2013-10-31 23:22:50 +00:00
## Bundled Models
The Loopback library is unopinioned in the way you define your app's data and logic. Loopback also bundles useful pre-built models for common use cases.
- User - register and authenticate users of your app locally or against 3rd party services.
- Email - send emails to your app users using smtp or 3rd party services.
Defining a model with `loopback.createModel()` is really just extending the base `loopback.Model` type using `loopback.Model.extend()` . The bundled models extend from the base `loopback.Model` allowing you to extend them arbitrarily.
### User Model
Register and authenticate users of your app locally or against 3rd party services.
#### Define a User Model
Extend a vanilla Loopback model using the built in User model.
```js
// create a data source
var memory = loopback.memory();
// define a User model
var User = loopback.User.extend('user');
// attach to the memory connector
User.attachTo(memory);
2013-11-14 23:27:36 +00:00
// also attach the accessToken model to a data source
User.accessToken.attachTo(memory);
2013-10-31 23:22:50 +00:00
// expose over the app's api
app.model(User);
```
2013-11-14 23:27:36 +00:00
**Note:** By default the `loopback.User` model uses the `loopback.AccessToken` model to persist access tokens. You can change this by setting the `accessToken` property.
2013-10-31 23:22:50 +00:00
2013-11-14 23:27:36 +00:00
**Note:** You must attach both the `User` and `User.accessToken` model's to a data source!
2013-10-31 23:22:50 +00:00
#### User Creation
Create a user like any other model.
```js
// username and password are not required
User.create({email: 'foo@bar.com', password: 'bar'}, function(err, user) {
console.log(user);
});
```
#### Login a User
2013-11-14 23:27:36 +00:00
Create an `accessToken` for a user using the local auth strategy.
2013-10-31 23:22:50 +00:00
**Node.js**
```js
2013-11-14 23:27:36 +00:00
User.login({username: 'foo', password: 'bar'}, function(err, accessToken) {
console.log(accessToken);
2013-10-31 23:22:50 +00:00
});
```
**REST**
You must provide a username and password over rest. To ensure these values are encrypted, include these as part of the body and make sure you are serving your app over https (through a proxy or using the https node server).
```
POST
/users/login
...
{
"email": "foo@bar.com",
"password": "bar"
}
...
200 OK
{
"sid": "1234abcdefg",
"uid": "123"
}
```
#### Logout a User
**Node.js**
```js
// login a user and logout
2013-11-14 23:27:36 +00:00
User.login({"email": "foo@bar.com", "password": "bar"}, function(err, accessToken) {
User.logout(accessToken.id, function(err) {
2013-10-31 23:22:50 +00:00
// user logged out
});
});
// logout a user (server side only)
User.findOne({email: 'foo@bar.com'}, function(err, user) {
user.logout();
});
```
**REST**
```
POST /users/logout
...
{
2013-11-14 23:27:36 +00:00
"sid": "< accessToken id from user login > "
2013-10-31 23:22:50 +00:00
}
```
#### Verify Email Addresses
Require a user to verify their email address before being able to login. This will send an email to the user containing a link to verify their address. Once the user follows the link they will be redirected to `/` and be able to login normally.
```js
// first setup the mail datasource (see #mail -model for more info)
var mail = loopback.createDataSource({
connector: loopback.Mail,
transports: [{
type: 'smtp',
host: 'smtp.gmail.com',
secureConnection: true,
port: 465,
auth: {
user: 'you@gmail.com',
pass: 'your-password'
}
}]
});
User.email.attachTo(mail);
User.requireEmailVerfication = true;
User.afterRemote('create', function(ctx, user, next) {
var options = {
type: 'email',
to: user.email,
from: 'noreply@myapp.com',
subject: 'Thanks for Registering at FooBar',
text: 'Please verify your email address!'
template: 'verify.ejs',
redirect: '/'
};
user.verify(options, next);
});
```
2013-11-20 18:59:29 +00:00
### Reset Password
2013-10-31 23:22:50 +00:00
2013-11-20 18:59:29 +00:00
You can implement password reset using the `User.resetPassword` method.
2013-10-31 23:22:50 +00:00
2013-11-20 18:59:29 +00:00
Request a password reset access token.
**Node.js**
```js
User.resetPassword({
email: 'foo@bar.com'
}, function () {
console.log('ready to change password');
2013-10-31 23:22:50 +00:00
});
```
2013-11-20 18:59:29 +00:00
**REST**
2013-10-31 23:22:50 +00:00
```
2013-11-20 18:59:29 +00:00
POST
2013-10-31 23:22:50 +00:00
2013-11-20 18:59:29 +00:00
/users/reset-password
...
{
"email": "foo@bar.com"
}
...
200 OK
```
2013-10-31 23:22:50 +00:00
2013-11-20 18:59:29 +00:00
You must the handle the `resetPasswordRequest` event this on the server to
send a reset email containing an access token to the correct user. The
example below shows a basic setup for sending the reset email.
```
User.on('resetPasswordRequest', function (info) {
console.log(info.email); // the email of the requested user
console.log(info.accessToken.id); // the temp access token to allow password reset
// requires AccessToken.belongsTo(User)
info.accessToken.user(function (err, user) {
console.log(user); // the actual user
var emailData = {
user: user,
accessToken: accessToken
};
// this email should include a link to a page with a form to
// change the password using the access token in the email
Email.send({
to: user.email,
subject: 'Reset Your Password',
text: loopback.template('reset-template.txt.ejs')(emailData),
html: loopback.template('reset-template.html.ejs')(emailData)
});
});
2013-10-31 23:22:50 +00:00
});
```
2013-11-14 23:27:36 +00:00
### AccessToken Model
2013-10-31 23:22:50 +00:00
2013-11-14 23:27:36 +00:00
Identify users by creating accessTokens when they connect to your loopback app. By default the `loopback.User` model uses the `loopback.AccessToken` model to persist accessTokens. You can change this by setting the `accessToken` property.
2013-10-31 23:22:50 +00:00
```js
2013-11-14 23:27:36 +00:00
// define a custom accessToken model
var MyAccessToken = loopback.AccessToken.extend('MyAccessToken');
2013-10-31 23:22:50 +00:00
// define a custom User model
var User = loopback.User.extend('user');
2013-11-14 23:27:36 +00:00
// use the custom accessToken model
User.accessToken = MyAccessToken;
2013-10-31 23:22:50 +00:00
2013-11-14 23:27:36 +00:00
// attach both AccessToken and User to a data source
2013-10-31 23:22:50 +00:00
User.attachTo(loopback.memory());
2013-11-14 23:27:36 +00:00
MyAccessToken.attachTo(loopback.memory());
2013-10-31 23:22:50 +00:00
```
### Email Model
Send emails from your loopback app.
```js
// extend a one-off model for sending email
var MyEmail = loopback.Email.extend('my-email');
// create a mail data source
var mail = loopback.createDataSource({
connector: loopback.Mail,
transports: [{
type: 'smtp',
host: 'smtp.gmail.com',
secureConnection: true,
port: 465,
auth: {
user: 'you@gmail.com',
pass: 'your-password'
}
}]
});
// attach the model
MyEmail.attachTo(mail);
// send an email
MyEmail.send({
to: 'foo@bar.com',
from: 'you@gmail.com',
subject: 'my subject',
text: 'my text',
html: 'my < em > html< / em > '
}, function(err, mail) {
console.log('email sent!');
});
```
> NOTE: the mail connector uses [nodemailer](http://www.nodemailer.com/). See
> the [nodemailer docs](http://www.nodemailer.com/) for more info.
