Dashboard API explorer

/api/administrator/create-reset-code (POST)

Account information like email addresses is generated with faker-js it is not real user information.

await global.api.administrator.CreateResetCode.post(req)

Returns object

{
  "codeid": "code_b95f5fba59f952f8",
  "object": "resetCode",
  "appid": "tests_1656038567",
  "accountid": "acct_8423b9d0bc59d2e7",
  "createdAt": "2022-06-24T02:42:47.362Z",
  "updatedAt": "2022-06-24T02:42:47.362Z"
}

Exceptions

These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:

Exception Circumstances
invalid-accountid unspecified querystring accountid
invalid querystring accountid
invalid-secret-code missing posted secret-code
invalid posted secret-code is not alphanumeric
invalid-secret-code-length invalid posted secret-code length

NodeJS source (view on github)

const dashboard = require('../../../../index.js')

module.exports = {
  post: async (req) => {
    if (!req.query || !req.query.accountid) {
      throw new Error('invalid-accountid')
    }
    const account = await global.api.administrator.Account.get(req)
    if (!account) {
      throw new Error('invalid-account')
    }
    if (!req.body || !req.body['secret-code'] || !req.body['secret-code'].length) {
      throw new Error('invalid-secret-code')
    }
    if (req.body['secret-code'].match(/^[a-z0-9]+$/i) === null) {
      throw new Error('invalid-secret-code')
    }
    if (global.minimumResetCodeLength > req.body['secret-code'].length ||
      global.maximumResetCodeLength < req.body['secret-code'].length) {
      throw new Error('invalid-secret-code-length')
    }
    let dashboardEncryptionKey = global.dashboardEncryptionKey
    if (req.server) {
      dashboardEncryptionKey = req.server.dashboardEncryptionKey || dashboardEncryptionKey
    }
    const secretCodeHash = await dashboard.Hash.sha512Hash(req.body['secret-code'], dashboardEncryptionKey)
    const resetCode = await dashboard.Storage.ResetCode.create({
      accountid: req.query.accountid,
      appid: req.appid || global.appid,
      secretCodeHash
    })
    await dashboard.Storage.Account.update({
      resetCodeLastCreatedAt: new Date()
    }, {
      where: {
        accountid: req.account.accountid,
        appid: req.appid || global.appid
      }
    })
    req.query.codeid = resetCode.dataValues.codeid
    return global.api.administrator.ResetCode.get(req)
  }
}

Test source (view on github)

/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')

describe('/api/administrator/create-reset-code', () => {
  describe('exceptions', () => {
    describe('invalid-accountid', () => {
      it('unspecified querystring accountid', async () => {
        const administrator = await TestHelper.createOwner()
        const req = TestHelper.createRequest('/api/administrator/create-reset-code')
        req.account = administrator.account
        req.session = administrator.session
        req.body = {
          'secret-code': '1'
        }
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-accountid')
      })

      it('invalid querystring accountid', async () => {
        const administrator = await TestHelper.createOwner()
        const req = TestHelper.createRequest('/api/administrator/create-reset-code?accountid=invalid')
        req.account = administrator.account
        req.session = administrator.session
        req.body = {
          'secret-code': '1'
        }
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-accountid')
      })
    })

    describe('invalid-secret-code', () => {
      it('missing posted secret-code', async () => {
        const administrator = await TestHelper.createOwner()
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/administrator/create-reset-code?accountid=${user.account.accountid}`)
        req.account = administrator.account
        req.session = administrator.session
        req.body = {
          'secret-code': ''
        }
        global.minimumResetCodeLength = 100
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-secret-code')
      })

      it('invalid posted secret-code is not alphanumeric', async () => {
        const administrator = await TestHelper.createOwner()
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/administrator/create-reset-code?accountid=${user.account.accountid}`)
        req.account = administrator.account
        req.session = administrator.session
        req.body = {
          'secret-code': 'this has spaces'
        }
        global.minimumResetCodeLength = 100
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-secret-code')
      })
    })

    describe('invalid-secret-code-length', () => {
      it('invalid posted secret-code length', async () => {
        const administrator = await TestHelper.createOwner()
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/administrator/create-reset-code?accountid=${user.account.accountid}`)
        req.account = administrator.account
        req.session = administrator.session
        req.body = {
          'secret-code': '1'
        }
        global.minimumResetCodeLength = 100
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-secret-code-length')
      })
    })
  })

  describe('returns', () => {
    it('object', async () => {
      const administrator = await TestHelper.createOwner()
      const user = await TestHelper.createUser()
      const req = TestHelper.createRequest(`/api/administrator/create-reset-code?accountid=${user.account.accountid}`)
      req.account = administrator.account
      req.session = administrator.session
      req.body = {
        'secret-code': '12345678'
      }
      req.filename = __filename
      req.saveResponse = true
      const resetCode = await req.post()
      assert.strictEqual(resetCode.object, 'resetCode')
    })
  })

  describe('configuration', () => {
    it('environment MINIMUM_RESET_CODE_LENGTH', async () => {
      const administrator = await TestHelper.createOwner()
      const user = await TestHelper.createUser()
      const req = TestHelper.createRequest(`/api/administrator/create-reset-code?accountid=${user.account.accountid}`)
      req.account = administrator.account
      req.session = administrator.session
      req.body = {
        'secret-code': '1'
      }
      global.minimumResetCodeLength = 100
      let errorMessage
      try {
        await req.post()
      } catch (error) {
        errorMessage = error.message
      }
      assert.strictEqual(errorMessage, 'invalid-secret-code-length')
    })

    it('environment MAXIMUM_RESET_CODE_LENGTH', async () => {
      const administrator = await TestHelper.createOwner()
      const user = await TestHelper.createUser()
      const req = TestHelper.createRequest(`/api/administrator/create-reset-code?accountid=${user.account.accountid}`)
      req.account = administrator.account
      req.session = administrator.session
      req.body = {
        'secret-code': '10000000'
      }
      global.maximumResetCodeLength = 3
      let errorMessage
      try {
        await req.post()
      } catch (error) {
        errorMessage = error.message
      }
      assert.strictEqual(errorMessage, 'invalid-secret-code-length')
    })
  })
})