Hello,I am playing with the Loopback User Management example, and I noticed that the example has one issue.There is a /login route which takes care of the login mechanism:app.post('/login', function(req, res) { User.login({ email: req.body.email, password: req.body.password }, 'user', function(err, token) { if (err) { if(err.details && err.code === 'LOGIN_FAILED_EMAIL_NOT_VERIFIED'){ res.render('reponseToTriggerEmail', { title: 'Login failed', content: err, redirectToEmail: '/api/users/'+ err.details.userId + '/verify', redirectTo: '/', redirectToLinkText: 'Click here', userId: err.details.userId }); } else { res.render('response', { title: 'Login failed. Wrong username or password', content: err, redirectTo: '/', redirectToLinkText: 'Please login again', }); } return; } res.render('home', { email: req.body.email, accessToken: token.id, redirectUrl: '/api/users/change-password?access_token=' + token.id }); }); }); The issue here is once login occurs, you are still at the /login route, so if you refresh, you effectively login again and generate a new token.In order to get around this, I thought of adding an afterRemote but for some reason, that never gets triggered:user.afterRemote('login', function(context, user, next) { context.res.render('response', { redirectTo: '/settings', redirectToLinkText: 'Settings' }); }); Any ideas? Should I be going about this differently? Ultimately, I don't wan't a refresh of the page to generate new tokens.
Submitted January 29, 2018 at 02:36PM by explicitspirit
No comments:
Post a Comment