Class: User
User
Built-in User model. Extends LoopBack PersistedModel.
Default User
ACLs.
- DENY EVERYONE
*
- ALLOW EVERYONE
create
- ALLOW OWNER
deleteById
- ALLOW EVERYONE
login
- ALLOW EVERYONE
logout
- ALLOW OWNER
findById
- ALLOW OWNER
updateAttributes
Name | Type | Description |
---|---|---|
username |
String
|
Must be unique. |
password |
String
|
Hidden from remote clients. |
String
|
Must be valid email. |
|
emailVerified |
Boolean
|
Set when a user's email has been verified via |
verificationToken |
String
|
Set when |
realm |
String
|
The namespace the user belongs to. See Partitioning users with realms for details. |
created |
Date
|
The property is not used by LoopBack, you are free to use it for your own purposes. |
lastUpdated |
Date
|
The property is not used by LoopBack, you are free to use it for your own purposes. |
status |
String
|
The property is not used by LoopBack, you are free to use it for your own purposes. |
settings |
Object
|
Extends the |
settings.emailVerificationRequired |
Boolean
|
Require the email verification process before allowing a login. |
settings.ttl |
Number
|
Default time to live (in seconds) for the |
settings.maxTTL |
Number
|
The max value a user can request a token to be alive / valid for. Default is |
settings.realmRequired |
Boolean
|
Require a realm when logging in a user. |
settings.realmDelimiter |
String
|
When set a realm is required. |
settings.resetPasswordTokenTTL |
Number
|
Time to live for password reset |
settings.saltWorkFactor |
Number
|
The |
settings.caseSensitiveEmail |
Boolean
|
Enable case sensitive email. |
User.confirm(userId, token, redirect, callback)
Confirm the user's identity.
Name | Type | Description |
---|---|---|
userId |
Any
|
|
token |
String
|
The validation token |
redirect |
String
|
URL to redirect the user to once confirmed |
callback |
Function
|
Name | Type | Description |
---|---|---|
err |
Error
|
user.createAccessToken(ttl, [options], cb)
Create access token for the logged in user. This method can be overridden to customize how access tokens are generated
Name | Type | Description |
---|---|---|
ttl |
Number
|
The requested ttl |
[options] |
Object
|
The options for access token, such as scope, appId |
cb |
Function
|
The callback function |
Name | Type | Description |
---|---|---|
err |
String or Error
|
The error string or object |
token |
AccessToken
|
The generated access token object |
User.generateVerificationToken(user, cb)
A default verification token generator which accepts the user the token is
being generated for and a callback function to indicate completion.
This one uses the crypto library and 64 random bytes (converted to hex)
for the token. When used in combination with the user.verify() method this
function will be called with the user
object as it's context (this
).
Name | Type | Description |
---|---|---|
user |
object
|
The User this token is being generated for. |
cb |
Function
|
The generator must pass back the new token with this function call |
user.hasPassword(password, callback)
Compare the given password
with the users hashed password.
Name | Type | Description |
---|---|---|
password |
String
|
The plain text password |
callback |
Function
|
Callback function |
Name | Type | Description |
---|---|---|
err |
Error
|
Error object |
isMatch |
Boolean
|
Returns true if the given |
User.login(credentials, [include], callback)
Login a user by with the given credentials
.
User.login({username: 'foo', password: 'bar'}, function (err, token) {
console.log(token.id);
});
Name | Type | Description |
---|---|---|
credentials |
Object
|
username/password or email/password |
[include] |
Array.<String> or String
|
Optionally set it to "user" to include the user info |
callback |
Function
|
Callback function |
Name | Type | Description |
---|---|---|
err |
Error
|
Error object |
token |
AccessToken
|
Access token if login is successful |
User.logout(accessTokenID, callback)
Logout a user with the given accessToken id.
User.logout('asd0a9f8dsj9s0s3223mk', function (err) {
console.log(err || 'Logged out');
});
Name | Type | Description |
---|---|---|
accessTokenID |
String
|
|
callback |
Function
|
Name | Type | Description |
---|---|---|
err |
Error
|
User.normalizeCredentials(credentials, realmRequired, realmDelimiter)
Normalize the credentials
Name | Type | Description |
---|---|---|
credentials |
Object
|
The credential object |
realmRequired |
Boolean
|
|
realmDelimiter |
String
|
The realm delimiter, if not set, no realm is needed |
Name | Type | Description |
---|---|---|
result |
Object
|
The normalized credential object |
User.resetPassword(options, callback)
Create a short lived acess token for temporary login. Allows users to change passwords if forgotten.
Name | Type | Description |
---|---|---|
options |
Object
|
|
callback |
Function
|
Name | Type | Description |
---|---|---|
String
|
The user's email address |
Name | Type | Description |
---|---|---|
err |
Error
|
user.verify(options)
Verify a user's identity by sending them a confirmation email.
var options = {
type: 'email',
to: user.email,
template: 'verify.ejs',
redirect: '/',
tokenGenerator: function (user, cb) { cb("random-token"); }
};
user.verify(options, next);
Name | Type | Description |
---|---|---|
options |
Object
|
Name | Type | Description |
---|---|---|
type |
String
|
Must be 'email'. |
to |
String
|
Email address to which verification email is sent. |
from |
String
|
Sender email addresss, for example |
subject |
String
|
Subject line text. |
text |
String
|
Text of email. |
template |
String
|
Name of template that displays verification page, for example, `'verify.ejs'. |
redirect |
String
|
Page to which user will be redirected after they verify their email, for example |
generateVerificationToken |
Function
|
A function to be used to generate the verification token. It must accept the user object and a
callback function. This function should NOT add the token to the user
object, instead simply execute the callback with the token! User saving
and email sending will be handled in the |