Loopback extending built in User model issues - mongodb

I am inheriting the builtin User model in my own Customer model. The Customer model is having extra parameters like first-name, last-name etc. To create an User and Customer I am using the following code:
// create a Customer
User.create({
email: email,
password: userPassword,
cellnumber: cellDetails.cellnumber
},
function (error, userDet) {
I get an id in response to this call: 59c4c5845dc8de4730645963. But when I am trying to get the account by id i.e. accounts/{id} and pass it the above id, it gives the following error:
the "Unknown \"customer\" id \"59c4c5845dc8de4730645963\"."
So this means that id of the User model and Customer model are somehow not same. How do I resolve this ? Also, in the mongo db database all the properties are getting visible under the User model and not under the Customer model. What am I doing wrong here ? Could anyone let me know.
Thanks

I believe you should create like this: Account.create({ email, password, ... }) , using the Account model rather than User model.
You should use the model you created document with, Account in this case. The thing is, each model works only with it's own MongoDB collection and they are isolated from each other.

Related

How to hide properties on Azure Mobile Service responses?

I have a Mobile Service with Model classes and DTO classes. I mapped these using Fluent API and got it to work to perform CRUD operations, but I have a problem with the JSON responses returned in some instances.
Take for example a User entity with user name and password. To register a user I have my PostUserDTO method like this:
// POST tables/UserDTO
public async Task<IHttpActionResult> PostUserDTO(UserDTO item)
{
string hashString = PasswordHash.CreateHash(item.Password);
item.Password = hashString;
UserDTO current = await InsertAsync(item);
current.Password = "";
return CreatedAtRoute("Tables", new { id = current.Id }, current);
}
On the method I read the password property sent from the client and then proceed to hash it with a salt, replace the value in the object sent and save it to the database, then I proceed to empty the password so the hashed result isn't returned.
In this case the best practice would be to omit the password property from the response, this also should happen when retrieving all of the users in the table, I only want to return specific information, some information generated by my server should stay out from the response.
How can I select or alter the information from the responses? Do I have to create other DTOs for every kind of response I desire?

Accessing entities in EF on basis of userID

I want to be able to define a logic for accessing entities using EF5 . Like my order entity has UserId so i want from any where in code if query hits Orders it needs to get filter by currently logged in user.
I am using database first approach.
Usually this is a two-phase process.
First, having the username of your user, you retrieve the user record from the data source:
string UserName = HttpContext.Current.User.Identity.Name;
User user = context.Users.FirstOrDefault( u => u.UserName == UserName );
Then, you filter your data for specific user:
IEnumerable<Order> orders = context.Orders.Where( o => o.UserId == user.Id );
You can further optimize the process so that the user record doesn't have to be retrieved upon each request, instead you could store the UserId in the authentication cookie.

Extend User authentication object in Azure Mobile Services

Is it possible to add additional properties to the User object on the server in WAMS? I would like to store the Id primary key of my User table for (secure) use in my table scripts. At the moment the only id is the vendor specific authentication Id, but I'd like to be able to allow users to choose an authentication method. Currently my (simplified) table design is as follows:
User table:
id
googleId
twitterId
facebookId
name, etc...
League table
id
userId
name, etc
I'd like to store the user primary key in the userId field on the league table, and then query it to ensure that users only get to see leagues they created. At the moment, the user object in table scripts sends through a User object with the Google/Twitter/Windows authentication token and I have to do a query to get the primary key userID, everytime I want to carry out an operation on a table with a userId column.
Ideal solution would be that when the Insert script on my User table is called on registrations and logins I can do:
// PSEUDO CODE
function insert(item, user, request) {
var appUserId;
Query the user table using the user.userId Google/Twitter/Facebook id
If user exists {
// Set a persisted appUserId to use in all subsequent table scripts.
user.appUserId = results.id;
} else {
Set the GooTwitFace columns on the user table, from user.userId
insert the user then get the inserted record id
// Set a persisted appUserId to use in all subsequent table scripts
user.appUserId = insertUserPK;
}
}
Then, in subsequent table scripts, I'd like to use user.appUserId in queries
If all you are trying to do is authorize users to only have access to their own data, I'm not sure you even need the "user" table. Just use the provider-specific userId on the user object to query your "league" table (making sure the userId column is indexed). The values will be provider-specific, but that shouldn't make any difference.
If you are trying to maintain a notion of a single user identity across the user's Google/Facebook/Twitter logins, that's a more complicated problem where you would need a "user" table and the kind of lookup you are describing. We hope to ship support for this scenario as a feature out of the box. It is possible (but fairly messy) to do this yourself, let me know if that's what you're trying to do.

Entity Framework CodeFirst Multiple type of users

I have task to build application for user registration. I have 3 types of user (profiles)
1. "Normal" user
2. "Company" user
3. "Company2" user - similar like 2. but with few additional fields..
All users share some specific info, like e-mail and password (Login data), role, registration date etc.... So, I'm trying to "design" classes for this type of app using only EF Code First approach, but with no luck..
Do I need table (class) for :
USER - all kind of users with all their Login data (email and password) and UserType
USERTYPE - list of all user types (1,2,3)
USER_DETAILS - details of normal user
COMPANY_DETAILS - details of company
COMPANY2_DETAILS -details of company2
My problem is how to reference USER table with USER_DETAILS, COMPANY_DETAILS, COMPANY2_DETAILS. I hope so that you understand my problem :)
My classes (user management and profile) is implemented like http://codefirstmembership.codeplex.com/ example.
Thank you in advance!
You can use a normal inheritance model with Entity Framework.
I would just use a base class User that contains the login data (please don't store the password in the DB though, use a hash - Membership should do this for you already) and other user info, then you can add another class CompanyUser that inherits from User and contains the additional properties. Finally CompanyUser2 (needs a better name) can inherit from CompanyUser.
Having this in place there are different models you can use on how EF maps your classes to tables:
1.) Table-per-Hierarchy
2.) Table-per-Type
3.) Table per Concrete Type

Entity Framework code first aspnet_Users mapping / joins

I was wondering with Entity Framework 4.1 code first how do you guys handle queries that involve an existing aspnet_Users table?
Basically I have a requirement for a query that involves the aspnet_Users so that I can return the username:
SELECT t.Prop1, u.Username
FROM Table1 t
INNER JOIN aspnet_User u ON t.UserId = u.UserId
Where t.Prop2 = true
Ideally in linq I would like:
from t in context.Table1
join u in context.aspnet_Users on t.UserId equals u.UserId
where t.Prop2 = true
But I'm not sure how to get aspnet_Users mapping to a class User? how do I make aspnet_Users part of my dbset ?
Any help would be appreciated, thanks in advance
Don't map aspnet_Users table or any other table related to aspnet. These tables have their own data access and their own logic for accessing. Mapping these tables will introduce code duplication, possible problems and breaks separation of concerns. If you need users for queries, create view with only needed information like id, user name, email and map the view. The point is that view will be read only, it will contain only allowed data and your application will not accidentally modify these data without using ASP.NET API.
First read Ladislav's answer. If you still want to go ahead : to do what you want would involve mapping the users and roles and members tables into the codefirst domain - which means writing a membership provider in code-first.
Luckily there is a project for that http://codefirstmembership.codeplex.com/ although its not a perfect implementation. The original is VB, look in the Discussion tab for my work on getting it running in c# MVC.
I'm working with the author on a better implementation that protects the membership data (password, last logged on date, all of the non-allowed data) but allow you to map and extend the user table. But its not ready yet!
You don't really need to use Entity Framework to access aspnet_membership provider accounts. You really just need to create an instance of the membership object, pass in a unique user identifier and a Boolean value indicating whether to update the LastActivityDate value for the user and the method returns a MembershipUser object populated with current values from the data source for the specified user.
You can then access the username by using the property of "Username".
Example:
private MembershipUser user =
Membership.GetUser(7578ec40-9e91-4458-b3d6-0a69dee82c6e, True);
Response.Write(user.UserName);
In case you have additional questions about MembershipProvider, you can read up on it on the MSDN website under the title of "Managing Users by Using Membership".
Hope this helps you some with your requirement.