-1

I'm using loopback and having model name BaseUser. I want to update user password only if user enters correct old password. But in the baseUser object their is no property for password so I can't match them. How can I match the user password.

please guide me into this.

Sparsh Pipley
  • 301
  • 7
  • 22
  • Why do you need to show the password at all? It's not secure. Moreover, passwords are usually stored as a hash, so you can't get the real password out of it – Vsevolod Goloviznin Sep 10 '15 at 07:08
  • @VsevolodGoloviznin I want to update password only if user enters the correct old password. So i don't to display it but want to compare the password is their any way? – Sparsh Pipley Sep 10 '15 at 07:12
  • 2
    The framework should support changing the password server-side. Keeping the password or even it's hash in the front-end is not secure. You can make an ajax call to your backend to check if the old password is correct – Vsevolod Goloviznin Sep 10 '15 at 07:13
  • @VsevolodGoloviznin that's what i'm asking how to match password in loopback.io framework i wont display it on front end. Any idea?? – Sparsh Pipley Sep 10 '15 at 07:15
  • @VsevolodGoloviznin i've already gone thru the doc.where i can compare the old password enter by user. – Sparsh Pipley Sep 10 '15 at 07:23
  • So, what the problem then? – Vsevolod Goloviznin Sep 10 '15 at 07:27
  • @VsevolodGoloviznin sorry i made a typing mistake i want to wright "i've already gone thru the doc.where i can compare the old password enter by user". – Sparsh Pipley Sep 10 '15 at 08:19

1 Answers1

1

As the documentation says:

  1. Create a form to gather password reset info
  2. Create an endpoint to handle the password reset request. Calling User.resetPassword ultimately emits a resetPasswordRequest event and creates a temporary access token
  3. Register an event handler for the resetPasswordRequest that sends an email to the registered user. In our example, we provide a URL that redirects the user to a password reset page authenticated with a temporary access token
  4. Create a password reset form for the user to enter and confirm their new password
  5. Create an endpoint to process the password reset
Vsevolod Goloviznin
  • 11,256
  • 1
  • 39
  • 47