Example of managing users.
See also:
Page Contents
Note: This page was generated from the loopback-example-user-management README.
loopback-example-user-management
$ git clone git@github.com:strongloop/loopback-example-user-management.git
$ cd loopback-example-user-management
$ npm install
$ node .
- Project Layout
- How do you register a new user?
- How do you send an email verification for a new user registration?
- How do you log in a user?
- How do you log out a user?
- How do you perform a password reset for a registered user
Notes
- You will need to configure LoopBack to send email for email related features
- If you’re using GMail, you can simply replace the user and pass with your own credentials.
- With GMail, you might need to temporarily allow “less secure” apps to access you email account. See Allowing less secure apps to access your account for more information.
Project Layout
common/models
contains the extended user files.user.js
contains user the logic for sending emails and password reset, whileuser.json
contains the model definition.server/boot/authentication.js
enables authentication middleware with theenableAuth()
method. It’s this middleware that finds the access token id string (usually from the query string) and appends entire token instance onto the express request object asreq.accessToken
. From there, you can find the user’s ID:req.accessToken.userId
(used in theroutes.js
file, see directly below).server/boot/routes.js
contains all the routing logic. In this example, we have used ExpressJS to configure the routing since each LoopBack app is an extended version of an Express app.server/views
contains all the views (or pages) rendered by Express using the EJS templating frameworkserver/datasources.json
contains the datasource configurations. Here is where we add an email datasource.server/model-config.json
contains the all the model configurations. Here is where we configure the extended user model (lowercase ‘u’) and the email model. The rest of the models are all built-in LoopBack models.
Note
All other files have not been modified from their defaults.
How do you register a new user?
- Create a form to gather sign up information
- Create a remote hook to send a verification email
Notes
- Upon execution,
user.verify
sends an email using the provided options - The verification email is configured to redirect the user to the
/verified
route in our example. For your app, you should configure the redirect to match your use case - The options are self-explanitory except
type
,template
anduser
type
- value must beemail
template
- the path to the template to use for the verification emailuser
- when provided, the information in the object will be used in the verification link email
How do you send an email verification for a new user registration?
See step 2 in the previous question
How do you log in a user?
- Create a form to accept login credentials
- Create an route to handle the login request
How do you log out a user?
- Create a logout link with the access token embedded into the URL
- Call
User.logout
with the access token
Notes
- We use the LoopBack token middleware to process access tokens. As long as you provide
access_token
in the query string of URL, the access token object will be provided inreq.accessToken
property in your route handler
How do you perform a password reset for a registered user?
- Create a form to gather password reset info
- Create an endpoint to handle the password reset request. Calling
User.resetPassword
ultimately emits aresetPasswordRequest
event and creates a temporary access token - Register an event handler for the
resetPasswordRequest
that sends an email to the registered user. In our example, we provide a URL that redirects the user to a password reset page authenticated with a temporary access token - Create a password reset form for the user to enter and confirm their new password
- Create an endpoint to process the password reset
- For the
resetPasswordRequest
handler callback, you are provided with aninfo
object which contains information related to the user that is requesting the password reset. Note that this example is set up to send an initial email to yourself (the FROM and TO fields are the same). You will eventually want to change the address in the FROM field.