@drax/identity-back 0.9.0 → 0.11.3

package/dist/services/UserService.js

@@ -1,5 +1,5 @@
 import { ZodError } from "zod";
-import { ValidationError, ZodErrorToValidationError } from "@drax/common-back";
+import { SecuritySensitiveError, ValidationError, ZodErrorToValidationError } from "@drax/common-back";
 import AuthUtils from "../utils/AuthUtils.js";
 import { createUserSchema, editUserSchema, userBaseSchema } from "../zod/UserZod.js";
 import BadCredentialsError from "../errors/BadCredentialsError.js";
@@ -14,7 +14,7 @@ class UserService extends AbstractService {
     async auth(username, password) {
         let user = null;
         console.log("auth username", username);
-        user = await this.findByUsername(username);
+        user = await this.findByUsernameWithPassword(username);
         if (user && user.active && AuthUtils.checkPassword(password, user.password)) {
             //TODO: Generar session
             const session = randomUUID();
@@ -83,11 +83,92 @@ class UserService extends AbstractService {
             throw new BadCredentialsError();
         }
     }
+    async recoveryCode(email) {
+        try {
+            const recoveryCode = randomUUID();
+            const user = await this._repository.findByEmail(email);
+            if (user && user.active) {
+                await this._repository.updatePartial(user.id, { recoveryCode: recoveryCode });
+                return recoveryCode;
+            }
+            else {
+                throw new SecuritySensitiveError();
+            }
+        }
+        catch (e) {
+            console.error("recoveryCode:", e);
+            throw e;
+        }
+    }
+    async changeUserPasswordByCode(recoveryCode, newPassword) {
+        try {
+            console.log("changeUserPasswordByCode recoveryCode", recoveryCode);
+            const user = await this._repository.findByRecoveryCode(recoveryCode);
+            console.log("changeUserPasswordByCode user", user);
+            if (user && user.active) {
+                newPassword = AuthUtils.hashPassword(newPassword);
+                await this._repository.changePassword(user.id, newPassword);
+                await this._repository.updatePartial(user.id, { recoveryCode: null });
+                return true;
+            }
+            else {
+                throw new ValidationError([{ field: 'recoveryCode', reason: 'validation.notFound' }]);
+            }
+        }
+        catch (e) {
+            console.error("changeUserPasswordByCode", e);
+            throw e;
+        }
+    }
+    async register(userData) {
+        try {
+            userData.emailVerified = false;
+            userData.phoneVerified = false;
+            userData.active = false;
+            userData.emailCode = randomUUID();
+            userData.phoneCode = randomUUID();
+            let user = await this.create(userData);
+            return user;
+        }
+        catch (e) {
+            console.error("Error registry user", e);
+            if (e instanceof ZodError) {
+                throw ZodErrorToValidationError(e, userData);
+            }
+            throw e;
+        }
+    }
+    async verifyEmail(emailCode) {
+        const user = await this._repository.findByEmailCode(emailCode);
+        if (user && user.emailVerified === false) {
+            await this._repository.updatePartial(user.id, {
+                emailVerified: true,
+                active: true
+            });
+            return true;
+        }
+        else {
+            throw new ValidationError([{ field: 'emailCode', reason: 'validation.notFound' }]);
+        }
+    }
+    async verifyPhone(phoneCode) {
+        const user = await this._repository.findByPhoneCode(phoneCode);
+        if (user && user.phoneVerified === false) {
+            await this._repository.updatePartial(user.id, {
+                phoneVerified: true,
+                active: true
+            });
+            return true;
+        }
+        else {
+            throw new ValidationError([{ field: 'phoneCode', reason: 'validation.notFound' }]);
+        }
+    }
     async create(userData) {
         try {
             userData.name = userData?.name?.trim();
-            userData.username = userData.username.trim();
-            userData.password = userData.password.trim();
+            userData.username = userData?.username.trim();
+            userData.password = userData?.password.trim();
             userData.tenant = userData.tenant === "" ? null : userData.tenant;
             await createUserSchema.parseAsync(userData);
             userData.password = AuthUtils.hashPassword(userData.password.trim());
@@ -104,8 +185,8 @@ class UserService extends AbstractService {
     }
     async update(id, userData) {
         try {
-            userData.name = userData.name.trim();
-            userData.username = userData.username.trim();
+            userData.name = userData?.name.trim();
+            userData.username = userData?.username.trim();
             delete userData.password;
             userData.tenant = userData.tenant === "" ? null : userData.tenant;
             await editUserSchema.parseAsync(userData);
@@ -153,6 +234,16 @@ class UserService extends AbstractService {
             throw e;
         }
     }
+    async findByUsernameWithPassword(username) {
+        try {
+            const user = await this._repository.findByUsernameWithPassword(username);
+            return user;
+        }
+        catch (e) {
+            console.error("Error finding user by username", e);
+            throw e;
+        }
+    }
     async findByEmail(email) {
         try {
             const user = await this._repository.findByEmail(email);

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.9.0",
+  "version": "0.11.3",
   "description": "Identity module for user management, authentication and authorization.",
   "main": "dist/index.js",
   "types": "types/index.d.ts",
@@ -28,10 +28,11 @@
   "author": "Cristian Incarnato & Drax Team",
   "license": "ISC",
   "dependencies": {
-    "@drax/common-back": "^0.9.0",
-    "@drax/crud-back": "^0.9.0",
-    "@drax/crud-share": "^0.9.0",
-    "@drax/identity-share": "^0.9.0",
+    "@drax/common-back": "^0.11.3",
+    "@drax/crud-back": "^0.11.3",
+    "@drax/crud-share": "^0.11.3",
+    "@drax/email-back": "^0.11.3",
+    "@drax/identity-share": "^0.11.3",
     "bcryptjs": "^2.4.3",
     "express-jwt": "^8.4.1",
     "graphql": "^16.8.2",
@@ -62,5 +63,5 @@
       "debug": "0"
     }
   },
-  "gitHead": "aae0068b0343cbb23e85c2a9ea454e183739a8a7"
+  "gitHead": "54216d94d68dac488969f9c95d3c6be780935f9d"
 }

package/src/config/IdentityConfig.ts

@@ -13,6 +13,8 @@ enum IdentityConfig {
 
     AvatarDir = "DRAX_AVATAR_DIR",
 
+    defaultRole = "DRAX_DEFAULT_ROLE",
+
 
 }
 

package/src/controllers/UserController.ts

@@ -1,6 +1,15 @@
 import type {IUser, IUserUpdate, IUserCreate} from "@drax/identity-share";
 import {AbstractFastifyController} from "@drax/crud-back";
-import {CommonConfig, DraxConfig, StoreManager, UploadFileError, ValidationError, UnauthorizedError} from "@drax/common-back";
+import RegistrationCompleteHtml from "../html/RegistrationCompleteHtml.js";
+import {
+    CommonConfig,
+    DraxConfig,
+    StoreManager,
+    UploadFileError,
+    ValidationError,
+    UnauthorizedError,
+    SecuritySensitiveError
+} from "@drax/common-back";
 
 import UserServiceFactory from "../factory/UserServiceFactory.js";
 import RoleServiceFactory from "../factory/RoleServiceFactory.js";
@@ -9,13 +18,14 @@ import UserPermissions from "../permissions/UserPermissions.js";
 import BadCredentialsError from "../errors/BadCredentialsError.js";
 import {join} from "path";
 import {IdentityConfig} from "../config/IdentityConfig.js";
+import UserEmailService from "../services/UserEmailService.js";
 
 const BASE_FILE_DIR = DraxConfig.getOrLoad(CommonConfig.FileDir) || 'files';
 const AVATAR_DIR = DraxConfig.getOrLoad(IdentityConfig.AvatarDir) || 'avatar';
 const BASE_URL = DraxConfig.getOrLoad(CommonConfig.BaseUrl) ? DraxConfig.get(CommonConfig.BaseUrl).replace(/\/$/, '') : ''
 
 
-class UserController extends AbstractFastifyController<IUser, IUserCreate, IUserUpdate>   {
+class UserController extends AbstractFastifyController<IUser, IUserCreate, IUserUpdate> {
 
     protected service: UserService
 
@@ -76,11 +86,11 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
             const search = request.query.search
             const userService = UserServiceFactory()
             const filters = []
-            if(request.rbac.getAuthUser.tenantId){
+            if (request.rbac.getAuthUser.tenantId) {
                 filters.push({field: 'tenant', operator: 'eq', value: request.rbac.getAuthUser.tenantId})
             }
             let paginateResult = await userService.paginate({page, limit, orderBy, order, search, filters})
-            for(let item of paginateResult.items){
+            for (let item of paginateResult.items) {
                 item.password = undefined
                 delete item.password
             }
@@ -104,11 +114,11 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
         try {
             request.rbac.assertPermission(UserPermissions.View)
             const filters = []
-            if(request.rbac.getAuthUser.tenantId){
+            if (request.rbac.getAuthUser.tenantId) {
                 filters.push({field: 'tenant', operator: 'eq', value: request.rbac.getAuthUser.tenantId})
             }
             const search = request.query.search
-            let item = await this.service.search(search,1000,filters)
+            let item = await this.service.search(search, 1000, filters)
             return item
         } catch (e) {
             console.error(e)
@@ -125,6 +135,90 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
         }
     }
 
+    async register(request, reply) {
+        try {
+            if (request.rbac.getAuthUser) {
+                throw new UnauthorizedError()
+            }
+
+            const payload = request.body
+
+            const defaultRole = DraxConfig.getOrLoad(IdentityConfig.defaultRole)
+
+            if (!defaultRole) {
+                throw new ValidationError([{field: 'username', reason: 'Default role not found'}])
+            }
+
+            const roleService = RoleServiceFactory()
+            const role = await roleService.findByName(defaultRole)
+
+            if (!role) {
+                throw new ValidationError([{field: 'role', reason: 'Role not found'}])
+            } else if (role.name === 'Admin') {
+                payload.tenant = null
+            }
+
+            payload.role = role.id
+            payload.origin ??= 'Registry'
+
+            const userService = UserServiceFactory()
+            let user = await userService.register(payload)
+
+            //SEND EMAIL FOR EMAIL VERIFICATION
+            await UserEmailService.emailVerifyCode(user.emailCode, user.email)
+
+            return user
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+    async verifyEmail(request, reply) {
+        try {
+            const emailCode = request.params.code
+            const userService = UserServiceFactory()
+            const r = await userService.verifyEmail(emailCode)
+            if(r){
+                const html = RegistrationCompleteHtml
+                reply.header('Content-Type', 'text/html; charset=utf-8').send(html)
+            }
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            }
+            reply.code(500)
+            reply.send({error: 'error.server'})
+        }
+    }
+
+    async verifyPhone(request, reply) {
+        try {
+            const phoneCode = request.params.code
+            const userService = UserServiceFactory()
+            return await userService.verifyPhone(phoneCode)
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            }
+            reply.code(500)
+            reply.send({error: 'error.server'})
+        }
+    }
+
     async create(request, reply) {
         try {
             request.rbac.assertPermission(UserPermissions.Create)
@@ -132,11 +226,11 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
 
             const roleService = RoleServiceFactory()
             const role = await roleService.findById(payload.role)
-            if(!role){
+            if (!role) {
                 throw new ValidationError([{field: 'role', reason: 'Role not found'}])
-            }else if(role.name === 'Admin'){
+            } else if (role.name === 'Admin') {
                 payload.tenant = null
-            }else if(request.rbac.getAuthUser.tenantId){
+            } else if (request.rbac.getAuthUser.tenantId) {
                 payload.tenant = request.rbac.getAuthUser.tenantId
             }
 
@@ -146,6 +240,7 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
             let user = await userService.create(payload)
             return user
         } catch (e) {
+            console.error(e)
             if (e instanceof ValidationError) {
                 reply.statusCode = e.statusCode
                 reply.send({error: e.message, inputErrors: e.errors})
@@ -168,11 +263,11 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
 
             const roleService = RoleServiceFactory()
             const role = await roleService.findById(payload.role)
-            if(!role){
+            if (!role) {
                 throw new ValidationError([{field: 'role', reason: 'Role not found'}])
-            }else if(role.name === 'Admin'){
+            } else if (role.name === 'Admin') {
                 payload.tenant = null
-            }else if(request.rbac.getAuthUser.tenantId){
+            } else if (request.rbac.getAuthUser.tenantId) {
                 payload.tenant = request.rbac.getAuthUser.tenantId
             }
 
@@ -180,6 +275,7 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
             let user = await userService.update(id, payload)
             return user
         } catch (e) {
+            console.error(e)
             if (e instanceof ValidationError) {
                 reply.statusCode = e.statusCode
                 reply.send({error: e.message, inputErrors: e.errors})
@@ -202,13 +298,14 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
             request.rbac.assertPermission(UserPermissions.Delete)
             const id = request.params.id
             const userService = UserServiceFactory()
-            let r : boolean = await userService.delete(id)
-            if(r){
+            let r: boolean = await userService.delete(id)
+            if (r) {
                 reply.send({message: 'Deleted successfully'})
-            }else{
+            } else {
                 reply.statusCode(400).send({message: 'Not deleted'})
             }
         } catch (e) {
+            console.error(e)
             if (e instanceof ValidationError) {
                 reply.statusCode = e.statusCode
                 reply.send({error: e.message, inputErrors: e.errors})
@@ -222,9 +319,81 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
         }
     }
 
-    async myPassword(request, reply) {
+    async passwordRecoveryRequest(request, reply) {
+        //let message = 'Si el correo electrónico existe, se han enviado instrucciones.'
+        let message = 'user.events.recoveryPasswordInfo'
+
+        try {
+            const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
+            const email = request.body.email
+
+            if(!email || !emailRegex.test(email)){
+                throw new ValidationError([{field: 'email', reason: 'validation.email.invalid'}])
+            }
+
+            const userService = UserServiceFactory()
+            const code = await userService.recoveryCode(email)
+
+            if (code) {
+                await UserEmailService.recoveryCode(code, email)
+            }
+
+            reply.send({message})
+
+        } catch (e) {
+            console.error('recoveryPassword error', e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            }else if (e instanceof SecuritySensitiveError) {
+                reply.statusCode = e.statusCode
+                reply.send({message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+    async recoveryPasswordComplete(request, reply) {
+
         try {
-            if(!request.authUser){
+            const recoveryCode = request.body.recoveryCode
+            const newPassword = request.body.newPassword
+
+            if(!recoveryCode){
+                throw new ValidationError([{field:'recoveryCode', reason: 'validation.required'}])
+            }
+
+            if(!newPassword){
+                throw new ValidationError([{field:'newPassword', reason: 'validation.required'}])
+            }
+
+            const userService = UserServiceFactory()
+            const result: boolean = await userService.changeUserPasswordByCode(recoveryCode, newPassword)
+            if(result){
+                reply.send({message: 'action.success'})
+            }else{
+                reply.statusCode = 400
+                reply.send({message: 'action.failure'})
+            }
+
+        } catch (e) {
+            console.error('recoveryPassword error', e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+
+    async changeMyPassword(request, reply) {
+        try {
+            if (!request.authUser) {
                 throw new UnauthorizedError()
             }
             const userId = request.authUser.id
@@ -233,7 +402,7 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
             const userService = UserServiceFactory()
             return await userService.changeOwnPassword(userId, currentPassword, newPassword)
         } catch (e) {
-            console.error('/api/password error', e)
+            console.error('changeMyPassword error', e)
             if (e instanceof ValidationError) {
                 reply.statusCode = e.statusCode
                 reply.send({error: e.message, inputErrors: e.errors})
@@ -247,11 +416,11 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
         }
     }
 
-    async password(request, reply) {
+    async changePassword(request, reply) {
         try {
             request.rbac.assertPermission(UserPermissions.Update)
             const userId = request.params.id
-            if(!userId){
+            if (!userId) {
                 throw new UnauthorizedError()
             }
             const newPassword = request.body.newPassword
@@ -288,7 +457,7 @@ class UserController extends AbstractFastifyController<IUser, IUserCreate, IUser
 
             const destinationPath = join(BASE_FILE_DIR, AVATAR_DIR)
             const storedFile = await StoreManager.saveFile(file, destinationPath)
-            const urlFile = BASE_URL + '/api/user/avatar/' + storedFile.filename
+            const urlFile = BASE_URL + '/api/users/avatar/' + storedFile.filename
 
             //Save into DB
             const userService = UserServiceFactory()

package/src/html/RegistrationCompleteHtml.ts

@@ -0,0 +1,52 @@
+const html = `
+                <!DOCTYPE html>
+    <html lang="en">
+    <head>
+      <meta charset="UTF-8">
+      <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      <title>Registro Completo</title>
+      <style>
+        body {
+          margin: 0;
+          height: 100vh;
+          display: flex;
+          justify-content: center;
+          align-items: center;
+          background-color: #f5f5f5;
+          font-family: Arial, sans-serif;
+        }
+        .container {
+          width: 300px;
+          border: 1px solid grey;
+          padding: 20px;
+          text-align: center;
+          background: white;
+          box-shadow: 0 4px 8px rgba(0, 0, 0, 0.2);
+          border-radius: 8px;
+        }
+        .title {
+          color: darkgreen;
+          font-size: 20px;
+          font-weight: bold;
+          margin-bottom: 20px;
+        }
+        .link {
+          margin-top: 20px;
+          text-decoration: none;
+          color: #007bff;
+        }
+        .link:hover {
+          text-decoration: underline;
+        }
+      </style>
+    </head>
+    <body>
+      <div class="container">
+        <div class="title">Registro Completo</div>
+        <a href="/login" class="link">Login</a>
+      </div>
+    </body>
+    </html>
+                `
+
+export default html

package/src/interfaces/IUserRepository.ts

@@ -4,9 +4,14 @@ import {IDraxCrud, IDraxFieldFilter} from "@drax/crud-share";
 interface IUserRepository extends IDraxCrud<IUser, IUserCreate, IUserUpdate>{
     findById(id: string): Promise<IUser | null>;
     findByUsername(username: string): Promise<IUser | null>;
+    findByUsernameWithPassword(username: string): Promise<IUser | null>;
     findByEmail(email: string): Promise<IUser | null>;
     changePassword(id: string, password:string):Promise<Boolean>;
     changeAvatar(id: string, avatarUrl: string): Promise<Boolean>;
+
+    findByEmailCode(code: string): Promise<IUser | null>;
+    findByPhoneCode(code: string): Promise<IUser | null>;
+    findByRecoveryCode(code: string): Promise<IUser | null>;
 }
 
 export {IUserRepository}

package/src/models/UserModel.ts

@@ -33,7 +33,7 @@ const UserSchema = new mongoose.Schema<IUser>({
             message: "Invalid email format"
         }
     },
-    password: {type: String, required: true,  index: false},
+    password: {type: String, required: true,  index: false, select: false},
     name: {type: String, required: false,  index: false},
     active: {type: Boolean, required: true, default: false,  index: false},
     phone: {
@@ -69,6 +69,11 @@ const UserSchema = new mongoose.Schema<IUser>({
         required: false,
         index: false
     }],
+    emailVerified: {type: Boolean, required: true, default: false,  index: false},
+    phoneVerified: {type: Boolean, required: true, default: false,  index: false},
+    emailCode: {type: String, required: false, index: false, select: false},
+    phoneCode: {type: String, required: false, index: false, select: false},
+    recoveryCode: {type: String, required: false, index: false, select: false},
 }, {timestamps: true});
 
 UserSchema.set('toJSON', {getters: true});

package/src/repository/mongo/UserApiKeyMongoRepository.ts

@@ -11,7 +11,7 @@ import {PaginateResult} from "mongoose";
 import {IDraxPaginateOptions, IDraxPaginateResult} from "@drax/crud-share";
 import {IUserApiKeyRepository} from "../../interfaces/IUserApiKeyRepository";
 
-class UserMongoRepository implements IUserApiKeyRepository {
+class UserApiKeyMongoRepository implements IUserApiKeyRepository {
 
 
     constructor() {
@@ -101,4 +101,4 @@ class UserMongoRepository implements IUserApiKeyRepository {
 
 }
 
-export default UserMongoRepository
+export default UserApiKeyMongoRepository

package/src/repository/mongo/UserMongoRepository.ts

@@ -12,7 +12,6 @@ import type {IUserRepository} from "../../interfaces/IUserRepository";
 import {Cursor, PaginateResult} from "mongoose";
 import RoleMongoRepository from "./RoleMongoRepository.js";
 import {IDraxFindOptions, IDraxPaginateOptions, IDraxPaginateResult} from "@drax/crud-share";
-import {IRole, ITenant} from "@drax/identity-share";
 import type {IDraxFieldFilter} from "@drax/crud-share/dist";
 
 class UserMongoRepository implements IUserRepository {
@@ -58,6 +57,18 @@ class UserMongoRepository implements IUserRepository {
         }
     }
 
+    async updatePartial(id: string, data: any): Promise<IUser> {
+        try {
+            const item: mongoose.HydratedDocument<IUser> = await UserModel.findOneAndUpdate({_id: id}, data, {new: true}).populate(['role','tenant']).exec()
+            return item
+        } catch (e) {
+            if (e instanceof mongoose.Error.ValidationError) {
+                throw MongooseErrorToValidationError(e)
+            }
+            throw e
+        }
+    }
+
     async delete(id: string): Promise<boolean> {
         const result: DeleteResult = await UserModel.deleteOne({_id: id}).exec()
         return result.deletedCount == 1
@@ -74,11 +85,31 @@ class UserMongoRepository implements IUserRepository {
         return user
     }
 
+    async findByUsernameWithPassword(username: string): Promise<IUser> {
+        const user: mongoose.HydratedDocument<IUser> = await UserModel.findOne({username: username}).select('+password').populate(['role','tenant']).exec()
+        return user
+    }
+
     async findByEmail(email: string): Promise<IUser> {
         const user: mongoose.HydratedDocument<IUser> = await UserModel.findOne({email: email}).populate(['role','tenant']).exec()
         return user
     }
 
+    async findByEmailCode(code: string): Promise<IUser> {
+        const user: mongoose.HydratedDocument<IUser> = await UserModel.findOne({emailCode: {$eq: code}, emailVerified: {$eq: false} }).populate(['role','tenant']).exec()
+        return user
+    }
+
+    async findByPhoneCode(code: string): Promise<IUser> {
+        const user: mongoose.HydratedDocument<IUser> = await UserModel.findOne({phoneCode: {$eq: code}, phoneVerified: {$eq: false} }).populate(['role','tenant']).exec()
+        return user
+    }
+
+    async findByRecoveryCode(code: string): Promise<IUser> {
+        const user: mongoose.HydratedDocument<IUser> = await UserModel.findOne({recoveryCode: {$eq: code}, active: {$eq: true} }).populate(['role','tenant']).exec()
+        return user
+    }
+
     async paginate({
                        page= 1,
                        limit= 5,