-1

related to this: previous issue

I have this model defined:

var customer = mongoDev.createModel('customer',
{
    id: {
        type: String,
        id: true
    },
    firstName: String,
    lastName: String,
    badge: String,
    email: String
},
{
    strict: true,
    base: "User"
});

If I do nothing else, I get all the extra user endpoints I expected (login, logout, accessTokens, etc). However my result from a login gives me:

{
  "id": "ssOzK8EswH...",
  "ttl": 1209600,
  "created": "...",
  "userId": "53c6f5d4769ed..."
}

Seems like userId should be customerId. I have removed the user & accessToken models from models.json. So I don't even know where it's getting the relationship info, unless it's baked in somewhere. Anyway if I try to call /customer/53c6f5d4769ed... and supply the token in the header I get a 401. Technically the Id is correct, just wrong FK name.

I've tried things like 

var accessToken = mongoDev.createModel('accessToken',{},{base: "AccessToken"});
accessToken.belongsTo(customer, {as: 'customer', foreignKey: 'customerId'});

I think this changed the FK name for me, but I still got 401's when calling followup endpoints.

This is where I got on my own. So my question is actually this:

Using code-first and not using the 'user' model for my authN how do I wired up the accessToken (also code-first)? And the twist would be I would plan to have multiple authN models (i.e. customer, vendor, employee). So the real question is how do I wire this to allow each type of 'user' to get their own accessTokens???

Clear as mud?? ;-)

Community
  • 1
  • 1
huxley
  • 295
  • 1
  • 3
  • 13

2 Answers2

0

LoopBack ships base User and AccessToken models. They can be extended to customize the behaviors as you see from models.json. The models can then be referenced as app.models.user and app.models.accessToken. The userId is a foreign key from access token to user model and it can be renamed to 'customerId'.

To enforce ACLs using '$owner' role, the model instance needs to have a 'owner' or 'userId' property, or a 'belongsTo' relation to a subclass of the user model.

I suggest that you split the questions into smaller ones. Feel free to post to https://groups.google.com/forum/#!forum/loopbackjs.

Raymond Feng
  • 1,496
  • 9
  • 5
0

So I don't even know where it's getting the relationship info, unless it's baked in somewhere.

The relationship info is included in the User model. Since your customer is extending User, it will inherit the relations too.

I've tried things like

var accessToken = mongoDev.createModel('accessToken',{},{base: "AccessToken"}); accessToken.belongsTo(customer, {as: 'customer', foreignKey: 'customerId'});

AFAIK the foreign key has to be userId regardless of the name of your user model.

var accessToken = mongoDev.createModel('accessToken',{},{base: "AccessToken"});
accessToken.belongsTo(customer, {as: 'user', foreignKey: 'userId'});

When I tried to write a sample app to reproduce the problem, the app was forking fine for me (tested using memory and mongodb connectors).

var loopback = require('loopback');

var customer = loopback.createModel('customer',
{
    id: { type: String, id: true },
    firstName: String,
    lastName: String,
    badge: String,
    email: String
},
{
    strict: true,
    base: "User"
});

var app = loopback();

app.dataSource('db', {
 connector: 'mongodb' // or memory
});

app.model(loopback.AccessToken, { dataSource: 'db' });
app.model(customer, { dataSource: 'db' });

app.use('/api', loopback.rest());
app.use('/explorer', require('loopback-explorer')(app));
app.listen(3000, function() {
  console.log('Explore at http://localhost:3000/explorer');
});

Module versions:

loopback@1.10.0
loopback-datasource-juggler@1.7.1
loopback-connector-mongodb@1.4.1

Using code-first and not using the 'user' model for my authN how do I wired up the accessToken (also code-first)?

See the example above.

And the twist would be I would plan to have multiple authN models (i.e. customer, vendor, employee). So the real question is how do I wire this to allow each type of 'user' to get their own accessTokens???

I don't think LoopBack supports that now, please open a github issue requesting such feature.

Miroslav Bajtoš
  • 9,924
  • 1
  • 36
  • 91