||||
const user = await authService.findUserByCustomerNo(CIF);
|
||||
const first_time_pass = generateOTP(6);
|
||||
const password = await hashPassword(first_time_pass);
|
||||
if (user) {
|
||||
const FirstTimeLogin = await authService.CheckFirstTimeLogin(CIF);
|
||||
// if user did not login within 7 days
|
||||
if (FirstTimeLogin && dayjs(currentTime).diff(dayjs(user.created_at), 'day') > 8) {
|
||||
// Password expired, resend
|
||||
await db.query(
|
||||
'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 WHERE customer_no=$1',
|
||||
[CIF, password, ib_access_level, mb_access_level, currentTime]
|
||||
);
|
||||
return res.json({ otp: first_time_pass });
|
||||
}
|
||||
// Just update access levels and timestamp
|
||||
await db.query(
|
||||
'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 WHERE customer_no=$1',
|
||||
[CIF, ib_access_level, mb_access_level, currentTime]
|
||||
);
|
||||
return res.json({ message: "User updated successfully." });
|
||||
} else {
|
||||
// User does not exist, insert
|
||||
await db.query(
|
||||
'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level) VALUES ($1, $2, $3, $4)',
|
||||
[CIF, password, ib_access_level, mb_access_level]
|
||||
);
|
||||
res.json({otp:`${first_time_pass}`});
|
||||
} catch (err) {
|
||||
console.log(err);
|
||||
logger.error(err, 'Right Update failed');
|
||||
res.status(500).json({ error: 'something went wrong' });
|
||||
return res.json({ otp: first_time_pass });
|
||||
}
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
logger.error(err, 'UserRights failed');
|
||||
return res.status(500).json({ error: 'Something went wrong' });
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = { login, fetchAdminDetails, getUserDetails,UserRights};
|
||||
module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights };
|
||||
|
||||
@@ -7,29 +7,31 @@ const templates = require('../util/sms_template');
|
||||
|
||||
// Send OTP
|
||||
async function SendOtp(req, res) {
|
||||
const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date,userOtp } = req.body;
|
||||
const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date, userOtp } = req.body;
|
||||
|
||||
if (!mobileNumber || !type) {
|
||||
return res.status(400).json({ error: 'Mobile number and type are required' });
|
||||
}
|
||||
|
||||
try {
|
||||
// const otp = generateOTP(6);
|
||||
const otp = type === 'REGISTRATION' && userOtp ? userOtp : generateOTP(6);
|
||||
let message;
|
||||
|
||||
let otp = null;
|
||||
// Pick template based on type
|
||||
switch (type) {
|
||||
case 'IMPS':
|
||||
otp = generateOTP(6);
|
||||
message = templates.IMPS(otp);
|
||||
break;
|
||||
case 'NEFT':
|
||||
otp = generateOTP(6);
|
||||
message = templates.NEFT(otp, amount, beneficiary);
|
||||
break;
|
||||
case 'RTGS':
|
||||
otp = generateOTP(6);
|
||||
message = templates.RTGS(otp, amount, beneficiary);
|
||||
break;
|
||||
case 'BENEFICIARY_ADD':
|
||||
otp = generateOTP(6);
|
||||
message = templates.BENEFICIARY_ADD(otp, beneficiary, ifsc);
|
||||
break;
|
||||
case 'BENEFICIARY_SUCCESS':
|
||||
@@ -39,10 +41,30 @@ async function SendOtp(req, res) {
|
||||
message = templates.NOTIFICATION(acctFrom, acctTo, amount, ref, date);
|
||||
break;
|
||||
case 'FORGOT_PASSWORD':
|
||||
otp = generateOTP(6);
|
||||
message = templates.FORGOT_PASSWORD(otp);
|
||||
break;
|
||||
case 'CHANGE_LPWORD':
|
||||
otp = generateOTP(6);
|
||||
message = templates.CHANGE_LPWORD(otp);
|
||||
break;
|
||||
case 'CHANGE_TPIN':
|
||||
otp = generateOTP(6);
|
||||
message = templates.CHANGE_TPIN(otp);
|
||||
break;
|
||||
case 'CHANGE_TPWORD':
|
||||
otp = generateOTP(6);
|
||||
message = templates.CHANGE_TPWORD(otp);
|
||||
break;
|
||||
case 'CHANGE_MPIN':
|
||||
otp = generateOTP(6);
|
||||
message = templates.CHANGE_MPIN(otp);
|
||||
break;
|
||||
case 'REGISTRATION':
|
||||
otp = userOtp ? userOtp : generateOTP(6);
|
||||
message = templates.REGISTRATION(otp);
|
||||
case 'RIGHT_UPDATE':
|
||||
message = templates.RIGHT_UPDATE;
|
||||
break;
|
||||
default:
|
||||
return res.status(400).json({ error: 'Invalid OTP type' });
|
||||
|
||||
@@ -8,4 +8,5 @@ router.post('/login', adminAuthController.login);
|
||||
router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDetails);
|
||||
router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails);
|
||||
router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights);
|
||||
router.get('/user/rights',adminAuthenticate,adminAuthController.getUserRights);
|
||||
module.exports = router;
|
||||
|
||||
@@ -37,4 +37,11 @@ async function getCustomerDetails(customerNo) {
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = { validateAdmin, findAdminByUserName,getCustomerDetails };
|
||||
async function getCustomerDetailsFromDB(customerNo) {
|
||||
const result = await db.query('SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level FROM users WHERE customer_no = $1', [
|
||||
customerNo,
|
||||
]);
|
||||
return result.rows[0];
|
||||
}
|
||||
|
||||
module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails,getCustomerDetailsFromDB };
|
||||
|
||||
@@ -19,8 +19,23 @@ const templates = {
|
||||
FORGOT_PASSWORD: (otp) =>
|
||||
`Dear Customer, Forgot Password OTP is ${otp} -KCCB`,
|
||||
|
||||
CHANGE_LPWORD: (otp) =>
|
||||
`Dear Customer, Change Login Password OTP is ${otp} -KCCB`,
|
||||
|
||||
CHANGE_TPIN: (otp) =>
|
||||
`Dear Customer, Change Transaction pin OTP is ${otp} -KCCB`,
|
||||
|
||||
CHANGE_TPWORD: (otp) =>
|
||||
`Dear Customer, Change Transaction password OTP is ${otp} -KCCB`,
|
||||
|
||||
CHANGE_MPIN: (otp) =>
|
||||
`Dear Customer, Change M-PIN OTP is ${otp} -KCCB`,
|
||||
|
||||
REGISTRATION: (otp) =>
|
||||
`Dear Customer, Your CIF is enable.First time login password: ${otp} (valid for 7 days).Please login and change your password -KCCB`,
|
||||
`Dear Customer, Your CIF is enable.First time login password: ${otp} (valid for 7 days).Please login and change your password -KCCB`,
|
||||
|
||||
RIGHT_UPDATE:
|
||||
`Dear Customer, Your CIF rights have been updated. Please log in again to access the features. -KCCB`,
|
||||
};
|
||||
|
||||
module.exports = templates;
|
||||
Reference in New Issue
Block a user