From 5255120a22e3dfff5fd9e26a1bc15deee28a8a4a Mon Sep 17 00:00:00 2001 From: zxvv Date: Sat, 6 Sep 2014 19:05:32 -0500 Subject: [PATCH 1/2] Add an ACL to User, to allow everyone to execute User.passwordReset(). This is intended to permit users who have forgotten their password, and are thus unauthenticated, to request a reset. Credit goes to John Murphy who proposed the ACL in Google Groups here: https://groups.google.com/forum/#!searchin/loopbackjs/passwordReset$20ACL/loopbackjs/UPyhg7KS-9k/_M_9-YpUKmIJ Signed-off-by: Carey Richard Murphey --- lib/models/user.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/models/user.js b/lib/models/user.js index c43d557f..3a38f8e4 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -93,6 +93,13 @@ var options = { model: 'AccessToken', foreignKey: 'userId' } + }, + { + principalType: ACL.ROLE, + principalId: Role.EVERYONE, + permission: ACL.ALLOW, + property: "resetPassword", + accessType: ACL.EXECUTE } }; From 4fdee0aa6dce77c0cc94f1e115026f4f61ace496 Mon Sep 17 00:00:00 2001 From: zxvv Date: Sun, 7 Sep 2014 11:26:10 -0500 Subject: [PATCH 2/2] Fix last commit, which misplaced an ACL. Move the ACL inside "acls". Signed-off-by: Carey Richard Murphey --- lib/models/user.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/models/user.js b/lib/models/user.js index 3a38f8e4..97ed936c 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -85,6 +85,13 @@ var options = { principalId: Role.EVERYONE, permission: ACL.ALLOW, property: "confirm" + }, + { + principalType: ACL.ROLE, + principalId: Role.EVERYONE, + permission: ACL.ALLOW, + property: "resetPassword", + accessType: ACL.EXECUTE } ], relations: { @@ -93,13 +100,6 @@ var options = { model: 'AccessToken', foreignKey: 'userId' } - }, - { - principalType: ACL.ROLE, - principalId: Role.EVERYONE, - permission: ACL.ALLOW, - property: "resetPassword", - accessType: ACL.EXECUTE } };