diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js index ccd11d8..efa759b 100644 --- a/src/controllers/auth.controller.js +++ b/src/controllers/auth.controller.js @@ -244,6 +244,24 @@ async function setTransPassword(req, res) { const user = await authService.findUserByCustomerNo(customerNo); if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' }); const { transaction_password } = req.body; + // if (user.transaction_password) { + // const isMatchWithOldPassword = await comparePassword( + // transaction_password, + // user.transaction_password + // ); + // if (isMatchWithOldPassword) + // return res.status(500).json({ + // error: 'New transaction Password will be different from Previous Password', + // }); + // } + const isMatchWithLoginPassword = await comparePassword( + transaction_password, + user.password_hash + ); + if (isMatchWithLoginPassword) + return res.status(500).json({ + error: 'New transaction Password will be different from Login Password', + }); authService.setTransactionPassword(customerNo, transaction_password); return res.json({ message: 'Transaction Password set' }); } catch (error) { @@ -308,6 +326,14 @@ async function changeTransPassword(req, res) { error: 'New Transaction Password will be different from Previous Transaction Password', }); + const isMatchWithLoginPassword = await comparePassword( + newTPsw, + user.password_hash + ); + if (isMatchWithLoginPassword) + return res.status(500).json({ + error: 'New transaction Password will be different from Login Password', + }); authService.changeTransPassword(customerNo, newTPsw); return res.json({ message: 'New Transaction Password changed successfully', diff --git a/src/controllers/otp.controller.js b/src/controllers/otp.controller.js index 3335ed8..8757b5d 100644 --- a/src/controllers/otp.controller.js +++ b/src/controllers/otp.controller.js @@ -114,6 +114,12 @@ async function SendOtp(req, res) { case 'TLIMIT_SET': message = templates.TLIMIT_SET(amount); break; + case 'LPWORD_CHANGE': + message = templates.LPWORD_CHANGE; + break; + case 'TPWORD_CHANGE': + message = templates.TPWORD_CHANGE; + break; default: return res.status(400).json({ error: 'Invalid OTP type' }); } @@ -194,6 +200,7 @@ async function sendForSetPassword(req, res) { } ); await setJson(`otp:${mobileNumber}`, otp, 300); + logger.info(`Sent OTP [${otp}] to ${mobileNumber}`); return res.status(200).json({ message: 'OTP_SENT' }); } catch (err) { logger.error(err, 'Error sending OTP'); diff --git a/src/util/sms_template.js b/src/util/sms_template.js index 220031c..acd510d 100644 --- a/src/util/sms_template.js +++ b/src/util/sms_template.js @@ -53,12 +53,18 @@ const templates = { USERNAME_SAVED: (PreferName) => `Dear Customer, Your Preferred Name -${PreferName} has been updated successfully. If this change was not made by you, please contact our support team immediately.`, - - TLIMIT :(otp) => + + TLIMIT: (otp) => `Dear Customer,Please complete the transaction limit set with OTP -${otp}. -KCCB`, - TLIMIT_SET :(amount) => + TLIMIT_SET: (amount) => `Dear Customer,Your transaction limit for Internet Banking is set to Rs ${amount}. -KCCB`, + + LPWORD_CHANGE: + `Dear Customer, Your Login password has been successfully updated. If you did not initiate this, please contact your nearest branch immediately. -KCCB`, + + TPWORD_CHANGE: + `Dear Customer, Your transaction password has been successfully updated. If you did not initiate this, please contact your nearest branch immediately. -KCCB`, }; module.exports = templates; \ No newline at end of file