Jerry - email verification admin accounts

src/controllers/userProfileController.js

@@ -2,6 +2,7 @@ const moment = require('moment-timezone');
 
 const mongoose = require('mongoose');
 const bcrypt = require('bcryptjs');
+const fetch = require("node-fetch");
 
 const moment_ = require('moment');
 const jwt = require('jsonwebtoken');
@@ -105,6 +106,7 @@ const userProfileController = function (UserProfile) {
   };
 
   const postUserProfile = async function (req, res) {
+
     if (!await hasPermission(req.body.requestor, 'postUserProfile')) {
       res.status(403).send('You are not authorized to create new users');
       return;
@@ -122,6 +124,7 @@ const userProfileController = function (UserProfile) {
       },
     });
 
+
     if (userByEmail) {
       res.status(400).send({
         error:
@@ -131,6 +134,34 @@ const userProfileController = function (UserProfile) {
       return;
     }
 
+    // In dev environment, if newly created user is Owner or Administrator, make fetch request to Beta login route with actualEmail and actual Password
+    if (process.env.dbName === 'hgnData_dev') {
+      if (req.body.role === 'Owner' || req.body.role === 'Administrator') {
+        const email = req.body.actualEmail
+        const password = req.body.actualPassword
+        const url = "https://hgn-rest-beta.azurewebsites.net/api/"
+        try {
+          // Log in to Beta login route using provided credentials
+          const response = await fetch(url + 'login', {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ email, password }),
+          });
+          if (!response.ok) {
+            throw new Error('Invalid credentials');
+          }
+        } catch (error) {
+          res.status(400).send({
+            error: 'The actual email or password you provided is incorrect. Please enter the actual email and password associated with your account in the Main HGN app.',
+            type: 'credentials',
+          });
+          return;
+        }
+      }
+    }
+
     /** *
      *  Turn on and off the duplicate phone number checker by changing
      *  the value of duplicatePhoneNumberCheck variable.
@@ -198,6 +229,7 @@ const userProfileController = function (UserProfile) {
     up.permissions = req.body.permissions;
     up.bioPosted = req.body.bioPosted || "default";
     up.isFirstTimelog = true;
+    up.actualEmail = req.body.actualEmail;
 
     up.save()
       .then(() => {
@@ -847,7 +879,7 @@ const userProfileController = function (UserProfile) {
     const currentRefreshToken = jwt.sign(jwtPayload, JWT_SECRET);
     res.status(200).send({ refreshToken: currentRefreshToken });
   };
-
+  
   return {
     postUserProfile,
     getUserProfiles,

src/models/userProfile.js

@@ -160,6 +160,8 @@ const userProfileSchema = new Schema({
  areaName: { type: String },
       areaContent: { type: String },
   }],
+  // actualEmail field represents the actual email associated with a real volunteer in the main HGN app. actualEmail is required for Administrator and Owner accounts only in the dev environment.
+  actualEmail: { type: String },
 });
 
 userProfileSchema.pre('save', function (next) {