feat(members): mail change confirm

lib/server.js

@@ -55,6 +55,7 @@ process.on('unhandledRejection', (err) => {
 GeneralRouter.get('/healthcheck', middlewares.healthcheck);
 GeneralRouter.post('/signup/:campaign_id', campaigns.registerUser);
 GeneralRouter.post('/confirm-email', register.confirmEmail);
+GeneralRouter.post('/confirm-email-change', members.confirmEmailChange);
 GeneralRouter.post('/login', login.login);
 GeneralRouter.post('/password_reset', login.passwordReset);
 GeneralRouter.post('/password_confirm', login.passwordConfirm);

middlewares/members.js

@@ -1,3 +1,5 @@
+const moment = require('moment');
+
 const { User, Body, MailChange } = require('../models');
 const constants = require('../lib/constants');
 const helpers = require('../lib/helpers');
@@ -139,3 +141,28 @@ exports.triggerEmailChange = async (req, res) => {
         message: 'The mail change was triggered. Check your email.'
     });
 };
+
+exports.confirmEmailChange = async (req, res) => {
+    const mailChange = await MailChange.findOne({
+        where: { value: (req.body.token || '').trim() },
+        include: [User]
+    });
+
+    if (!mailChange) {
+        return errors.makeNotFoundError(res, 'Token is invalid.');
+    }
+
+    if (moment(mailChange.expires_at).isBefore(moment())) {
+        return errors.makeNotFoundError(res, 'Token is expired.');
+    }
+
+    await sequelize.transaction(async (t) => {
+        await mailChange.user.update({ email: mailChange.new_email }, { transaction: t });
+        await mailChange.destroy({ transaction: t });
+    });
+
+    return res.json({
+        success: true,
+        message: 'Mail was changed successfully.'
+    });
+};

test/api/mail-change-confirmation.test.js

@@ -0,0 +1,100 @@
+const { startServer, stopServer } = require('../../lib/server.js');
+const { MailChange, User } = require('../../models');
+
+const { request } = require('../scripts/helpers');
+const generator = require('../scripts/generator');
+
+describe('Mail change confirm', () => {
+    beforeAll(async () => {
+        await startServer();
+    });
+
+    afterAll(async () => {
+        await stopServer();
+    });
+
+    afterEach(async () => {
+        await generator.clearAll();
+    });
+
+    test('should return 404 if the mail change is not found', async () => {
+        const res = await request({
+            uri: '/confirm-email-change',
+            method: 'POST',
+            body: { token: '1' }
+        });
+
+        expect(res.statusCode).toEqual(404);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should return 404 if no token is provided', async () => {
+        const res = await request({
+            uri: '/confirm-email-change',
+            method: 'POST',
+            body: {}
+        });
+
+        expect(res.statusCode).toEqual(404);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should fail if token is expired', async () => {
+        const user = await generator.createUser();
+        const mailChange = await generator.createMailChange({ expires_at: new Date() }, user);
+
+        const res = await request({
+            uri: '/confirm-email-change',
+            method: 'POST',
+            body: { token: mailChange.value }
+        });
+
+        expect(res.statusCode).toEqual(404);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).toHaveProperty('message');
+        expect(res.body).not.toHaveProperty('data');
+    });
+
+
+    test('should work if the token is found', async () => {
+        const user = await generator.createUser();
+        const mailChange = await generator.createMailChange({}, user);
+
+        const res = await request({
+            uri: '/confirm-email-change',
+            method: 'POST',
+            body: { token: mailChange.value }
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).not.toHaveProperty('errors');
+        expect(res.body).toHaveProperty('message');
+
+        const mailChanges = await MailChange.count({ where: { user_id: user.id } });
+        expect(mailChanges).toEqual(0);
+
+        const userFromDb = await User.scope('withPassword').findByPk(user.id);
+        expect(userFromDb.email).toEqual(mailChange.new_email);
+    });
+
+    test('should work if the token is found with email with spaces/tabs', async () => {
+        const user = await generator.createUser();
+        const mailChange = await generator.createMailChange({}, user);
+
+        const res = await request({
+            uri: '/confirm-email-change',
+            method: 'POST',
+            body: { token: '\t\t\t   \t' + mailChange.value + '\t     \t' }
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).not.toHaveProperty('errors');
+        expect(res.body).toHaveProperty('message');
+    });
+});