Richiesta Cambio Password: ti manda il codice a 6 cifre e poterlo inserire sulla APP.

2022-12-11 18:04:02 +01:00
parent 3eef70f3f3
commit 1d7a98fc3f
4 changed files with 102 additions and 37 deletions
--- a/emails/resetpwd/it/html.pug
+++ b/emails/resetpwd/it/html.pug
@@ -3,8 +3,24 @@ p #{nomeapp} recentemente ha ricevuto una richiesta per una password dimenticata

 p Per cambiare la tua password di #{nomeapp}
 p <a href=#{strlinksetpassword} target="_blank">Clicca QUI</a>
-p Se non sei stato tu a richiedere questo cambiamento, non hai bisogno di fare niente.
+span Oppure inserisci il codice 
+span.grande #{tokenforgot_code} 
+span sulla APP
+p 
+p P.S: Se non sei stato tu a richiedere questo cambiamento, non hai bisogno di fare niente.
 p Questo link scadrà tra 4 ore.<br>

 p Cordiali Saluti
 p Supporto #{nomeapp}
+
+style(type="text/css").
+    html, body {
+        padding: 0;
+        margin: 0;
+    }
+
+    .grande {
+        font-size: 1.25rem;
+        font-weight: bold;
+    }
+
--- a/src/server/models/user.js
+++ b/src/server/models/user.js
@@ -139,6 +139,10 @@ const UserSchema = new mongoose.Schema({
  tokenforgot_code: {
    type: String,
  },
+  retry_pwd: {
+    type: Number,
+    default: 0,
+  },
  date_tokenreg: {
    type: Date,
  },
@@ -1178,29 +1182,42 @@ UserSchema.statics.findByLinkTokenforgotCode = function (idapp, email, tokenforg
  });
 };

-UserSchema.statics.createNewRequestPwd = function (idapp, email) {
+UserSchema.statics.createNewRequestPwd = function (idapp, email, code) {
  const User = this;

  const sendemail = require('../sendemail');

-  return User.findByEmail(idapp, email).then(async (user) => {
-    if (!user) {
-      return false;
-    } else {
-      // Creo il tokenforgot
-      user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).
-        toString();
-      user.date_tokenforgot = new Date();
-      user.tokenforgot_code = 100000 + Math.round(Math.random() * 899999);
-      user.lasttimeonline = new Date();
-      return await user.save().then(async () => {
-        await sendemail.sendEmail_RequestNewPassword(user.lang, user, user.email, user.idapp, user.tokenforgot, user.tokenforgot_code);
-
-        return true;
+  if (code && code.length === 6) {
+    return User.findByLinkTokenforgotCode(idapp, email, code)
+      .then((user) => {
+        if (user)
+          return { ris: true, link: tools.getlinkRelativeRequestNewPassword(idapp, email, user.tokenforgot) };
+        else
+          return { ris: false };
+      }).catch((e) => {
+        console.log(' Err createNewRequestPwd', e.message);
+        res.status(400).send();
      });
-    }
+  } else {
+    return User.findByEmail(idapp, email).then(async (user) => {
+      if (!user) {
+        return { ris: false };
+      } else {
+        // Creo il tokenforgot
+        user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).
+          toString();
+        user.date_tokenforgot = new Date();
+        user.tokenforgot_code = 100000 + Math.round(Math.random() * 899999);
+        user.lasttimeonline = new Date();
+        return await user.save().then(async () => {
+          await sendemail.sendEmail_RequestNewPassword(user.lang, user, user.email, user.idapp, user.tokenforgot, user.tokenforgot_code);

-  });
+          return { ris: true };
+        });
+      }
+
+    });
+  }
 };

 UserSchema.statics.createNewRequestPwdByUsernameAndGetLink = async function (idapp, username) {
@@ -1436,7 +1453,7 @@ UserSchema.statics.getUserById = function (idapp, id) {
 UserSchema.statics.getUserByUsername = function (idapp, username) {
  const User = this;

-  return User.findOne({
+  return User.findne({
    idapp,
    username,
    $or: [{ deleted: { $exists: false } }, { deleted: { $exists: true, $eq: false } }],
@@ -3671,14 +3688,14 @@ UserSchema.statics.getQueryUsersDiffusori = function (idapp) {
      },
    },
    {
-        $match: { "count": { $gte: 2 } }
+      $match: { "count": { $gte: 2 } }
    },
    {
      $sort: {
        count: -1,
      },
    },
-    { $limit: 20 },  
+    { $limit: 20 },
    {
      $lookup: {
        from: "users",
@@ -3715,11 +3732,11 @@ UserSchema.statics.getQueryUsersDiffusori = function (idapp) {
    {
      $replaceRoot: {
        newRoot: {
-          $mergeObjects: [ "$user", "$$ROOT" ],
+          $mergeObjects: ["$user", "$$ROOT"],
        },
      },
    },
-      {
+    {
      $project: {
        _id: 0,
        count: 1,
@@ -4211,6 +4228,25 @@ UserSchema.statics.calcOtherByUser = async function (idapp, userId) {
 };


+UserSchema.statics.tooManyReqPassword = async function (idapp, email, set) {
+  const User = this;
+
+  const maxnum = 30;
+
+  const user = await User.findByEmail(idapp, email);
+  if (user) {
+    if (!user.retry_pwd)
+      user.retry_pwd = 0
+    if (set && user.retry_pwd <= maxnum) {
+      user.retry_pwd++;
+
+      await User.findOneAndUpdate({ _id: user._id }, { $set: { retry_pwd: user.retry_pwd } });
+    }
+    return user.retry_pwd > maxnum ;
+  }
+
+};
+
 UserSchema.statics.createNewSubRecord = async function (idapp, req) {
  const User = this;

--- a/src/server/router/index_router.js
+++ b/src/server/router/index_router.js
@@ -135,26 +135,34 @@ router.post(process.env.LINKVERIF_REG, (req, res) => {

 // Faccio richiesta di una Nuova Password
 router.post(process.env.LINK_REQUEST_NEWPASSWORD, async (req, res) => {
-  const body = _.pick(req.body, ['idapp', 'email']);
-  const idapp = body.idapp;
-  const email = body.email.toLowerCase().trim();
-  console.log(
-    'POST ' + process.env.LINK_REQUEST_NEWPASSWORD + ' idapp= ' + idapp +
-    ' email = ' + email);

  try {
-    const ris = await User.createNewRequestPwd(idapp, email);
-    if (ris) {
-      res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
+    const body = _.pick(req.body, ['idapp', 'email', 'codetocheck']);
+    const idapp = body.idapp;
+    const email = body.email.toLowerCase().trim();
+    const codetocheck = body.codetocheck ? body.codetocheck.trim() : '';
+
+    // Check if too many requests
+    if (await User.tooManyReqPassword(idapp, email, true)) {
+      console.log(process.env.LINK_REQUEST_NEWPASSWORD, 'TOO MANY REQUESTS !!! EXIT ', email);
+      res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: 'TOO MANY REQUESTS' });
+      return false;
+    }
+
+    console.log(
+      'POST ' + process.env.LINK_REQUEST_NEWPASSWORD + ' idapp= ' + idapp +
+      ' email = ' + email);
+
+    const reqpwd = await User.createNewRequestPwd(idapp, email, codetocheck);
+    if (reqpwd && reqpwd.ris) {
+      res.send({ code: server_constants.RIS_CODE_OK, msg: '', link: reqpwd.link });
    } else {
-      tools.snooze(5000);
      return res.status(200).
        send({ code: server_constants.RIS_CODE_EMAIL_NOT_EXIST, msg: '' });
    }
  } catch (e) {
    console.log(process.env.LINK_REQUEST_NEWPASSWORD, e.message);
-    res.status(400).send();
-    res.send({ code: server_constants.RIS_CODE_ERR, msg: e });
+    res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e });
  }

 });
--- a/src/server/tools/general.js
+++ b/src/server/tools/general.js
@@ -3308,12 +3308,17 @@ module.exports = {
    return msg;
  },

-  getlinkRequestNewPassword: function(idapp, email, tokenforgot) {
-    const strlinkreg = this.getHostByIdApp(idapp) + process.env.LINK_UPDATE_PASSWORD +
+  getlinkRelativeRequestNewPassword: function(idapp, email, tokenforgot) {
+    const strlinkreg = process.env.LINK_UPDATE_PASSWORD +
        `?idapp=${idapp}&email=${email}&tokenforgot=${tokenforgot}`;
    return strlinkreg;
  },

+  getlinkRequestNewPassword: function(idapp, email, tokenforgot) {
+    const strlinkreg = this.getHostByIdApp(idapp) + this.getlinkRelativeRequestNewPassword(idapp, email, tokenforgot);
+    return strlinkreg;
+  },
+
  execScript: function(idapp, msg, script, testo) {
    const {exec} = require('child_process');
    const telegrambot = require('../telegram/telegrambot');