Richiesta Cambio Password: ti manda il codice a 6 cifre e poterlo inserire sulla APP.

emails/resetpwd/it/html.pug

@@ -3,8 +3,24 @@ p #{nomeapp} recentemente ha ricevuto una richiesta per una password dimenticata
 
 p Per cambiare la tua password di #{nomeapp}
 p <a href=#{strlinksetpassword} target="_blank">Clicca QUI</a>
-p Se non sei stato tu a richiedere questo cambiamento, non hai bisogno di fare niente.
+span Oppure inserisci il codice 
+span.grande #{tokenforgot_code} 
+span sulla APP
+p 
+p P.S: Se non sei stato tu a richiedere questo cambiamento, non hai bisogno di fare niente.
 p Questo link scadrà tra 4 ore.<br>
 
 p Cordiali Saluti
 p Supporto #{nomeapp}
+
+style(type="text/css").
+    html, body {
+        padding: 0;
+        margin: 0;
+    }
+
+    .grande {
+        font-size: 1.25rem;
+        font-weight: bold;
+    }
+

src/server/models/user.js

@@ -139,6 +139,10 @@ const UserSchema = new mongoose.Schema({
   tokenforgot_code: {
     type: String,
   },
+  retry_pwd: {
+    type: Number,
+    default: 0,
+  },
   date_tokenreg: {
     type: Date,
   },
@@ -1178,29 +1182,42 @@ UserSchema.statics.findByLinkTokenforgotCode = function (idapp, email, tokenforg
   });
 };
 
-UserSchema.statics.createNewRequestPwd = function (idapp, email) {
+UserSchema.statics.createNewRequestPwd = function (idapp, email, code) {
   const User = this;
 
   const sendemail = require('../sendemail');
 
-  return User.findByEmail(idapp, email).then(async (user) => {
+  if (code && code.length === 6) {
-    if (!user) {
+    return User.findByLinkTokenforgotCode(idapp, email, code)
-      return false;
+      .then((user) => {
-    } else {
+        if (user)
-      // Creo il tokenforgot
+          return { ris: true, link: tools.getlinkRelativeRequestNewPassword(idapp, email, user.tokenforgot) };
-      user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).
+        else
-        toString();
+          return { ris: false };
-      user.date_tokenforgot = new Date();
+      }).catch((e) => {
-      user.tokenforgot_code = 100000 + Math.round(Math.random() * 899999);
+        console.log(' Err createNewRequestPwd', e.message);
-      user.lasttimeonline = new Date();
+        res.status(400).send();
-      return await user.save().then(async () => {
-        await sendemail.sendEmail_RequestNewPassword(user.lang, user, user.email, user.idapp, user.tokenforgot, user.tokenforgot_code);
-
-        return true;
       });
-    }
+  } else {
+    return User.findByEmail(idapp, email).then(async (user) => {
+      if (!user) {
+        return { ris: false };
+      } else {
+        // Creo il tokenforgot
+        user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).
+          toString();
+        user.date_tokenforgot = new Date();
+        user.tokenforgot_code = 100000 + Math.round(Math.random() * 899999);
+        user.lasttimeonline = new Date();
+        return await user.save().then(async () => {
+          await sendemail.sendEmail_RequestNewPassword(user.lang, user, user.email, user.idapp, user.tokenforgot, user.tokenforgot_code);
 
-  });
+          return { ris: true };
+        });
+      }
+
+    });
+  }
 };
 
 UserSchema.statics.createNewRequestPwdByUsernameAndGetLink = async function (idapp, username) {
@@ -1436,7 +1453,7 @@ UserSchema.statics.getUserById = function (idapp, id) {
 UserSchema.statics.getUserByUsername = function (idapp, username) {
   const User = this;
 
-  return User.findOne({
+  return User.findne({
     idapp,
     username,
     $or: [{ deleted: { $exists: false } }, { deleted: { $exists: true, $eq: false } }],
@@ -3671,7 +3688,7 @@ UserSchema.statics.getQueryUsersDiffusori = function (idapp) {
       },
     },
     {
-        $match: { "count": { $gte: 2 } }
+      $match: { "count": { $gte: 2 } }
     },
     {
       $sort: {
@@ -3715,11 +3732,11 @@ UserSchema.statics.getQueryUsersDiffusori = function (idapp) {
     {
       $replaceRoot: {
         newRoot: {
-          $mergeObjects: [ "$user", "$$ROOT" ],
+          $mergeObjects: ["$user", "$$ROOT"],
         },
       },
     },
-      {
+    {
       $project: {
         _id: 0,
         count: 1,
@@ -4211,6 +4228,25 @@ UserSchema.statics.calcOtherByUser = async function (idapp, userId) {
 };
 
 
+UserSchema.statics.tooManyReqPassword = async function (idapp, email, set) {
+  const User = this;
+
+  const maxnum = 30;
+
+  const user = await User.findByEmail(idapp, email);
+  if (user) {
+    if (!user.retry_pwd)
+      user.retry_pwd = 0
+    if (set && user.retry_pwd <= maxnum) {
+      user.retry_pwd++;
+
+      await User.findOneAndUpdate({ _id: user._id }, { $set: { retry_pwd: user.retry_pwd } });
+    }
+    return user.retry_pwd > maxnum ;
+  }
+
+};
+
 UserSchema.statics.createNewSubRecord = async function (idapp, req) {
   const User = this;
 

src/server/router/index_router.js

@@ -135,26 +135,34 @@ router.post(process.env.LINKVERIF_REG, (req, res) => {
 
 // Faccio richiesta di una Nuova Password
 router.post(process.env.LINK_REQUEST_NEWPASSWORD, async (req, res) => {
-  const body = _.pick(req.body, ['idapp', 'email']);
-  const idapp = body.idapp;
-  const email = body.email.toLowerCase().trim();
-  console.log(
-    'POST ' + process.env.LINK_REQUEST_NEWPASSWORD + ' idapp= ' + idapp +
-    ' email = ' + email);
 
   try {
-    const ris = await User.createNewRequestPwd(idapp, email);
+    const body = _.pick(req.body, ['idapp', 'email', 'codetocheck']);
-    if (ris) {
+    const idapp = body.idapp;
-      res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
+    const email = body.email.toLowerCase().trim();
+    const codetocheck = body.codetocheck ? body.codetocheck.trim() : '';
+
+    // Check if too many requests
+    if (await User.tooManyReqPassword(idapp, email, true)) {
+      console.log(process.env.LINK_REQUEST_NEWPASSWORD, 'TOO MANY REQUESTS !!! EXIT ', email);
+      res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: 'TOO MANY REQUESTS' });
+      return false;
+    }
+
+    console.log(
+      'POST ' + process.env.LINK_REQUEST_NEWPASSWORD + ' idapp= ' + idapp +
+      ' email = ' + email);
+
+    const reqpwd = await User.createNewRequestPwd(idapp, email, codetocheck);
+    if (reqpwd && reqpwd.ris) {
+      res.send({ code: server_constants.RIS_CODE_OK, msg: '', link: reqpwd.link });
     } else {
-      tools.snooze(5000);
       return res.status(200).
         send({ code: server_constants.RIS_CODE_EMAIL_NOT_EXIST, msg: '' });
     }
   } catch (e) {
     console.log(process.env.LINK_REQUEST_NEWPASSWORD, e.message);
-    res.status(400).send();
+    res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e });
-    res.send({ code: server_constants.RIS_CODE_ERR, msg: e });
   }
 
 });

src/server/tools/general.js

@@ -3308,12 +3308,17 @@ module.exports = {
     return msg;
   },
 
-  getlinkRequestNewPassword: function(idapp, email, tokenforgot) {
+  getlinkRelativeRequestNewPassword: function(idapp, email, tokenforgot) {
-    const strlinkreg = this.getHostByIdApp(idapp) + process.env.LINK_UPDATE_PASSWORD +
+    const strlinkreg = process.env.LINK_UPDATE_PASSWORD +
         `?idapp=${idapp}&email=${email}&tokenforgot=${tokenforgot}`;
     return strlinkreg;
   },
 
+  getlinkRequestNewPassword: function(idapp, email, tokenforgot) {
+    const strlinkreg = this.getHostByIdApp(idapp) + this.getlinkRelativeRequestNewPassword(idapp, email, tokenforgot);
+    return strlinkreg;
+  },
+
   execScript: function(idapp, msg, script, testo) {
     const {exec} = require('child_process');
     const telegrambot = require('../telegram/telegrambot');