EmailTokenController.js
For the full content of this gist, refer to https://gist.github.com/CodingAbdullah/8582c85f4aa8eea5859ace331fd89874
McMaster. Software Engineer with a keen interest in blockchain and web3.
// Once User obtains verification ID, update password and delete email token from database
exports.deleteEmailToken = (req, res) => {
const { email, ID, password } = JSON.parse(req.body.body);
// First compare ID user submitted to one stored inside of the EmailToken collection
// Check if email exists inside of collection
EmailToken.find({ email }, (err, result) => {
if (err) {
res.status(400).json({
message: "Cannot search EmailToken collection " + err
});
}
else {
let emailTokenJWT = result[0].token; // Extract the JWT stored inside the document
jwt.verify(emailTokenJWT, process.env.TOKEN_SECRET, (err, payload) => {
if (err) {
EmailToken.deleteOne({ email }, (err, result) => {
if (err) {
res.status(401).json({
message: "Token is expired and could not be removed " + err
});
}
else {
res.status(401).json({
message: "Token expired, deleted from EmailToken Collection!"
});
}
});
}
else {
// If JWT is valid (under 5 minutes), extract JWT payload and compare the ID to hashed ID
bcryptjs.compare(ID, payload.hashed_verification_id, (err, result) => {
if (err) {
res.status(400).json({
message: "Could not compare IDs"
});
}
// If comparison runs true, update password of user and delete email token
else if (result) {
// Update the password and stored it hashed and delete email token
bcryptjs.genSalt(10, (err, salt) => {
if (err) {
res.status(400).json({
message: "Could not generate a salt. " + err
});
}
else {
bcryptjs.hash(password, salt, (err, hashedPassword) => {
if (err) {
res.status(400).json({
message: "Could not generate hash for new password. " + err
});
}
else {
// Once hash is generated for new password, save to PostUser collection
// Delete EmailToken associated with email
PostUser.updateOne( { email }, { $set : { password: hashedPassword }}, (err, result) => {
if (err) {
res.status(400).json({
message: "Could not update document inside of PostUser collection. " + err
});
}
else {
// Now delete email token document from collection and send response
EmailToken.deleteOne({ email }, (err, result) => {
if (err) {
res.status(400).json({
message: "Could not delete EmailToken document after reset. " + err
});
}
else {
res.status(200).json({
message: "Password successfully reset! Email Token deleted."
});
}
});
}
});
}
});
}
});
}
else {
res.status(401).json({
message: "Invalid ID, password will not be reset"
});
}
});
}
});
}
});
}