feat: edit forget password flow

2025-08-26 06:09:41 +00:00 · 2025-08-03 14:48:14 +03:00
parent f65a7d2933
commit 7461af20dd
11 changed files with 97 additions and 31 deletions
--- a/src/auth/services/auth.service.ts
+++ b/src/auth/services/auth.service.ts
@ -3,13 +3,13 @@ import { ConfigService } from '@nestjs/config';
 import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
 import { Request } from 'express';
+import moment from 'moment';
 import { CacheService } from '~/common/modules/cache/services';
 import { OtpScope, OtpType } from '~/common/modules/otp/enums';
 import { OtpService } from '~/common/modules/otp/services';
 import { UserType } from '~/user/enums';
 import { DeviceService, UserService, UserTokenService } from '~/user/services';
 import { User } from '../../user/entities';
-import { PASSCODE_REGEX } from '../constants';
 import {
  CreateUnverifiedUserRequestDto,
  DisableBiometricRequestDto,
@ -18,10 +18,11 @@ import {
  LoginRequestDto,
  SendForgetPasswordOtpRequestDto,
  setJuniorPasswordRequestDto,
+  VerifyForgetPasswordOtpRequestDto,
  VerifyUserRequestDto,
 } from '../dtos/request';
+import { Roles } from '../enums';
 import { IJwtPayload, ILoginResponse } from '../interfaces';
-import { removePadding, verifySignature } from '../utils';
 import { Oauth2Service } from './oauth2.service';

 const ONE_THOUSAND = 1000;
@ -147,14 +148,7 @@ export class AuthService {
    });
  }

-  async verifyForgetPasswordOtp({
-    countryCode,
-    phoneNumber,
-    otp,
-    password,
-    confirmPassword,
-  }: ForgetPasswordRequestDto) {
-    this.logger.log(`Verifying forget password OTP for ${countryCode + phoneNumber}`);
+  async verifyForgetPasswordOtp({ countryCode, phoneNumber, otp }: VerifyForgetPasswordOtpRequestDto) {
    const user = await this.userService.findUserOrThrow({ countryCode, phoneNumber });

    const isOtpValid = await this.otpService.verifyOtp({
@ -169,6 +163,29 @@ export class AuthService {
      throw new BadRequestException('OTP.INVALID_OTP');
    }

+    // generate a token for the user to reset password
+    const token = await this.userTokenService.generateToken(
+      user.id,
+      user.roles.includes(Roles.GUARDIAN) ? UserType.GUARDIAN : UserType.JUNIOR,
+      moment().add(5, 'minutes').toDate(),
+    );
+
+    return { token, user };
+  }
+  async resetPassword({
+    countryCode,
+    phoneNumber,
+    resetPasswordToken,
+    password,
+    confirmPassword,
+  }: ForgetPasswordRequestDto) {
+    this.logger.log(`Verifying forget password OTP for ${countryCode + phoneNumber}`);
+    const user = await this.userService.findUserOrThrow({ countryCode, phoneNumber });
+    await this.userTokenService.validateToken(
+      resetPasswordToken,
+      user.roles.includes(Roles.GUARDIAN) ? UserType.GUARDIAN : UserType.JUNIOR,
+    );
+
    if (password !== confirmPassword) {
      this.logger.error('Password and confirm password do not match');
      throw new BadRequestException('AUTH.PASSWORD_MISMATCH');
@ -177,6 +194,7 @@ export class AuthService {
    const hashedPassword = bcrypt.hashSync(password, user.salt);

    await this.userService.setPassword(user.id, hashedPassword, user.salt);
+    await this.userTokenService.invalidateToken(resetPasswordToken);
    this.logger.log(`Passcode updated successfully for user with phone number ${user.fullPhoneNumber}`);
  }