1
00:00:00,960 --> 00:00:02,570
‫So, we need to now send

2
00:00:02,570 --> 00:00:06,600
‫the password reset token via email to the user.

3
00:00:06,600 --> 00:00:08,860
‫And so in this lecture, we're gonna learn

4
00:00:08,860 --> 00:00:12,140
‫how to send email using a very popular solution

5
00:00:12,140 --> 00:00:13,630
‫called Nodemailer.

6
00:00:15,154 --> 00:00:17,600
‫But before we do that, I actually wanted to show you

7
00:00:17,600 --> 00:00:20,840
‫the effect of not having this option here,

8
00:00:20,840 --> 00:00:23,540
‫because I actually never showed you before.

9
00:00:23,540 --> 00:00:26,543
‫So let's cut it here, try it now, again,

10
00:00:28,910 --> 00:00:31,720
‫and so now you see all these errors coming up

11
00:00:31,720 --> 00:00:33,890
‫like please confirm your password.

12
00:00:33,890 --> 00:00:36,010
‫And, actually, there should be more,

13
00:00:36,010 --> 00:00:39,340
‫but, well, this is now the first one that you get.

14
00:00:39,340 --> 00:00:41,400
‫Basically, because we don't have any value

15
00:00:41,400 --> 00:00:43,650
‫on the password confirm field.

16
00:00:43,650 --> 00:00:44,483
‫Okay?

17
00:00:44,483 --> 00:00:46,600
‫And so again, that's because of the validation

18
00:00:46,600 --> 00:00:49,330
‫and so again we can, of course, easily

19
00:00:49,330 --> 00:00:51,083
‫turn it off with this option.

20
00:00:53,430 --> 00:00:56,600
‫But anyway, let's now create an email handler function

21
00:00:56,600 --> 00:00:59,580
‫that we can then use throughout our application.

22
00:00:59,580 --> 00:01:00,860
‫So I'm gonna do that right here

23
00:01:00,860 --> 00:01:02,673
‫in the Utilities folder, again,

24
00:01:04,210 --> 00:01:08,440
‫and simply calling it email.js.

25
00:01:08,440 --> 00:01:09,650
‫All right?

26
00:01:09,650 --> 00:01:11,410
‫And before we do anything else,

27
00:01:11,410 --> 00:01:14,240
‫let's actually install the Nodemailer package.

28
00:01:14,240 --> 00:01:16,120
‫So that's the package that I mentioned

29
00:01:16,120 --> 00:01:17,390
‫right in the beginning,

30
00:01:17,390 --> 00:01:20,723
‫which we're gonna use to send email using Node.js.

31
00:01:23,130 --> 00:01:27,620
‫So, as always, npm install nodemailer.

32
00:01:34,170 --> 00:01:35,123
‫And in here.

33
00:01:42,674 --> 00:01:46,423
‫All right, and now let's create that function here.

34
00:01:49,500 --> 00:01:51,113
‫So constant email,

35
00:01:52,880 --> 00:01:54,350
‫okay, and then in here,

36
00:01:54,350 --> 00:01:58,060
‫we're gonna pass in some options basically.

37
00:01:58,060 --> 00:02:01,090
‫So the email address where we want to send an email to,

38
00:02:01,090 --> 00:02:03,780
‫the subject line, the email content,

39
00:02:03,780 --> 00:02:05,803
‫and maybe some other stuff.

40
00:02:07,625 --> 00:02:08,780
‫All right.

41
00:02:08,780 --> 00:02:11,180
‫And so now we need to follow three steps

42
00:02:11,180 --> 00:02:13,950
‫in order to send emails with Nodemailer.

43
00:02:15,120 --> 00:02:18,783
‫So first up, we need to create a transporter.

44
00:02:23,950 --> 00:02:24,963
‫Then second,

45
00:02:27,340 --> 00:02:31,777
‫we need to define the email options, basically,

46
00:02:35,330 --> 00:02:36,373
‫and then in the end,

47
00:02:37,930 --> 00:02:41,820
‫actually send the email with Nodemailer.

48
00:02:41,820 --> 00:02:42,960
‫Okay?

49
00:02:42,960 --> 00:02:46,260
‫So, the transporter that we made in the first step here,

50
00:02:46,260 --> 00:02:50,790
‫is basically a service that will actually send the email,

51
00:02:50,790 --> 00:02:53,610
‫because it's not node.js that will actually

52
00:02:53,610 --> 00:02:55,220
‫send the email itself.

53
00:02:55,220 --> 00:02:57,720
‫It's just a service that we define in here.

54
00:02:57,720 --> 00:03:00,340
‫Something like Gmail, for example.

55
00:03:00,340 --> 00:03:02,270
‫Now, Gmail is not actually the service

56
00:03:02,270 --> 00:03:03,370
‫that we're gonna use,

57
00:03:03,370 --> 00:03:05,760
‫but let me just quickly show you how it works

58
00:03:05,760 --> 00:03:08,350
‫with Gmail, because I know that many people

59
00:03:08,350 --> 00:03:10,810
‫will be interested in this, okay?

60
00:03:10,810 --> 00:03:15,120
‫So, anyway, we need to always create a transporter,

61
00:03:15,120 --> 00:03:16,260
‫and that's always the same,

62
00:03:16,260 --> 00:03:18,210
‫no matter what service we're gonna use.

63
00:03:20,070 --> 00:03:22,410
‫So the transporter will be

64
00:03:22,410 --> 00:03:24,577
‫nodemailer.createTransport

65
00:03:28,660 --> 00:03:31,550
‫and then, of course, we need some options in there.

66
00:03:31,550 --> 00:03:32,920
‫All right?

67
00:03:32,920 --> 00:03:35,820
‫So we can specify the service

68
00:03:37,620 --> 00:03:40,360
‫and we can say that we want to use Gmail.

69
00:03:40,360 --> 00:03:42,110
‫So, just like this.

70
00:03:42,110 --> 00:03:44,530
‫And there are a couple of well-known services

71
00:03:44,530 --> 00:03:47,260
‫that Nodemailer knows how to deal with,

72
00:03:47,260 --> 00:03:49,870
‫and so we don't have to configure these manually.

73
00:03:49,870 --> 00:03:52,660
‫And so Gmail is just one of them.

74
00:03:52,660 --> 00:03:56,863
‫But also there is Yahoo, or Hotmail, or many others, okay?

75
00:03:57,760 --> 00:03:58,980
‫So that's the service,

76
00:03:58,980 --> 00:04:03,020
‫and then we also need to specify the auth property,

77
00:04:03,020 --> 00:04:04,783
‫so basically for authentication.

78
00:04:06,150 --> 00:04:08,730
‫So we need a user and a password.

79
00:04:08,730 --> 00:04:10,380
‫And so just like before,

80
00:04:10,380 --> 00:04:14,253
‫we save that kind of stuff in our config.n file.

81
00:04:15,840 --> 00:04:16,673
‫All right.

82
00:04:17,930 --> 00:04:18,963
‫So email,

83
00:04:21,090 --> 00:04:22,253
‫that's a username,

84
00:04:23,500 --> 00:04:26,700
‫and now I'm not going to use a real Gmail address here

85
00:04:26,700 --> 00:04:28,963
‫because, again, we're not using Gmail,

86
00:04:29,910 --> 00:04:34,140
‫but just as an example here, all right.

87
00:04:34,140 --> 00:04:36,910
‫Your password.

88
00:04:36,910 --> 00:04:38,350
‫All right.

89
00:04:38,350 --> 00:04:40,480
‫So here we're done, say,

90
00:04:40,480 --> 00:04:41,350
‫process

91
00:04:43,090 --> 00:04:44,830
‫dot end dot

92
00:04:47,414 --> 00:04:48,581
‫EMAIL_USERNAME

93
00:04:53,780 --> 00:04:56,113
‫the password process dot end

94
00:04:58,310 --> 00:04:59,800
‫dot EMAIL_PASSWORD

95
00:05:02,650 --> 00:05:04,723
‫and I hope I spelled these correctly.

96
00:05:05,580 --> 00:05:06,413
‫Okay?

97
00:05:06,413 --> 00:05:07,970
‫And so this is the configuration

98
00:05:07,970 --> 00:05:10,610
‫for the transport in Nodemailer.

99
00:05:10,610 --> 00:05:12,400
‫Then in your Gmail account,

100
00:05:12,400 --> 00:05:14,160
‫you will actually have to activate something

101
00:05:14,160 --> 00:05:17,346
‫called the less secure app option.

102
00:05:17,346 --> 00:05:18,896
‫So let me write that down here.

103
00:05:27,609 --> 00:05:29,640
‫And again, I'm not going to do it here,

104
00:05:29,640 --> 00:05:31,020
‫but I know that many people

105
00:05:31,020 --> 00:05:33,160
‫will actually want to use it.

106
00:05:33,160 --> 00:05:35,710
‫And the reason why we're not using Gmail

107
00:05:35,710 --> 00:05:37,200
‫in this application

108
00:05:37,200 --> 00:05:40,170
‫is because Gmail is not at all a good idea

109
00:05:40,170 --> 00:05:41,510
‫for a production app.

110
00:05:41,510 --> 00:05:44,170
‫And so that's basically what we're trying to build here.

111
00:05:44,170 --> 00:05:45,003
‫Okay?

112
00:05:45,003 --> 00:05:47,600
‫So using Gmail for this kind of stuff,

113
00:05:47,600 --> 00:05:50,670
‫you can only send 500 emails per day,

114
00:05:50,670 --> 00:05:53,520
‫and also, you will probably very quickly be marked

115
00:05:53,520 --> 00:05:57,410
‫as a spammer, and from there, it will only go downhill.

116
00:05:57,410 --> 00:05:58,330
‫All right?

117
00:05:58,330 --> 00:06:00,710
‫So, unless it's like a private app,

118
00:06:00,710 --> 00:06:02,780
‫and you just send emails to yourself,

119
00:06:02,780 --> 00:06:04,470
‫or, like, 10 friends,

120
00:06:04,470 --> 00:06:07,090
‫well, then you should use another service.

121
00:06:07,090 --> 00:06:10,680
‫And some well-known ones are SendGrid and Mailgun.

122
00:06:10,680 --> 00:06:13,740
‫And, actually, we will use SendGrid a bit later

123
00:06:13,740 --> 00:06:15,180
‫in this course.

124
00:06:15,180 --> 00:06:17,400
‫Now, what we're gonna do right now

125
00:06:17,400 --> 00:06:19,920
‫is to use a special development service,

126
00:06:19,920 --> 00:06:23,740
‫which basically fakes to send emails to real addresses.

127
00:06:23,740 --> 00:06:26,660
‫But, in reality, these emails end up trapped

128
00:06:26,660 --> 00:06:29,920
‫in a development inbox, so that we can then take a look

129
00:06:29,920 --> 00:06:32,320
‫at how they will look later in production.

130
00:06:32,320 --> 00:06:33,270
‫All right?

131
00:06:33,270 --> 00:06:35,700
‫So that service is called Mailtrap,

132
00:06:35,700 --> 00:06:37,893
‫and so let's now sign up for that.

133
00:06:41,190 --> 00:06:42,023
‫So.

134
00:06:43,500 --> 00:06:45,883
‫Mailtrap.io,

135
00:06:47,810 --> 00:06:48,643
‫all right?

136
00:06:48,643 --> 00:06:51,050
‫So, and as I say, safe email testing

137
00:06:51,050 --> 00:06:52,940
‫for staging and development.

138
00:06:52,940 --> 00:06:54,280
‫So basically, with this service,

139
00:06:54,280 --> 00:06:57,410
‫you can fake to send emails to clients,

140
00:06:57,410 --> 00:07:00,230
‫but these emails will then never reach these clients,

141
00:07:00,230 --> 00:07:03,670
‫and instead be trapped in your Mailtrap, okay?

142
00:07:03,670 --> 00:07:05,660
‫And so that way you cannot accidentally

143
00:07:05,660 --> 00:07:09,150
‫send some development emails to all of your

144
00:07:09,150 --> 00:07:11,540
‫clients or users, okay.

145
00:07:11,540 --> 00:07:13,450
‫So go ahead and sign up now.

146
00:07:13,450 --> 00:07:15,430
‫I, of course, already have my account,

147
00:07:15,430 --> 00:07:17,040
‫and so I will simply log in now.

148
00:07:17,040 --> 00:07:19,390
‫So see you in a second, after you have created

149
00:07:19,390 --> 00:07:21,600
‫your free account.

150
00:07:21,600 --> 00:07:24,350
‫All right, so after creating your account,

151
00:07:24,350 --> 00:07:27,290
‫it will probably look a little bit like this.

152
00:07:27,290 --> 00:07:29,630
‫Now, you won't have any inbox for now,

153
00:07:29,630 --> 00:07:31,810
‫and so let's just create a new one,

154
00:07:31,810 --> 00:07:32,970
‫with the name of natours.

155
00:07:32,970 --> 00:07:36,200
‫So, I already have one, but just create a new one here,

156
00:07:36,200 --> 00:07:39,260
‫with the natours name, and then hit Create Inbox.

157
00:07:39,260 --> 00:07:40,093
‫All right?

158
00:07:40,093 --> 00:07:41,520
‫Then we can open it,

159
00:07:41,520 --> 00:07:44,280
‫and you see we have no email at this point,

160
00:07:44,280 --> 00:07:45,950
‫but what matters for now

161
00:07:45,950 --> 00:07:48,170
‫is these credentials here.

162
00:07:48,170 --> 00:07:50,310
‫So you see we have our host here,

163
00:07:50,310 --> 00:07:53,120
‫we have the port, username, and password.

164
00:07:53,120 --> 00:07:54,990
‫And so that's what we're gonna specify

165
00:07:54,990 --> 00:07:57,580
‫in our transport in Nodemailer now.

166
00:07:57,580 --> 00:07:58,413
‫All right?

167
00:07:58,413 --> 00:08:00,810
‫So let's start with the host,

168
00:08:00,810 --> 00:08:02,060
‫well, actually, with the username,

169
00:08:02,060 --> 00:08:04,320
‫so these two, I just need to copy

170
00:08:04,320 --> 00:08:07,933
‫so let's copy it to our config file,

171
00:08:09,100 --> 00:08:11,323
‫so that's the username,

172
00:08:13,220 --> 00:08:14,723
‫then that's the password,

173
00:08:18,620 --> 00:08:21,813
‫and now we actually also need to specify the host.

174
00:08:28,580 --> 00:08:31,830
‫Okay, and so that's because Mailtrap is not

175
00:08:31,830 --> 00:08:35,493
‫one of these predefined services that comes with Nodemailer.

176
00:08:39,720 --> 00:08:40,553
‫All right.

177
00:08:44,800 --> 00:08:46,433
‫The port is 25.

178
00:08:47,780 --> 00:08:49,660
‫So give it a save,

179
00:08:49,660 --> 00:08:53,390
‫and then in here, let's get rid of this,

180
00:08:53,390 --> 00:08:56,690
‫and what I need to specify instead is the host

181
00:08:57,730 --> 00:08:58,803
‫so email,

182
00:09:00,040 --> 00:09:01,460
‫host,

183
00:09:01,460 --> 00:09:03,430
‫and, of course, the port.

184
00:09:03,430 --> 00:09:05,773
‫So everything that we just saved before.

185
00:09:10,800 --> 00:09:12,950
‫All right, then the authentication here

186
00:09:12,950 --> 00:09:14,323
‫is the exact same.

187
00:09:15,790 --> 00:09:17,643
‫Let's get rid of this as well,

188
00:09:19,888 --> 00:09:22,200
‫and move on to step number two.

189
00:09:22,200 --> 00:09:24,913
‫So basically defining some options for our email.

190
00:09:29,440 --> 00:09:31,700
‫All right, and we could, of course,

191
00:09:31,700 --> 00:09:34,320
‫do step two and three all at the same,

192
00:09:34,320 --> 00:09:36,970
‫but I like to simply prefer these options here first.

193
00:09:37,810 --> 00:09:39,910
‫Okay, and so here we specify

194
00:09:39,910 --> 00:09:41,603
‫where the email is coming from,

195
00:09:42,660 --> 00:09:43,713
‫so the name,

196
00:09:45,890 --> 00:09:48,963
‫and then the email address like this.

197
00:09:52,800 --> 00:09:55,453
‫Next up, we need the recipient's address,

198
00:09:57,500 --> 00:10:01,153
‫and so that one, I'm gonna specify as an option,

199
00:10:03,200 --> 00:10:04,033
‫okay?

200
00:10:04,033 --> 00:10:06,560
‫So basically, coming as an argument to this function.

201
00:10:06,560 --> 00:10:08,650
‫So this options object here,

202
00:10:08,650 --> 00:10:11,173
‫is this one that we pass into the function.

203
00:10:12,110 --> 00:10:13,370
‫All right.

204
00:10:13,370 --> 00:10:17,263
‫Then actually the same for the subject and for the text.

205
00:10:18,990 --> 00:10:20,593
‫Let's just duplicate these here,

206
00:10:26,250 --> 00:10:28,170
‫So the subject and then

207
00:10:29,300 --> 00:10:31,720
‫we just specify the text property,

208
00:10:31,720 --> 00:10:34,793
‫and that one, in the options, I'm just calling it message.

209
00:10:35,790 --> 00:10:38,070
‫All right, so this one is basically

210
00:10:38,070 --> 00:10:39,950
‫the text version of the email.

211
00:10:39,950 --> 00:10:44,220
‫But we can then also specify the HTML property.

212
00:10:44,220 --> 00:10:48,220
‫Okay, and so we could now then convert this message to HTML.

213
00:10:48,220 --> 00:10:50,460
‫And later, we're going to do that, but for now,

214
00:10:50,460 --> 00:10:54,780
‫let's keep it simple and not specify the HTML here, at all.

215
00:10:54,780 --> 00:10:55,613
‫Okay?

216
00:10:55,613 --> 00:10:57,993
‫So simply leaving it at text.

217
00:10:59,320 --> 00:11:00,153
‫Okay!

218
00:11:00,153 --> 00:11:01,773
‫And then finally, at the end,

219
00:11:03,050 --> 00:11:06,723
‫transporter, so that's the transporter object

220
00:11:06,723 --> 00:11:09,440
‫that we created right here in the beginning,

221
00:11:09,440 --> 00:11:11,890
‫and on that, we can then call sendMail

222
00:11:14,470 --> 00:11:18,983
‫and into that we need to pass in our mail options, okay?

223
00:11:19,900 --> 00:11:22,640
‫And now this actually returns a Promise.

224
00:11:22,640 --> 00:11:25,890
‫Okay, so again, this is an asynchronous function,

225
00:11:25,890 --> 00:11:29,480
‫and since we don't want to directly work with Promises,

226
00:11:29,480 --> 00:11:30,933
‫let's use async/await.

227
00:11:32,890 --> 00:11:33,723
‫All right.

228
00:11:34,770 --> 00:11:37,450
‫So declaring this as an async function

229
00:11:37,450 --> 00:11:39,023
‫and there we go.

230
00:11:40,030 --> 00:11:41,070
‫All right.

231
00:11:41,070 --> 00:11:43,250
‫We don't want to store any result here,

232
00:11:43,250 --> 00:11:46,423
‫which we could, but I'm not really interested in that.

233
00:11:47,940 --> 00:11:51,930
‫Okay, and now let's simply export it

234
00:11:51,930 --> 00:11:54,263
‫as the default from this module.

235
00:11:57,990 --> 00:11:59,360
‫Okay, looks good!

236
00:11:59,360 --> 00:12:02,890
‫Now let's now go ahead and actually try this.

237
00:12:02,890 --> 00:12:07,050
‫And so to start, we need to import it here, of course.

238
00:12:07,050 --> 00:12:09,003
‫So let's just duplicate this here,

239
00:12:13,270 --> 00:12:14,370
‫so this is email,

240
00:12:14,370 --> 00:12:19,163
‫and the function is called sendEmail I think.

241
00:12:21,573 --> 00:12:22,406
‫Okay.

242
00:12:22,406 --> 00:12:26,513
‫So let's go back to our middleware function here,

243
00:12:28,540 --> 00:12:31,397
‫and let's start by defining the reset URL.

244
00:12:33,890 --> 00:12:37,810
‫So, ideally, the user will then click on this email

245
00:12:37,810 --> 00:12:41,240
‫and will then be able to do the request from there.

246
00:12:41,240 --> 00:12:42,500
‫And that's gonna work later

247
00:12:42,500 --> 00:12:44,650
‫when we implement our dynamic website,

248
00:12:44,650 --> 00:12:48,170
‫but still, we now want to create this URL here,

249
00:12:48,170 --> 00:12:50,350
‫so that the user can simply copy it,

250
00:12:50,350 --> 00:12:52,433
‫to make it easier to do this request.

251
00:12:53,720 --> 00:12:56,130
‫Okay, so basically we need to recreate

252
00:12:57,350 --> 00:13:00,750
‫this URL structure that we have here.

253
00:13:00,750 --> 00:13:02,627
‫So this one is for forgot password

254
00:13:02,627 --> 00:13:04,227
‫and let's actually save it here.

255
00:13:10,670 --> 00:13:14,910
‫So, forgot password, and now the URL

256
00:13:14,910 --> 00:13:17,820
‫that we're creating is actually for reset password.

257
00:13:17,820 --> 00:13:21,340
‫So, remember, we actually implemented that one before.

258
00:13:21,340 --> 00:13:22,173
‫Okay.

259
00:13:22,173 --> 00:13:24,020
‫Let's just go ahead and copy it here,

260
00:13:27,760 --> 00:13:31,750
‫so reset password, all right?

261
00:13:31,750 --> 00:13:33,940
‫And that will then actually take the token

262
00:13:33,940 --> 00:13:35,540
‫as a parameter.

263
00:13:35,540 --> 00:13:39,120
‫Okay, so let's just put any random token in here for now.

264
00:13:39,120 --> 00:13:40,563
‫So it doesn't matter at all.

265
00:13:41,610 --> 00:13:42,860
‫Let me just save it here,

266
00:13:45,150 --> 00:13:50,150
‫as reset password.

267
00:13:50,360 --> 00:13:51,193
‫Okay.

268
00:13:51,193 --> 00:13:53,970
‫And also, it's not GET, it's also not POST,

269
00:13:53,970 --> 00:13:56,320
‫but it's PATCH, because the result of this

270
00:13:56,320 --> 00:13:59,490
‫will be the modification of the password property

271
00:13:59,490 --> 00:14:01,560
‫in the user document.

272
00:14:01,560 --> 00:14:05,470
‫And so PATCH is the best one actually, okay?

273
00:14:05,470 --> 00:14:09,023
‫So let's quickly change our route implementation for this.

274
00:14:10,720 --> 00:14:14,410
‫So, it's here in userRoute,

275
00:14:14,410 --> 00:14:17,480
‫so it's not POST, it's PATCH,

276
00:14:17,480 --> 00:14:20,710
‫and we also want to specify a parameter.

277
00:14:20,710 --> 00:14:22,330
‫So, remember how we do that.

278
00:14:22,330 --> 00:14:24,030
‫So it's just like down here.

279
00:14:24,030 --> 00:14:26,960
‫So another slash then colon, and then the name

280
00:14:26,960 --> 00:14:29,593
‫of the parameter, which is gonna be token.

281
00:14:31,390 --> 00:14:32,990
‫Okay, and let's build this now,

282
00:14:32,990 --> 00:14:34,870
‫starting with the protocol.

283
00:14:34,870 --> 00:14:38,340
‫So, HTTP or HTTPS, okay?

284
00:14:38,340 --> 00:14:42,283
‫And we're basically gonna get that data from our request.

285
00:14:43,180 --> 00:14:45,720
‫So that's stored on request dot protocol

286
00:14:47,250 --> 00:14:51,750
‫then colon slash slash, and then the host, okay?

287
00:14:51,750 --> 00:14:54,590
‫So we're basically preparing this one here to work

288
00:14:54,590 --> 00:14:57,260
‫both in development and in production.

289
00:14:57,260 --> 00:15:00,630
‫So, request dot get,

290
00:15:00,630 --> 00:15:01,513
‫and then host.

291
00:15:02,760 --> 00:15:04,950
‫All right, so this is how we get the host,

292
00:15:04,950 --> 00:15:09,100
‫and then slash api slash version one,

293
00:15:09,100 --> 00:15:11,860
‫and I guess it's not ideal to define a tier

294
00:15:11,860 --> 00:15:13,170
‫hardcoded like this,

295
00:15:13,170 --> 00:15:15,260
‫but again, this is something that we're gonna fix

296
00:15:15,260 --> 00:15:17,080
‫a bit later, okay?

297
00:15:17,080 --> 00:15:20,100
‫And I see that this is actually not correct.

298
00:15:20,100 --> 00:15:22,680
‫These curly braces should be there.

299
00:15:22,680 --> 00:15:24,263
‫So, now, users,

300
00:15:25,676 --> 00:15:26,843
‫resetPassword,

301
00:15:28,910 --> 00:15:32,830
‫and then yet another slash, and finally the token.

302
00:15:32,830 --> 00:15:34,833
‫Okay, so, resetToken.

303
00:15:35,790 --> 00:15:36,623
‫All right?

304
00:15:36,623 --> 00:15:38,780
‫And as we discussed before, in the last lecture,

305
00:15:38,780 --> 00:15:40,000
‫here we actually gotta send

306
00:15:40,000 --> 00:15:44,000
‫the plain, original resetToken, and not the encrypted one.

307
00:15:44,000 --> 00:15:44,833
‫All right?

308
00:15:44,833 --> 00:15:46,170
‫We will then, in the next step,

309
00:15:46,170 --> 00:15:49,810
‫compare the original token with the encrypted one.

310
00:15:49,810 --> 00:15:52,780
‫So, again, just as we discussed in the last video.

311
00:15:52,780 --> 00:15:56,657
‫Give it a save here now, and so that is our reset URL.

312
00:16:00,940 --> 00:16:04,490
‫And now, based on this URL, let's quickly

313
00:16:04,490 --> 00:16:06,233
‫create the message here as well.

314
00:16:07,950 --> 00:16:11,113
‫So, Forgot your password?

315
00:16:13,120 --> 00:16:17,720
‫Submit a PATCH request

316
00:16:18,900 --> 00:16:21,650
‫with your new password

317
00:16:24,380 --> 00:16:26,273
‫and passwordConfirm of course,

318
00:16:30,850 --> 00:16:34,270
‫to the reset URL that we just created, okay?

319
00:16:34,270 --> 00:16:37,500
‫So basically, giving the user some instructions here.

320
00:16:37,500 --> 00:16:39,373
‫Then, on a new line, we also say,

321
00:16:40,670 --> 00:16:44,053
‫if you didn't forget your password,

322
00:16:47,820 --> 00:16:49,610
‫please ignore this email.

323
00:16:49,610 --> 00:16:51,690
‫So that's kind of a common message,

324
00:16:51,690 --> 00:16:54,320
‫and again, I'm sure you've seen it in some way

325
00:16:54,320 --> 00:16:55,963
‫or another, all right.

326
00:16:56,860 --> 00:16:59,900
‫So let's now, finally, send the email,

327
00:16:59,900 --> 00:17:02,020
‫and remember that sendEmail

328
00:17:02,020 --> 00:17:03,640
‫is an asynchronous function.

329
00:17:03,640 --> 00:17:06,470
‫And so, therefore, we need to await it here.

330
00:17:06,470 --> 00:17:07,303
‫Okay?

331
00:17:07,303 --> 00:17:09,693
‫Because, of course, it's gonna return a Promise.

332
00:17:11,470 --> 00:17:14,850
‫And remember now that the sendEmail function here

333
00:17:14,850 --> 00:17:17,490
‫takes an object with some options.

334
00:17:17,490 --> 00:17:22,490
‫So the email is user.email, right?

335
00:17:23,730 --> 00:17:28,150
‫Or we could also say, req.body.email.

336
00:17:28,150 --> 00:17:31,233
‫So that's exactly the same, actually, right?

337
00:17:32,900 --> 00:17:35,773
‫Then the subject that we want to say is,

338
00:17:36,690 --> 00:17:41,363
‫Your password reset token.

339
00:17:44,850 --> 00:17:48,540
‫Let's say right away that it's only valid for 10 minutes,

340
00:17:48,540 --> 00:17:52,290
‫so that the user knows that he has to hurry.

341
00:17:52,290 --> 00:17:55,113
‫Okay, and then finally, the message, as well.

342
00:17:56,940 --> 00:17:57,773
‫Okay.

343
00:17:57,773 --> 00:18:00,080
‫So, we await that, and then after that,

344
00:18:00,080 --> 00:18:04,330
‫let's also send, of course, some response.

345
00:18:04,330 --> 00:18:07,130
‫Okay, so there always needs to be a response,

346
00:18:07,130 --> 00:18:08,860
‫otherwise, as you already know,

347
00:18:08,860 --> 00:18:11,970
‫the request/response cycle will never finish.

348
00:18:11,970 --> 00:18:14,700
‫So we simply send a 200 code

349
00:18:14,700 --> 00:18:18,720
‫and then a nicely formatted message

350
00:18:19,670 --> 00:18:22,023
‫with a status of success,

351
00:18:25,640 --> 00:18:28,550
‫and then just a quick message saying,

352
00:18:28,550 --> 00:18:32,410
‫Token sent to email.

353
00:18:32,410 --> 00:18:33,243
‫All right.

354
00:18:33,243 --> 00:18:37,490
‫And, of course, we can not send the reset token right here,

355
00:18:37,490 --> 00:18:40,970
‫by adjacent, right, because, then everyone could

356
00:18:40,970 --> 00:18:42,910
‫just reset anyone's password,

357
00:18:42,910 --> 00:18:45,440
‫and take over any account that they wanted.

358
00:18:45,440 --> 00:18:47,740
‫And so that's the whole reason why we send it

359
00:18:47,740 --> 00:18:49,940
‫to an email address, because we assume

360
00:18:49,940 --> 00:18:51,800
‫that the email is a safe place,

361
00:18:51,800 --> 00:18:54,187
‫that only the user has access to.

362
00:18:54,187 --> 00:18:55,020
‫All right.

363
00:18:56,990 --> 00:19:00,170
‫Whoo, so, this video, again is running quite long,

364
00:19:00,170 --> 00:19:01,620
‫but we're still not done.

365
00:19:01,620 --> 00:19:04,200
‫We're almost done, but not entirely,

366
00:19:04,200 --> 00:19:06,590
‫because there might happen an error,

367
00:19:06,590 --> 00:19:10,560
‫using this sendEmail, okay, and so in that case,

368
00:19:10,560 --> 00:19:14,100
‫we, of course, want to send an error message to the client.

369
00:19:14,100 --> 00:19:16,720
‫But in this case, we actually need to do more

370
00:19:16,720 --> 00:19:18,980
‫than simply send an error message.

371
00:19:18,980 --> 00:19:22,707
‫We need to basically, set back the password reset token

372
00:19:22,707 --> 00:19:26,660
‫and the password reset expired that we defined, okay?

373
00:19:26,660 --> 00:19:29,140
‫And so right now it's not enough to simply

374
00:19:29,140 --> 00:19:31,340
‫catch the error and then send it down

375
00:19:31,340 --> 00:19:34,100
‫to our global error handling middleware.

376
00:19:34,100 --> 00:19:36,980
‫But instead we need to simply add

377
00:19:36,980 --> 00:19:39,660
‫a try-catch block right here.

378
00:19:39,660 --> 00:19:42,290
‫So again, because we actually want to do more

379
00:19:42,290 --> 00:19:45,363
‫than simply send an error down to the client,

380
00:19:46,850 --> 00:19:49,633
‫so we try basically to do this,

381
00:19:50,950 --> 00:19:53,763
‫right, but in case there is an error,

382
00:19:54,660 --> 00:19:57,630
‫then, of course, this block here is executed.

383
00:19:57,630 --> 00:19:58,463
‫All right?

384
00:19:58,463 --> 00:20:01,380
‫So what we want to do in that case,

385
00:20:01,380 --> 00:20:04,160
‫well, we want to basically, as I said,

386
00:20:04,160 --> 00:20:08,140
‫reset both the token and the expires property.

387
00:20:08,140 --> 00:20:09,620
‫Okay.

388
00:20:09,620 --> 00:20:11,850
‫So, passwordResetToken,

389
00:20:15,360 --> 00:20:18,950
‫and set it to undefined, all right.

390
00:20:18,950 --> 00:20:22,053
‫And the same for passwordResetExpires.

391
00:20:24,670 --> 00:20:25,503
‫Okay.

392
00:20:25,503 --> 00:20:27,350
‫And then, of course, just like before,

393
00:20:27,350 --> 00:20:30,830
‫this only modifies the data, but doesn't really save it.

394
00:20:30,830 --> 00:20:33,693
‫And so let's go add, grab this one,

395
00:20:35,560 --> 00:20:39,730
‫and so to basically save the data in this case.

396
00:20:39,730 --> 00:20:41,750
‫Okay, and then just to finish,

397
00:20:41,750 --> 00:20:45,140
‫we, of course, then return with an error

398
00:20:45,140 --> 00:20:46,620
‫to the next middleware.

399
00:20:46,620 --> 00:20:48,223
‫So newAppError,

400
00:20:50,970 --> 00:20:55,373
‫There was an error sending the email.

401
00:20:57,940 --> 00:20:59,333
‫Try again later.

402
00:21:00,220 --> 00:21:03,700
‫And in this case, the error code can actually be a 500.

403
00:21:03,700 --> 00:21:06,980
‫So this is really then, like an error that's happened

404
00:21:06,980 --> 00:21:09,930
‫on the server, and so it has to be a five code,

405
00:21:09,930 --> 00:21:12,893
‫and 500 is just, like, the standard one.

406
00:21:13,740 --> 00:21:15,160
‫All right.

407
00:21:15,160 --> 00:21:20,160
‫So, let's now go ahead and try this out again, all right.

408
00:21:20,830 --> 00:21:25,130
‫So this is quite a long one again, but, well,

409
00:21:25,130 --> 00:21:27,200
‫we have to do it, right?

410
00:21:27,200 --> 00:21:31,173
‫So, forgot password, with this email, let's check it out.

411
00:21:32,260 --> 00:21:34,270
‫So this might not take a long time,

412
00:21:34,270 --> 00:21:36,400
‫because of sending the email,

413
00:21:36,400 --> 00:21:40,360
‫but actually it worked now, took like five seconds,

414
00:21:40,360 --> 00:21:42,840
‫but we see Token sent to email.

415
00:21:42,840 --> 00:21:45,770
‫and so, as we know, since we used Mailtrap,

416
00:21:45,770 --> 00:21:49,810
‫it actually didn't send this email to hello@jones.io

417
00:21:49,810 --> 00:21:53,010
‫but instead the email should be now trapped

418
00:21:53,010 --> 00:21:55,940
‫inside of Mailtrap.

419
00:21:55,940 --> 00:21:59,003
‫And, indeed, here on the left side, it now showed up.

420
00:21:59,890 --> 00:22:01,170
‫All right.

421
00:22:01,170 --> 00:22:04,440
‫So, that is the email that we specified

422
00:22:04,440 --> 00:22:06,467
‫and here we get our nice URL.

423
00:22:07,960 --> 00:22:11,980
‫Okay, so the one that we created with the protocol,

424
00:22:11,980 --> 00:22:15,070
‫the host, and then also with the token.

425
00:22:15,070 --> 00:22:17,210
‫So let's just take a look if this really

426
00:22:17,210 --> 00:22:18,910
‫is our plain token,

427
00:22:18,910 --> 00:22:20,873
‫so ending in 88df,

428
00:22:22,130 --> 00:22:26,690
‫and, indeed, we have resetToken here, 88df.

429
00:22:26,690 --> 00:22:29,050
‫And now in the database, we should have the token

430
00:22:29,050 --> 00:22:31,890
‫ending in 1111.

431
00:22:31,890 --> 00:22:34,883
‫So, let's confirm that, here in Compass,

432
00:22:35,780 --> 00:22:40,780
‫give it a reload, and, indeed, here we go, okay?

433
00:22:41,470 --> 00:22:45,260
‫And so again, this here is in 10 minutes from now.

434
00:22:45,260 --> 00:22:47,910
‫Great, so we finished that part.

435
00:22:47,910 --> 00:22:50,290
‫Next up, in the next video, we will then actually

436
00:22:50,290 --> 00:22:52,320
‫reset the password,

437
00:22:52,320 --> 00:22:54,590
‫based, of course, on the new password

438
00:22:54,590 --> 00:22:58,030
‫that the user sends with the reset password request.

439
00:22:58,030 --> 00:22:58,993
‫So, see ya there.