@labdigital/commercetools-mock 2.26.1 → 2.27.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@labdigital/commercetools-mock",
-  "version": "2.26.1",
+  "version": "2.27.0",
   "license": "MIT",
   "author": "Michael van Tellingen",
   "type": "module",

package/src/lib/password.ts

@@ -12,10 +12,10 @@ export const validatePassword = (
 export const hashPassword = (clearPassword: string) =>
 	Buffer.from(clearPassword).toString("base64");
 
-export const createPasswordResetToken = (customer: Customer) =>
-	Buffer.from(`${customer.id}:${PWRESET_SECRET}:${uuidv4()}`).toString(
-		"base64",
-	);
+export const createPasswordResetToken = (customer: Customer, expiresAt: Date) =>
+	Buffer.from(
+		`${customer.id}:${PWRESET_SECRET}:${expiresAt.getTime()}`,
+	).toString("base64");
 
 export const createEmailVerifyToken = (customer: Customer) =>
 	Buffer.from(`${customer.id}:${EMAIL_VERIFY_SECRET}:${uuidv4()}`).toString(
@@ -24,13 +24,20 @@ export const createEmailVerifyToken = (customer: Customer) =>
 
 export const validatePasswordResetToken = (token: string) => {
 	const items = Buffer.from(token, "base64").toString("utf-8").split(":");
-	const [customerId, secret] = items;
+	const [customerId, secret, time] = items;
+
 	if (secret !== PWRESET_SECRET) {
 		return undefined;
 	}
 
+	// Check if the token is expired
+	if (parseInt(time) < new Date().getTime()) {
+		return undefined;
+	}
+
 	return customerId;
 };
+
 export const validateEmailVerifyToken = (token: string) => {
 	const items = Buffer.from(token, "base64").toString("utf-8").split(":");
 	const [customerId, secret] = items;

package/src/repositories/customer/index.ts

@@ -1,8 +1,11 @@
 import type {
 	Customer,
+	CustomerCreatePasswordResetToken,
 	CustomerDraft,
+	CustomerResetPassword,
 	CustomerToken,
 	DuplicateFieldError,
+	MyCustomerResetPassword,
 	ResourceNotFoundError,
 } from "@commercetools/platform-sdk";
 import { CommercetoolsError } from "~src/exceptions";
@@ -11,8 +14,10 @@ import {
 	createEmailVerifyToken,
 	createPasswordResetToken,
 	hashPassword,
+	validatePasswordResetToken,
 } from "~src/lib/password";
 import { AbstractStorage } from "~src/storage/abstract";
+import { Writable } from "~src/types";
 import {
 	AbstractResourceRepository,
 	type RepositoryContext,
@@ -90,21 +95,28 @@ export class CustomerRepository extends AbstractResourceRepository<"customer"> {
 		return this.saveNew(context, resource);
 	}
 
-	passwordResetToken(context: RepositoryContext, email: string): CustomerToken {
+	passwordResetToken(
+		context: RepositoryContext,
+		request: CustomerCreatePasswordResetToken,
+	): CustomerToken {
 		const results = this._storage.query(context.projectKey, this.getTypeId(), {
-			where: [`email="${email.toLocaleLowerCase()}"`],
+			where: [`email="${request.email.toLocaleLowerCase()}"`],
 		});
 		if (results.count === 0) {
 			throw new CommercetoolsError<ResourceNotFoundError>({
 				code: "ResourceNotFound",
-				message: `The Customer with ID '${email}' was not found.`,
+				message: `The Customer with ID '${request.email}' was not found.`,
 			});
 		}
-		const expiresAt = new Date(Date.now() + 30 * 60);
+
+		const ttlMinutes = request.ttlMinutes ?? 34560; // 34560 is CT default
+
+		const expiresAt = new Date(new Date().getTime() + ttlMinutes * 60 * 1000);
 		const customer = results.results[0] as Customer;
 		const rest = getBaseResourceProperties();
 
-		const token = createPasswordResetToken(customer);
+		const token = createPasswordResetToken(customer, expiresAt);
+
 		return {
 			id: rest.id,
 			createdAt: rest.createdAt,
@@ -115,6 +127,41 @@ export class CustomerRepository extends AbstractResourceRepository<"customer"> {
 		};
 	}
 
+	passwordReset(
+		context: RepositoryContext,
+		resetPassword: CustomerResetPassword | MyCustomerResetPassword,
+	) {
+		const { newPassword, tokenValue } = resetPassword;
+
+		const customerId = validatePasswordResetToken(tokenValue);
+		if (!customerId) {
+			throw new CommercetoolsError<ResourceNotFoundError>({
+				code: "ResourceNotFound",
+				message: `The Customer with ID 'Token(${tokenValue})' was not found.`,
+			});
+		}
+
+		const customer = this._storage.get(
+			context.projectKey,
+			"customer",
+			customerId,
+		) as Writable<Customer> | undefined;
+
+		if (!customer) {
+			throw new CommercetoolsError<ResourceNotFoundError>({
+				code: "ResourceNotFound",
+				message: `The Customer with ID 'Token(${tokenValue})' was not found.`,
+			});
+		}
+
+		customer.password = hashPassword(newPassword);
+		customer.version += 1;
+
+		// Update storage
+		this._storage.add(context.projectKey, "customer", customer);
+		return customer;
+	}
+
 	verifyEmailToken(context: RepositoryContext, id: string): CustomerToken {
 		const results = this._storage.query(context.projectKey, this.getTypeId(), {
 			where: [`id="${id.toLocaleLowerCase()}"`],

package/src/repositories/my-customer.ts

@@ -4,14 +4,9 @@ import {
 	MyCustomerChangePassword,
 	MyCustomerEmailVerify,
 	ResourceNotFoundError,
-	type MyCustomerResetPassword,
 } from "@commercetools/platform-sdk";
 import { CommercetoolsError } from "~src/exceptions";
-import {
-	hashPassword,
-	validateEmailVerifyToken,
-	validatePasswordResetToken,
-} from "../lib/password";
+import { hashPassword, validateEmailVerifyToken } from "../lib/password";
 import { Writable } from "../types";
 import { type RepositoryContext } from "./abstract";
 import { CustomerRepository } from "./customer";
@@ -116,39 +111,4 @@ export class MyCustomerRepository extends CustomerRepository {
 
 		return;
 	}
-
-	resetPassword(
-		context: RepositoryContext,
-		resetPassword: MyCustomerResetPassword,
-	) {
-		const { newPassword, tokenValue } = resetPassword;
-
-		const customerId = validatePasswordResetToken(tokenValue);
-		if (!customerId) {
-			throw new CommercetoolsError<ResourceNotFoundError>({
-				code: "ResourceNotFound",
-				message: `The Customer with ID 'Token(${tokenValue})' was not found.`,
-			});
-		}
-
-		const customer = this._storage.get(
-			context.projectKey,
-			"customer",
-			customerId,
-		) as Writable<Customer> | undefined;
-
-		if (!customer) {
-			throw new CommercetoolsError<ResourceNotFoundError>({
-				code: "ResourceNotFound",
-				message: `The Customer with ID 'Token(${tokenValue})' was not found.`,
-			});
-		}
-
-		customer.password = hashPassword(newPassword);
-		customer.version += 1;
-
-		// Update storage
-		this._storage.add(context.projectKey, "customer", customer);
-		return customer;
-	}
 }

package/src/services/customer.test.ts

@@ -1,11 +1,13 @@
-import { Customer } from "@commercetools/platform-sdk";
+import { Customer, CustomerToken } from "@commercetools/platform-sdk";
 import assert from "assert";
 import supertest from "supertest";
 import { afterEach, beforeEach, describe, expect, test } from "vitest";
+import { hashPassword } from "~src/lib/password";
 import { CommercetoolsMock, getBaseResourceProperties } from "../index";
 
+const ctMock = new CommercetoolsMock();
+
 describe("Customer Update Actions", () => {
-	const ctMock = new CommercetoolsMock();
 	let customer: Customer | undefined;
 
 	beforeEach(async () => {
@@ -447,3 +449,61 @@ describe("Customer Update Actions", () => {
 		expect(response.body.key).toBe("C001");
 	});
 });
+
+describe("Customer Password Reset", () => {
+	afterEach(() => {
+		ctMock.clear();
+	});
+
+	beforeEach(() => {
+		ctMock.project("dummy").add("customer", {
+			id: "123",
+			createdAt: "2021-03-18T14:00:00.000Z",
+			version: 2,
+			lastModifiedAt: "2021-03-18T14:00:00.000Z",
+			email: "foo@example.org",
+			password: hashPassword("p4ssw0rd"),
+			addresses: [],
+			isEmailVerified: true,
+			authenticationMode: "password",
+			custom: { type: { typeId: "type", id: "" }, fields: {} },
+		});
+	});
+
+	test("reset password flow", async () => {
+		const token = await supertest(ctMock.app)
+			.post("/dummy/customers/password-token")
+			.send({
+				email: "foo@example.org",
+			})
+			.then((response) => response.body as CustomerToken);
+
+		const response = await supertest(ctMock.app)
+			.post("/dummy/customers/password/reset")
+			.send({
+				tokenValue: token.value,
+				newPassword: "somethingNew",
+			});
+		expect(response.status).toBe(200);
+	});
+
+	test("fail reset password flow", async () => {
+		const response = await supertest(ctMock.app)
+			.post("/dummy/customers/password/reset")
+			.send({
+				tokenValue: "invalid-token",
+				newPassword: "somethingNew",
+			});
+		expect(response.status).toBe(400);
+		expect(response.body).toEqual({
+			message: `The Customer with ID 'Token(invalid-token)' was not found.`,
+			statusCode: 400,
+			errors: [
+				{
+					code: "ResourceNotFound",
+					message: `The Customer with ID 'Token(invalid-token)' was not found.`,
+				},
+			],
+		});
+	});
+});

package/src/services/customer.ts

@@ -16,6 +16,12 @@ export class CustomerService extends AbstractService {
 		return "customers";
 	}
 
+	extraRoutes(parent: Router) {
+		parent.post("/password-token", this.passwordResetToken.bind(this));
+		parent.post("/password/reset", this.passwordReset.bind(this));
+		parent.post("/email-token", this.confirmEmailToken.bind(this));
+	}
+
 	post(request: Request, response: Response) {
 		const draft = request.body;
 		const resource = this.repository.create(
@@ -30,23 +36,30 @@ export class CustomerService extends AbstractService {
 		return response.status(this.createStatusCode).send(result);
 	}
 
-	extraRoutes(parent: Router) {
-		parent.post("/password-token", (request, response) => {
-			const email = request.body.email;
-			const token = this.repository.passwordResetToken(
-				getRepositoryContext(request),
-				email,
-			);
-			return response.status(200).send(token);
-		});
-
-		parent.post("/email-token", (request, response) => {
-			const id = request.body.id;
-			const token = this.repository.verifyEmailToken(
-				getRepositoryContext(request),
-				id,
-			);
-			return response.status(200).send(token);
-		});
+	passwordResetToken(request: Request, response: Response) {
+		const customer = this.repository.passwordResetToken(
+			getRepositoryContext(request),
+			request.body,
+		);
+
+		return response.status(200).send(customer);
+	}
+
+	passwordReset(request: Request, response: Response) {
+		const customer = this.repository.passwordReset(
+			getRepositoryContext(request),
+			request.body,
+		);
+
+		return response.status(200).send(customer);
+	}
+
+	confirmEmailToken(request: Request, response: Response) {
+		const id = request.body.id;
+		const token = this.repository.verifyEmailToken(
+			getRepositoryContext(request),
+			id,
+		);
+		return response.status(200).send(token);
 	}
 }

package/src/services/my-customer.ts

@@ -98,7 +98,7 @@ export class MyCustomerService extends AbstractService {
 	}
 
 	resetPassword(request: Request, response: Response) {
-		const customer = this.repository.resetPassword(
+		const customer = this.repository.passwordReset(
 			getRepositoryContext(request),
 			request.body,
 		);