mongoose-devise
Another flexible authentication solution for mongoosejs.
Requires:
Node >8.0.0
.
Mongoose >5.0.0
.
Usage
Standard installation of the plugin:
const mongoose = const devise = // or// const { devise } = require('mongoose-devise') const UserSchema = {}UserSchema mongoose
IMPORTANT
- only the most common methods are documented. For more information check the tests
- in all cases, the
opts
parameter will be used to pass some configuration to thesendNotification
method.
Registerable
module that allows you to register an access account or, disable a registered account.
#register(credentials, opts)
:
a static method used to register credentials. It will return the registered user or the corresponding errors of the registration attempt.
const faker = User
#unregister(beforeUnregister, afterUnregister)
:
an instance method that lets you unregister (destroy a user). It receives two callbacks the parameter, one that executes before and the other after the save the object.
user// #=> true
NOTE The implementation currently assigns the value of unregisteredAt
to the current date.
Confirmable
TIP identifiable by the flag account_confirmation
.
module that verifies whether an account has already been confirmed or conveys instructions for confirmation.
#confirm(confirmationToken)
:
this static method receives a valid validationToken
string to be able to confirm the unconfirmed record. Returns a user or the errors.
User
#confirm()
:
instance method that confirms the account registration. Returns a boolean or errors in the process.
Examples
user
#isConfirmed()
:
verifies whether a user is confirmed or not.
Examples
user// #=> true
Authenticable
authenticatable module, responsible for hashing the password and validating the authenticity of a user while signing in.
#authenticate(password, opts)
:
authenticates the user's instance from a password passed by parameter. If no errors are processed, a boolean will be returned.
Examples
user
#authenticate(credentials, opts)
:
a static method which takes in credentials in the format:
const faker = const credentials = email: fakerinternet password: fakerinternet
where a valid email
and password
corresponding to a database user must be reported. At the end,
the user of the provided credentials will be returned, otherwise the corresponding errors.
Examples
User
#validPassword(password)
:
an instance method which takes in a plain string password and compare with the instance hashed password to see if they match.
Examples
user// #=> true
Recoverable
TIP identifiable by the flag password_recovery
.
module that establishes user password reset and sends resetting instructions.
#recover(recoveryToken, newPassword)
:
a static method used to retrieve an account bound to a recoverToken
string. It receives two parameters, the first is the token and the second the new recovery password. Returns the linked user or any errors that occur.
Examples
User
#requestRecover(credentials, opts)
:
a model static method which is used to request account password recovery. Returns the user or any errors that occur.
Examples
User
Lockable
TIP identifiable by the flag account_recovery
.
provide a means of locking an account after a specified number of failed sign-in attempts (defaults to 3 attempts)
.
NOTE user can unlock account via unlock instructions issued.
#lock(opts)
:
an instance method that is used to lock an account. When invoked, it will check if the number of
failedAttempts
is greater than the configured maximum allowed login attempts
,
if so the account will get locked by setting lockedAt
to the current timestamp.
Examples
user
#isLocked()
:
verifies whether a user is locked or not.
Examples
user// #=> true
#unlock(unlockToken)
:
a static method that unlocks a locked account with the provided unlockToken
string.
- If the token expires, the new
unlockToken
will be generated. - If the token is valid, the locked account will be unlocked and the
unlockedAt
attribute will be set to the current date and time.failedAttempts
will be set to 0.
Examples
User
Trackable
provide a means of tracking user signin activities.
track(ipAddress)
:
this is the instance method that will update the tracking details. Optionally receives a valid ip string.
user
Sending Notifications
the default implementation of mongoose-devise
to send notifications is simple. This is because there are different use case(s) when it comes on sending notifications.
due to that reason, mongoose-devise
requires that your model implements sendNotification method
which accept record
, action
, done
as its argurments.
record
:
refer to the current user model instance.
action
:
refer to the type of notifcation to be sent. There are just three types which
are account_confirmation
, account_recovery
and password_recovery
which are sent
when new account is registered, when an account is locked and need to be unlocked and when account is requesting
to recover the password respectively.
done
:
is the callback that you must call after finishing sending the notification. By default this callback will update the notification send details based on the usage.
- all the methods that accept the
opts
parameter, pass this parameter to the callbackdone
Examples
const UserSchema = {} // override send method i.e your notification sending: email, sms, etcschemamethods { }
Sending issues
It is recommended to use job queue like kue or bull when implementing your send to reduce your API response time.
Custom messages
mongoose-devise
uses messages to customize your application, you can configure the message definition variables manually
It is recommended to use an internalizer such as i18nex or node-i18n when implementing the support layer to the language.
// custom to pt-BR, default is en-US.userSchema
See complete MVC solution based on Restify engines;
Thanks
Inspired by irina.
Test
- Install all development dependencies
npm install
- Then run test
npm test
License
Copyright (c) 2018-present