Added reset password finctionality (#638)

Co-authored-by: Kritika Singh <kritikasingh6881@gmail.com>

Author: chiranthanHY

forgot-password.html

@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Forgot Password</title>
+  <link rel="stylesheet" href="styles/login.css">
+  <!-- Font Awesome for eye icon -->
+  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css"
+    integrity="sha512-iecdLmaskl7CVkqkXNQ/ZH/XLlvWZOJyj7Yy7tcenmpD1ypASozpmT/E0iPtmFIB46ZmdtAc9eNBvH0H/ZpiBw=="
+    crossorigin="anonymous" referrerpolicy="no-referrer">
+</head>
+<body>
+  <div class="container">
+    <h2>Reset Password</h2>
+    <p class="form-description">Enter your email address and we'll send you a link to reset your password.</p>
+    <form id="forgot-password-form">
+      <div class="input-group">
+        <label for="email">Email</label>
+        <input id="email" type="email" placeholder="Email" required>
+        <div class="validation-message" id="email-validation"></div>
+      </div>
+      <button type="submit">Send Reset Link</button>
+    </form>
+    <p class="form-link">Remember your password? <a href="login.html">Login</a></p>
+  </div>
+  <button class="back-button" onclick="window.location.href='index.html'"> ← Back To Home</button>
+  <script src="scripts/auth.js"></script>
+  <script src="scripts/forgot-password.js"></script>
+</body>
+</html>

login.html

@@ -34,6 +34,7 @@ <h2>Login</h2>
       <button type="submit">Login</button>
     </form>
     <p class="form-link">Don't have an account? <a href="signup.html">Sign up</a></p>
+    <p class="form-link"><a href="forgot-password.html">Forgot Password?</a></p>
   </div>
   <button class="back-button" onclick="window.location.href='index.html'"> ← Back To Home</button>
   <script src="scripts/auth.js"></script>

package-lock.json

@@ -0,0 +1,5 @@
+{
+  "dependencies": {
+    "nodemailer": "^7.0.5"
+  }
+}

package.json

@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Reset Password</title>
+  <link rel="stylesheet" href="styles/login.css">
+  <!-- Font Awesome for eye icon -->
+  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css"
+    integrity="sha512-iecdLmaskl7CVkqkXNQ/ZH/XLlvWZOJyj7Yy7tcenmpD1ypASozpmT/E0iPtmFIB46ZmdtAc9eNBvH0H/ZpiBw=="
+    crossorigin="anonymous" referrerpolicy="no-referrer">
+</head>
+<body>
+  <div class="container">
+    <h2>Set New Password</h2>
+    <p class="form-description">Please enter your new password below.</p>
+    <form id="reset-password-form">
+      <input type="hidden" id="token" value="">
+      <div class="input-group">
+        <label for="password">New Password</label>
+        <div class="password-field-container">
+          <input id="password" type="password" placeholder="New Password" required>
+          <button type="button" id="togglePassword" aria-label="Toggle password visibility">
+            <i class="fas fa-eye" aria-hidden="true"></i>
+          </button>
+        </div>
+        <div class="validation-message" id="password-validation"></div>
+      </div>
+      <div class="input-group">
+        <label for="confirm-password">Confirm Password</label>
+        <div class="password-field-container">
+          <input id="confirm-password" type="password" placeholder="Confirm Password" required>
+          <button type="button" id="toggleConfirmPassword" aria-label="Toggle password visibility">
+            <i class="fas fa-eye" aria-hidden="true"></i>
+          </button>
+        </div>
+        <div class="validation-message" id="confirm-password-validation"></div>
+      </div>
+      <button type="submit">Reset Password</button>
+    </form>
+    <p class="form-link"><a href="login.html">Back to Login</a></p>
+  </div>
+  <button class="back-button" onclick="window.location.href='index.html'"> ← Back To Home</button>
+  <script src="scripts/auth.js"></script>
+  <script src="scripts/reset-password.js"></script>
+</body>
+</html>

reset-password.html

@@ -0,0 +1,55 @@
+document.addEventListener('DOMContentLoaded', function() {
+  const form = document.getElementById('forgot-password-form');
+  
+  if (form) {
+    form.addEventListener('submit', async function(e) {
+      e.preventDefault();
+      
+      const email = document.getElementById('email').value.trim();
+      
+      // Basic validation
+      if (!email) {
+        alert('Please enter your email address');
+        return;
+      }
+      
+      // Email validation
+      const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+      if (!emailPattern.test(email)) {
+        alert('Please enter a valid email address');
+        return;
+      }
+      
+      try {
+        const response = await fetch('/api/auth/forgot-password', {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify({ email })
+        });
+        
+        const data = await response.json();
+        
+        if (response.ok) {
+          alert(data.message);
+          
+          // For testing purposes, show the reset link if provided
+          if (data.resetLink) {
+            alert(`For testing purposes, here's your reset link:\n${data.resetLink}\n\nCopy this link to reset your password.`);
+          }
+          
+          form.reset();
+        } else {
+          alert(data.message || 'An error occurred. Please try again.');
+        }
+      } catch (error) {
+        console.error('Error:', error);
+        alert('An error occurred. Please try again.');
+      }
+    });
+  }
+  
+  // Initialize password toggle if needed
+  initializePasswordToggle();
+});

scripts/forgot-password.js

@@ -0,0 +1,88 @@
+document.addEventListener('DOMContentLoaded', function() {
+  const form = document.getElementById('reset-password-form');
+  
+  // Get token from URL parameters
+  const urlParams = new URLSearchParams(window.location.search);
+  const token = urlParams.get('token');
+  
+  if (token) {
+    document.getElementById('token').value = token;
+  } else {
+    alert('Invalid or missing reset token. Please request a new password reset link.');
+    window.location.href = 'forgot-password.html';
+    return;
+  }
+  
+  if (form) {
+    form.addEventListener('submit', async function(e) {
+      e.preventDefault();
+      
+      const password = document.getElementById('password').value;
+      const confirmPassword = document.getElementById('confirm-password').value;
+      const token = document.getElementById('token').value;
+      
+      // Validation
+      if (!password || !confirmPassword) {
+        alert('Please fill in all fields');
+        return;
+      }
+      
+      if (password !== confirmPassword) {
+        alert('Passwords do not match');
+        return;
+      }
+      
+      if (password.length < 6) {
+        alert('Password must be at least 6 characters long');
+        return;
+      }
+      
+      try {
+        const response = await fetch('/api/auth/reset-password', {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify({ token, password })
+        });
+        
+        const data = await response.json();
+        
+        if (response.ok) {
+          alert(data.message);
+          window.location.href = 'login.html';
+        } else {
+          alert(data.message || 'An error occurred. Please try again.');
+        }
+      } catch (error) {
+        console.error('Error:', error);
+        alert('An error occurred. Please try again.');
+      }
+    });
+  }
+  
+  // Initialize password toggle functionality
+  initializePasswordToggle();
+  
+  // Add toggle for confirm password field
+  const toggleConfirmPassword = document.getElementById('toggleConfirmPassword');
+  const confirmPasswordInput = document.getElementById('confirm-password');
+  
+  if (toggleConfirmPassword && confirmPasswordInput) {
+    toggleConfirmPassword.addEventListener('click', function() {
+      const currentType = confirmPasswordInput.getAttribute('type');
+      const newType = currentType === 'password' ? 'text' : 'password';
+      confirmPasswordInput.setAttribute('type', newType);
+      
+      const icon = this.querySelector('i');
+      if (icon) {
+        icon.className = '';
+        if (newType === 'text') {
+          icon.className = 'fas fa-eye-slash';
+        } else {
+          icon.className = 'fas fa-eye';
+        }
+      }
+    });
+  }
+});

scripts/reset-password.js

@@ -46,4 +46,71 @@ router.get('/me', async (req, res) => {
   }
 })
 
-module.exports = router
+router.post('/forgot-password', async (req, res) => {
+  try {
+    const { email } = req.body;
+    const user = await User.findOne({ email });
+    if (!user) return res.status(400).json({ message: 'User not found' });
+
+    // Generate a password reset token (JWT)
+    const token = jwt.sign({ id: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });
+
+    // Create reset link
+    const resetLink = `${process.env.FRONTEND_URL || 'http://localhost:5000'}/reset-password.html?token=${token}`;
+    
+    // Log the reset link for testing (in production, you would send an email)
+    console.log('Password reset link:', resetLink);
+    console.log('For email:', email);
+    
+    // Basic email sending simulation
+    // In a real application, you would use a service like Nodemailer, SendGrid, etc.
+    // Example with Nodemailer (commented out):
+    /*
+    const nodemailer = require('nodemailer');
+    const transporter = nodemailer.createTransport({
+      service: 'gmail',
+      auth: {
+        user: process.env.EMAIL_USER,
+        pass: process.env.EMAIL_PASS
+      }
+    });
+    
+    await transporter.sendMail({
+      from: process.env.EMAIL_USER,
+      to: email,
+      subject: 'Password Reset Request',
+      html: `<p>Click the link below to reset your password:</p>
+             <a href="${resetLink}">${resetLink}</a>
+             <p>This link will expire in 1 hour.</p>`
+    });
+    */
+
+    res.status(200).json({ 
+      message: 'Password reset link sent to your email',
+      // For testing purposes, include the reset link in the response
+      resetLink: process.env.NODE_ENV === 'development' ? resetLink : undefined
+    });
+  } catch (err) {
+    console.error('Forgot password error:', err);
+    res.status(500).json({ message: 'Server error' });
+  }
+});
+
+router.post('/reset-password', async (req, res) => {
+  try {
+    const { token, password } = req.body;
+    const payload = jwt.verify(token, process.env.JWT_SECRET);
+    const user = await User.findById(payload.id);
+    if (!user) return res.status(400).json({ message: 'Invalid token' });
+
+    const hashed = await bcrypt.hash(password, 10);
+    user.password = hashed;
+    await user.save();
+
+    res.status(200).json({ message: 'Password has been reset successfully' });
+  } catch (err) {
+    res.status(500).json({ message: 'Server error' });
+  }
+});
+
+module.exports = router