Closed d0peCode closed 5 years ago
@kasvith I created new PR, take a look #16
userSchema.method({
transform () {
const transformed = {}
const fields = ['id', 'name', 'email', 'createdAt', 'activationKey', 'role']
fields.forEach((field) => {
transformed[field] = this[field]
})
return transformed
},
passwordMatches (password) {
return bcrypt.compareSync(password, this.password)
}
})
This method is dropping unwanted fields from the schema when used elsewhere. For example, to retrieve user information, we don't need his password. You can see this only returns an object w/o a password.
We definitely don't want to send activationKey in response to user. We want them to click mail.
Just remove it from the array and it will not be shown to the user Also, I think we should keep activation codes in one mongo collection with userID and Activation Code also a timestamp.
Then we can add an expiration to email activation codes.
I think we should use invert logic here. Will make a PR for that once your one is merged :)
Then we check for keys that needed to be removed from the user model when requested for outside
I think we should use invert logic here. Will make a PR for that once your one is merged :)
I'm working on #12 bug. Solution will have breaking changes. Maybe it's good idea to wait for it with your new PR.
I implemented email confirmation feature in my fork but before I create new PR I have question.
What does this code do?
I'm sending mail in
.post
mongoose hook and I don't know if I should add following code to it:Also second question - because currently I'm sending email and have
/cofirm
endpoint to set active to true but I'm not checking if user active when login. What is most convienient place to check it?In controller or infindAndGenerateToken
function? Or maybe somewhere else?While waiting for reply, for now I just added this line
to
findAndGenerateToken
function.