Merge pull request #12 from ELEVATE-Project/development

reset api changes
ELEVATE-Project · Apr 1, 2022 · 4bf43b0 · 4bf43b0
2 parents a328c35 + ccf2273
commit 4bf43b0
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/constants/api-responses.js b/constants/api-responses.js
@@ -48,5 +48,6 @@ module.exports = {
     "USERS_FETCHED_SUCCESSFULLY": "Users fetched successfully.",
     "INVALID_SECRET_CODE": "Incorrect code. Please try again.",
     "USER_ROLE_UPDATED": "You have been logged out of your account due to change in platform role. Please login again.",
-    "UNABLE_TO_SEND_OTP": "Unable to send otp, may be redis server is down."
+    "UNABLE_TO_SEND_OTP": "Unable to send otp, may be redis server is down.",
+    "RESET_PREVIOUS_PASSWORD": "Please enter a new password, that has not been used before"
 };
diff --git a/services/helper/account.js b/services/helper/account.js
@@ -381,7 +381,7 @@ module.exports = class AccountHelper {
     */
 
     static async resetPassword(bodyData) {
-        const projection = { refreshTokens: 0, "designation.deleted": 0, "designation._id": 0, "areasOfExpertise.deleted": 0, "areasOfExpertise._id": 0, "location.deleted": 0, "location._id": 0, password: 0 };
+        const projection = { refreshTokens: 0, "designation.deleted": 0, "designation._id": 0, "areasOfExpertise.deleted": 0, "areasOfExpertise._id": 0, "location.deleted": 0, "location._id": 0 };
         try {
             let user = await usersData.findOne({ 'email.address': bodyData.email }, projection);
             if (!user) {
@@ -392,6 +392,10 @@ module.exports = class AccountHelper {
             if (!redisData || redisData.otp != bodyData.otp) {
                 return common.failureResponse({ message: apiResponses.RESET_OTP_INVALID, statusCode: httpStatusCode.bad_request, responseCode: 'CLIENT_ERROR' });
             }
+            const isPasswordCorrect = bcryptJs.compareSync(bodyData.password, user.password);
+            if (isPasswordCorrect) {
+                return common.failureResponse({ message: apiResponses.RESET_PREVIOUS_PASSWORD, statusCode: httpStatusCode.bad_request, responseCode: 'CLIENT_ERROR' });
+            }
 
             const salt = bcryptJs.genSaltSync(10);
             bodyData.password = bcryptJs.hashSync(bodyData.password, salt);
@@ -405,6 +409,8 @@ module.exports = class AccountHelper {
                 }
             };
 
+
+
             const accessToken = utilsHelper.generateToken(tokenDetail, process.env.ACCESS_TOKEN_SECRET, '1d');
             const refreshToken = utilsHelper.generateToken(tokenDetail, process.env.REFRESH_TOKEN_SECRET, '183d');
 
@@ -418,8 +424,10 @@ module.exports = class AccountHelper {
             await usersData.updateOneUser({ _id: user._id }, updateParams);
 
             /* Mongoose schema is in strict mode, so can not delete otpInfo directly */
+            delete user._doc.password;
             user = { ...user._doc };
             delete user.otpInfo;
+
             const result = { access_token: accessToken, refresh_token: refreshToken, user };
 
             return common.successResponse({ statusCode: httpStatusCode.ok, message: apiResponses.PASSWORD_RESET_SUCCESSFULLY, result });