25968964238

Committed 16 May 2026 05:57PM UTC coverage: 87.998% (-0.4%) from 88.376%

Build # 25968964238

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #123 from witseie-elen4010/passwordChange

Password change and bug fix

Coverage Stats

525 of 640 branches covered (82.03%)

Branch coverage included in aggregate %.

62 of 75 new or added lines in 5 files covered. (82.67%)

1 existing line in 1 file now uncovered.

1154 of 1268 relevant lines covered (91.01%)

11.21 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

74.36

/src/controllers/verify-controller.js

const crypto = require('crypto')
const db = require('../../database/db')
const { sendVerificationEmail } = require('../services/email-service')

const hashCode = (code) => crypto.createHash('sha256').update(code).digest('hex')

const lookupByEmail = (email) => {
  const student = db.prepare('SELECT * FROM students WHERE email = ?').get(email)
  if (student) return { user: student, table: 'students', idCol: 'student_number' }
  const staff = db.prepare('SELECT * FROM staff WHERE email = ?').get(email)
  if (staff) return { user: staff, table: 'staff', idCol: 'staff_number' }
  return null
}

const showVerifyPage = (req, res) => {
  const email = req.query.email || ''
  let message = null
  if (req.query.emailFailed) {
    message = 'We had trouble sending your verification email. Use the Resend button below to try again.'
  } else if (req.query.fromLogin) {
    message = 'Your account is not yet verified. Enter the code from your email or request a new one below.'
  }
  return res.render('verify-email', { email, error: null, message })
}

const verifyEmail = (req, res) => {
  const { email, code } = req.body

  const found = lookupByEmail(email)
  if (!found) {
    return res.render('verify-email', {
      email,
      error: 'No account found for this email address.',
      message: null,
    })
  }

  const { user } = found

  if (user.email_verified) {
    return res.redirect('/login?success=Email+already+verified.+Please+log+in.')
  }

  if (!user.token_expiry || new Date() > new Date(user.token_expiry)) {
    return res.render('verify-email', {
      email,
      error: 'Your verification code has expired. Please request a new one.',
      message: null,
    })
  }

  if (hashCode(code) !== user.verification_token) {
    return res.render('verify-email', {
      email,
      error: 'Incorrect verification code. Please try again.',
      message: null,
    })
  }

  db.prepare(
    `UPDATE ${found.table} SET email_verified = 1, verification_token = NULL, token_expiry = NULL, resend_count = 0 WHERE ${found.idCol} = ?`
  ).run(user[found.idCol])

  return res.redirect('/login?success=Email+verified+successfully.+You+may+now+log+in.')
}

const resendCode = async (req, res) => {
  const { email } = req.body

  const found = lookupByEmail(email)
  if (!found) {
    return res.render('verify-email', {
      email,
      error: 'No account found for this email address.',
      message: null,
    })
  }

  const { user } = found

  if (user.email_verified) {
    return res.redirect('/login?success=Email+already+verified.+Please+log+in.')
  }

  if (user.resend_count >= 3) {
    return res.render('verify-email', {
      email,
      error: 'Maximum resend attempts reached. Please contact support.',
      message: null,
    })
  }

  const code = String(Math.floor(100000 + Math.random() * 900000))
  const token = hashCode(code)
  const expiry = new Date(Date.now() + 30 * 60 * 1000).toISOString()

  db.prepare(
    `UPDATE ${found.table} SET verification_token = ?, token_expiry = ?, resend_count = resend_count + 1 WHERE ${found.idCol} = ?`
  ).run(token, expiry, user[found.idCol])

  try {
    await sendVerificationEmail(email, code)
  } catch (err) {
    console.error('Resend email failed:', err)
    return res.render('verify-email', {
      email,
      error: 'We could not send the email. Please try again later or contact support if the problem persists.',
      message: null,
    })
  }

  return res.render('verify-email', {
    email,
    error: null,
    message: 'A new code has been sent to your email.',
  })
}

module.exports = { showVerifyPage, verifyEmail, resendCode }

1	const crypto = require('crypto')	11✔
2	const db = require('../../database/db')	11✔
3	const { sendVerificationEmail } = require('../services/email-service')	11✔
4
5	const hashCode = (code) => crypto.createHash('sha256').update(code).digest('hex')	11✔
6
7	const lookupByEmail = (email) => {	11✔
8	const student = db.prepare('SELECT * FROM students WHERE email = ?').get(email)	12✔
9	if (student) return { user: student, table: 'students', idCol: 'student_number' }	12✔
10	const staff = db.prepare('SELECT * FROM staff WHERE email = ?').get(email)	1✔
11	if (staff) return { user: staff, table: 'staff', idCol: 'staff_number' }	1!
12	return null	1✔
13	}
14
15	const showVerifyPage = (req, res) => {	11✔
16	const email = req.query.email \|\| ''	×
NEW 17	let message = null	×
NEW 18	if (req.query.emailFailed) {	×
NEW 19	message = 'We had trouble sending your verification email. Use the Resend button below to try again.'	×
NEW 20	} else if (req.query.fromLogin) {	×
NEW 21	message = 'Your account is not yet verified. Enter the code from your email or request a new one below.'	×
22	}
UNCOV 23	return res.render('verify-email', { email, error: null, message })	×
24	}
25
26	const verifyEmail = (req, res) => {	11✔
27	const { email, code } = req.body	8✔
28
29	const found = lookupByEmail(email)	8✔
30	if (!found) {	8✔
31	return res.render('verify-email', {	1✔
32	email,
33	error: 'No account found for this email address.',
34	message: null,
35	})
36	}
37
38	const { user } = found	7✔
39
40	if (user.email_verified) {	7✔
41	return res.redirect('/login?success=Email+already+verified.+Please+log+in.')	1✔
42	}
43
44	if (!user.token_expiry \|\| new Date() > new Date(user.token_expiry)) {	6✔
45	return res.render('verify-email', {	2✔
46	email,
47	error: 'Your verification code has expired. Please request a new one.',
48	message: null,
49	})
50	}
51
52	if (hashCode(code) !== user.verification_token) {	4✔
53	return res.render('verify-email', {	2✔
54	email,
55	error: 'Incorrect verification code. Please try again.',
56	message: null,
57	})
58	}
59
60	db.prepare(	2✔
61	`UPDATE ${found.table} SET email_verified = 1, verification_token = NULL, token_expiry = NULL, resend_count = 0 WHERE ${found.idCol} = ?`
62	).run(user[found.idCol])
63
64	return res.redirect('/login?success=Email+verified+successfully.+You+may+now+log+in.')	2✔
65	}
66
67	const resendCode = async (req, res) => {	11✔
68	const { email } = req.body	4✔
69
70	const found = lookupByEmail(email)	4✔
71	if (!found) {	4!
72	return res.render('verify-email', {	×
73	email,
74	error: 'No account found for this email address.',
75	message: null,
76	})
77	}
78
79	const { user } = found	4✔
80
81	if (user.email_verified) {	4!
82	return res.redirect('/login?success=Email+already+verified.+Please+log+in.')	×
83	}
84
85	if (user.resend_count >= 3) {	4✔
86	return res.render('verify-email', {	2✔
87	email,
88	error: 'Maximum resend attempts reached. Please contact support.',
89	message: null,
90	})
91	}
92
93	const code = String(Math.floor(100000 + Math.random() * 900000))	2✔
94	const token = hashCode(code)	2✔
95	const expiry = new Date(Date.now() + 30 * 60 * 1000).toISOString()	2✔
96
97	db.prepare(	2✔
98	`UPDATE ${found.table} SET verification_token = ?, token_expiry = ?, resend_count = resend_count + 1 WHERE ${found.idCol} = ?`
99	).run(token, expiry, user[found.idCol])
100
101	try {	2✔
102	await sendVerificationEmail(email, code)	2✔
103	} catch (err) {
104	console.error('Resend email failed:', err)	×
105	return res.render('verify-email', {	×
106	email,
107	error: 'We could not send the email. Please try again later or contact support if the problem persists.',
108	message: null,
109	})
110	}
111
112	return res.render('verify-email', {	2✔
113	email,
114	error: null,
115	message: 'A new code has been sent to your email.',
116	})
117	}
118
119	module.exports = { showVerifyPage, verifyEmail, resendCode }	11✔

witseie-elen4010 / 2026-group-lab-002 / 25968964238

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous