#6427 - SMS Recover Password #2037

Open
jsegarra wants to merge 72 commits from 6427_sms_resetPassword into dev
6 changed files with 120 additions and 5 deletions
Showing only changes of commit bfc8cda8a2 - Show all commits

View File

@ -0,0 +1,103 @@
const UserError = require('vn-loopback/util/user-error');
const OTP_CHAR = ':';
function original({id, phone}) {
// Suma el número de teléfono y el número aleatorio
let suma = parseInt(phone) + parseInt(id);
// Convierte la suma a una cadena y toma solo los últimos 6 dígitos
let resultado = suma.toString().slice(-6);
// Devuelve los últimos 6 dígitos
return parseInt(resultado); // Devolvemos un número entero, no una cadena
}
function reverse(params) {
const _original = original(params);
return parseInt(_original.toString().split('').reverse().join(''));
}
function generateOTP(params, _otpType) {
const otpIndex = Math.floor(Math.random() * Object.keys(OTP_TYPES).length);
const otpType = _otpType ?? Object.keys(OTP_TYPES)[otpIndex];
const otp = OTP_TYPES[otpType](params);
return formatOTP(otpType, otp);
}
function formatOTP(otpType, otpValue) {
return `${otpType}${OTP_CHAR}${otpValue}`;
}
function checkOTP(params, otp) {
const [otpType, value] = otp.split(OTP_CHAR);
return generateOTP(params, otpType) === formatOTP(otpType, value);
}
const OTP_TYPES = {
// 'A': original,
'B': reverse,
};
module.exports = Self => {
Self.remoteMethod('recoverPasswordSMS', {
description: 'Send SMS to the user',
jsegarra marked this conversation as resolved Outdated
Outdated
Review

pq aqui es _opt pero en accepts es opt?
Usar otp

pq aqui es `_opt` pero en accepts es `opt`? Usar `otp`

Correcto, el nombre de la variable está obsoleto
Gracias
Lo cambio todo por code

Correcto, el nombre de la variable está obsoleto Gracias Lo cambio todo por code
Outdated
Review

pq aqui es _opt pero en accepts es opt?
Usar otp

pq aqui es `_opt` pero en accepts es `opt`? Usar `otp`
accepts: [
{
arg: 'ctx',
type: 'Object',
http: {source: 'context'}
},
{
arg: 'id',
type: 'string',
description: 'The user id',
required: true
},
{
arg: 'phone',
type: 'string',
jsegarra marked this conversation as resolved Outdated
Outdated
Review

Pondria directamente aqui el filtro

Pondria directamente aqui el filtro
Outdated
Review
const user = await Self.findOne({
            fields: ['id', 'phone', 'email', 'name'],
            where: {id, phone}
        });
``` const user = await Self.findOne({ fields: ['id', 'phone', 'email', 'name'], where: {id, phone} }); ```
description: 'The user name or email',
required: true
},
{
arg: 'otp',
type: 'string',
description: 'The directory for mail'
}
],
returns: {
type: 'Object',
root: true
},
http: {
path: `/recoverPasswordSMS`,
verb: 'POST'
}
});
Self.recoverPasswordSMS = async function(ctx, id, phone, otp) {
const usesPhone = new RegExp(/([+]\d{2})?\d{9}/, 'g').test(+phone);
if (!usesPhone) throw new UserError('Phone not valid');
let query = {
fields: ['id', 'phone', 'email'],
where: {id, phone}
};
const user = await Self.findOne(query);
if (!user) throw new UserError('Credentials not valid');
try {
if (otp) {
return {
valid: checkOTP(query.where, otp),
token: await user.accessTokens.create({})
};
}
return {otp: generateOTP(query.where)};
} catch (err) {
if (err.code === 'EMAIL_NOT_FOUND')
return;
else
throw err;
}
};
};

View File

@ -10,6 +10,7 @@ module.exports = function(Self) {
require('../methods/vn-user/sign-in')(Self); require('../methods/vn-user/sign-in')(Self);
require('../methods/vn-user/acl')(Self); require('../methods/vn-user/acl')(Self);
require('../methods/vn-user/recover-password')(Self); require('../methods/vn-user/recover-password')(Self);
require('../methods/vn-user/recover-passwordSMS')(Self);
require('../methods/vn-user/privileges')(Self); require('../methods/vn-user/privileges')(Self);
require('../methods/vn-user/validate-auth')(Self); require('../methods/vn-user/validate-auth')(Self);
require('../methods/vn-user/renew-token')(Self); require('../methods/vn-user/renew-token')(Self);

View File

@ -106,6 +106,13 @@
"principalId": "$everyone", "principalId": "$everyone",
"permission": "ALLOW" "permission": "ALLOW"
}, },
{
"property": "recoverPasswordSMS",
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
},
{ {
"property": "validateAuth", "property": "validateAuth",
"accessType": "EXECUTE", "accessType": "EXECUTE",

View File

@ -324,4 +324,9 @@ INSERT INTO mysql.roles_mapping (`User`, `Host`, `Role`, `Admin_option`)
FROM mysql.roles_mapping FROM mysql.roles_mapping
WHERE `User` LIKE @prefixedLike AND `Host` = @genRoleHost; WHERE `User` LIKE @prefixedLike AND `Host` = @genRoleHost;
-- Actualiza los valores de la nueva columna con los valores correspondientes de la tabla userInfo
UPDATE `account`.`user` as `user`
JOIN vn.client `client` ON `user`.id = `client`.id
SET `user`.recoveryPhone = `client`.phone;
FLUSH PRIVILEGES; FLUSH PRIVILEGES;

View File

@ -3071,10 +3071,6 @@ UPDATE `vn`.`client`
SET phone= 432978106 SET phone= 432978106
jsegarra marked this conversation as resolved Outdated
Outdated
Review

Mejor que poner update, si se pude poner, es modificar el insert de client o ponerlo cerca
Si no luego es un lio ver de pq un cliente tiene x phone y no esta en el insert

Mejor que poner update, si se pude poner, es modificar el insert de `client` o ponerlo cerca Si no luego es un lio ver de pq un cliente tiene x phone y no esta en el insert
WHERE id=9; WHERE id=9;
UPDATE `vn`.`client`
SET phone= 432978106
WHERE id=9;
UPDATE vn.department UPDATE vn.department
SET workerFk = null; SET workerFk = null;

View File

@ -348,5 +348,8 @@
"You are not allowed to modify the alias": "No estás autorizado a modificar el alias", "You are not allowed to modify the alias": "No estás autorizado a modificar el alias",
"The address of the customer must have information about Incoterms and Customs Agent": "El consignatario del cliente debe tener informado Incoterms y Agente de aduanas", "The address of the customer must have information about Incoterms and Customs Agent": "El consignatario del cliente debe tener informado Incoterms y Agente de aduanas",
"This password can only be changed by the user themselves": "Esta contraseña solo puede ser modificada por el propio usuario", "This password can only be changed by the user themselves": "Esta contraseña solo puede ser modificada por el propio usuario",
"They're not your subordinate": "No es tu subordinado/a." "They're not your subordinate": "No es tu subordinado/a.",
"Phone not valid": "Teléfono no es válido",
"User not valid": "Usuario no válido",
"Credentials not valid": "Credenciales no válidas"
} }