changes

src/extensions/users-permissions/strapi-server.js

@@ -22,6 +22,128 @@ const userPermissionExtension = (plugin) => {
     return plugin.controllers.user.update(ctx);
   };
 
+  plugin.controllers.user.startEndUserOtpLogin = async (ctx) => {
+    const { emailAddress, mobileNumber } = ctx.request.body;
+    if (!emailAddress || !mobileNumber) {
+      throw new ValidationError(
+        "Please specify both the email address & mobile numbers."
+      );
+    }
+
+    console.log(`Will be using params: `);
+    console.log(emailAddress, mobileNumber);
+
+    const pluginStore = await strapi.store({
+      type: "plugin",
+      name: "users-permissions",
+    });
+    const emailSettings = await pluginStore.get({ key: "email" });
+
+    // Find the channel partner first.
+    const endUser = await strapi.query("api::end-user.end-user").findOne({
+      populate: ["user"],
+      where: {
+        $and: [
+          { publishedAt: { $notNull: true } },
+          // { user: { email: { $eq: emailAddress } } },
+          { mobileNo: mobileNumber },
+        ],
+      },
+    });
+
+    if (!endUser) {
+      throw new ValidationError(
+        "No end user registered with specified email address, mobile number combination."
+      );
+    }
+
+    // Find the linked user next.
+    const user = await strapi
+      .query("plugin::users-permissions.user")
+      .findOne({ id: endUser.user.id });
+    if (!user || user.blocked) {
+      throw new ValidationError("Unable to resolve user linked to end user.");
+    }
+
+    const resetPasswordSettings = _.get(
+      emailSettings,
+      "reset_password.options",
+      {}
+    );
+    const oneTimePassword = Math.floor(100000 + Math.random() * 900000);
+
+    const emailToSend = {
+      to: user.email,
+      from:
+        resetPasswordSettings.from.email || resetPasswordSettings.from.name
+          ? `${resetPasswordSettings.from.name} <${resetPasswordSettings.from.email}>`
+          : undefined,
+      replyTo: resetPasswordSettings.response_email,
+      subject: `Your one time password is: ${oneTimePassword}`,
+      text: `Hello ${endUser.fullName}, Your one time password to login to your partner portal is ${oneTimePassword}`,
+      html: `<p>Hello ${endUser.fullName}, <br></br>Your one time password to login to the hiranandani offers portal is ${oneTimePassword}</p><br /> Best Regards, <br /> Team Hiranandani.`,
+    };
+
+    // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails
+    await getService("user").edit(user.id, {
+      oneTimePassword: `${oneTimePassword}`,
+    });
+
+    // Send an email to the user.
+    await strapi.plugin("email").service("email").send(emailToSend);
+
+    // TODO: Send SMS.
+
+    ctx.send({ ok: true, message: "otp sent" });
+  };
+
+  plugin.controllers.user.finishEndUserOtpLogin = async (ctx) => {
+    const { oneTimePassword, emailAddress, mobileNumber } = ctx.request.body;
+    if (!oneTimePassword || !mobileNumber || !emailAddress) {
+      throw new ValidationError(
+        "Please specify the oneTimePassword, email address and mobile numbers."
+      );
+    }
+
+    // Find the channel partner first.
+    const endUser = await strapi.query("api::end-user.end-user").findOne({
+      populate: ["user"],
+      where: {
+        $and: [
+          { publishedAt: { $notNull: true } },
+          // { user: { email: emailAddress } },
+          { mobileNo: mobileNumber },
+        ],
+      },
+    });
+
+    if (!endUser) {
+      throw new ValidationError(
+        "No end user registered with specified email address, mobile number combination."
+      );
+    }
+
+    console.log(`Loaded end user:`);
+    console.log(endUser);
+
+    // Find the linked user next.
+    const user = await strapi.query("plugin::users-permissions.user").findOne({
+      where: {
+        $and: [{ id: endUser.user.id }, { oneTimePassword: oneTimePassword }],
+      },
+    });
+    if (!user || user.blocked) {
+      throw new ValidationError("Code provided is not valid.");
+    }
+
+    await getService("user").edit(user.id, {
+      oneTimePassword: null,
+      password: oneTimePassword,
+    });
+
+    ctx.send({ ok: true, message: "otp updated" });
+  };
+
   plugin.controllers.user.startChannelPartnerOtpLogin = async (ctx) => {
     const { mahareraNumber, mobileNumber } = ctx.request.body;
     if (!mahareraNumber || !mobileNumber) {
@@ -265,6 +387,8 @@ const userPermissionExtension = (plugin) => {
     path: "/users/me",
     handler: "user.updateMe",
   });
+
+  /** Endpoints used to facilitate channel partner login with otp */
   plugin.routes["content-api"].routes.push({
     method: "POST",
     path: "/users/channel-partner/start-otp-login",
@@ -276,6 +400,18 @@ const userPermissionExtension = (plugin) => {
     handler: "user.finishChannelPartnerOtpLogin",
   });
 
+  /** Endpoints used to facilitate end user login with otp */
+  plugin.routes["content-api"].routes.push({
+    method: "POST",
+    path: "/users/end-user/start-otp-login",
+    handler: "user.startEndUserOtpLogin",
+  });
+  plugin.routes["content-api"].routes.push({
+    method: "POST",
+    path: "/users/end-user/finish-otp-login",
+    handler: "user.finishEndUserOtpLogin",
+  });
+
   return plugin;
 };