Refactoring customer route

master
Mark Moffat 2019-11-09 14:51:48 +10:30
parent 8c4d1fa199
commit 357e694597
2 changed files with 177 additions and 198 deletions
test/specs

View File

@ -7,7 +7,7 @@ const common = require('../lib/common');
const { restrict } = require('../lib/auth'); const { restrict } = require('../lib/auth');
// insert a customer // insert a customer
router.post('/customer/create', (req, res) => { router.post('/customer/create', async (req, res) => {
const db = req.app.db; const db = req.app.db;
const doc = { const doc = {
@ -25,7 +25,7 @@ router.post('/customer/create', (req, res) => {
}; };
// check for existing customer // check for existing customer
db.customers.findOne({ email: req.body.email }, (err, customer) => { const customer = await db.customers.findOne({ email: req.body.email });
if(customer){ if(customer){
res.status(400).json({ res.status(400).json({
err: 'A customer already exists with that email address' err: 'A customer already exists with that email address'
@ -33,39 +33,37 @@ router.post('/customer/create', (req, res) => {
return; return;
} }
// email is ok to be used. // email is ok to be used.
db.customers.insertOne(doc, (err, newCustomer) => { try{
if(err){ await db.customers.insertOne(doc, (err, newCustomer) => {
if(newCustomer){
console.error(colors.red('Failed to insert customer: ' + err));
res.status(400).json({
err: 'A customer already exists with that email address'
});
return;
}
console.error(colors.red('Failed to insert customer: ' + err));
res.status(400).json({
err: 'Customer creation failed.'
});
return;
}
// Customer creation successful // Customer creation successful
req.session.customer = newCustomer.ops[0]; req.session.customer = newCustomer.insertedId;
res.status(200).json({ res.status(200).json({
message: 'Successfully logged in', message: 'Successfully logged in',
customer: newCustomer customer: newCustomer
}); });
}); });
}catch(ex){
console.error(colors.red('Failed to insert customer: ', ex));
res.status(400).json({
err: 'Customer creation failed.'
}); });
}
}); });
// render the customer view // render the customer view
router.get('/admin/customer/view/:id?', restrict, (req, res) => { router.get('/admin/customer/view/:id?', restrict, async (req, res) => {
const db = req.app.db; const db = req.app.db;
db.customers.findOne({ _id: common.getId(req.params.id) }, (err, customer) => { const customer = await db.customers.findOne({ _id: common.getId(req.params.id) });
if(err){
console.info(err.stack); if(!customer){
// If API request, return json
if(req.apiAuthenticated){
return res.status(400).json({ message: 'Customer not found' });
}
req.session.message = 'Customer not found';
req.session.message_type = 'danger';
return res.redirect('/admin/customers');
} }
// If API request, return json // If API request, return json
@ -85,13 +83,13 @@ router.get('/admin/customer/view/:id?', restrict, (req, res) => {
helpers: req.handlebars.helpers helpers: req.handlebars.helpers
}); });
}); });
});
// customers list // customers list
router.get('/admin/customers', restrict, (req, res) => { router.get('/admin/customers', restrict, async (req, res) => {
const db = req.app.db; const db = req.app.db;
db.customers.find({}).limit(20).sort({ created: -1 }).toArray((err, customers) => { const customers = await db.customers.find({}).limit(20).sort({ created: -1 }).toArray();
// If API request, return json // If API request, return json
if(req.apiAuthenticated){ if(req.apiAuthenticated){
return res.status(200).json(customers); return res.status(200).json(customers);
@ -108,10 +106,9 @@ router.get('/admin/customers', restrict, (req, res) => {
config: req.app.config config: req.app.config
}); });
}); });
});
// Filtered customers list // Filtered customers list
router.get('/admin/customers/filter/:search', restrict, (req, res, next) => { router.get('/admin/customers/filter/:search', restrict, async (req, res, next) => {
const db = req.app.db; const db = req.app.db;
const searchTerm = req.params.search; const searchTerm = req.params.search;
const customersIndex = req.app.customersIndex; const customersIndex = req.app.customersIndex;
@ -122,10 +119,7 @@ router.get('/admin/customers/filter/:search', restrict, (req, res, next) => {
}); });
// we search on the lunr indexes // we search on the lunr indexes
db.customers.find({ _id: { $in: lunrIdArray } }).sort({ created: -1 }).toArray((err, customers) => { const customers = await db.customers.find({ _id: { $in: lunrIdArray } }).sort({ created: -1 }).toArray();
if(err){
console.error(colors.red('Error searching', err));
}
// If API request, return json // If API request, return json
if(req.apiAuthenticated){ if(req.apiAuthenticated){
@ -146,50 +140,43 @@ router.get('/admin/customers/filter/:search', restrict, (req, res, next) => {
helpers: req.handlebars.helpers helpers: req.handlebars.helpers
}); });
}); });
});
// login the customer and check the password // login the customer and check the password
router.post('/customer/login_action', async (req, res) => { router.post('/customer/login_action', async (req, res) => {
const db = req.app.db; const db = req.app.db;
db.customers.findOne({email: common.mongoSanitize(req.body.loginEmail)}, (err, customer) => { // eslint-disable-line const customer = await db.customers.findOne({ email: common.mongoSanitize(req.body.loginEmail) });
if(err){
// An error accurred
return res.status(400).json({
message: 'Access denied. Check password and try again.'
});
}
// check if customer exists with that email // check if customer exists with that email
if(customer === undefined || customer === null){ if(customer === undefined || customer === null){
return res.status(400).json({ res.status(400).json({
message: 'A customer with that email does not exist.' message: 'A customer with that email does not exist.'
}); });
return;
} }
// we have a customer under that email so we compare the password // we have a customer under that email so we compare the password
bcrypt.compare(req.body.loginPassword, customer.password) bcrypt.compare(req.body.loginPassword, customer.password)
.then((result) => { .then((result) => {
if(!result){ if(!result){
// password is not correct // password is not correct
return res.status(400).json({ res.status(400).json({
message: 'Access denied. Check password and try again.' message: 'Access denied. Check password and try again.'
}); });
return;
} }
// Customer login successful // Customer login successful
req.session.customer = customer; req.session.customer = customer;
return res.status(200).json({ res.status(200).json({
message: 'Successfully logged in', message: 'Successfully logged in',
customer: customer customer: customer
}); });
}) })
.catch((err) => { .catch((err) => {
return res.status(400).json({ res.status(400).json({
message: 'Access denied. Check password and try again.' message: 'Access denied. Check password and try again.'
}); });
}); });
}); });
});
// customer forgotten password // customer forgotten password
router.get('/customer/forgotten', (req, res) => { router.get('/customer/forgotten', (req, res) => {
@ -206,17 +193,23 @@ router.get('/customer/forgotten', (req, res) => {
}); });
// forgotten password // forgotten password
router.post('/customer/forgotten_action', (req, res) => { router.post('/customer/forgotten_action', async (req, res) => {
const db = req.app.db; const db = req.app.db;
const config = req.app.config; const config = req.app.config;
const passwordToken = randtoken.generate(30); const passwordToken = randtoken.generate(30);
// find the user // find the user
db.customers.findOne({ email: req.body.email }, (err, customer) => { const customer = await db.customers.findOne({ email: req.body.email });
// if we have a customer, set a token, expiry and email it // if we have a customer, set a token, expiry and email it
if(customer){ if(!customer){
req.session.message = 'Account does not exist';
req.session.message_type = 'danger';
res.redirect('/customer/forgotten');
return;
}
try{
const tokenExpiry = Date.now() + 3600000; const tokenExpiry = Date.now() + 3600000;
db.customers.updateOne({ email: req.body.email }, { $set: { resetToken: passwordToken, resetTokenExpiry: tokenExpiry } }, { multi: false }, (err, numReplaced) => { await db.customers.updateOne({ email: req.body.email }, { $set: { resetToken: passwordToken, resetTokenExpiry: tokenExpiry } }, { multi: false });
// send forgotten password email // send forgotten password email
const mailOpts = { const mailOpts = {
to: req.body.email, to: req.body.email,
@ -232,21 +225,20 @@ router.post('/customer/forgotten_action', (req, res) => {
common.sendEmail(mailOpts.to, mailOpts.subject, mailOpts.body); common.sendEmail(mailOpts.to, mailOpts.subject, mailOpts.body);
req.session.message = 'An email has been sent to ' + req.body.email + ' with further instructions'; req.session.message = 'An email has been sent to ' + req.body.email + ' with further instructions';
req.session.message_type = 'success'; req.session.message_type = 'success';
return res.redirect('/customer/forgotten'); res.redirect('/customer/forgotten');
}); }catch(ex){
}else{
req.session.message = 'Account does not exist'; req.session.message = 'Account does not exist';
req.session.message_type = 'danger';
res.redirect('/customer/forgotten'); res.redirect('/customer/forgotten');
} }
}); });
});
// reset password form // reset password form
router.get('/customer/reset/:token', (req, res) => { router.get('/customer/reset/:token', async (req, res) => {
const db = req.app.db; const db = req.app.db;
// Find the customer using the token // Find the customer using the token
db.customers.findOne({ resetToken: req.params.token, resetTokenExpiry: { $gt: Date.now() } }, (err, customer) => { const customer = await db.customers.findOne({ resetToken: req.params.token, resetTokenExpiry: { $gt: Date.now() } });
if(!customer){ if(!customer){
req.session.message = 'Password reset token is invalid or has expired'; req.session.message = 'Password reset token is invalid or has expired';
req.session.message_type = 'danger'; req.session.message_type = 'danger';
@ -266,14 +258,13 @@ router.get('/customer/reset/:token', (req, res) => {
helpers: req.handlebars.helpers helpers: req.handlebars.helpers
}); });
}); });
});
// reset password action // reset password action
router.post('/customer/reset/:token', (req, res) => { router.post('/customer/reset/:token', async (req, res) => {
const db = req.app.db; const db = req.app.db;
// get the customer // get the customer
db.customers.findOne({ resetToken: req.params.token, resetTokenExpiry: { $gt: Date.now() } }, (err, customer) => { const customer = await db.customers.findOne({ resetToken: req.params.token, resetTokenExpiry: { $gt: Date.now() } });
if(!customer){ if(!customer){
req.session.message = 'Password reset token is invalid or has expired'; req.session.message = 'Password reset token is invalid or has expired';
req.session.message_type = 'danger'; req.session.message_type = 'danger';
@ -282,7 +273,8 @@ router.post('/customer/reset/:token', (req, res) => {
// update the password and remove the token // update the password and remove the token
const newPassword = bcrypt.hashSync(req.body.password, 10); const newPassword = bcrypt.hashSync(req.body.password, 10);
db.customers.updateOne({ email: customer.email }, { $set: { password: newPassword, resetToken: undefined, resetTokenExpiry: undefined } }, { multi: false }, (err, numReplaced) => { try{
await db.customers.updateOne({ email: customer.email }, { $set: { password: newPassword, resetToken: undefined, resetTokenExpiry: undefined } }, { multi: false });
const mailOpts = { const mailOpts = {
to: customer.email, to: customer.email,
subject: 'Password successfully reset', subject: 'Password successfully reset',
@ -294,9 +286,12 @@ router.post('/customer/reset/:token', (req, res) => {
req.session.message = 'Password successfully updated'; req.session.message = 'Password successfully updated';
req.session.message_type = 'success'; req.session.message_type = 'success';
return res.redirect('/pay'); return res.redirect('/pay');
}); }catch(ex){
return''; console.log('Unable to reset password', ex);
}); req.session.message = 'Unable to reset password';
req.session.message_type = 'danger';
return res.redirect('/forgot');
}
}); });
// logout the customer // logout the customer

View File

@ -9,14 +9,6 @@ test.before(async () => {
}); });
test('[Success] Create a customer', async t => { test('[Success] Create a customer', async t => {
// Login
await g.request
.post('/admin/login_action')
.send({
email: g.users[0].userEmail,
password: 'test'
});
const customer = { const customer = {
email: 'sarah.jones@test.com', email: 'sarah.jones@test.com',
firstName: 'Sarah', firstName: 'Sarah',
@ -39,14 +31,6 @@ test('[Success] Create a customer', async t => {
}); });
test('[Fail] Try create a duplicate customer', async t => { test('[Fail] Try create a duplicate customer', async t => {
// Login
await g.request
.post('/admin/login_action')
.send({
email: g.users[0].userEmail,
password: 'test'
});
const customer = { const customer = {
email: 'sarah.jones@test.com', email: 'sarah.jones@test.com',
firstName: 'Sarah', firstName: 'Sarah',