Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation #91

Closed
ImreC opened this issue Feb 17, 2018 · 4 comments
Closed

Documentation #91

ImreC opened this issue Feb 17, 2018 · 4 comments

Comments

@ImreC
Copy link

ImreC commented Feb 17, 2018

Hi Guys,

I got started with this library last week and not having coded that long I had a really tough time figuring out how authentication-management worked. My most important source was the Medium post by Jon Paul Miles. Even though it covers everything quite well, adding all the different hooks and actions at once combined with code in Pug and what seems to be a role based authentication system was really daunting to me. It took me quite some time to figure out what went where.

To help people after me along a little bit, I started structuring my thoughts and in the process wrote a tutorial on how to get email verification working with feathers-authentication-management with only the essential components.

You can read the article here:
https://medium.com/@gelens.imre/setting-up-email-verification-in-feathersjs-ce764907e4f2

I am planning to release it later this week. My questions are, am I missing something obvious? Does this cover the basics properly? Are you ok with me publishing this article?

All code is available here:
https://github.com/ImreC/feathers-verification-emails

Please let me know what you think.

Cheers,
Imre

@ImreC ImreC changed the title Documentation update Documentation Feb 17, 2018
@eddyystop
Copy link
Collaborator

eddyystop commented Feb 17, 2018

Nice article. Don't forget the before hook for patch on the user-entity can't do a hashpassword() for patches from this repo because the repo hashes paswords itself. The most common problem is double hashing the password.

I'd be delighted for you to publish. The more docs, tutorial and articles the better.

The original docs remain at https://auk.docs.feathersjs.com/api/authentication/local-management.html . They have not been rewritten for Buzzard because of time restrictions. Its on "The ToDo List".

It would be great if you contributed nice templates for each email type.

The docs will reside at https://github.com/feathers-plus/docs/tree/master/source/v1/authentication-management and will be served from https://feathers-plus.github.io/v1/authentication-management/index.html .

@ImreC
Copy link
Author

ImreC commented Feb 18, 2018

I don't have time the coming week, but definitely am not opposed to helping out on the new docs later. Just a quick check. I looked over the other materials again and I changed the before hooks on the user object from:

module.exports = {
  before: {
    all: [],
    find: [ authenticate('jwt') ],
    get: [ authenticate('jwt') ],
    create: [
      hashPassword(),
      verifyHooks.addVerification()
    ],
    update: [ hashPassword(),  authenticate('jwt') ],
    patch: [ hashPassword(),  authenticate('jwt') ],
    remove: [ authenticate('jwt') ]
  },

to:

  before: {
    all: [],
    find: [ authenticate('jwt') ],
    get: [ authenticate('jwt') ],
    create: [
      hashPassword(),
      verifyHooks.addVerification()
    ],
    update: [
      commonHooks.disallow('external')
    ],
    patch: [
      commonHooks.iff(
        commonHooks.isProvider('external'),
          commonHooks.preventChanges(
            'email',
            'isVerified',
            'verifyToken',
            'verifyShortToken',
            'verifyExpires',
            'verifyChanges',
            'resetToken',
            'resetShortToken',
            'resetExpires'
          ),
          hashPassword(),
          authenticate('jwt')
        )
    ],
    remove: [ authenticate('jwt') ]
  },

So in human terms it would only accept patch requests from external sources and will only hash the password and authenticate with jwt if the patch is coming from external sources. Also noticed I forgot to add the preventChanges part on the auth-management fields. This is what it's supposed to look like right?

@eddyystop
Copy link
Collaborator

That looks rather nice.

@ImreC
Copy link
Author

ImreC commented Feb 19, 2018

Cool, I have updated the repo and article. It will be published this Thursday.

@ImreC ImreC closed this as completed Feb 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants