feature/issue#451 implement password recovery functionality

[vladyslavyarets]

dev

ZenHub

• Main ZenHub ticket

Summary of issue

Currently the project haven't functionality for password restoration. Implement this one.

Create endpoints for password restoration request (/reset-password/request). Required fields:

• email (of user which wants restore the password).

Create password restoration approval endpoint (/reset-password/approval). Requirements:

• email (the same email that user fills in the restoration request field)
• token (token which was sent in the confirmation latter)
• new_password (new password which requires conditions. Use functionality of password validation present in user registration functionality for checking requirements)
• new_password_confirmation (should be the exact same value as a "new_password")
• Token expiration time: 3 hours after approval message sending
• Once password was changed token which was used for it should be disabled.
• All bearer tokens should be expired after password changing

Create table password_recovery_tokens for store tokens in DB with next fields:

• id (PK)
• email (varchar(255))
• token (varchar(36))
• send_date_time (timestamp)
• enabled (boolean)

Implement functionality for sending approval email which contains token. Generated link should have user's email and token as a url's variable named email and token.

• Implement cron job which erase both expired and disabled tokens every 24 hours from DB
• Token which was expired should not be allowed to change the password.

Other requirements:

• If possible reuse or refactor methods for reusing code which used for user registration for password requirements validation and setting the new password
• Write unit/integration tests for new functionality

Corner cases:

• Token expired or disabled: HTTP 406 ("Token is invalid)
• Passwords don't matches: HTTP 406 ("Passwords not equals")
• Password not satisfied rules: HTTP 406 ("Password too weak")
• Wrong email: HTTP 404 ("Password restoration request not found")
• Other: default error

Summary of change

• Created new entity, repository and table for password recovery tokens
• Edited OpenAPI specification
• Added new endpoints for password restoration request and password restoration approval
• Added 2 methods in service layer for password restoration request and change password
• Added 2 cron jobs which sends approval letters and marks tokens as expired
• Refactored Mail service layer
• Added tests
• Added mustache template for password recovery letter
• Added new Exception, Converters and Exception mapper

Testing approach

Not required

CHECK LIST

• [x] СI passed
• [ ] Сode coverage >=95%
• [x] PR is reviewed manually again (to make sure you have 100% ready code)
• [ ] All reviewers agreed to merge the PR
• [x] I've checked new feature as logged in and logged out user if needed
• [ ] PR meets all conventions

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

83.4% Coverage
0.0% Duplication

[gendalf-fx]

Nice 👍