c5ca2e1c2e
Improve the flow for setting/changing/resetting User password to make
it more secure.
1. Modify `User.resetPassword` to create a token scoped to allow
invocation of a single remote method: `User.setPassword`.
2. Scope the method `User.setPassword` so that regular tokens created
by `User.login` are not allowed to execute it.
For backwards compatibility, this new mode (flow) is enabled only
when User model setting `restrictResetPasswordTokenScope` is set to
`true`.
3. Changing the password via `User.prototype.patchAttributes`
(and similar DAO methods) is no longer allowed. Applications
must call `User.changePassword` and ask the user to provide
the current (old) password.
For backwards compatibility, this new mode (flow) is enabled only
when User model setting `rejectPasswordChangesViaPatchOrReplace` is set
to `true`.
|
||
|---|---|---|
| .github | ||
| common/models | ||
| docs | ||
| example | ||
| intl | ||
| lib | ||
| server/middleware | ||
| templates | ||
| test | ||
| .eslintignore | ||
| .eslintrc | ||
| .gitignore | ||
| .nycrc | ||
| .travis.yml | ||
| CHANGES.md | ||
| CONTRIBUTING.md | ||
| Gruntfile.js | ||
| LICENSE | ||
| README.md | ||
| docs.json | ||
| favicon.ico | ||
| index.js | ||
| package.json | ||
README.md
LoopBack
LoopBack is a highly-extensible, open-source Node.js framework that enables you to:
- Create dynamic end-to-end REST APIs with little or no coding.
- Access data from Oracle, MySQL, PostgreSQL, MS SQL Server, MongoDB, SOAP and other REST APIs.
- Incorporate model relationships and access controls for complex APIs.
- Use built-in push, geolocation, and file services for mobile apps.
- Easily create client apps using Android, iOS, and JavaScript SDKs.
- Run your application on-premises or in the cloud.
LoopBack consists of:
- A library of Node.js modules.
- Yeoman generators for scaffolding applications.
- Client SDKs for iOS, Android, and web clients.
LoopBack tools include:
- Command-line tool
loopback-clito create applications, models, data sources, and so on.
For more details, see http://loopback.io/.
Supported versions
| Current | Long Term Support |
|---|---|
| 3.x | 2.x |
Learn more about our LTS plan in docs.
LoopBack modules
The LoopBack framework is a set of Node.js modules that you can use independently or together.
Core
Connectors
- loopback-connector-mongodb
- loopback-connector-mysql
- loopback-connector-postgresql
- loopback-connector-rest
Enterprise Connectors
Community Connectors
The LoopBack community has created and supports a number of additional connectors. See Community connectors for details.
Components
Client SDKs
Tools
Examples
StrongLoop provides a number of example applications that illustrate various key LoopBack features. In some cases, they have accompanying step-by-step instructions (tutorials).
See loopback-example for details.
Resources
- Documentation.
- API documentation.
- LoopBack Announcements
- LoopBack Google Group.
- GitHub issues.
- Gitter chat.
Contributing
Contributions to the LoopBack project are welcome! See Contributing to LoopBack for more information.
Reporting issues
One of the easiest ways to contribute to LoopBack is to report an issue. See Reporting issues for more information.