Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,960 --> 00:00:02,570 So, we need to now send 2 00:00:02,570 --> 00:00:06,600 the password reset token via email to the user. 3 00:00:06,600 --> 00:00:08,860 And so in this lecture, we're gonna learn 4 00:00:08,860 --> 00:00:12,140 how to send email using a very popular solution 5 00:00:12,140 --> 00:00:13,630 called Nodemailer. 6 00:00:15,154 --> 00:00:17,600 But before we do that, I actually wanted to show you 7 00:00:17,600 --> 00:00:20,840 the effect of not having this option here, 8 00:00:20,840 --> 00:00:23,540 because I actually never showed you before. 9 00:00:23,540 --> 00:00:26,543 So let's cut it here, try it now, again, 10 00:00:28,910 --> 00:00:31,720 and so now you see all these errors coming up 11 00:00:31,720 --> 00:00:33,890 like please confirm your password. 12 00:00:33,890 --> 00:00:36,010 And, actually, there should be more, 13 00:00:36,010 --> 00:00:39,340 but, well, this is now the first one that you get. 14 00:00:39,340 --> 00:00:41,400 Basically, because we don't have any value 15 00:00:41,400 --> 00:00:43,650 on the password confirm field. 16 00:00:43,650 --> 00:00:44,483 Okay? 17 00:00:44,483 --> 00:00:46,600 And so again, that's because of the validation 18 00:00:46,600 --> 00:00:49,330 and so again we can, of course, easily 19 00:00:49,330 --> 00:00:51,083 turn it off with this option. 20 00:00:53,430 --> 00:00:56,600 But anyway, let's now create an email handler function 21 00:00:56,600 --> 00:00:59,580 that we can then use throughout our application. 22 00:00:59,580 --> 00:01:00,860 So I'm gonna do that right here 23 00:01:00,860 --> 00:01:02,673 in the Utilities folder, again, 24 00:01:04,209 --> 00:01:08,440 and simply calling it email.js. 25 00:01:08,440 --> 00:01:09,650 All right? 26 00:01:09,650 --> 00:01:11,410 And before we do anything else, 27 00:01:11,410 --> 00:01:14,240 let's actually install the Nodemailer package. 28 00:01:14,240 --> 00:01:16,120 So that's the package that I mentioned 29 00:01:16,120 --> 00:01:17,390 right in the beginning, 30 00:01:17,390 --> 00:01:20,723 which we're gonna use to send email using Node.js. 31 00:01:23,130 --> 00:01:27,620 So, as always, npm install nodemailer. 32 00:01:34,170 --> 00:01:35,123 And in here. 33 00:01:42,674 --> 00:01:46,423 All right, and now let's create that function here. 34 00:01:49,500 --> 00:01:51,113 So constant email, 35 00:01:52,880 --> 00:01:54,350 okay, and then in here, 36 00:01:54,350 --> 00:01:58,060 we're gonna pass in some options basically. 37 00:01:58,060 --> 00:02:01,090 So the email address where we want to send an email to, 38 00:02:01,090 --> 00:02:03,780 the subject line, the email content, 39 00:02:03,780 --> 00:02:05,803 and maybe some other stuff. 40 00:02:07,625 --> 00:02:08,780 All right. 41 00:02:08,780 --> 00:02:11,180 And so now we need to follow three steps 42 00:02:11,180 --> 00:02:13,950 in order to send emails with Nodemailer. 43 00:02:15,120 --> 00:02:18,783 So first up, we need to create a transporter. 44 00:02:23,950 --> 00:02:24,963 Then second, 45 00:02:27,340 --> 00:02:31,777 we need to define the email options, basically, 46 00:02:35,330 --> 00:02:36,373 and then in the end, 47 00:02:37,930 --> 00:02:41,820 actually send the email with Nodemailer. 48 00:02:41,820 --> 00:02:42,960 Okay? 49 00:02:42,960 --> 00:02:46,260 So, the transporter that we made in the first step here, 50 00:02:46,260 --> 00:02:50,790 is basically a service that will actually send the email, 51 00:02:50,790 --> 00:02:53,610 because it's not node.js that will actually 52 00:02:53,610 --> 00:02:55,220 send the email itself. 53 00:02:55,220 --> 00:02:57,720 It's just a service that we define in here. 54 00:02:57,720 --> 00:03:00,340 Something like Gmail, for example. 55 00:03:00,340 --> 00:03:02,270 Now, Gmail is not actually the service 56 00:03:02,270 --> 00:03:03,370 that we're gonna use, 57 00:03:03,370 --> 00:03:05,760 but let me just quickly show you how it works 58 00:03:05,760 --> 00:03:08,350 with Gmail, because I know that many people 59 00:03:08,350 --> 00:03:10,810 will be interested in this, okay? 60 00:03:10,810 --> 00:03:15,120 So, anyway, we need to always create a transporter, 61 00:03:15,120 --> 00:03:16,260 and that's always the same, 62 00:03:16,260 --> 00:03:18,210 no matter what service we're gonna use. 63 00:03:20,070 --> 00:03:22,410 So the transporter will be 64 00:03:22,410 --> 00:03:24,577 nodemailer.createTransport 65 00:03:28,660 --> 00:03:31,550 and then, of course, we need some options in there. 66 00:03:31,550 --> 00:03:32,920 All right? 67 00:03:32,920 --> 00:03:35,820 So we can specify the service 68 00:03:37,620 --> 00:03:40,360 and we can say that we want to use Gmail. 69 00:03:40,360 --> 00:03:42,110 So, just like this. 70 00:03:42,110 --> 00:03:44,530 And there are a couple of well-known services 71 00:03:44,530 --> 00:03:47,260 that Nodemailer knows how to deal with, 72 00:03:47,260 --> 00:03:49,870 and so we don't have to configure these manually. 73 00:03:49,870 --> 00:03:52,660 And so Gmail is just one of them. 74 00:03:52,660 --> 00:03:56,863 But also there is Yahoo, or Hotmail, or many others, okay? 75 00:03:57,760 --> 00:03:58,980 So that's the service, 76 00:03:58,980 --> 00:04:03,020 and then we also need to specify the auth property, 77 00:04:03,020 --> 00:04:04,783 so basically for authentication. 78 00:04:06,150 --> 00:04:08,730 So we need a user and a password. 79 00:04:08,730 --> 00:04:10,380 And so just like before, 80 00:04:10,380 --> 00:04:14,253 we save that kind of stuff in our config.n file. 81 00:04:15,840 --> 00:04:16,673 All right. 82 00:04:17,930 --> 00:04:18,963 So email, 83 00:04:21,089 --> 00:04:22,253 that's a username, 84 00:04:23,500 --> 00:04:26,700 and now I'm not going to use a real Gmail address here 85 00:04:26,700 --> 00:04:28,963 because, again, we're not using Gmail, 86 00:04:29,910 --> 00:04:34,140 but just as an example here, all right. 87 00:04:34,140 --> 00:04:36,910 Your password. 88 00:04:36,910 --> 00:04:38,350 All right. 89 00:04:38,350 --> 00:04:40,480 So here we're done, say, 90 00:04:40,480 --> 00:04:41,350 process 91 00:04:43,090 --> 00:04:44,830 dot end dot 92 00:04:47,414 --> 00:04:48,581 EMAIL_USERNAME 93 00:04:53,780 --> 00:04:56,113 the password process dot end 94 00:04:58,310 --> 00:04:59,800 dot EMAIL_PASSWORD 95 00:05:02,650 --> 00:05:04,723 and I hope I spelled these correctly. 96 00:05:05,580 --> 00:05:06,413 Okay? 97 00:05:06,413 --> 00:05:07,970 And so this is the configuration 98 00:05:07,970 --> 00:05:10,610 for the transport in Nodemailer. 99 00:05:10,610 --> 00:05:12,400 Then in your Gmail account, 100 00:05:12,400 --> 00:05:14,160 you will actually have to activate something 101 00:05:14,160 --> 00:05:17,346 called the less secure app option. 102 00:05:17,346 --> 00:05:18,896 So let me write that down here. 103 00:05:27,609 --> 00:05:29,640 And again, I'm not going to do it here, 104 00:05:29,640 --> 00:05:31,020 but I know that many people 105 00:05:31,020 --> 00:05:33,160 will actually want to use it. 106 00:05:33,160 --> 00:05:35,710 And the reason why we're not using Gmail 107 00:05:35,710 --> 00:05:37,200 in this application 108 00:05:37,200 --> 00:05:40,170 is because Gmail is not at all a good idea 109 00:05:40,170 --> 00:05:41,510 for a production app. 110 00:05:41,510 --> 00:05:44,170 And so that's basically what we're trying to build here. 111 00:05:44,170 --> 00:05:45,003 Okay? 112 00:05:45,003 --> 00:05:47,600 So using Gmail for this kind of stuff, 113 00:05:47,600 --> 00:05:50,670 you can only send 500 emails per day, 114 00:05:50,670 --> 00:05:53,520 and also, you will probably very quickly be marked 115 00:05:53,520 --> 00:05:57,410 as a spammer, and from there, it will only go downhill. 116 00:05:57,410 --> 00:05:58,330 All right? 117 00:05:58,330 --> 00:06:00,710 So, unless it's like a private app, 118 00:06:00,710 --> 00:06:02,780 and you just send emails to yourself, 119 00:06:02,780 --> 00:06:04,470 or, like, 10 friends, 120 00:06:04,470 --> 00:06:07,090 well, then you should use another service. 121 00:06:07,090 --> 00:06:10,680 And some well-known ones are SendGrid and Mailgun. 122 00:06:10,680 --> 00:06:13,740 And, actually, we will use SendGrid a bit later 123 00:06:13,740 --> 00:06:15,180 in this course. 124 00:06:15,180 --> 00:06:17,400 Now, what we're gonna do right now 125 00:06:17,400 --> 00:06:19,920 is to use a special development service, 126 00:06:19,920 --> 00:06:23,740 which basically fakes to send emails to real addresses. 127 00:06:23,740 --> 00:06:26,660 But, in reality, these emails end up trapped 128 00:06:26,660 --> 00:06:29,920 in a development inbox, so that we can then take a look 129 00:06:29,920 --> 00:06:32,320 at how they will look later in production. 130 00:06:32,320 --> 00:06:33,270 All right? 131 00:06:33,270 --> 00:06:35,700 So that service is called Mailtrap, 132 00:06:35,700 --> 00:06:37,893 and so let's now sign up for that. 133 00:06:41,190 --> 00:06:42,023 So. 134 00:06:43,500 --> 00:06:45,883 Mailtrap.io, 135 00:06:47,810 --> 00:06:48,643 all right? 136 00:06:48,643 --> 00:06:51,050 So, and as I say, safe email testing 137 00:06:51,050 --> 00:06:52,940 for staging and development. 138 00:06:52,940 --> 00:06:54,280 So basically, with this service, 139 00:06:54,280 --> 00:06:57,410 you can fake to send emails to clients, 140 00:06:57,410 --> 00:07:00,230 but these emails will then never reach these clients, 141 00:07:00,230 --> 00:07:03,670 and instead be trapped in your Mailtrap, okay? 142 00:07:03,670 --> 00:07:05,660 And so that way you cannot accidentally 143 00:07:05,660 --> 00:07:09,150 send some development emails to all of your 144 00:07:09,150 --> 00:07:11,540 clients or users, okay. 145 00:07:11,540 --> 00:07:13,450 So go ahead and sign up now. 146 00:07:13,450 --> 00:07:15,430 I, of course, already have my account, 147 00:07:15,430 --> 00:07:17,040 and so I will simply log in now. 148 00:07:17,040 --> 00:07:19,390 So see you in a second, after you have created 149 00:07:19,390 --> 00:07:21,600 your free account. 150 00:07:21,600 --> 00:07:24,350 All right, so after creating your account, 151 00:07:24,350 --> 00:07:27,290 it will probably look a little bit like this. 152 00:07:27,290 --> 00:07:29,630 Now, you won't have any inbox for now, 153 00:07:29,630 --> 00:07:31,810 and so let's just create a new one, 154 00:07:31,810 --> 00:07:32,970 with the name of natours. 155 00:07:32,970 --> 00:07:36,200 So, I already have one, but just create a new one here, 156 00:07:36,200 --> 00:07:39,260 with the natours name, and then hit Create Inbox. 157 00:07:39,260 --> 00:07:40,093 All right? 158 00:07:40,093 --> 00:07:41,520 Then we can open it, 159 00:07:41,520 --> 00:07:44,280 and you see we have no email at this point, 160 00:07:44,280 --> 00:07:45,950 but what matters for now 161 00:07:45,950 --> 00:07:48,170 is these credentials here. 162 00:07:48,170 --> 00:07:50,310 So you see we have our host here, 163 00:07:50,310 --> 00:07:53,120 we have the port, username, and password. 164 00:07:53,120 --> 00:07:54,990 And so that's what we're gonna specify 165 00:07:54,990 --> 00:07:57,580 in our transport in Nodemailer now. 166 00:07:57,580 --> 00:07:58,413 All right? 167 00:07:58,413 --> 00:08:00,810 So let's start with the host, 168 00:08:00,810 --> 00:08:02,060 well, actually, with the username, 169 00:08:02,060 --> 00:08:04,320 so these two, I just need to copy 170 00:08:04,320 --> 00:08:07,933 so let's copy it to our config file, 171 00:08:09,100 --> 00:08:11,323 so that's the username, 172 00:08:13,220 --> 00:08:14,723 then that's the password, 173 00:08:18,620 --> 00:08:21,813 and now we actually also need to specify the host. 174 00:08:28,580 --> 00:08:31,830 Okay, and so that's because Mailtrap is not 175 00:08:31,830 --> 00:08:35,493 one of these predefined services that comes with Nodemailer. 176 00:08:39,720 --> 00:08:40,553 All right. 177 00:08:44,800 --> 00:08:46,433 The port is 25. 178 00:08:47,780 --> 00:08:49,660 So give it a save, 179 00:08:49,660 --> 00:08:53,390 and then in here, let's get rid of this, 180 00:08:53,390 --> 00:08:56,690 and what I need to specify instead is the host 181 00:08:57,730 --> 00:08:58,803 so email, 182 00:09:00,040 --> 00:09:01,460 host, 183 00:09:01,460 --> 00:09:03,430 and, of course, the port. 184 00:09:03,430 --> 00:09:05,773 So everything that we just saved before. 185 00:09:10,800 --> 00:09:12,950 All right, then the authentication here 186 00:09:12,950 --> 00:09:14,323 is the exact same. 187 00:09:15,790 --> 00:09:17,643 Let's get rid of this as well, 188 00:09:19,888 --> 00:09:22,200 and move on to step number two. 189 00:09:22,200 --> 00:09:24,913 So basically defining some options for our email. 190 00:09:29,440 --> 00:09:31,700 All right, and we could, of course, 191 00:09:31,700 --> 00:09:34,320 do step two and three all at the same, 192 00:09:34,320 --> 00:09:36,970 but I like to simply prefer these options here first. 193 00:09:37,810 --> 00:09:39,910 Okay, and so here we specify 194 00:09:39,910 --> 00:09:41,603 where the email is coming from, 195 00:09:42,660 --> 00:09:43,713 so the name, 196 00:09:45,890 --> 00:09:48,963 and then the email address like this. 197 00:09:52,800 --> 00:09:55,453 Next up, we need the recipient's address, 198 00:09:57,500 --> 00:10:01,153 and so that one, I'm gonna specify as an option, 199 00:10:03,200 --> 00:10:04,033 okay? 200 00:10:04,033 --> 00:10:06,560 So basically, coming as an argument to this function. 201 00:10:06,560 --> 00:10:08,650 So this options object here, 202 00:10:08,650 --> 00:10:11,173 is this one that we pass into the function. 203 00:10:12,110 --> 00:10:13,370 All right. 204 00:10:13,370 --> 00:10:17,263 Then actually the same for the subject and for the text. 205 00:10:18,990 --> 00:10:20,593 Let's just duplicate these here, 206 00:10:26,250 --> 00:10:28,170 So the subject and then 207 00:10:29,300 --> 00:10:31,720 we just specify the text property, 208 00:10:31,720 --> 00:10:34,793 and that one, in the options, I'm just calling it message. 209 00:10:35,790 --> 00:10:38,070 All right, so this one is basically 210 00:10:38,070 --> 00:10:39,950 the text version of the email. 211 00:10:39,950 --> 00:10:44,220 But we can then also specify the HTML property. 212 00:10:44,220 --> 00:10:48,220 Okay, and so we could now then convert this message to HTML. 213 00:10:48,220 --> 00:10:50,460 And later, we're going to do that, but for now, 214 00:10:50,460 --> 00:10:54,780 let's keep it simple and not specify the HTML here, at all. 215 00:10:54,780 --> 00:10:55,613 Okay? 216 00:10:55,613 --> 00:10:57,993 So simply leaving it at text. 217 00:10:59,320 --> 00:11:00,153 Okay! 218 00:11:00,153 --> 00:11:01,773 And then finally, at the end, 219 00:11:03,050 --> 00:11:06,723 transporter, so that's the transporter object 220 00:11:06,723 --> 00:11:09,440 that we created right here in the beginning, 221 00:11:09,440 --> 00:11:11,890 and on that, we can then call sendMail 222 00:11:14,470 --> 00:11:18,983 and into that we need to pass in our mail options, okay? 223 00:11:19,900 --> 00:11:22,640 And now this actually returns a Promise. 224 00:11:22,640 --> 00:11:25,890 Okay, so again, this is an asynchronous function, 225 00:11:25,890 --> 00:11:29,480 and since we don't want to directly work with Promises, 226 00:11:29,480 --> 00:11:30,933 let's use async/await. 227 00:11:32,890 --> 00:11:33,723 All right. 228 00:11:34,770 --> 00:11:37,450 So declaring this as an async function 229 00:11:37,450 --> 00:11:39,023 and there we go. 230 00:11:40,030 --> 00:11:41,070 All right. 231 00:11:41,070 --> 00:11:43,250 We don't want to store any result here, 232 00:11:43,250 --> 00:11:46,423 which we could, but I'm not really interested in that. 233 00:11:47,940 --> 00:11:51,930 Okay, and now let's simply export it 234 00:11:51,930 --> 00:11:54,263 as the default from this module. 235 00:11:57,990 --> 00:11:59,360 Okay, looks good! 236 00:11:59,360 --> 00:12:02,890 Now let's now go ahead and actually try this. 237 00:12:02,890 --> 00:12:07,050 And so to start, we need to import it here, of course. 238 00:12:07,050 --> 00:12:09,003 So let's just duplicate this here, 239 00:12:13,270 --> 00:12:14,370 so this is email, 240 00:12:14,370 --> 00:12:19,163 and the function is called sendEmail I think. 241 00:12:21,573 --> 00:12:22,406 Okay. 242 00:12:22,406 --> 00:12:26,513 So let's go back to our middleware function here, 243 00:12:28,540 --> 00:12:31,397 and let's start by defining the reset URL. 244 00:12:33,890 --> 00:12:37,810 So, ideally, the user will then click on this email 245 00:12:37,810 --> 00:12:41,240 and will then be able to do the request from there. 246 00:12:41,240 --> 00:12:42,500 And that's gonna work later 247 00:12:42,500 --> 00:12:44,650 when we implement our dynamic website, 248 00:12:44,650 --> 00:12:48,170 but still, we now want to create this URL here, 249 00:12:48,170 --> 00:12:50,350 so that the user can simply copy it, 250 00:12:50,350 --> 00:12:52,433 to make it easier to do this request. 251 00:12:53,720 --> 00:12:56,130 Okay, so basically we need to recreate 252 00:12:57,350 --> 00:13:00,750 this URL structure that we have here. 253 00:13:00,750 --> 00:13:02,627 So this one is for forgot password 254 00:13:02,627 --> 00:13:04,227 and let's actually save it here. 255 00:13:10,670 --> 00:13:14,910 So, forgot password, and now the URL 256 00:13:14,910 --> 00:13:17,820 that we're creating is actually for reset password. 257 00:13:17,820 --> 00:13:21,340 So, remember, we actually implemented that one before. 258 00:13:21,340 --> 00:13:22,173 Okay. 259 00:13:22,173 --> 00:13:24,020 Let's just go ahead and copy it here, 260 00:13:27,760 --> 00:13:31,750 so reset password, all right? 261 00:13:31,750 --> 00:13:33,940 And that will then actually take the token 262 00:13:33,940 --> 00:13:35,540 as a parameter. 263 00:13:35,540 --> 00:13:39,120 Okay, so let's just put any random token in here for now. 264 00:13:39,120 --> 00:13:40,563 So it doesn't matter at all. 265 00:13:41,610 --> 00:13:42,860 Let me just save it here, 266 00:13:45,150 --> 00:13:50,150 as reset password. 267 00:13:50,360 --> 00:13:51,193 Okay. 268 00:13:51,193 --> 00:13:53,970 And also, it's not GET, it's also not POST, 269 00:13:53,970 --> 00:13:56,320 but it's PATCH, because the result of this 270 00:13:56,320 --> 00:13:59,490 will be the modification of the password property 271 00:13:59,490 --> 00:14:01,560 in the user document. 272 00:14:01,560 --> 00:14:05,470 And so PATCH is the best one actually, okay? 273 00:14:05,470 --> 00:14:09,023 So let's quickly change our route implementation for this. 274 00:14:10,720 --> 00:14:14,410 So, it's here in userRoute, 275 00:14:14,410 --> 00:14:17,480 so it's not POST, it's PATCH, 276 00:14:17,480 --> 00:14:20,710 and we also want to specify a parameter. 277 00:14:20,710 --> 00:14:22,330 So, remember how we do that. 278 00:14:22,330 --> 00:14:24,030 So it's just like down here. 279 00:14:24,030 --> 00:14:26,960 So another slash then colon, and then the name 280 00:14:26,960 --> 00:14:29,593 of the parameter, which is gonna be token. 281 00:14:31,390 --> 00:14:32,990 Okay, and let's build this now, 282 00:14:32,990 --> 00:14:34,870 starting with the protocol. 283 00:14:34,870 --> 00:14:38,340 So, HTTP or HTTPS, okay? 284 00:14:38,340 --> 00:14:42,283 And we're basically gonna get that data from our request. 285 00:14:43,180 --> 00:14:45,720 So that's stored on request dot protocol 286 00:14:47,250 --> 00:14:51,750 then colon slash slash, and then the host, okay? 287 00:14:51,750 --> 00:14:54,590 So we're basically preparing this one here to work 288 00:14:54,590 --> 00:14:57,260 both in development and in production. 289 00:14:57,260 --> 00:15:00,630 So, request dot get, 290 00:15:00,630 --> 00:15:01,513 and then host. 291 00:15:02,760 --> 00:15:04,950 All right, so this is how we get the host, 292 00:15:04,950 --> 00:15:09,100 and then slash api slash version one, 293 00:15:09,100 --> 00:15:11,860 and I guess it's not ideal to define a tier 294 00:15:11,860 --> 00:15:13,170 hardcoded like this, 295 00:15:13,170 --> 00:15:15,260 but again, this is something that we're gonna fix 296 00:15:15,260 --> 00:15:17,080 a bit later, okay? 297 00:15:17,080 --> 00:15:20,100 And I see that this is actually not correct. 298 00:15:20,100 --> 00:15:22,680 These curly braces should be there. 299 00:15:22,680 --> 00:15:24,263 So, now, users, 300 00:15:25,676 --> 00:15:26,843 resetPassword, 301 00:15:28,910 --> 00:15:32,830 and then yet another slash, and finally the token. 302 00:15:32,830 --> 00:15:34,833 Okay, so, resetToken. 303 00:15:35,790 --> 00:15:36,623 All right? 304 00:15:36,623 --> 00:15:38,780 And as we discussed before, in the last lecture, 305 00:15:38,780 --> 00:15:40,000 here we actually gotta send 306 00:15:40,000 --> 00:15:44,000 the plain, original resetToken, and not the encrypted one. 307 00:15:44,000 --> 00:15:44,833 All right? 308 00:15:44,833 --> 00:15:46,170 We will then, in the next step, 309 00:15:46,170 --> 00:15:49,810 compare the original token with the encrypted one. 310 00:15:49,810 --> 00:15:52,780 So, again, just as we discussed in the last video. 311 00:15:52,780 --> 00:15:56,657 Give it a save here now, and so that is our reset URL. 312 00:16:00,940 --> 00:16:04,490 And now, based on this URL, let's quickly 313 00:16:04,490 --> 00:16:06,233 create the message here as well. 314 00:16:07,950 --> 00:16:11,113 So, Forgot your password? 315 00:16:13,120 --> 00:16:17,720 Submit a PATCH request 316 00:16:18,900 --> 00:16:21,650 with your new password 317 00:16:24,380 --> 00:16:26,273 and passwordConfirm of course, 318 00:16:30,850 --> 00:16:34,270 to the reset URL that we just created, okay? 319 00:16:34,270 --> 00:16:37,500 So basically, giving the user some instructions here. 320 00:16:37,500 --> 00:16:39,373 Then, on a new line, we also say, 321 00:16:40,670 --> 00:16:44,053 if you didn't forget your password, 322 00:16:47,820 --> 00:16:49,610 please ignore this email. 323 00:16:49,610 --> 00:16:51,690 So that's kind of a common message, 324 00:16:51,690 --> 00:16:54,320 and again, I'm sure you've seen it in some way 325 00:16:54,320 --> 00:16:55,963 or another, all right. 326 00:16:56,860 --> 00:16:59,900 So let's now, finally, send the email, 327 00:16:59,900 --> 00:17:02,020 and remember that sendEmail 328 00:17:02,020 --> 00:17:03,640 is an asynchronous function. 329 00:17:03,640 --> 00:17:06,470 And so, therefore, we need to await it here. 330 00:17:06,470 --> 00:17:07,303 Okay? 331 00:17:07,303 --> 00:17:09,693 Because, of course, it's gonna return a Promise. 332 00:17:11,470 --> 00:17:14,849 And remember now that the sendEmail function here 333 00:17:14,849 --> 00:17:17,490 takes an object with some options. 334 00:17:17,490 --> 00:17:22,490 So the email is user.email, right? 335 00:17:23,730 --> 00:17:28,150 Or we could also say, req.body.email. 336 00:17:28,150 --> 00:17:31,233 So that's exactly the same, actually, right? 337 00:17:32,900 --> 00:17:35,773 Then the subject that we want to say is, 338 00:17:36,690 --> 00:17:41,363 Your password reset token. 339 00:17:44,850 --> 00:17:48,540 Let's say right away that it's only valid for 10 minutes, 340 00:17:48,540 --> 00:17:52,290 so that the user knows that he has to hurry. 341 00:17:52,290 --> 00:17:55,113 Okay, and then finally, the message, as well. 342 00:17:56,940 --> 00:17:57,773 Okay. 343 00:17:57,773 --> 00:18:00,080 So, we await that, and then after that, 344 00:18:00,080 --> 00:18:04,330 let's also send, of course, some response. 345 00:18:04,330 --> 00:18:07,130 Okay, so there always needs to be a response, 346 00:18:07,130 --> 00:18:08,860 otherwise, as you already know, 347 00:18:08,860 --> 00:18:11,970 the request/response cycle will never finish. 348 00:18:11,970 --> 00:18:14,700 So we simply send a 200 code 349 00:18:14,700 --> 00:18:18,720 and then a nicely formatted message 350 00:18:19,670 --> 00:18:22,023 with a status of success, 351 00:18:25,640 --> 00:18:28,550 and then just a quick message saying, 352 00:18:28,550 --> 00:18:32,410 Token sent to email. 353 00:18:32,410 --> 00:18:33,243 All right. 354 00:18:33,243 --> 00:18:37,490 And, of course, we can not send the reset token right here, 355 00:18:37,490 --> 00:18:40,970 by adjacent, right, because, then everyone could 356 00:18:40,970 --> 00:18:42,910 just reset anyone's password, 357 00:18:42,910 --> 00:18:45,440 and take over any account that they wanted. 358 00:18:45,440 --> 00:18:47,740 And so that's the whole reason why we send it 359 00:18:47,740 --> 00:18:49,940 to an email address, because we assume 360 00:18:49,940 --> 00:18:51,800 that the email is a safe place, 361 00:18:51,800 --> 00:18:54,187 that only the user has access to. 362 00:18:54,187 --> 00:18:55,020 All right. 363 00:18:56,990 --> 00:19:00,170 Whoo, so, this video, again is running quite long, 364 00:19:00,170 --> 00:19:01,620 but we're still not done. 365 00:19:01,620 --> 00:19:04,200 We're almost done, but not entirely, 366 00:19:04,200 --> 00:19:06,590 because there might happen an error, 367 00:19:06,590 --> 00:19:10,560 using this sendEmail, okay, and so in that case, 368 00:19:10,560 --> 00:19:14,100 we, of course, want to send an error message to the client. 369 00:19:14,100 --> 00:19:16,720 But in this case, we actually need to do more 370 00:19:16,720 --> 00:19:18,980 than simply send an error message. 371 00:19:18,980 --> 00:19:22,707 We need to basically, set back the password reset token 372 00:19:22,707 --> 00:19:26,660 and the password reset expired that we defined, okay? 373 00:19:26,660 --> 00:19:29,140 And so right now it's not enough to simply 374 00:19:29,140 --> 00:19:31,340 catch the error and then send it down 375 00:19:31,340 --> 00:19:34,100 to our global error handling middleware. 376 00:19:34,100 --> 00:19:36,980 But instead we need to simply add 377 00:19:36,980 --> 00:19:39,660 a try-catch block right here. 378 00:19:39,660 --> 00:19:42,290 So again, because we actually want to do more 379 00:19:42,290 --> 00:19:45,363 than simply send an error down to the client, 380 00:19:46,850 --> 00:19:49,633 so we try basically to do this, 381 00:19:50,950 --> 00:19:53,763 right, but in case there is an error, 382 00:19:54,660 --> 00:19:57,630 then, of course, this block here is executed. 383 00:19:57,630 --> 00:19:58,463 All right? 384 00:19:58,463 --> 00:20:01,380 So what we want to do in that case, 385 00:20:01,380 --> 00:20:04,160 well, we want to basically, as I said, 386 00:20:04,160 --> 00:20:08,140 reset both the token and the expires property. 387 00:20:08,140 --> 00:20:09,620 Okay. 388 00:20:09,620 --> 00:20:11,850 So, passwordResetToken, 389 00:20:15,360 --> 00:20:18,950 and set it to undefined, all right. 390 00:20:18,950 --> 00:20:22,053 And the same for passwordResetExpires. 391 00:20:24,670 --> 00:20:25,503 Okay. 392 00:20:25,503 --> 00:20:27,350 And then, of course, just like before, 393 00:20:27,350 --> 00:20:30,830 this only modifies the data, but doesn't really save it. 394 00:20:30,830 --> 00:20:33,693 And so let's go add, grab this one, 395 00:20:35,560 --> 00:20:39,730 and so to basically save the data in this case. 396 00:20:39,730 --> 00:20:41,750 Okay, and then just to finish, 397 00:20:41,750 --> 00:20:45,140 we, of course, then return with an error 398 00:20:45,140 --> 00:20:46,620 to the next middleware. 399 00:20:46,620 --> 00:20:48,223 So newAppError, 400 00:20:50,970 --> 00:20:55,373 There was an error sending the email. 401 00:20:57,940 --> 00:20:59,333 Try again later. 402 00:21:00,220 --> 00:21:03,700 And in this case, the error code can actually be a 500. 403 00:21:03,700 --> 00:21:06,980 So this is really then, like an error that's happened 404 00:21:06,980 --> 00:21:09,930 on the server, and so it has to be a five code, 405 00:21:09,930 --> 00:21:12,893 and 500 is just, like, the standard one. 406 00:21:13,740 --> 00:21:15,160 All right. 407 00:21:15,160 --> 00:21:20,160 So, let's now go ahead and try this out again, all right. 408 00:21:20,830 --> 00:21:25,130 So this is quite a long one again, but, well, 409 00:21:25,130 --> 00:21:27,200 we have to do it, right? 410 00:21:27,200 --> 00:21:31,173 So, forgot password, with this email, let's check it out. 411 00:21:32,260 --> 00:21:34,270 So this might not take a long time, 412 00:21:34,270 --> 00:21:36,400 because of sending the email, 413 00:21:36,400 --> 00:21:40,360 but actually it worked now, took like five seconds, 414 00:21:40,360 --> 00:21:42,840 but we see Token sent to email. 415 00:21:42,840 --> 00:21:45,770 and so, as we know, since we used Mailtrap, 416 00:21:45,770 --> 00:21:49,810 it actually didn't send this email to hello@jones.io 417 00:21:49,810 --> 00:21:53,010 but instead the email should be now trapped 418 00:21:53,010 --> 00:21:55,940 inside of Mailtrap. 419 00:21:55,940 --> 00:21:59,003 And, indeed, here on the left side, it now showed up. 420 00:21:59,890 --> 00:22:01,170 All right. 421 00:22:01,170 --> 00:22:04,440 So, that is the email that we specified 422 00:22:04,440 --> 00:22:06,467 and here we get our nice URL. 423 00:22:07,960 --> 00:22:11,980 Okay, so the one that we created with the protocol, 424 00:22:11,980 --> 00:22:15,070 the host, and then also with the token. 425 00:22:15,070 --> 00:22:17,210 So let's just take a look if this really 426 00:22:17,210 --> 00:22:18,910 is our plain token, 427 00:22:18,910 --> 00:22:20,873 so ending in 88df, 428 00:22:22,130 --> 00:22:26,690 and, indeed, we have resetToken here, 88df. 429 00:22:26,690 --> 00:22:29,050 And now in the database, we should have the token 430 00:22:29,050 --> 00:22:31,890 ending in 1111. 431 00:22:31,890 --> 00:22:34,883 So, let's confirm that, here in Compass, 432 00:22:35,780 --> 00:22:40,780 give it a reload, and, indeed, here we go, okay? 433 00:22:41,470 --> 00:22:45,260 And so again, this here is in 10 minutes from now. 434 00:22:45,260 --> 00:22:47,910 Great, so we finished that part. 435 00:22:47,910 --> 00:22:50,290 Next up, in the next video, we will then actually 436 00:22:50,290 --> 00:22:52,320 reset the password, 437 00:22:52,320 --> 00:22:54,590 based, of course, on the new password 438 00:22:54,590 --> 00:22:58,030 that the user sends with the reset password request. 439 00:22:58,030 --> 00:22:58,993 So, see ya there. 32611