Refactoring customer route
parent
8c4d1fa199
commit
357e694597
routes
test/specs
|
@ -7,7 +7,7 @@ const common = require('../lib/common');
|
||||||
const { restrict } = require('../lib/auth');
|
const { restrict } = require('../lib/auth');
|
||||||
|
|
||||||
// insert a customer
|
// insert a customer
|
||||||
router.post('/customer/create', (req, res) => {
|
router.post('/customer/create', async (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
|
|
||||||
const doc = {
|
const doc = {
|
||||||
|
@ -25,7 +25,7 @@ router.post('/customer/create', (req, res) => {
|
||||||
};
|
};
|
||||||
|
|
||||||
// check for existing customer
|
// check for existing customer
|
||||||
db.customers.findOne({ email: req.body.email }, (err, customer) => {
|
const customer = await db.customers.findOne({ email: req.body.email });
|
||||||
if(customer){
|
if(customer){
|
||||||
res.status(400).json({
|
res.status(400).json({
|
||||||
err: 'A customer already exists with that email address'
|
err: 'A customer already exists with that email address'
|
||||||
|
@ -33,39 +33,37 @@ router.post('/customer/create', (req, res) => {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// email is ok to be used.
|
// email is ok to be used.
|
||||||
db.customers.insertOne(doc, (err, newCustomer) => {
|
try{
|
||||||
if(err){
|
await db.customers.insertOne(doc, (err, newCustomer) => {
|
||||||
if(newCustomer){
|
|
||||||
console.error(colors.red('Failed to insert customer: ' + err));
|
|
||||||
res.status(400).json({
|
|
||||||
err: 'A customer already exists with that email address'
|
|
||||||
});
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
console.error(colors.red('Failed to insert customer: ' + err));
|
|
||||||
res.status(400).json({
|
|
||||||
err: 'Customer creation failed.'
|
|
||||||
});
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Customer creation successful
|
// Customer creation successful
|
||||||
req.session.customer = newCustomer.ops[0];
|
req.session.customer = newCustomer.insertedId;
|
||||||
res.status(200).json({
|
res.status(200).json({
|
||||||
message: 'Successfully logged in',
|
message: 'Successfully logged in',
|
||||||
customer: newCustomer
|
customer: newCustomer
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
}catch(ex){
|
||||||
|
console.error(colors.red('Failed to insert customer: ', ex));
|
||||||
|
res.status(400).json({
|
||||||
|
err: 'Customer creation failed.'
|
||||||
});
|
});
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
// render the customer view
|
// render the customer view
|
||||||
router.get('/admin/customer/view/:id?', restrict, (req, res) => {
|
router.get('/admin/customer/view/:id?', restrict, async (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
|
|
||||||
db.customers.findOne({ _id: common.getId(req.params.id) }, (err, customer) => {
|
const customer = await db.customers.findOne({ _id: common.getId(req.params.id) });
|
||||||
if(err){
|
|
||||||
console.info(err.stack);
|
if(!customer){
|
||||||
|
// If API request, return json
|
||||||
|
if(req.apiAuthenticated){
|
||||||
|
return res.status(400).json({ message: 'Customer not found' });
|
||||||
|
}
|
||||||
|
req.session.message = 'Customer not found';
|
||||||
|
req.session.message_type = 'danger';
|
||||||
|
return res.redirect('/admin/customers');
|
||||||
}
|
}
|
||||||
|
|
||||||
// If API request, return json
|
// If API request, return json
|
||||||
|
@ -85,13 +83,13 @@ router.get('/admin/customer/view/:id?', restrict, (req, res) => {
|
||||||
helpers: req.handlebars.helpers
|
helpers: req.handlebars.helpers
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
||||||
// customers list
|
// customers list
|
||||||
router.get('/admin/customers', restrict, (req, res) => {
|
router.get('/admin/customers', restrict, async (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
|
|
||||||
db.customers.find({}).limit(20).sort({ created: -1 }).toArray((err, customers) => {
|
const customers = await db.customers.find({}).limit(20).sort({ created: -1 }).toArray();
|
||||||
|
|
||||||
// If API request, return json
|
// If API request, return json
|
||||||
if(req.apiAuthenticated){
|
if(req.apiAuthenticated){
|
||||||
return res.status(200).json(customers);
|
return res.status(200).json(customers);
|
||||||
|
@ -108,10 +106,9 @@ router.get('/admin/customers', restrict, (req, res) => {
|
||||||
config: req.app.config
|
config: req.app.config
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
||||||
// Filtered customers list
|
// Filtered customers list
|
||||||
router.get('/admin/customers/filter/:search', restrict, (req, res, next) => {
|
router.get('/admin/customers/filter/:search', restrict, async (req, res, next) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
const searchTerm = req.params.search;
|
const searchTerm = req.params.search;
|
||||||
const customersIndex = req.app.customersIndex;
|
const customersIndex = req.app.customersIndex;
|
||||||
|
@ -122,10 +119,7 @@ router.get('/admin/customers/filter/:search', restrict, (req, res, next) => {
|
||||||
});
|
});
|
||||||
|
|
||||||
// we search on the lunr indexes
|
// we search on the lunr indexes
|
||||||
db.customers.find({ _id: { $in: lunrIdArray } }).sort({ created: -1 }).toArray((err, customers) => {
|
const customers = await db.customers.find({ _id: { $in: lunrIdArray } }).sort({ created: -1 }).toArray();
|
||||||
if(err){
|
|
||||||
console.error(colors.red('Error searching', err));
|
|
||||||
}
|
|
||||||
|
|
||||||
// If API request, return json
|
// If API request, return json
|
||||||
if(req.apiAuthenticated){
|
if(req.apiAuthenticated){
|
||||||
|
@ -146,50 +140,43 @@ router.get('/admin/customers/filter/:search', restrict, (req, res, next) => {
|
||||||
helpers: req.handlebars.helpers
|
helpers: req.handlebars.helpers
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
||||||
// login the customer and check the password
|
// login the customer and check the password
|
||||||
router.post('/customer/login_action', async (req, res) => {
|
router.post('/customer/login_action', async (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
|
|
||||||
db.customers.findOne({email: common.mongoSanitize(req.body.loginEmail)}, (err, customer) => { // eslint-disable-line
|
const customer = await db.customers.findOne({ email: common.mongoSanitize(req.body.loginEmail) });
|
||||||
if(err){
|
|
||||||
// An error accurred
|
|
||||||
return res.status(400).json({
|
|
||||||
message: 'Access denied. Check password and try again.'
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if customer exists with that email
|
// check if customer exists with that email
|
||||||
if(customer === undefined || customer === null){
|
if(customer === undefined || customer === null){
|
||||||
return res.status(400).json({
|
res.status(400).json({
|
||||||
message: 'A customer with that email does not exist.'
|
message: 'A customer with that email does not exist.'
|
||||||
});
|
});
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
// we have a customer under that email so we compare the password
|
// we have a customer under that email so we compare the password
|
||||||
bcrypt.compare(req.body.loginPassword, customer.password)
|
bcrypt.compare(req.body.loginPassword, customer.password)
|
||||||
.then((result) => {
|
.then((result) => {
|
||||||
if(!result){
|
if(!result){
|
||||||
// password is not correct
|
// password is not correct
|
||||||
return res.status(400).json({
|
res.status(400).json({
|
||||||
message: 'Access denied. Check password and try again.'
|
message: 'Access denied. Check password and try again.'
|
||||||
});
|
});
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Customer login successful
|
// Customer login successful
|
||||||
req.session.customer = customer;
|
req.session.customer = customer;
|
||||||
return res.status(200).json({
|
res.status(200).json({
|
||||||
message: 'Successfully logged in',
|
message: 'Successfully logged in',
|
||||||
customer: customer
|
customer: customer
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
return res.status(400).json({
|
res.status(400).json({
|
||||||
message: 'Access denied. Check password and try again.'
|
message: 'Access denied. Check password and try again.'
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
||||||
// customer forgotten password
|
// customer forgotten password
|
||||||
router.get('/customer/forgotten', (req, res) => {
|
router.get('/customer/forgotten', (req, res) => {
|
||||||
|
@ -206,17 +193,23 @@ router.get('/customer/forgotten', (req, res) => {
|
||||||
});
|
});
|
||||||
|
|
||||||
// forgotten password
|
// forgotten password
|
||||||
router.post('/customer/forgotten_action', (req, res) => {
|
router.post('/customer/forgotten_action', async (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
const config = req.app.config;
|
const config = req.app.config;
|
||||||
const passwordToken = randtoken.generate(30);
|
const passwordToken = randtoken.generate(30);
|
||||||
|
|
||||||
// find the user
|
// find the user
|
||||||
db.customers.findOne({ email: req.body.email }, (err, customer) => {
|
const customer = await db.customers.findOne({ email: req.body.email });
|
||||||
// if we have a customer, set a token, expiry and email it
|
// if we have a customer, set a token, expiry and email it
|
||||||
if(customer){
|
if(!customer){
|
||||||
|
req.session.message = 'Account does not exist';
|
||||||
|
req.session.message_type = 'danger';
|
||||||
|
res.redirect('/customer/forgotten');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
try{
|
||||||
const tokenExpiry = Date.now() + 3600000;
|
const tokenExpiry = Date.now() + 3600000;
|
||||||
db.customers.updateOne({ email: req.body.email }, { $set: { resetToken: passwordToken, resetTokenExpiry: tokenExpiry } }, { multi: false }, (err, numReplaced) => {
|
await db.customers.updateOne({ email: req.body.email }, { $set: { resetToken: passwordToken, resetTokenExpiry: tokenExpiry } }, { multi: false });
|
||||||
// send forgotten password email
|
// send forgotten password email
|
||||||
const mailOpts = {
|
const mailOpts = {
|
||||||
to: req.body.email,
|
to: req.body.email,
|
||||||
|
@ -232,21 +225,20 @@ router.post('/customer/forgotten_action', (req, res) => {
|
||||||
common.sendEmail(mailOpts.to, mailOpts.subject, mailOpts.body);
|
common.sendEmail(mailOpts.to, mailOpts.subject, mailOpts.body);
|
||||||
req.session.message = 'An email has been sent to ' + req.body.email + ' with further instructions';
|
req.session.message = 'An email has been sent to ' + req.body.email + ' with further instructions';
|
||||||
req.session.message_type = 'success';
|
req.session.message_type = 'success';
|
||||||
return res.redirect('/customer/forgotten');
|
res.redirect('/customer/forgotten');
|
||||||
});
|
}catch(ex){
|
||||||
}else{
|
|
||||||
req.session.message = 'Account does not exist';
|
req.session.message = 'Account does not exist';
|
||||||
|
req.session.message_type = 'danger';
|
||||||
res.redirect('/customer/forgotten');
|
res.redirect('/customer/forgotten');
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
||||||
// reset password form
|
// reset password form
|
||||||
router.get('/customer/reset/:token', (req, res) => {
|
router.get('/customer/reset/:token', async (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
|
|
||||||
// Find the customer using the token
|
// Find the customer using the token
|
||||||
db.customers.findOne({ resetToken: req.params.token, resetTokenExpiry: { $gt: Date.now() } }, (err, customer) => {
|
const customer = await db.customers.findOne({ resetToken: req.params.token, resetTokenExpiry: { $gt: Date.now() } });
|
||||||
if(!customer){
|
if(!customer){
|
||||||
req.session.message = 'Password reset token is invalid or has expired';
|
req.session.message = 'Password reset token is invalid or has expired';
|
||||||
req.session.message_type = 'danger';
|
req.session.message_type = 'danger';
|
||||||
|
@ -266,14 +258,13 @@ router.get('/customer/reset/:token', (req, res) => {
|
||||||
helpers: req.handlebars.helpers
|
helpers: req.handlebars.helpers
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
||||||
// reset password action
|
// reset password action
|
||||||
router.post('/customer/reset/:token', (req, res) => {
|
router.post('/customer/reset/:token', async (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
|
|
||||||
// get the customer
|
// get the customer
|
||||||
db.customers.findOne({ resetToken: req.params.token, resetTokenExpiry: { $gt: Date.now() } }, (err, customer) => {
|
const customer = await db.customers.findOne({ resetToken: req.params.token, resetTokenExpiry: { $gt: Date.now() } });
|
||||||
if(!customer){
|
if(!customer){
|
||||||
req.session.message = 'Password reset token is invalid or has expired';
|
req.session.message = 'Password reset token is invalid or has expired';
|
||||||
req.session.message_type = 'danger';
|
req.session.message_type = 'danger';
|
||||||
|
@ -282,7 +273,8 @@ router.post('/customer/reset/:token', (req, res) => {
|
||||||
|
|
||||||
// update the password and remove the token
|
// update the password and remove the token
|
||||||
const newPassword = bcrypt.hashSync(req.body.password, 10);
|
const newPassword = bcrypt.hashSync(req.body.password, 10);
|
||||||
db.customers.updateOne({ email: customer.email }, { $set: { password: newPassword, resetToken: undefined, resetTokenExpiry: undefined } }, { multi: false }, (err, numReplaced) => {
|
try{
|
||||||
|
await db.customers.updateOne({ email: customer.email }, { $set: { password: newPassword, resetToken: undefined, resetTokenExpiry: undefined } }, { multi: false });
|
||||||
const mailOpts = {
|
const mailOpts = {
|
||||||
to: customer.email,
|
to: customer.email,
|
||||||
subject: 'Password successfully reset',
|
subject: 'Password successfully reset',
|
||||||
|
@ -294,9 +286,12 @@ router.post('/customer/reset/:token', (req, res) => {
|
||||||
req.session.message = 'Password successfully updated';
|
req.session.message = 'Password successfully updated';
|
||||||
req.session.message_type = 'success';
|
req.session.message_type = 'success';
|
||||||
return res.redirect('/pay');
|
return res.redirect('/pay');
|
||||||
});
|
}catch(ex){
|
||||||
return'';
|
console.log('Unable to reset password', ex);
|
||||||
});
|
req.session.message = 'Unable to reset password';
|
||||||
|
req.session.message_type = 'danger';
|
||||||
|
return res.redirect('/forgot');
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
// logout the customer
|
// logout the customer
|
||||||
|
|
|
@ -9,14 +9,6 @@ test.before(async () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('[Success] Create a customer', async t => {
|
test('[Success] Create a customer', async t => {
|
||||||
// Login
|
|
||||||
await g.request
|
|
||||||
.post('/admin/login_action')
|
|
||||||
.send({
|
|
||||||
email: g.users[0].userEmail,
|
|
||||||
password: 'test'
|
|
||||||
});
|
|
||||||
|
|
||||||
const customer = {
|
const customer = {
|
||||||
email: 'sarah.jones@test.com',
|
email: 'sarah.jones@test.com',
|
||||||
firstName: 'Sarah',
|
firstName: 'Sarah',
|
||||||
|
@ -39,14 +31,6 @@ test('[Success] Create a customer', async t => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('[Fail] Try create a duplicate customer', async t => {
|
test('[Fail] Try create a duplicate customer', async t => {
|
||||||
// Login
|
|
||||||
await g.request
|
|
||||||
.post('/admin/login_action')
|
|
||||||
.send({
|
|
||||||
email: g.users[0].userEmail,
|
|
||||||
password: 'test'
|
|
||||||
});
|
|
||||||
|
|
||||||
const customer = {
|
const customer = {
|
||||||
email: 'sarah.jones@test.com',
|
email: 'sarah.jones@test.com',
|
||||||
firstName: 'Sarah',
|
firstName: 'Sarah',
|
||||||
|
|
Loading…
Reference in New Issue