5255120a22
Add an ACL to User, to allow everyone to execute User.passwordReset().
...
This is intended to permit users who have forgotten their
password, and are thus unauthenticated, to request a reset.
Credit goes to John Murphy who proposed the ACL in Google Groups here:
https://groups.google.com/forum/#!searchin/loopbackjs/passwordReset$20ACL/loopbackjs/UPyhg7KS-9k/_M_9-YpUKmIJ
Signed-off-by: Carey Richard Murphey <rich@murphey.org>
2014-09-06 19:05:32 -05:00
0e8a69015a
Fix reference to app
...
See https://github.com/strongloop/loopback/issues/452
2014-08-07 21:45:18 -07:00
567e2530d7
Build the email verification url from app context
...
https://github.com/strongloop/loopback/issues/408
2014-07-26 22:39:42 -07:00
335bae4b46
Merge branch 'master' into feature/fix-issue-377
2014-07-22 10:49:20 -07:00
21b8609ee2
Report error for User.confirm()
...
See https://github.com/strongloop/loopback/issues/377
2014-07-22 10:42:22 -07:00
90094e5e86
Validate username uniqueness
...
Signed-off-by: Jaka Hudoklin <jakahudoklin@gmail.com>
2014-07-19 14:18:21 +02:00
4f7a9869e0
Add descriptions for custom methods on user model
2014-07-18 22:48:07 -07:00
79f504a3c7
Merge branch 'master' into 2.0
2014-07-16 09:09:07 -07:00
22e929e439
Fix credentials/challenges types
...
Associated identities and credentials are now captured by models in
loopback-component-passport. These two properties will be removed in
2.x.
2014-07-14 14:22:21 -07:00
0c67b1e781
Add an option to honor emailVerified
...
See https://github.com/strongloop/loopback/pull/215
2014-07-07 14:09:45 -07:00
d21669b844
Merge branch 'master' into 2.0
...
Conflicts:
docs.json
lib/application.js
lib/loopback.js
lib/models/data-model.js
lib/models/model.js
lib/models/user.js
lib/registry.js
package.json
test/app.test.js
2014-06-13 10:09:25 +02:00
a6ff4b0cad
Use constructor to reference the model class
2014-06-09 15:00:15 -07:00
6b4ebdf609
Allow the creation of access token to be overriden
2014-06-09 14:53:55 -07:00
ea5b9d16fc
Rename DataModel to PersistedModel
2014-06-05 09:56:00 +02:00
d237ae5ddb
Merge latest from master
2014-05-20 14:31:09 -07:00
978bc57421
Fix bug in User#resetPassword
2014-05-10 15:43:01 +08:00
f8b5fa11ec
All tests passing
2014-05-02 21:19:14 -07:00
13b18065e2
Documentation cleanup
2014-04-14 14:49:29 -07:00
1c1364636d
Fix #229 (Whitespaces removed
2014-04-10 06:01:58 +03:00
5f81fad921
Merge pull request #217 from strongloop/feature/hidden-properties
...
Feature/hidden properties
2014-03-31 12:04:49 -07:00
51d3ff892a
Merge pull request #219 from dougtoppin/fix-verify-confirm
...
Fix verify confirm
2014-03-31 12:02:48 -07:00
8b71c3022d
Update user.js
...
Corrected spacing on confirm ACL, removed extraneous comment on using hex rather than base64
2014-03-30 08:02:19 -04:00
e52dbe2fb5
fix to enable ACL for confirm link sent by email
2014-03-23 21:06:22 -04:00
5b50a99eb3
Add hidden property support to models
2014-03-21 12:53:04 -07:00
de5d0b8949
Make verifications url safe
2014-03-21 12:02:11 -07:00
89aa3595f5
Set the correct status code for User.login
...
See https://github.com/strongloop/loopback/issues/118
2014-02-28 13:19:52 -08:00
42c9777de3
using base64 caused an occasional token string to contain '+' which resulted in a space being embedded in the token. 'hex' should always produce a url safe string for the token.
2014-02-25 22:14:32 -05:00
2f301e315a
Sending email was missing the from field
2014-02-23 21:08:13 -05:00
46b579dc4a
Make sure User/AccessToken relations are set up by default
...
User.login assumes the relation User.accessTokens exists
2014-02-14 10:31:30 -08:00
c36e20587e
Merge pull request #163 from strongloop/feature/include-user-in-login-result
...
Include user in login result
2014-01-30 10:24:14 -08:00
d6f0b5f5a6
Add `include=user` param to `User.login`
...
Allow LB clients to get details of the currently logged-in user
as part of the login response.
Improve method's `description` to mention this new option.
2014-01-30 18:09:54 +01:00
03cb2f0556
Describe `access_token` param of `User.logout`
...
Add an explicit note that clients are not supposed to send the
`access_token` parameter, since it is extracted from request
headers.
2014-01-30 18:09:54 +01:00
938cafeb77
Remove message prefix as debug will print it
2014-01-27 14:47:48 -08:00
c35f762d4e
Add debug information for user.login
2014-01-27 14:31:38 -08:00
54bff35fef
User: use User.http.path
...
Use the new property introduced by a recent change in
loopback-datasource-juggler instead of building the URL
manually from pluralModelName.
2014-01-27 10:29:57 +01:00
bb389ce209
Lookup the email model
2014-01-23 14:40:27 -08:00
6bb0ba2d95
Add missing assert in user model
2014-01-10 10:07:39 -08:00
fcc4bba82d
Add reference documentation using sdocs
2013-12-19 17:49:47 -08:00
98ed38302a
Logout now automatically pulls the accessToken from the request
2013-12-17 21:22:05 -08:00
939df463fe
Fix tests depending on old behavior of default User ACLs
2013-12-17 21:10:05 -08:00
3152960336
Add default user ACLs
2013-12-17 20:42:28 -08:00
b0f51e20f7
Add user default ACLs
2013-12-10 19:43:59 -08:00
e92c46a4e4
Add password reset
2013-11-20 14:20:47 -08:00
1de2a40e88
Update AccessToken and User relationship
...
- Add created default
- Default TTLs for user login access tokens
- Break out User / AccessToken relationship
2013-11-14 19:41:29 -08:00
77a137eca6
Rename Session => AccessToken
2013-11-14 10:05:13 -08:00
77e842d2a3
Fix bundle model name casing
2013-11-11 13:35:54 -08:00
159eb0076c
Use a pure JS bcrypt
2013-09-12 12:09:43 -07:00
8784eb52cb
Update the internal prefix
2013-08-30 16:52:27 -07:00
d94bca9134
Make sure User.setup calls Model.setup to support shared ctor
2013-08-15 16:59:16 -07:00
423b4f2157
Fix login query
2013-07-28 14:33:13 -07:00
zxvv
Raymond Feng
Jaka Hudoklin
Miroslav Bajtoš
Ritchie Martori
haio
Alex Pica
Doug Toppin
Doug Toppin
Miroslav Bajtoš