Datnqse62453
commented
11 months ago implemented OTP
Open Datnqse62453 opened 11 months ago
Datnqse62453
commented
11 months ago implemented OTP
trongtomo
commented
11 months ago reset password to default '123456'
const forgotPassword = async (req, res) => {
try {
const { userId } = req.user;
// Find the user by userId
const user = await User.findByPk(userId);
if (!user) {
throw new Error("User not found");
}
// Reset the password to a default value (e.g., "123456")
const newPass = crypto.createHash("sha256").update("123456").digest("hex");
user.password = newPass;
await user.save();
return successResponse(
req,
res,
"Password has been reset to '123456' please change it again"
);
} catch (error) {
console.error(error);
return errorResponse(req, res, "Internal Server Error", 500, error);
}
};change from 123456 to forgot password => otp ben mobile -> api create a new password of that user with that phoneNumber
trongtomo
commented
11 months ago const forgotPassword = async (req, res) => {
try {
const { userId } = req.user;
const { newPassword } = req.body; // Get the new password from the request body
// Find the user by userId
const user = await User.findByPk(userId);
if (!user) {
throw new Error("User not found");
}
// Hash the new password
const hashedPassword = crypto
.createHash("sha256")
.update(newPassword)
.digest("hex");
// Set the user's password to the hashed new password
user.password = hashedPassword;
await user.save();
return successResponse(
req,
res,
"Password has been reset, please login again."
);
} catch (error) {
console.error(error);
return errorResponse(req, res, "Internal Server Error", 500, error);
}
};Check if current user is an user in our application, then proceed to change password Major security risk, if A guy have this B guy username(phone number) then he can change B password. @Datnqse62453 make sure on your end business.
Please implemented OTP in mobile first