Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for authenticating active users only #259

Closed
Mangatt opened this Issue Aug 2, 2016 · 5 comments

Comments

Projects
None yet
4 participants
@Mangatt
Copy link

Mangatt commented Aug 2, 2016

Hi,
I think it's not an uncommon scenario that user database contains both active and inactive users (=that can't login). It would be great that if authentication could allow only active users (like active=true in user database entry).

As far as I know, there is not easy way to do this now, right?

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 2, 2016

You can create hooks on either the auth/local or auth/token service that would allow you to control this, now.

@Mangatt

This comment has been minimized.

Copy link
Author

Mangatt commented Aug 2, 2016

Do you have any suggestion how to do that? I have tried to add param to hook, but without much success.

app.service('auth/local').before({
    all(hook){
        hook.data.active=false;
    }
});
@daffl

This comment has been minimized.

Copy link
Member

daffl commented Aug 4, 2016

I'd probably add a find hook to the users service:

app.service('users').before({
  find(hook) {
    hook.params.query.active = true;
  }
});

This will make sure that only active users are retrieved by feathers-authentication.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Aug 9, 2016

Again, the 0.8.0 version of feathers-auth will make it easier for you to add your own custom lookup functionality for users by hooking into it or simply extending the auth services.

@ekryski ekryski modified the milestone: 0.8 Aug 9, 2016

@ekryski ekryski modified the milestones: 0.8, 1.0 Nov 21, 2016

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Dec 30, 2016

This is now possible and much more flexible. You can simply extend the verifier for feathers-authentication-local (or any other provider) if you wish to query by some other factors. Additionally, you could still look up the user but reject with a custom error if the user is not "active".

@ekryski ekryski closed this Dec 30, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.