141 lines
5.0 KiB
TypeScript
141 lines
5.0 KiB
TypeScript
import { AuthRepository } from '../../domain/repositories/AuthRepository';
|
|
import { MagicLinkRepository } from '../../domain/repositories/MagicLinkRepository';
|
|
import { PasswordHashingService } from '../../domain/services/PasswordHashingService';
|
|
import { EmailAddress } from '../../domain/value-objects/EmailAddress';
|
|
import { PasswordHash } from '../../domain/value-objects/PasswordHash';
|
|
import { Result } from '@core/shared/domain/Result';
|
|
import type { ApplicationErrorCode } from '@core/shared/errors/ApplicationErrorCode';
|
|
import type { Logger } from '@core/shared/domain/Logger';
|
|
import type { UseCase } from '@core/shared/application/UseCase';
|
|
|
|
export type ResetPasswordInput = {
|
|
token: string;
|
|
newPassword: string;
|
|
};
|
|
|
|
export type ResetPasswordResult = {
|
|
message: string;
|
|
};
|
|
|
|
export type ResetPasswordErrorCode = 'INVALID_TOKEN' | 'EXPIRED_TOKEN' | 'WEAK_PASSWORD' | 'REPOSITORY_ERROR';
|
|
|
|
export type ResetPasswordApplicationError = ApplicationErrorCode<ResetPasswordErrorCode, { message: string }>;
|
|
|
|
/**
|
|
* Application Use Case: ResetPasswordUseCase
|
|
*
|
|
* Handles password reset using a magic link token.
|
|
* Validates token, checks expiration, and updates password.
|
|
*/
|
|
export class ResetPasswordUseCase implements UseCase<ResetPasswordInput, ResetPasswordResult, ResetPasswordErrorCode> {
|
|
constructor(
|
|
private readonly authRepo: AuthRepository,
|
|
private readonly magicLinkRepo: MagicLinkRepository,
|
|
private readonly passwordService: PasswordHashingService,
|
|
private readonly logger: Logger,
|
|
) {}
|
|
|
|
async execute(input: ResetPasswordInput): Promise<Result<ResetPasswordResult, ResetPasswordApplicationError>> {
|
|
try {
|
|
// Validate token format
|
|
if (!input.token || typeof input.token !== 'string' || input.token.length < 32) {
|
|
return Result.err({
|
|
code: 'INVALID_TOKEN',
|
|
details: { message: 'Invalid reset token' },
|
|
});
|
|
}
|
|
|
|
// Validate password strength
|
|
if (!this.isPasswordStrong(input.newPassword)) {
|
|
return Result.err({
|
|
code: 'WEAK_PASSWORD',
|
|
details: { message: 'Password must be at least 8 characters and contain uppercase, lowercase, and number' },
|
|
});
|
|
}
|
|
|
|
// Find token
|
|
const resetRequest = await this.magicLinkRepo.findByToken(input.token);
|
|
if (!resetRequest) {
|
|
return Result.err({
|
|
code: 'INVALID_TOKEN',
|
|
details: { message: 'Invalid or expired reset token' },
|
|
});
|
|
}
|
|
|
|
// Check expiration
|
|
if (resetRequest.expiresAt < new Date()) {
|
|
return Result.err({
|
|
code: 'EXPIRED_TOKEN',
|
|
details: { message: 'Reset token has expired. Please request a new one.' },
|
|
});
|
|
}
|
|
|
|
// Find user by email
|
|
const emailVO = EmailAddress.create(resetRequest.email);
|
|
const user = await this.authRepo.findByEmail(emailVO);
|
|
if (!user) {
|
|
return Result.err({
|
|
code: 'INVALID_TOKEN',
|
|
details: { message: 'User no longer exists' },
|
|
});
|
|
}
|
|
|
|
// Hash new password
|
|
const hashedPassword = await this.passwordService.hash(input.newPassword);
|
|
|
|
// Create a new user instance with updated password
|
|
const UserModule = await import('../../domain/entities/User');
|
|
const passwordHash = PasswordHash.fromHash(hashedPassword);
|
|
const email = user.getEmail();
|
|
const iracingCustomerId = user.getIracingCustomerId();
|
|
const primaryDriverId = user.getPrimaryDriverId();
|
|
const avatarUrl = user.getAvatarUrl();
|
|
|
|
const updatedUserInstance = UserModule.User.rehydrate({
|
|
id: user.getId().value,
|
|
displayName: user.getDisplayName(),
|
|
...(email !== undefined ? { email } : {}),
|
|
passwordHash: passwordHash,
|
|
...(iracingCustomerId !== undefined ? { iracingCustomerId } : {}),
|
|
...(primaryDriverId !== undefined ? { primaryDriverId } : {}),
|
|
...(avatarUrl !== undefined ? { avatarUrl } : {}),
|
|
});
|
|
|
|
await this.authRepo.save(updatedUserInstance);
|
|
|
|
// Mark token as used
|
|
await this.magicLinkRepo.markAsUsed(input.token);
|
|
|
|
this.logger.info('[ResetPasswordUseCase] Password reset successful', {
|
|
userId: user.getId().value,
|
|
email: resetRequest.email,
|
|
});
|
|
|
|
return Result.ok({
|
|
message: 'Password reset successfully. You can now log in with your new password.',
|
|
});
|
|
} catch (error) {
|
|
const message =
|
|
error instanceof Error && error.message
|
|
? error.message
|
|
: 'Failed to execute ResetPasswordUseCase';
|
|
|
|
this.logger.error('ResetPasswordUseCase.execute failed', error instanceof Error ? error : undefined, {
|
|
input,
|
|
});
|
|
|
|
return Result.err({
|
|
code: 'REPOSITORY_ERROR',
|
|
details: { message },
|
|
});
|
|
}
|
|
}
|
|
|
|
private isPasswordStrong(password: string): boolean {
|
|
if (password.length < 8) return false;
|
|
if (!/[a-z]/.test(password)) return false;
|
|
if (!/[A-Z]/.test(password)) return false;
|
|
if (!/\d/.test(password)) return false;
|
|
return true;
|
|
}
|
|
} |