feat: user can change login password

feat: user can change transaction password
wip : Admin feature rights -InProgress

.gitignore

@@ -1,2 +1,4 @@
 node_modules/
+.vscode/
 .env
+logs/requests.log

.vscode/settings.json

@@ -1,5 +1,6 @@
 {
     "cSpell.words": [
+        "otpgenerator",
         "tpassword",
         "tpin"
     ]

package-lock.json

@@ -12,6 +12,7 @@
         "axios": "^1.9.0",
         "bcrypt": "^6.0.0",
         "cors": "^2.8.5",
+        "dayjs": "^1.11.18",
         "dotenv": "^16.5.0",
         "express": "^5.1.0",
         "jsonwebtoken": "^9.0.2",
@@ -842,6 +843,12 @@
         "node": "*"
       }
     },
+    "node_modules/dayjs": {
+      "version": "1.11.18",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.18.tgz",
+      "integrity": "sha512-zFBQ7WFRvVRhKcWoUh+ZA1g2HVgUbsZm9sbddh8EC5iv93sui8DVVz1Npvz+r6meo9VKfa8NyLWBsQK1VvIKPA==",
+      "license": "MIT"
+    },
     "node_modules/debug": {
       "version": "4.4.1",
       "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz",

package.json

@@ -16,6 +16,7 @@
     "axios": "^1.9.0",
     "bcrypt": "^6.0.0",
     "cors": "^2.8.5",
+    "dayjs": "^1.11.18",
     "dotenv": "^16.5.0",
     "express": "^5.1.0",
     "jsonwebtoken": "^9.0.2",

src/controllers/admin_auth.controller.js

@@ -1,8 +1,11 @@
 const adminAuthService = require('../services/admin.auth.service');
+const authService = require('../services/auth.service');
 const { generateToken } = require('../util/jwt');
 const { logger } = require('../util/logger');
+const { hashPassword } = require('../util/hash');
 const db = require('../config/db');
-// const authenticate = require('../middlewares/auth.middleware');
+const { generateOTP } = require('../otpgenerator');
+
 
 async function login(req, res) {
   const { userName, password } = req.body;
@@ -59,4 +62,62 @@ async function getUserDetails(req, res) {
     res.status(500).json({ error: 'invalid CIF number' });
   }
 }
-module.exports = { login, fetchAdminDetails, getUserDetails };
+async function getUserRights(req, res) {
+  // const { CIF } = req.query;
+  // if (!CIF) {
+  //   res.status(400).json({
+  //     error: 'CIF number is required',
+  //   });
+  // }
+  // try {
+  //   const userDetails = await adminAuthService.getCustomerDetails(CIF);
+  //   if (!userDetails)
+  //     return res.status(401).json({ error: 'invalid CIF number' });
+  //   return res.json(userDetails);
+  // } catch (error) {
+  //   logger.error('while fetching customer details', error);
+  //   res.status(500).json({ error: 'invalid CIF number'});
+  // }
+}
+async function UserRights(req, res) {
+  const { CIF, ib_access_level, mb_access_level } = req.body;
+  const first_time_pass = generateOTP(6);
+  if (!CIF) {
+    res.status(400).json({
+      error: 'CIF number is required',
+    });
+  }
+  const currentTime = new Date().toISOString();
+  const user = await authService.findUserByCustomerNo(CIF);
+  const password = await hashPassword(first_time_pass);
+  if (user) {
+    try {
+      await db.query('UPDATE users SET customer_no = $1,password_hash=$2,updated_at=$5,ib_access_level=$3,mb_access_level=$4 WHERE customer_no = $1', [
+        CIF,
+        password,
+        ib_access_level,
+        mb_access_level,
+        currentTime,
+      ]);
+      res.json({otp:`${first_time_pass}`});
+    } catch (err) {
+      console.log(err);
+      logger.error(err, 'Right Update failed');
+      res.status(500).json({ error: 'something went wrong' });
+    }
+  }
+  if (!user) {
+    try {
+      await db.query('INSERT INTO users (customer_no, password_hash,ib_access_level,mb_access_level) VALUES ($1, $2, $3, $4)',
+        [CIF, password, ib_access_level, mb_access_level]
+      );
+      res.json({message:'User created and Rights Updated.'});
+    } catch (err) {
+      console.log(err);
+      logger.error(err, 'Right Update failed');
+      res.status(500).json({ error: 'something went wrong' });
+    }
+  }
+}
+
+module.exports = { login, fetchAdminDetails, getUserDetails,UserRights};

src/controllers/auth.controller.js

@@ -2,6 +2,8 @@ const authService = require('../services/auth.service');
 const { generateToken } = require('../util/jwt');
 const { logger } = require('../util/logger');
 const db = require('../config/db');
+const dayjs =require("dayjs");
+const { comparePassword } = require('../util/hash');
 
 async function login(req, res) {
   const { customerNo, password } = req.body;
@@ -18,11 +20,15 @@ async function login(req, res) {
       return res.status(401).json({ error: 'invalid credentials' });
     const token = generateToken(user.customer_no, '1d');
     const FirstTimeLogin = await authService.CheckFirstTimeLogin(customerNo);
+    // For registration : if try to login first time after 7 days.
+    if(FirstTimeLogin && dayjs(user.created_at).diff(currentTime,"day") > 8)
+      return res.status(401).json({ error: 'Password Expired.Please Contact with Administrator' });
+    const loginPswExpiry = user.password_hash_expiry;
     await db.query('UPDATE users SET last_login = $1 WHERE customer_no = $2', [
       currentTime,
       customerNo,
     ]);
-    res.json({ token, FirstTimeLogin });
+    res.json({ token, FirstTimeLogin, loginPswExpiry });
   } catch (err) {
     logger.error(err, 'login failed');
     res.status(500).json({ error: 'something went wrong' });
@@ -88,6 +94,7 @@ async function setLoginPassword(req, res) {
     return res.status(500).json({ error: 'SOMETHING_WENT_WRONG' });
   }
 }
+
 async function setTransactionPassword(req, res) {
   const customerNo = req.user;
   try {
@@ -102,6 +109,50 @@ async function setTransactionPassword(req, res) {
   }
 }
 
+async function changeLoginPassword(req,res){
+  const customerNo = req.user;
+  try {
+    const user = await authService.findUserByCustomerNo(customerNo);
+    if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
+    const { OldLPsw ,newLPsw ,confirmLPsw } = req.body;
+    const isMatch = await comparePassword(OldLPsw, user.password_hash);
+    if(!isMatch)
+      return res.json({error: 'Please Enter Correct Old Login Password'});
+    if(newLPsw !== confirmLPsw)
+      return res.json ({error: 'New Password and Confirm Password not Match'})
+    const isMatchWithOldPassword = await comparePassword(newLPsw, user.password_hash);
+    if(isMatchWithOldPassword)
+      return res.json ({error: 'New Password will be different from Previous Password'})
+    authService.changeLoginPassword(customerNo, newLPsw);
+    return res.json({ message: 'New Login Password changed successfully' });
+  } catch (error) {
+    logger.error(error);
+    return res.status(500).json({ error: 'SOMETHING_WENT_WRONG' });
+  }
+}
+
+async function changeTransPassword(req,res){
+  const customerNo = req.user;
+  try {
+    const user = await authService.findUserByCustomerNo(customerNo);
+    if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
+    const { OldTPsw ,newTPsw ,confirmTPsw } = req.body;
+    const isMatch = await comparePassword(OldTPsw, user.transaction_password);
+    if(!isMatch)
+      return res.json({error: 'Please Enter Correct Old Transaction Password'});
+    if(newTPsw !== confirmTPsw)
+      return res.json ({error: 'New Transaction Password and Confirm Transaction Password not Match'})
+    const isMatchWithOldPassword = await comparePassword(newTPsw, user.transaction_password);
+    if(isMatchWithOldPassword)
+      return res.json ({error: 'New Transaction Password will be different from Previous Transaction Password'})
+    authService.changeTransPassword(customerNo, newTPsw);
+    return res.json({ message: 'New Transaction Password changed successfully' });
+  } catch (error) {
+    logger.error(error);
+    return res.status(500).json({ error: 'SOMETHING_WENT_WRONG' });
+  }
+}
+
 module.exports = {
   login,
   tpin,
@@ -109,4 +160,6 @@ module.exports = {
   setLoginPassword,
   setTransactionPassword,
   fetchUserDetails,
+  changeLoginPassword,
+  changeTransPassword,
 };

src/controllers/otp.controller.js

@@ -40,6 +40,9 @@ async function SendOtp(req, res) {
       case 'FORGOT_PASSWORD':
         message = templates.FORGOT_PASSWORD(otp);
         break;
+      case 'REGISTRATION':
+        message = templates.REGISTRATION(otp);
+        break;
       default:
         return res.status(400).json({ error: 'Invalid OTP type' });
     }

src/routes/admin_auth.route.js

@@ -7,4 +7,5 @@ const router = express.Router();
 router.post('/login', adminAuthController.login);
 router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDetails);
 router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails);
+router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights);
 module.exports = router;

src/routes/auth.route.js

@@ -9,10 +9,9 @@ router.get('/user_details', authenticate, authController.fetchUserDetails);
 router.get('/tpin', authenticate, authController.tpin);
 router.post('/tpin', authenticate, authController.setTpin);
 router.post('/login_password', authenticate, authController.setLoginPassword);
-router.post(
+router.post('/transaction_password',authenticate,authController.setTransactionPassword);
-  '/transaction_password',
+router.post('/change/login_password',authenticate,authController.changeLoginPassword);
-  authenticate,
+router.post('/change/transaction_password',authenticate,authController.changeTransPassword);
-  authController.setTransactionPassword
+
-);
 
 module.exports = router;

src/services/auth.service.js

@@ -1,5 +1,6 @@
 const db = require('../config/db');
 const { comparePassword, hashPassword } = require('../util/hash');
+const dayjs =require("dayjs");
 
 async function findUserByCustomerNo(customerNo) {
   const result = await db.query('SELECT * FROM users WHERE customer_no = $1', [
@@ -69,14 +70,48 @@ async function validateTransactionPassword(customerNo, tpassword) {
 // Set transaction password
 async function setTransactionPassword(customerNo, trans_psw) {
   const hashedTransPassword = await hashPassword(trans_psw);
+  const currentTime = dayjs().toISOString();
+  const password_expiry = dayjs().add(90,"day").toISOString();
   try {
     await db.query(
-      'UPDATE users SET transaction_password = $1 WHERE customer_no = $2',
+      'UPDATE users SET transaction_password = $1 ,updated_at = $3,transaction_password_expiry =$4 WHERE customer_no = $2',
-      [hashedTransPassword, customerNo]
+      [hashedTransPassword, customerNo , currentTime ,password_expiry]
     );
   } catch (error) {
     throw new Error(
-      `error occured while while setting new Transaction Password ${error.message}`
+      `error occurred while while setting new Transaction Password ${error.message}`
+    );
+  }
+}
+
+async function changeLoginPassword(customerNo, login_psw) {
+  const hashedLoginPassword = await hashPassword(login_psw);
+  const currentTime = dayjs().toISOString();
+  const password_expiry = dayjs().add(90,"day").toISOString();
+  try {
+    await db.query(
+      'UPDATE users SET password_hash = $1 ,updated_at = $3,password_hash_expiry =$4 WHERE customer_no = $2',
+      [hashedLoginPassword, customerNo , currentTime ,password_expiry]
+    );
+  } catch (error) {
+    throw new Error(
+      `error occured while while setting new Login Password ${error.message}`
+    );
+  }
+}
+
+async function changeTransPassword(customerNo, trans_psw) {
+  const hashedTransPassword = await hashPassword(trans_psw);
+  const currentTime = dayjs().toISOString();
+  const password_expiry = dayjs().add(90,"day").toISOString();
+  try {
+    await db.query(
+      'UPDATE users SET transaction_password = $1 ,updated_at = $3,transaction_password_expiry =$4 WHERE customer_no = $2',
+      [hashedTransPassword, customerNo , currentTime ,password_expiry]
+    );
+  } catch (error) {
+    throw new Error(
+      `error occurred while while setting new Login Password ${error.message}`
     );
   }
 }
@@ -90,4 +125,6 @@ module.exports = {
   setLoginPassword,
   validateTransactionPassword,
   setTransactionPassword,
+  changeLoginPassword,
+  changeTransPassword,
 };

src/util/sms_template.js

@@ -18,6 +18,9 @@ const templates = {
 
   FORGOT_PASSWORD: (otp) => 
     `Dear Customer, Forgot Password OTP is ${otp} -KCCB`,
+
+  REGISTRATION: (otp) =>
+     `Dear Customer, Your CIF is enable.First time login password: ${otp} (valid for 7 days).Please login and change your password -KCCB`,
 };
 
 module.exports = templates;