Module: loopback

Class: User

User

Built-in User model. Extends LoopBack PersistedModel.

Default User ACLs.

  • DENY EVERYONE *
  • ALLOW EVERYONE create
  • ALLOW OWNER deleteById
  • ALLOW EVERYONE login
  • ALLOW EVERYONE logout
  • ALLOW OWNER findById
  • ALLOW OWNER updateAttributes
Class Properties
Name Type Description
username String

Must be unique.

password String

Hidden from remote clients.

email String

Must be valid email.

emailVerified Boolean

Set when a user's email has been verified via confirm().

verificationToken String

Set when verify() is called.

realm String

The namespace the user belongs to. See Partitioning users with realms for details.

created Date

The property is not used by LoopBack, you are free to use it for your own purposes.

lastUpdated Date

The property is not used by LoopBack, you are free to use it for your own purposes.

status String

The property is not used by LoopBack, you are free to use it for your own purposes.

settings Object

Extends the Model.settings object.

settings.emailVerificationRequired Boolean

Require the email verification process before allowing a login.

settings.ttl Number

Default time to live (in seconds) for the AccessToken created by User.login() / user.createAccessToken(). Default is 1209600 (2 weeks)

settings.maxTTL Number

The max value a user can request a token to be alive / valid for. Default is 31556926 (1 year)

settings.realmRequired Boolean

Require a realm when logging in a user.

settings.realmDelimiter String

When set a realm is required.

settings.resetPasswordTokenTTL Number

Time to live for password reset AccessToken. Default is 900 (15 minutes).

settings.saltWorkFactor Number

The bcrypt salt work factor. Default is 10.

settings.caseSensitiveEmail Boolean

Enable case sensitive email.

User.confirm(userId, token, redirect, callback)

Confirm the user's identity.

Arguments
Name Type Description
userId Any
token String

The validation token

redirect String

URL to redirect the user to once confirmed

callback Function
Callback
Name Type Description
err Error

user.createAccessToken(ttl, [options], cb)

Create access token for the logged in user. This method can be overridden to customize how access tokens are generated

Arguments
Name Type Description
ttl Number

The requested ttl

[options] Object

The options for access token, such as scope, appId

cb Function

The callback function

Callback
Name Type Description
err String or Error

The error string or object

token AccessToken

The generated access token object

User.generateVerificationToken(user, cb)

A default verification token generator which accepts the user the token is being generated for and a callback function to indicate completion. This one uses the crypto library and 64 random bytes (converted to hex) for the token. When used in combination with the user.verify() method this function will be called with the user object as it's context (this).

Arguments
Name Type Description
user object

The User this token is being generated for.

cb Function

The generator must pass back the new token with this function call

user.hasPassword(password, callback)

Compare the given password with the users hashed password.

Arguments
Name Type Description
password String

The plain text password

callback Function

Callback function

Callback
Name Type Description
err Error

Error object

isMatch Boolean

Returns true if the given password matches record

User.login(credentials, [include], callback)

Login a user by with the given credentials.

   User.login({username: 'foo', password: 'bar'}, function (err, token) {
     console.log(token.id);
   });
Arguments
Name Type Description
credentials Object

username/password or email/password

[include] Array.<String> or String

Optionally set it to "user" to include the user info

callback Function

Callback function

Callback
Name Type Description
err Error

Error object

token AccessToken

Access token if login is successful

User.logout(accessTokenID, callback)

Logout a user with the given accessToken id.

   User.logout('asd0a9f8dsj9s0s3223mk', function (err) {
     console.log(err || 'Logged out');
   });
Arguments
Name Type Description
accessTokenID String
callback Function
Callback
Name Type Description
err Error

User.normalizeCredentials(credentials, realmRequired, realmDelimiter)

Normalize the credentials

Arguments
Name Type Description
credentials Object

The credential object

realmRequired Boolean
realmDelimiter String

The realm delimiter, if not set, no realm is needed

Returns
Name Type Description
result Object

The normalized credential object

User.resetPassword(options, callback)

Create a short lived acess token for temporary login. Allows users to change passwords if forgotten.

Arguments
Name Type Description
options Object
callback Function
options
Name Type Description
email String

The user's email address

Callback
Name Type Description
err Error

user.verify(options)

Verify a user's identity by sending them a confirmation email.

   var options = {
     type: 'email',
     to: user.email,
     template: 'verify.ejs',
     redirect: '/',
     tokenGenerator: function (user, cb) { cb("random-token"); }
   };

   user.verify(options, next);
Arguments
Name Type Description
options Object
options
Name Type Description
type String

Must be 'email'.

to String

Email address to which verification email is sent.

from String

Sender email addresss, for example 'noreply@myapp.com'.

subject String

Subject line text.

text String

Text of email.

template String

Name of template that displays verification page, for example, `'verify.ejs'.

redirect String

Page to which user will be redirected after they verify their email, for example '/' for root URI.

generateVerificationToken Function

A function to be used to generate the verification token. It must accept the user object and a callback function. This function should NOT add the token to the user object, instead simply execute the callback with the token! User saving and email sending will be handled in the verify() method.