Code-A2Z · Adarsh-ops · Oct 19, 2025 · Oct 20, 2025 · Oct 22, 2025 · Oct 22, 2025
diff --git a/backend/controllers/authController.js b/backend/controllers/authController.js
@@ -1,6 +1,9 @@
 const User = require('../models/User');
 const jwt = require('jsonwebtoken');
 const bcrypt = require('bcryptjs');
+const crypto=require('crypto');
+const {sendEmail}=require('../utils');
+
 
 // Function to generate JWT
 const generateToken = (id) => {
@@ -113,9 +116,60 @@ const completeSetup = async (req, res) => {
   }
 };
 
+const forgotPassword=async (req,res)=>{
+  const {email}=req.body;
+  try {
+    const user=await User.findOne({email})
+    if(!user){
+      return res.status(404).json({message:'User not found'});
+    }
+    const resetToken=crypto.randomBytes(32).toString('hex');
+    const hashedToken=crypto.createHash('sha256').update(resetToken).digest('hex');
+    user.resetPasswordToken=hashedToken;
+    user.resetPasswordExpires=Date.now()+15*60*1000;
+    await user.save();
+    const resetUrl=`${process.env.FRONTEND_URL}/reset-password?token=${resetToken}`;
+    await sendEmail({
+      to:user.email,
+      subject:'Password Reset Request',
+      text:`You requested a password reset. Please click the link to reset your password: ${resetUrl}`
+    })
+    res.status(200).json({message:'Password reset email sent'});  
+  } catch (error) {
+    res.status(500).json({message:'Server Error',error:error.message});    
+  }
+}
+
+const resetPassword=async (req,res)=>{
+  const {token,newPassword}=req.body;
+
+  try{
+    const hashedToken=crypto.createHash('sha256').update(token).digest('hex');
+    const user = await User.findOne({
+      resetPasswordToken:hashedToken,
+      resetPasswordExpires:{$gt:Date.now()}
+    });
+
+    if(!user){
+      return res.status(400).json({message:'Invalid or expired token'});
+    }
+
+    user.password=newPassword;
+    user.resetPasswordToken=null;
+    user.resetPasswordExpires=null;
+    await user.save();
+    res.status(200).json({message:'Password reset successful'});
+  }
+  catch(error){
+    res.status(500).json({message:'Server Error',error:error.message});
+  }
+}
+
 module.exports = {
   signup,
   login,
   getMe,
   completeSetup,
+  forgotPassword,
+  resetPassword
 };
diff --git a/backend/models/User.js b/backend/models/User.js
@@ -20,7 +20,16 @@ const userSchema = new mongoose.Schema({
     type: Boolean,
     default: false,
   },
-}, {
+  resetPasswordToken:{
+    type:String,
+    default:null
+  },
+  resetPasswordExpires:{
+    type:Date,
+    default:null
+  }
+}  
+  , {
   timestamps: true,
 });