Conversation
mateacademy-ai-mentor
left a comment
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
This is a great start with a well-structured application. However, several core requirements are missing or broken, so I am requesting changes before this can be approved.
Here are the main issues to address:
- Missing Profile Management: The entire feature set for the profile page is missing. You need to implement the routes, controller logic, and services for authenticated users to change their name, password, and email as required by the task.
- Broken Account Activation: The activation flow is not working because the code incorrectly queries for a
tokenfield on theUsermodel, but the model defines it asactivationToken. This bug affectssrc/services/user.service.jsandsrc/controllers/auth.controller.jsand must be fixed for activation and login to work correctly. - Incomplete Registration & User Model: The
Usermodel insrc/models/user.jsis missing the requirednamefield. This needs to be added to the model and integrated into the registration logic inauth.controller.jsanduser.service.js. - Missing 404 Handler: The server needs a catch-all middleware in
src/index.jsto handle requests to undefined routes and respond with a 404 status.
Please focus on implementing these missing features and fixing the activation bug. You're on the right track, and I look forward to your next submission!
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Important
Fix the issues, commit the changes, and then re-request my review using the Re-request review button2 in the Reviewers tab.
Tip
If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag3.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.
Caution
Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.
Footnotes
| }; | ||
|
|
||
| const registration = async (req, res) => { | ||
| const { email, password } = req.body; |
There was a problem hiding this comment.
The task requires users to register with a name, email, and password. This implementation is missing the name field from the request body and the subsequent user creation logic.
| return; | ||
| } | ||
|
|
||
| user.token = null; |
There was a problem hiding this comment.
The property on the User model is activationToken, not token. To nullify the token after activation, this should be user.activationToken = null;.
| return res.sendStatus(401); | ||
| } | ||
|
|
||
| if (user.token) { |
There was a problem hiding this comment.
The check for an unactivated user is incorrect. The property on the User model is activationToken. This condition should be if (user.activationToken) to correctly check if the user needs to activate their email.
| }; | ||
|
|
||
| const resetPassword = async (req, res) => { | ||
| const { newPassword, resetToken } = req.body; |
There was a problem hiding this comment.
According to the requirements, the password reset process must include a password and a confirmation field, and you must verify they are equal. This implementation is missing the confirmation field and the associated validation.
| allowedHeaders: ['Content-Type', 'Authorization'], | ||
| }), | ||
| ); | ||
| app.use(authRouter); |
There was a problem hiding this comment.
The task requires a 404 response for any routes that are not defined. You should add a middleware function after your router to catch all unhandled requests and respond with a 404 status.
| export const User = client.define('users', { | ||
| email: { | ||
| type: DataTypes.STRING, | ||
| allowNull: false, | ||
| unique: true, | ||
| }, | ||
| password: { | ||
| type: DataTypes.STRING, | ||
| allowNull: false, | ||
| }, | ||
| activationToken: { | ||
| type: DataTypes.STRING, | ||
| }, | ||
| resetToken: { | ||
| type: DataTypes.STRING, | ||
| allowNull: true, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
The task requirements specify that a user should be able to register with a name, email, and password, and later change their name on the profile page. This model is missing the name field required to store this information.
| <a href="${href}">CLICK</a> | ||
| `; | ||
|
|
||
| return send({ email, subject: 'Activate', html }); |
There was a problem hiding this comment.
The subject for the password reset email is 'Activate', which could be confusing for the user. It should be more descriptive, such as 'Reset Password'.
| authRouter.post('/logout', authController.logout); | ||
| authRouter.post('/refresh', authController.refreshenToken); | ||
| authRouter.post('/forgot-password', authController.forgotPassword); | ||
| authRouter.post('/reset-password', authController.resetPassword); |
There was a problem hiding this comment.
The router is missing endpoints for the profile page functionality. According to the task description, authenticated users should be able to change their name, password, and email. You need to add routes to handle these actions.
| } | ||
| } | ||
|
|
||
| async function addUser(email, password, activationToken = false) { |
There was a problem hiding this comment.
The task requires users to register with a name, email, and password. This function should also accept and save the user's name when a new user is created.
| async function getUserByToken(token) { | ||
| const user = await User.findOne({ | ||
| where: { | ||
| token, |
There was a problem hiding this comment.
The field in the User model is named activationToken, not token. This query should be where: { activationToken: token } to correctly find the user for account activation.
2 participants
No description provided.