Add OTP feature

[piyush-gangrade]

PR #39

Add verifyOTP.jsx for sending and verifying OTP, and update Login.jsx and Signup.jsx accordingly.

Details: After users log in or sign up, they will navigate to the 'verify' route where they have to enter the OTP sent to their email. After submitting the OTP, if it is valid, a token will be sent to the user.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
elective-hub	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 13, 2024 6:39pm

[netlify]

✅ Deploy Preview for chipper-cucurucho-7e07f5 ready!

Name	Link
🔨 Latest commit	490037b
🔍 Latest deploy log	https://app.netlify.com/sites/chipper-cucurucho-7e07f5/deploys/66425e621424d70008a069b8
😎 Deploy Preview	https://deploy-preview-81--chipper-cucurucho-7e07f5.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[gitguardian]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

---

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

[JayeshYadav99]

@piyush-gangrade Send screen recording of running this pr on local and performing otp functionality

[piyush-gangrade]

@JayeshYadav99

OTP.feature.video.mp4

[JayeshYadav99]

@piyush-gangrade Remove otp verification from login only keep it in signup

[piyush-gangrade]

@JayeshYadav99, the following changes have been made

[VinayakVispute]

@piyush-gangrade Hello,

Your contribution looks good to me but there are 2 huge flows

1. There is loophole that immediate attention. Users should not be able to bypass OTP verification simply not verifying the OPT as signup Page and logining in directly. As you can see in Video.

Keep user authentication data and OTPs in separate collections to prevent bypassing OTP verification during login.

Video_240513165500.mp4

2. You OPT are stored in plain text in mongodb. So I think it should encrypted but its your take what you think is correct

[piyush-gangrade]

ok, I'll fix this issue and update

[piyush-gangrade]

Changes:

Additions:

1. Added server/Models/OtpModel.js to save email, signature, publicKey, and createdAt.
2. Added server/util/encrypt.js to generate privateKey and publicKey so that we can create a signature of data using privateKey and verify it using publicKey.

Updates:

1. Updated Signup.jsx so that it can send an OTP and provide inputData to VerifyOTP.jsx with the help of the navigate state and location state.
2. Updated the sendOtp function of AuthController.js to create an OTP document, save email, signature, and publicKey, and send an OTP to the given email.
3. Updated VerifyOTP.jsx so that after submitting the OTP, it sends a request to the 'signup' API route with inputData and OTP.
4. Updated the signup function of AuthController.js so that it first checks if the OTP is valid. If the OTP is valid, it allows the creation of a User and sends back a token

Change.OTP.feature.functionality.mp4

[VinayakVispute]

@piyush-gangrade Cool , Since my exams are going on, So I was unable to do but I will make sure to give you update today.

[piyush-gangrade]

Thank you! Could you also please add assignees and labels