Merge pull request #177 from hackmcgill/bugfix/172-moreResetPasswordBugs

Fix additional bugs with respect to emails, resetting password

Author: pierreTklein

.vscode/settings.json

@@ -4,5 +4,6 @@
         "node":true,
         "this":false,
         "bad_property":false
-    }
+    },
+    "search.usePCRE2": true
 }

assets/email/AccountConfirmation.hbs

@@ -1,4 +1,4 @@
 <b>
     Confirm Account:
-    <a href="{{link}}">here</a>
+    <a href="{{{link}}}">here</a>
 </b>

assets/email/AccountInvitation.hbs

@@ -1,4 +1,4 @@
 <b>
     Create Your Account:
-    <a href="{{link}}">here</a>
+    <a href="{{{link}}}">here</a>
 </b>

assets/email/ResetPassword.hbs

@@ -1,4 +1,4 @@
 <b>
     Reset password:
-    <a href="{{link}}">here</a>
+    <a href="{{{link}}}">here</a>
 </b>

assets/email/test.hbs

@@ -1 +1 @@
-<div>This is used for testing email service. DO NOT REMOVE.{{TEST}}</div>
+<div>This is used for testing email service. DO NOT REMOVE.{{TEST}}. <a href="{{{NOT_ESCAPED}}}">link</a></div>

middlewares/account.middleware.js

@@ -150,7 +150,7 @@ async function inviteAccount(req, res, next) {
     const confirmationObj = await Services.AccountConfirmation.create(accountType, email);
     const confirmationToken = Services.AccountConfirmation.generateToken(confirmationObj.id);
 
-    const mailData = Services.AccountConfirmation.generateAccountInvitationEmail(req.hostname, email, accountType, confirmationToken);
+    const mailData = Services.AccountConfirmation.generateAccountInvitationEmail(process.env.FRONTEND_ADDRESS, email, accountType, confirmationToken);
     if (mailData !== undefined) {
         Services.Email.send(mailData, (err) => {
             if (err) {

middlewares/auth.middleware.js

@@ -140,7 +140,7 @@ async function sendResetPasswordEmailMiddleware(req, res, next) {
         const ResetPasswordTokenModel = await Services.ResetPasswordToken.findByAccountId(user.id);
         //generate email
         const token = Services.ResetPasswordToken.generateToken(ResetPasswordTokenModel.id, user.id);
-        const mailData = Services.ResetPasswordToken.generateResetPasswordEmail(req.hostname, req.body.email, token);
+        const mailData = Services.ResetPasswordToken.generateResetPasswordEmail(process.env.FRONTEND_ADDRESS, req.body.email, token);
         if (mailData !== undefined) {
             Services.Email.send(mailData, (err) => {
                 if (err) {
@@ -176,7 +176,7 @@ async function sendConfirmAccountEmailMiddleware(req, res, next) {
     await Services.AccountConfirmation.create(Constants.General.HACKER, account.email, account.id);
     const accountConfirmationToken = await Services.AccountConfirmation.findByAccountId(account.id);
     const token = Services.AccountConfirmation.generateToken(accountConfirmationToken.id, account.id);
-    const mailData = Services.AccountConfirmation.generateAccountConfirmationEmail(req.hostname, account.email, Constants.General.HACKER, token);
+    const mailData = Services.AccountConfirmation.generateAccountConfirmationEmail(process.env.FRONTEND_ADDRESS, account.email, Constants.General.HACKER, token);
     if (mailData !== undefined) {
         Services.Email.send(mailData, (err) => {
             if (err) {
@@ -214,7 +214,7 @@ async function resendConfirmAccountEmail(req, res, next) {
         });
     }
     const token = Services.AccountConfirmation.generateToken(accountConfirmationToken.id, account.id);
-    const mailData = Services.AccountConfirmation.generateAccountConfirmationEmail(req.hostname, account.email, accountConfirmationToken.accountType, token);
+    const mailData = Services.AccountConfirmation.generateAccountConfirmationEmail(process.env.FRONTEND_ADDRESS, account.email, accountConfirmationToken.accountType, token);
     if (mailData !== undefined) {
         Services.Email.send(mailData, (err) => {
             if (err) {

services/accountConfirmation.service.js

@@ -95,21 +95,20 @@ function generateConfirmTokenLink(httpOrHttps, domain, type, token) {
 /**
  * Generates the mailData for the account confirmation Email. This really only applies to
  * hackers as all other accounts are intrinsically confirmed via the email they recieve to invite them
- * @param {string} hostname The hostname that this service is running on
+ * @param {string} address The hostname that this service is running on
  * @param {string} receiverEmail The receiver of the email
  * @param {string} type the user type
  * @param {string} token The account confirmation token
  */
-function generateAccountConfirmationEmail(hostname, receiverEmail, type, token) {
-    const httpOrHttps = (hostname === "localhost") ? "http" : "https";
-    const address = (hostname === "localhost") ? `localhost:${process.env.PORT}` : hostname;
+function generateAccountConfirmationEmail(address, receiverEmail, type, token) {
+    const httpOrHttps = (address.includes("localhost")) ? "http" : "https";
     const tokenLink = generateConfirmTokenLink(httpOrHttps, address, type, token);
     var emailSubject = "";
     if (token === undefined || tokenLink === undefined) {
         return undefined;
     }
     if (type === Constants.HACKER) {
-        emailSubject = Constants.CONFIRM_ACC_EMAIL_SUBJECT
+        emailSubject = Constants.CONFIRM_ACC_EMAIL_SUBJECT;
     }
     const handlebarPath = path.join(__dirname, `../assets/email/AccountConfirmation.hbs`);
 
@@ -125,30 +124,26 @@ function generateAccountConfirmationEmail(hostname, receiverEmail, type, token)
 }
 
 /*
-* Generates the mailData for the account invitation Email.
-* @param {string} hostname The hostname that this service is running on
-* @param {string} receiverEmail The receiver of the email
-* @param {string} type The user type
-* @param {string} token The account confirmation token
+ * Generates the mailData for the account invitation Email.
+ * @param {string} address The hostname that this service is running on
+ * @param {string} receiverEmail The receiver of the email
+ * @param {string} type The user type
+ * @param {string} token The account confirmation token
  */
-function generateAccountInvitationEmail(hostname, receiverEmail, type, token) {
-    const httpOrHttps = (hostname === "localhost") ? "http" : "https";
-    const address = (hostname === "localhost") ? `localhost:${process.env.PORT}` : hostname;
+function generateAccountInvitationEmail(address, receiverEmail, type, token) {
+    const httpOrHttps = (address.includes("localhost")) ? "http" : "https";
     const tokenLink = generateCreateAccountTokenLink(httpOrHttps, address, type, token);
     var emailSubject = "";
     if (token === undefined || tokenLink === undefined) {
         return undefined;
     }
     if (type === Constants.HACKER) {
         emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.HACKER];
-    }
-    else if(type === Constants.VOLUNTEER){
+    } else if (type === Constants.VOLUNTEER) {
         emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.VOLUNTEER];
-    }
-    else if(Constants.SPONSOR_TIERS.includes(type)){
+    } else if (Constants.SPONSOR_TIERS.includes(type)) {
         emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.SPONSOR];
-    }
-    else if(type === Constants.STAFF){
+    } else if (type === Constants.STAFF) {
         emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.STAFF];
     }
     const handlebarPath = path.join(__dirname, `../assets/email/AccountInvitation.hbs`);

services/resetPassword.service.js

@@ -87,13 +87,12 @@ function generateTokenLink(httpOrHttps, domain, token) {
 
 /**
  * Generates the mailData for the resetPassword Email.
- * @param {string} hostname The hostname that this service is running on
+ * @param {string} address The web address that the front-end service is running on
  * @param {string} receiverEmail The receiver of the email
  * @param {string} token The resetPassword token
  */
-function generateResetPasswordEmail(hostname, receiverEmail, token) {
-    const httpOrHttps = (hostname === "localhost") ? "http" : "https";
-    const address = (hostname === "localhost") ? `localhost:${process.env.PORT}` : hostname;
+function generateResetPasswordEmail(address, receiverEmail, token) {
+    const httpOrHttps = (address.includes("localhost")) ? "http" : "https";
     const tokenLink = generateTokenLink(httpOrHttps, address, token);
     if (token === undefined || tokenLink === undefined) {
         return undefined;

tests/email.service.spec.js

@@ -47,9 +47,10 @@ describe("Email Service", function () {
     it("It should compile a handlebars email", (done) => {
         const handlebarPath = path.join(__dirname, `../assets/email/test.hbs`);
         const rendered = EmailService.renderEmail(handlebarPath, {
-            TEST: "TESTTEST"
+            TEST: "TESTTEST",
+            NOT_ESCAPED: "localhost:1337/reset?token=lala"
         });
-        assert.equal("<div>This is used for testing email service. DO NOT REMOVE.TESTTEST</div>", rendered);
+        assert.equal('<div>This is used for testing email service. DO NOT REMOVE.TESTTEST. <a href="localhost:1337/reset?token=lala">link</a></div>', rendered);
         done();
     });
 });