tksmaru/loopback-example-user-management

http://docs.strongloop.com/display/LB/Managing+users

#loopback-example-user-management

$ git clone git@github.com:strongloop/loopback-example-user-management.git
$ cd loopback-example-user-management
$ npm install
$ node .

• How do you register a new user?
• How do you send an email verification for a new user registration?
• How do you log in a user?
• How do you log out a user?
• How do you perform a password reset for a registered user

######Notes

• You will need to configure LoopBack to send email for email related features
• If you're using GMail, you can simply replace the user and pass with your own credentials.
• With GMail, you might need to temporarily allow "less secure" apps to access you email account. See Allowing less secure apps to access your account for more information.

#How do you register a new user?

1. Create a form to gather sign up information
2. Create a remote hook to send a verification email

######Notes

• Upon execution, user.verify sends an email using the provided options
• The verification email is configured to redirect the user to the /verified route in our example. For your app, you should configure the redirect to match your use case
• The options are self-explanitory except type, template and user
  • type - value must be email
  • template - the path to the template to use for the verification email
  • user - when provided, the information in the object will be used in the verification link email

#How do you send an email verification for a new user registration? See step 2 in the previous question

#How do you log in a user?

1. Create a form to accept login credentials
2. Create an route to handle the login request

#How do you log out a user?

1. Create a logout link with the access token embedded into the URL
2. Call User.logout with the access token

######Notes

• We use the LoopBack token middleware to process access tokens. As long as you provide access_token in the query string of URL, the access token object will be provided in req.accessToken property in your route handler

#How do you perform a password reset for a registered user?

1. Create a form to gather password reset info
2. Create an endpoint to handle the password reset request. Calling User.resetPassword ultimately emits a resetPasswordRequest event and creates a temporary access token
3. Register an event handler for the resetPasswordRequest that sends an email to the registered user. In our example, we provide a URL that redirects the user to a password reset page authenticated with a temporary access token
4. Create a password reset form for the user to enter and confirm their new password
5. Create an endpoint to process the password reset

• For the resetPasswordRequest handler callback, you are provided with an info object which contains information related to the user that is requesting the password reset