TechNodes2-0
Add OTP feature
PR #39
Add verifyOTP.jsx for sending and verifying OTP, and update Login.jsx and Signup.jsx accordingly.
Details: After users log in or sign up, they will navigate to the 'verify' route where they have to enter the OTP sent to their email. After submitting the OTP, if it is valid, a token will be sent to the user.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| elective-hub | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | May 13, 2024 6:39pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for chipper-cucurucho-7e07f5 ready!
| Name | Link |
|---|---|
| Latest commit | 490037b9994acb7ae86d11708957588c14bf96c4 |
| Latest deploy log | https://app.netlify.com/sites/chipper-cucurucho-7e07f5/deploys/66425e621424d70008a069b8 |
| Deploy Preview | https://deploy-preview-81--chipper-cucurucho-7e07f5.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
️✅ There are no secrets present in this pull request anymore.
If these secrets were true positive and are still valid, we highly recommend you to revoke them. Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately. Find here more information about risks.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
![gitguardian[bot] avatar](https://avatars.githubusercontent.com/in/46505?v=4 "Published by a pub.dev verified publisher"){kind=small}
@piyush-gangrade Send screen recording of running this pr on local and performing otp functionality
@JayeshYadav99
https://github.com/TechNodes2-0/ElectiveHub/assets/133166222/c2e70cf5-6e72-4aeb-8a46-ec251426bc13
@piyush-gangrade Remove otp verification from login only keep it in signup
@piyush-gangrade Hello,
Your contribution looks good to me but there are 2 huge flows
- There is loophole that immediate attention. Users should not be able to bypass OTP verification simply not verifying the OPT as signup Page and logining in directly. As you can see in Video.
Keep user authentication data and OTPs in separate collections to prevent bypassing OTP verification during login.
https://github.com/TechNodes2-0/ElectiveHub/assets/93467074/acf663fa-af06-4de0-930d-96020405fc4a
- You OPT are stored in plain text in mongodb. So I think it should encrypted but its your take what you think is correct
Changes:
Additions:
- Added server/Models/OtpModel.js to save email, signature, publicKey, and createdAt.
- Added server/util/encrypt.js to generate privateKey and publicKey so that we can create a signature of data using privateKey and verify it using publicKey.
Updates:
- Updated Signup.jsx so that it can send an OTP and provide inputData to VerifyOTP.jsx with the help of the navigate state and location state.
- Updated the sendOtp function of AuthController.js to create an OTP document, save email, signature, and publicKey, and send an OTP to the given email.
- Updated VerifyOTP.jsx so that after submitting the OTP, it sends a request to the 'signup' API route with inputData and OTP.
- Updated the signup function of AuthController.js so that it first checks if the OTP is valid. If the OTP is valid, it allows the creation of a User and sends back a token
https://github.com/TechNodes2-0/ElectiveHub/assets/133166222/e8ab4712-c12c-4fe4-b163-5ee9ee520020
@piyush-gangrade Cool , Since my exams are going on, So I was unable to do but I will make sure to give you update today.