From d8263b3b25c5d6fb2c70c7d918f144a1eedd1101 Mon Sep 17 00:00:00 2001
From: trinity-y <tayip@uwaterloo.ca>
Date: Sun, 10 Nov 2024 02:00:09 -0500
Subject: [PATCH] add automatic login after password reset + lint

---
 backend/typescript/rest/authRoutes.ts    | 14 +++++++-----
 backend/typescript/types.ts              |  1 +
 frontend/src/APIClients/AuthAPIClient.ts | 29 ++++++++++++++----------
 frontend/src/types/AuthTypes.ts          |  2 +-
 4 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/backend/typescript/rest/authRoutes.ts b/backend/typescript/rest/authRoutes.ts
index 1e9e94d..c202661 100644
--- a/backend/typescript/rest/authRoutes.ts
+++ b/backend/typescript/rest/authRoutes.ts
@@ -1,4 +1,4 @@
-import { CookieOptions, Router } from "express";
+import { CookieOptions, response, Router } from "express";
 
 import { isAuthorizedByEmail, isAuthorizedByUserId } from "../middlewares/auth";
 import {
@@ -118,19 +118,21 @@ authRouter.post(
   },
 );
 
-// warnings, it doesnt generate a new access token and the old one expires when u reset your password. is that handled somewhere else?
 authRouter.post("/setPassword/:email", isAuthorizedByEmail("email"),
   async (req, res) => {
     try{
       const responseSuccess = await authService.setPassword(req.params.email, req.body.newPassword)
-      if (responseSuccess.success) { // if it was successful
+      if (responseSuccess.success) { 
         const user = await userService.getUserByEmail(req.params.email)
         if (user.status == UserStatus.INVITED) {
-          // ig i could modify the user object and send that but then i'd be sending ALL the information
-          userService.updateUserById(user.id, {firstName: user.firstName, lastName: user.lastName, email: user.email, role: user.role, status: UserStatus.ACTIVE})
+          userService.updateUserById(user.id, {...user, status: UserStatus.ACTIVE})
         }
+        // automatically log in after password reset
+        const authDTO = await authService.generateToken(req.params.email, req.body.newPassword);
+        const { refreshToken, ...rest } = authDTO;
+        const passwordSetResponse = {success:responseSuccess.success, userDTO:rest}
+        res.cookie("refreshToken", authDTO.refreshToken, cookieOptions).status(200).json(passwordSetResponse);
       }
-      res.status(200).json(responseSuccess);
     } catch(error) {
       res.status(500).json({ error: getErrorMessage(error) });
     }
diff --git a/backend/typescript/types.ts b/backend/typescript/types.ts
index bb18b83..92fce72 100644
--- a/backend/typescript/types.ts
+++ b/backend/typescript/types.ts
@@ -34,6 +34,7 @@ export type AuthDTO = Token & UserDTO;
 export type ResponseSuccessDTO = {
   success: boolean;
   errorMessage?: string;
+  userDTO?: UserDTO;
 }
 
 export type Letters = "A" | "B" | "C" | "D";
diff --git a/frontend/src/APIClients/AuthAPIClient.ts b/frontend/src/APIClients/AuthAPIClient.ts
index 9e1fb01..03374c4 100644
--- a/frontend/src/APIClients/AuthAPIClient.ts
+++ b/frontend/src/APIClients/AuthAPIClient.ts
@@ -1,5 +1,5 @@
 import AUTHENTICATED_USER_KEY from "../constants/AuthConstants";
-import { AuthenticatedUser, PasswordResetResponse } from "../types/AuthTypes";
+import { AuthenticatedUser, PasswordSetResponse } from "../types/AuthTypes";
 import baseAPIClient from "./BaseAPIClient";
 import {
   getLocalStorageObjProperty,
@@ -111,24 +111,29 @@ const refresh = async (): Promise<boolean> => {
 };
 
 // // trinity did this VV
-const setPassword = async (email: string, newPassword: string): Promise<PasswordResetResponse> => {
+const setPassword = async (
+  email: string,
+  newPassword: string,
+): Promise<PasswordSetResponse> => {
   const bearerToken = `Bearer ${getLocalStorageObjProperty(
     AUTHENTICATED_USER_KEY,
     "accessToken",
-  )}`
-  console.log(bearerToken)
+  )}`;
   try {
     const response = await baseAPIClient.post(
       `/auth/setPassword/${email}`,
-      {newPassword},
-      {headers:{Authorization:bearerToken}}
-    )
-    console.log(response)
-    return response.data
+      { newPassword },
+      { headers: { Authorization: bearerToken } },
+    );
+    const { success, userDTO, errorMessage } = response.data;
+    if (success) {
+      localStorage.setItem(AUTHENTICATED_USER_KEY, JSON.stringify(userDTO));
+    }
+    return { success, errorMessage };
   } catch (error) {
-    return {success:false, errorMessage:"An unknown error occured."}
+    return { success: false, errorMessage: "An unknown error occured." };
   }
-}
+};
 
 export default {
   login,
@@ -137,5 +142,5 @@ export default {
   register,
   resetPassword,
   refresh,
-  setPassword
+  setPassword,
 };
diff --git a/frontend/src/types/AuthTypes.ts b/frontend/src/types/AuthTypes.ts
index cb3f429..6482f56 100644
--- a/frontend/src/types/AuthTypes.ts
+++ b/frontend/src/types/AuthTypes.ts
@@ -16,7 +16,7 @@ export type DecodedJWT =
   | null
   | { [key: string]: unknown; exp: number };
 
-  export type PasswordResetResponse = {
+  export type PasswordSetResponse = {
     success: boolean;
     errorMessage?: string;
   }
\ No newline at end of file