-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: How to use sendResetPwd when find is authenticated in users service #66
Comments
I expect this repo calls Could you create a issue for |
I generated a very basic app to simplify things and to have a point of reference. https://github.com/rhythnic/feathers-nopwd The previous app used Mongoose and app linked to here uses NeDb. The good news is that users.find is not an issue in this new configuration. I encountered a different problem caused by the auth management action handlers returning the user object as the default. This makes it possible to get the user object without authenticating. For example, @eddyystop How do you want to proceed with the latter issue? Do you want to create a separate issue? I'd be happy to do a PR. My inclination would be to not return the user unless there's a |
I determined that the original issue,
I don't have time right now to determine why, but when I remove authManagement from the client-side configuration, I no longer get the auth problem on
|
The repo is intended to be run on the server. Feel free to reopen this issue for any reason. |
When using
feathers generate authentication
via the feathers-cli, there is abefore
hook added tofind
on the users service:authenticate('jwt')
. In this repo, the code for sendResetPwd calls the find method on the users service. Since the user won't be authenticated when the front-end client calls the sendResetPwd action, what is the best way to get around this without removing authentication on users.find?The text was updated successfully, but these errors were encountered: