From: charleswrayjr <charleswrayjr@gmail.com>
Date: Tue, 16 Sep 2025 20:15:25 +0000 (-0500)
Subject: Cleaning up auth and authentication model, routes, and controllers.
X-Git-Url: https://git.phasecustomsoft.com/?a=commitdiff_plain;h=c75a58fc155a23cd9d2add2fe410080c66712444;p=phs-api.git

Cleaning up auth and authentication model, routes, and controllers.
---

diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
index 6f50eab..bac979d 100644
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -18,7 +18,7 @@ module.exports = {
         return next( createError( 400, !email ? 'You must provide an email to login.' : 'You must provide a password to login.' ) );
       }
       const user = await db.user.find_one( { email } );
-      if (!user || !user.is_active || user.is_deleted) {
+      if (!user || !user.is_active || user.is_deleted || user.is_locked) {
         return res.status( 401 ).send( { success:false, user:null, token:null } );
       }
       const isValid = await user.comparePassword( password );
diff --git a/src/models/authentication.model.js b/src/models/authentication.model.js
index df6a08a..c9cc191 100644
--- a/src/models/authentication.model.js
+++ b/src/models/authentication.model.js
@@ -178,6 +178,10 @@ class Authentication extends Model {
     } );
   };
 
+  to_safe_json() {
+    const { password, password_salt, password_verification_token, password_reset_token, ...safeData } = this.toJSON();
+    return safeData;
+  };
 }
 
 module.exports = Authentication;
\ No newline at end of file
diff --git a/src/routes/authentication.routes.js b/src/routes/authentication.routes.js
index 5b78f0b..f5498dd 100644
--- a/src/routes/authentication.routes.js
+++ b/src/routes/authentication.routes.js
@@ -13,13 +13,15 @@ const authentication_controller = require( '../controllers/authentication.contro
  * @returns {Object} Express router with authentication routes
  */
 module.exports = ( passport ) => {
-  router.post( '/create', validate_auth( passport ), authentication_controller.create );
-  router.get( '/user/:user_id', validate_auth( passport ), authentication_controller.find_by_user_id );
-  router.get( '/reset/:token', validate_auth( passport ), authentication_controller.find_by_reset_token );
-  router.get( '/:id', validate_auth( passport ), authentication_controller.find_one );
-  router.get( '/', validate_auth( passport ), authentication_controller.find_many );
-  router.put( '/:id/lock', validate_auth( passport ), authentication_controller.lock_account );
-  router.put( '/:id/unlock', validate_auth( passport ), authentication_controller.unlock_account );
-  router.put( '/:id/soft_delete', validate_auth( passport ), authentication_controller.soft_delete );
+  router.use( validate_auth( passport ) );
+
+  router.post( '/create', authentication_controller.create );
+  router.get( '/user/:user_id', authentication_controller.find_by_user_id );
+  router.get( '/reset/:token', authentication_controller.find_by_reset_token );
+  router.get( '/:id', authentication_controller.find_one );
+  router.get( '/', authentication_controller.find_many );
+  router.put( '/:id/lock', authentication_controller.lock_account );
+  router.put( '/:id/unlock', authentication_controller.unlock_account );
+  router.put( '/:id/soft_delete', authentication_controller.soft_delete );
   return router;
 };
\ No newline at end of file