Documentation

[ImreC]

Hi Guys,

I got started with this library last week and not having coded that long I had a really tough time figuring out how authentication-management worked. My most important source was the Medium post by Jon Paul Miles. Even though it covers everything quite well, adding all the different hooks and actions at once combined with code in Pug and what seems to be a role based authentication system was really daunting to me. It took me quite some time to figure out what went where.

To help people after me along a little bit, I started structuring my thoughts and in the process wrote a tutorial on how to get email verification working with feathers-authentication-management with only the essential components.

You can read the article here: https://medium.com/@gelens.imre/setting-up-email-verification-in-feathersjs-ce764907e4f2

I am planning to release it later this week. My questions are, am I missing something obvious? Does this cover the basics properly? Are you ok with me publishing this article?

All code is available here: https://github.com/ImreC/feathers-verification-emails

Please let me know what you think.

Cheers, Imre

[eddyystop]

Nice article. Don't forget the before hook for patch on the user-entity can't do a hashpassword() for patches from this repo because the repo hashes paswords itself. The most common problem is double hashing the password.

I'd be delighted for you to publish. The more docs, tutorial and articles the better.

The original docs remain at https://auk.docs.feathersjs.com/api/authentication/local-management.html . They have not been rewritten for Buzzard because of time restrictions. Its on "The ToDo List".

It would be great if you contributed nice templates for each email type.

The docs will reside at https://github.com/feathers-plus/docs/tree/master/source/v1/authentication-management and will be served from https://feathers-plus.github.io/v1/authentication-management/index.html .

[ImreC]

I don't have time the coming week, but definitely am not opposed to helping out on the new docs later. Just a quick check. I looked over the other materials again and I changed the before hooks on the user object from:

module.exports = {
  before: {
    all: [],
    find: [ authenticate('jwt') ],
    get: [ authenticate('jwt') ],
    create: [
      hashPassword(),
      verifyHooks.addVerification()
    ],
    update: [ hashPassword(),  authenticate('jwt') ],
    patch: [ hashPassword(),  authenticate('jwt') ],
    remove: [ authenticate('jwt') ]
  },

to:

  before: {
    all: [],
    find: [ authenticate('jwt') ],
    get: [ authenticate('jwt') ],
    create: [
      hashPassword(),
      verifyHooks.addVerification()
    ],
    update: [
      commonHooks.disallow('external')
    ],
    patch: [
      commonHooks.iff(
        commonHooks.isProvider('external'),
          commonHooks.preventChanges(
            'email',
            'isVerified',
            'verifyToken',
            'verifyShortToken',
            'verifyExpires',
            'verifyChanges',
            'resetToken',
            'resetShortToken',
            'resetExpires'
          ),
          hashPassword(),
          authenticate('jwt')
        )
    ],
    remove: [ authenticate('jwt') ]
  },

So in human terms it would only accept patch requests from external sources and will only hash the password and authenticate with jwt if the patch is coming from external sources. Also noticed I forgot to add the preventChanges part on the auth-management fields. This is what it's supposed to look like right?

[eddyystop]

That looks rather nice.

[ImreC]

Cool, I have updated the repo and article. It will be published this Thursday.