end-user.js
3.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
"use strict";
/**
* end-user controller
*/
const { factories } = require("@strapi/strapi");
const { getService } = require("@strapi/plugin-users-permissions/server/utils");
module.exports = factories.createCoreController(
"api::end-user.end-user",
({ strapi: Strapi }) => ({
// Method 1: Creating an entirely custom action
// async finishEndUserOtpVerification(ctx) {
// (await strapi.service) <
// PostService >
// "api::post.post".exampleService({});
// try {
// ctx.body = "ok";
// } catch (err) {
// ctx.body = err;
// }
// },
// Method 1: Creating an entirely custom action
async finishEndUserOtpVerification(ctx) {
const { mobileNo, oneTimePassword } = ctx.request.body;
// 1. Identify the end-user record using the above.
const endUser = await strapi.query("api::end-user.end-user").findOne({
populate: ["user"],
where: {
$and: [{ publishedAt: { $null: true } }, { mobileNo: mobileNo }],
},
});
if (!endUser) {
throw new ValidationError("Invalid mobile number.");
}
// 2. Then identify the user record using step 1.
// 3. Verify otp.
const user = await strapi
.query("plugin::users-permissions.user")
.findOne({
where: {
$and: [
{ id: endUser.user.id },
{ oneTimePassword: oneTimePassword },
],
},
});
if (!user || user.blocked) {
throw new ValidationError("Code provided is not valid.");
}
// 4. stamp otp in user to null.
await getService("user").edit(user.id, {
oneTimePassword: null,
password: oneTimePassword,
});
// TODO: at this point we might have to invoke a Hiranandani API to send the newly registered user there.
ctx.send({ ok: true, message: "user registered" });
},
// Wrapping a core action (leaves core logic in place)
async create(ctx) {
const currentUser = ctx.state.user;
// 2. check if the current user already has an existing business listing (existingEndUser) against their name.
const existingEndUser = await strapi.entityService.findMany(
"api::end-user.end-user",
{
fields: ["id"],
filters: { mobileNo: ctx.request.body.data.mobileNo },
}
);
const oneTimePassword = Math.floor(100000 + Math.random() * 900000);
const emailToSend = {
to: ctx.request.body.data.email,
from: undefined,
replyTo: undefined,
subject: `Your one time password is: ${oneTimePassword}`,
text: `Hello ${"Jay Mehta"}, Your one time password to login to your partner portal is ${oneTimePassword}`,
html: `<p>Hello ${"Jay Mehta"}, <br></br>Your one time password to login to your partner portal is ${oneTimePassword}</p><br /> Best Regards, <br /> Team Hiranandani.`,
};
// NOTE: Update the user before sending the email so an Admin can generate the link if the email fails
await strapi.entityService.update(
"plugin::users-permissions.user",
currentUser.id,
{
data: {
oneTimePassword: `${oneTimePassword}`,
},
}
);
// Send an email to the user.
await strapi.plugin("email").service("email").send(emailToSend);
// TODO: Send SMS.
if (existingEndUser && existingEndUser.length !== 0) {
console.log(`Found existing end user: `);
console.log(existingEndUser);
// This makes sure that we are updating the existing business listing only.
ctx.params.id = existingEndUser[0].id;
return super.update(ctx);
} else {
// We make sure that the newly created listing is created against the current business owner.
ctx.request.body.data["user"] = currentUser.id;
// Now go ahead and create the listing.
return await super.create(ctx);
}
},
})
);