Merge pull request #596 from medusajs/hotfix/password-reset

hotfix(medusa): pull missing fields
2021-10-23 13:23:19 +02:00
parent 29dd9a669a caa9ab81df
commit 6f690e9004
3 changed files with 57 additions and 19 deletions
--- a/integration-tests/api/tests/store/customer.js
+++ b/integration-tests/api/tests/store/customer.js
@@ -264,4 +264,33 @@ describe("/store/customers", () => {
      expect(response.data.customer.billing_address_id).toEqual(null)
    })
  })
+
+  describe("POST /store/customers/password-token", () => {
+    beforeEach(async () => {
+      const manager = dbConnection.manager
+      await manager.insert(Customer, {
+        id: "test_customer",
+        first_name: "John",
+        last_name: "Deere",
+        email: "john@deere.com",
+        password_hash:
+          "c2NyeXB0AAEAAAABAAAAAVMdaddoGjwU1TafDLLlBKnOTQga7P2dbrfgf3fB+rCD/cJOMuGzAvRdKutbYkVpuJWTU39P7OpuWNkUVoEETOVLMJafbI8qs8Qx/7jMQXkN", // password matching "test"
+        has_account: true,
+      })
+    })
+
+    afterEach(async () => {
+      await doAfterEach()
+    })
+
+    it("creates token", async () => {
+      const api = useApi()
+
+      const response = await api.post(`/store/customers/password-token`, {
+        email: "john@deere.com",
+      })
+
+      expect(response.status).toEqual(204)
+    })
+  })
 })
--- a/packages/medusa/src/api/routes/store/customers/reset-password.js
+++ b/packages/medusa/src/api/routes/store/customers/reset-password.js
@@ -24,7 +24,9 @@ import jwt from "jsonwebtoken"
 */
 export default async (req, res) => {
  const schema = Validator.object().keys({
-    email: Validator.string().email().required(),
+    email: Validator.string()
+      .email()
+      .required(),
    token: Validator.string().required(),
    password: Validator.string().required(),
  })
@@ -34,23 +36,21 @@ export default async (req, res) => {
    throw new MedusaError(MedusaError.Types.INVALID_DATA, error.details)
  }

-  try {
-    const customerService = req.scope.resolve("customerService")
-    let customer = await customerService.retrieveByEmail(value.email)
+  const customerService = req.scope.resolve("customerService")
+  let customer = await customerService.retrieveByEmail(value.email, {
+    select: ["id", "password_hash"],
+  })

-    const decodedToken = await jwt.verify(value.token, customer.password_hash)
-    if (!decodedToken || customer.id !== decodedToken.customer_id) {
-      res.status(401).send("Invalid or expired password reset token")
-      return
-    }
-
-    await customerService.update(customer.id, {
-      password: value.password,
-    })
-
-    customer = await customerService.retrieve(customer.id)
-    res.status(200).json({ customer })
-  } catch (error) {
-    throw error
+  const decodedToken = jwt.verify(value.token, customer.password_hash)
+  if (!decodedToken || customer.id !== decodedToken.customer_id) {
+    res.status(401).send("Invalid or expired password reset token")
+    return
  }
+
+  await customerService.update(customer.id, {
+    password: value.password,
+  })
+
+  customer = await customerService.retrieve(customer.id)
+  res.status(200).json({ customer })
 }
--- a/packages/medusa/src/services/customer.js
+++ b/packages/medusa/src/services/customer.js
@@ -94,7 +94,16 @@ class CustomerService extends BaseService {
   * @return {string} the generated JSON web token
   */
  async generateResetPasswordToken(customerId) {
-    const customer = await this.retrieve(customerId)
+    const customer = await this.retrieve(customerId, {
+      select: [
+        "id",
+        "has_account",
+        "password_hash",
+        "email",
+        "first_name",
+        "last_name",
+      ],
+    })

    if (!customer.has_account) {
      throw new MedusaError(