Flow to unlock users account after it gets locked added

ydahal1 · ydahal1 · commit a10b55247730 · 2025-02-21T13:42:28.000-05:00
diff --git a/Tombolo/client-reactjs/src/components/admin/userManagement/Table.jsx b/Tombolo/client-reactjs/src/components/admin/userManagement/Table.jsx
@@ -1,8 +1,16 @@
 import React from 'react';
 import { Table, Tooltip, Popconfirm, message, Tag, Popover } from 'antd';
-import { EyeOutlined, EditOutlined, DeleteOutlined, LockOutlined, DownOutlined } from '@ant-design/icons';
+import {
+  EyeOutlined,
+  EditOutlined,
+  DeleteOutlined,
+  LockFilled,
+  UnlockOutlined,
+  KeyOutlined,
+  DownOutlined,
+} from '@ant-design/icons';
 
-import { deleteUser, resetUserPassword } from './Utils.js';
+import { deleteUser, resetUserPassword, unlockUserAccount } from './Utils.js';
 
 const UserManagementTable = ({
   users,
@@ -25,6 +33,16 @@ const UserManagementTable = ({
     }
   };
 
+  // Unlock user account
+  const handleAccountUnlock = async ({ id }) => {
+    try {
+      await unlockUserAccount({ id });
+      message.success('User account unlocked successfully');
+    } catch (err) {
+      message.error('Failed to unlock user account');
+    }
+  };
+
   // Const handle user deletion - display message and setUsers and filteredUsers
   const handleDeleteUser = async ({ id }) => {
     try {
@@ -39,12 +57,24 @@ const UserManagementTable = ({
 
   // Columns for the table
   const columns = [
+    {
+      title: '',
+      key: (record) => record.id,
+      width: 1,
+      render: (record) =>
+        record.accountLocked &&
+        record.accountLocked.isLocked && (
+          <Tooltip title="Account Locked">
+            <LockFilled style={{ color: 'var(--danger)' }} />{' '}
+          </Tooltip>
+        ),
+    },
+    Table.SELECTION_COLUMN,
     {
       title: 'First Name',
       dataIndex: 'firstName',
       key: 'firstName',
     },
-
     {
       title: 'Last Name',
       dataIndex: 'lastName',
@@ -132,9 +162,35 @@ const UserManagementTable = ({
                     cancelText="No"
                     cancelButtonProps={{ type: 'primary', ghost: true }}
                     style={{ width: '500px !important' }}>
-                    <LockOutlined style={{ marginRight: 15 }} />
-                    Reset Password
+                    <div style={{ marginBottom: '8px' }}>
+                      <KeyOutlined style={{ marginRight: 7 }} /> Reset Password
+                    </div>
                   </Popconfirm>
+
+                  {record.accountLocked && record.accountLocked.isLocked && (
+                    <Popconfirm
+                      title={
+                        <>
+                          <div style={{ fontWeight: 'bold' }}>{`Unlock Account`} </div>
+                          <div style={{ maxWidth: 460 }}>
+                            {`Clicking 'Yes' will unlock the user's account and send them a password reset link. Do you want to continue?`}
+                          </div>
+                        </>
+                      }
+                      onConfirm={() => {
+                        handleAccountUnlock({ id: record.id });
+                      }}
+                      okText="Yes"
+                      okButtonProps={{ danger: true }}
+                      cancelText="No"
+                      cancelButtonProps={{ type: 'primary', ghost: true }}
+                      style={{ width: '500px !important' }}>
+                      <div>
+                        <UnlockOutlined style={{ marginRight: 10 }} />
+                        Unlock Account
+                      </div>
+                    </Popconfirm>
+                  )}
                 </div>
               </div>
             }>
diff --git a/Tombolo/client-reactjs/src/components/admin/userManagement/Utils.js b/Tombolo/client-reactjs/src/components/admin/userManagement/Utils.js
@@ -178,6 +178,21 @@ const resetUserPassword = async ({ id }) => {
   }
 };
 
+// Unlock user account
+const unlockUserAccount = async ({ id }) => {
+  const payload = {
+    method: 'POST',
+    body: JSON.stringify({ id }),
+    headers: authHeader(),
+  };
+
+  const response = await fetch(`/api/user/unlock-account`, payload);
+
+  if (!response.ok) {
+    throw new Error('Failed to unlock user account');
+  }
+};
+
 export {
   createUser,
   getAllUsers,
@@ -189,4 +204,5 @@ export {
   updateUserApplications,
   bulkDeleteUsers,
   resetUserPassword,
+  unlockUserAccount,
 };
diff --git a/Tombolo/server/controllers/authController.js b/Tombolo/server/controllers/authController.js
@@ -576,8 +576,7 @@ const resetTempPassword = async (req, res) => {
     await generateAndSetCSRFToken(req, res, accessToken);
 
     //set last login
-
-    await setLastLogin(newUser);
+    await setLastLogin(user);
 
     // User data obj to send to the client
     const userObj = {
diff --git a/Tombolo/server/controllers/userController.js b/Tombolo/server/controllers/userController.js
@@ -14,6 +14,7 @@ const {
   checkPasswordSecurityViolations,
   setPreviousPasswords,
   generatePassword,
+  sendAccountUnlockedEmail,
 } = require("../utils/authUtil");
 
 // Constants
@@ -612,6 +613,58 @@ const resetPasswordForUser = async (req, res) => {
   }
 };
 
+// unlockAccount
+const unlockAccount = async (req, res) => {
+  try {
+    // Get user by ID
+    const { id } = req.body;
+    const user = await User.findOne({ where: { id } });
+
+    // If user not found
+    if (!user) {
+      return res
+        .status(404)
+        .json({ success: false, message: "User not found" });
+    }
+
+    // Generate temporary password/hash
+    const tempPassword = generatePassword();
+    const salt = bcrypt.genSaltSync(10);
+
+    // Add updated user details
+    user.hash = bcrypt.hashSync(tempPassword, salt);
+    user.forcePasswordReset = true;
+    user.passwordExpiresAt = new Date(
+      new Date().setDate(new Date().getDate() + 2) // 48 hours
+    );
+    user.loginAttempts = 0;
+    user.accountLocked = {isLocked : false,lockedReason: []};
+
+    // Save user with updated details
+    await user.save();
+
+    // Send notification to the user
+      const verificationCode = UUIDV4();
+
+    // Create account verification code
+    await AccountVerificationCodes.create({
+      code: verificationCode,
+      userId: user.id,
+      expiresAt: new Date(Date.now() + 172800000),
+    });
+
+    await sendAccountUnlockedEmail({ user, tempPassword, verificationCode });
+
+    // Response
+    res.status(200).json({ success: true, message: "User account unlocked successfully" });
+  } catch (err) {
+    logger.error(`Unlock account: ${err.message}`);
+    res
+      .status(err.status || 500)
+      .json({ success: false, message: err.message });
+  }
+};
+
 //Exports
 module.exports = {
   createUser,
@@ -625,4 +678,5 @@ module.exports = {
   updateUserRoles,
   updateUserApplications,
   resetPasswordForUser,
+  unlockAccount,
 };
diff --git a/Tombolo/server/notificationTemplates/email/accountUnlocked.ejs b/Tombolo/server/notificationTemplates/email/accountUnlocked.ejs
@@ -0,0 +1,93 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <style>
+    .main_body {
+      width: 100%;
+      border-bottom: 1px solid lightgray !important;
+    }
+
+    .section-footer-td {
+      color: #808080;
+      border-top: 1px solid #808080;
+    }
+
+    .section-header-td {
+      padding-top: 8px;
+      padding-bottom: 8px;
+    }
+
+    .list {
+      padding: 10px;
+    }
+
+    .tabbedText {
+      padding-left: 40px;
+    }
+
+    .bold-text {
+      font-weight: bold;
+    }
+
+    .important-text {
+      color: #FF0000;
+    }
+  </style>
+</head>
+
+<table class="main_body">
+  <tbody>
+    <tr>
+      <td>
+        <table>
+          <tbody>
+            <tr>
+              <td class="section-header-td">
+                <div>
+                  Hello,
+                </div>
+                <div>
+                  Your account has been unlocked, and a temporary password has been issued.
+                  <div>
+                    You must change this temporary password <span class="bold-text"> within 48 hours </span> to maintain account security. Below are the details:
+                  </div>
+                </div>
+              </td>
+            </tr>
+
+
+            <tr>
+              <td class="section-header-td">
+                <div class="tabbedText"> <span class="bold-text">Password Reset Link: </span><a href=<%= typeof passwordResetLink !== 'undefined' ? passwordResetLink : ""  %>><%= typeof passwordResetLink !== 'undefined' ? passwordResetLink : ""  %></a> </div>
+                <div class="tabbedText"> <span class="bold-text">Temporary Password: </span> <%= typeof tempPassword !== 'undefined' ? tempPassword : ""  %> </div>
+              </td>
+            </tr>
+
+
+            <tr>
+              <td>
+                <p class="important-text">
+                  If you did not request your account to be unlocked or if this notification is unexpected, please contact your administrator immediately.
+                </p>
+              </td>
+            </tr>
+
+            <tr>
+              <td class="section-header-td">
+                <div>
+                  Best Regards,
+                </div>
+                <div>
+                  Tombolo
+                </div>
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+</html>
diff --git a/Tombolo/server/routes/userRoutes.js b/Tombolo/server/routes/userRoutes.js
@@ -28,6 +28,7 @@ const {
   updateUserRoles,
   updateUserApplications,
   resetPasswordForUser,
+  unlockAccount,
 } = require("../controllers/userController");
 
 const { validateUserRole } = require("../middlewares/rbacMiddleware");
@@ -62,5 +63,6 @@ router.patch(
 ); // Update a user by id
 router.patch("/applications/:id",validateUserId, updateUserApplications); // Update a user's applications
 router.post("/reset-password-for-user", validateUserIdInBody, resetPasswordForUser); // Reset password for user
+router.post("/unlock-account", validateUserIdInBody, unlockAccount); // Unlock account
 //Export
 module.exports = router;
diff --git a/Tombolo/server/utils/authUtil.js b/Tombolo/server/utils/authUtil.js
@@ -467,6 +467,35 @@ const sendAccountLockedEmail = async (user) => {
   });
 };
 
+// Send account unlocked email
+const sendAccountUnlockedEmail = async ({
+  user,
+  tempPassword,
+  verificationCode,
+}) => {
+  await NotificationQueue.create({
+    type: "email",
+    templateName: "accountUnlocked",
+    notificationOrigin: "User Authentication",
+    deliveryType: "immediate",
+    metaData: {
+      notificationId: `ACC_UNLOCKED_${moment().format("YYYYMMDD_HHmmss_SSS")}`,
+      recipientName: user.firstName,
+      notificationOrigin: "User Authentication",
+      subject: "Your Account Has Been Unlocked – Action Required",
+      mainRecipients: [user.email],
+      notificationDescription: "Account unlocked by admin",
+      userName: user.firstName + " " + user.lastName,
+      userEmail: user.email,
+      tempPassword,
+      passwordResetLink: `${trimURL(
+        process.env.WEB_URL
+      )}/reset-temporary-password/${verificationCode}`,
+    },
+    createdBy: user.id,
+  });
+};
+
 //Exports
 module.exports = {
   generateAccessToken,
@@ -487,4 +516,5 @@ module.exports = {
   setLastLogin,
   setLastLoginAndReturn,
   handleInvalidLoginAttempt,
+  sendAccountUnlockedEmail,
 };
