I am working on an application using Parse.com as backend support.I have implemented change Password using this code
if (pwdController!.text == newpwdController!.text) {
user.password = pwdController!.text;
await user.save();
I want the user to enter the current password before allowing them change it to a new one but when I try to get the current password from the parseuser object it returns null, all the other similar questions I've seen such as this Change Password and Forgot Password with ParseUser in Parse.com aren't validating that the user has the correct current password. How can I validate that the password entered by user is their current password before letting them change it?
You can verify that the user has entered the correct current password by calling the ParseUser.login method with the username and entered password. Then check if it returns a successful response.
ParseUser user = await ParseUser.currentUser();// this gets the current user object
var nuser = (user.username, oldpwdController!.text, user.username);
var resp = await nuser.login();
if (resp.success) {
user.password = pwdController!.text;
await user.save();
The snippet of code above assumes that you have two textcontrollers(oldpwdController for current password, and pwdController for new password to change to).
Related
I have this block of code:
final cred = await FirebaseAuth.instance.signInWithEmailAndPassword(
email: email,
password: password,
);
print(cred.additionalUserInfo!.isNewUser);
as you see, it's a sign-in usual method from the Firebase auth.
in the cred.additionalUserInfo!.isNewUser, it seems it returns a bool based on of the user is new or not.
but what's the date range that it considers a user is new or not, I mean how long the Auth service takes to say that the user is now not new?
I checked it's documentation from the API and all I found is:
Whether the user account has been recently created.
and it doesn't give details about how much time it takes so the user is not new!
Simply, when you sign in with an email for the first time isNewUser = true.
Otherwise isNewUser = false
I'm working on an app that currently uses email/password auth provided by MongoDB Realm. I'm thinking of switching to using the custom JWT auth for various reasons. I'm quite extensively using the custom user data to store all sorts of things. When I switch from email/password to custom JWT the login works, but the custom user data is empty...
This works fine:
const jwt = await axios.post("https://MYAPI.COM/login", {
user: email.value,
password: password.value,
});
console.log(`jwt: ${JSON.stringify(jwt.data)}`);
const credentials = Realm.Credentials.emailPassword(
email.value,
password.value
);
// const credentials = Realm.Credentials.jwt(jwt.data);
console.log("logging in");
const user = await realm.logIn(credentials);
await user.refreshCustomData();
const customUserData = await user.refreshCustomData()
console.log(`Logged in as ${JSON.stringify(user)}`);
console.log(`customUserData: ${JSON.stringify(customUserData)}`);
When I uncomment the line changing the credentials the custom user data is empty
I was running into a similar problem using Custom Function for authentication.
I was mapping the userId incorrectly -
custom user data is based on the ID of the authenticated user, please make sure that the user ID is mapped correctly in the corresponding collection.
https://www.mongodb.com/docs/realm/users/enable-custom-user-data/
I'm trying to reset/change the token (JWT) for users who changed their passwords on NestJS API with PassportJS. Here is a clean example of how this authorization works: https://docs.nestjs.com/security/authentication.
I want to generate a new token on password change to make sure, that on every device on which the user was logged in, after password change they will get unauthorized and so logged out.
This is how I handle the password change in users service:
async changePassword(uId: string, password: any) {
return await this.userRepository.createQueryBuilder()
.update(User)
.set({ password: await bcrypt.hash(password.value, 10) })
.where("userId = :userId", { userId: uId })
.execute();
}
There are no prebuild methods to do this I think. JwtService got only 5 methods: decode, sign (this one is used to generate a token), signAsync, verify and verifyAsync.
So how can I do this properly?
You'd need some sort of way to invalidate the JWT that was already given to the user. As you can't just do that to a token, generally (it's stateless, it holds its own validity) you'd need to create a JWT restrictlist in a database that you check the incoming JWT against. If the JWT is in the restrictlist, reject the request. Otherwise, let it through (if it's valid of course)
final user = ParseUser(username, password, email)..set('isAdmin', false);
var authResponse = await user.signUp();
Hi, I am using the above code to assign a boolean value "isAdmin" to the User, because I want to save additional information while signing up the user.
Unfortunately, the column "isAdmin" is not generated on Database (as seen from Back4App Parse Dashboard).
How to assign additional column/attribute before signing up ?
Passport.js provides authentication framework in Node.js. It only deals with Authentication.
Now I would like to enable password reset. Since there is no password field in User model, only passports, how can I reset password in passport-local strategy? I assume that user needs to generate a new password and call something to override the existing hash of the old password. What methods are those and where can I find them?
When the user selects to reset his/her password, what you can do is send an email to the user with a link containing a token associated with the user. Once the user clicks on the link, you validate the user based on the token & email and then show the reset password HTML. Once user enters the new password, in the backend code, you set the password on the User object after hashing and then save it. You can set the token as null too.
A sample code with base64 will be as shown below
user.salt = new Buffer(crypto.randomBytes(16).toString('base64'), 'base64');
user.password = user.hashPassword('newPassword');
user.token = undefined;
user.save(...)
The hashPassword method is as given.
UserSchema.methods.hashPassword = function(password) {
if (this.salt && password) {
return crypto.pbkdf2Sync(password, this.salt, 10000, 64).toString('base64');
} else {
return password;
}
};
The above code is auto-generated with Yeoman