Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overriding validation #879

Closed
diasalvatore opened this issue Nov 28, 2014 · 9 comments
Closed

Overriding validation #879

diasalvatore opened this issue Nov 28, 2014 · 9 comments

Comments

@diasalvatore
Copy link

I have a class MyUser which extends built-in User.
How can I remove default validation (like the one on email and password)?
@Spark-star
Copy link

I have the same question.
I have resolved it by setting default value in beforecreate hook.

2014-11-28 16:46 GMT+08:00 Salvatore notifications@github.com:

I have a class MyUser which extends built-in User.
How can I remove default validation (like the one on email and password)?


Reply to this email directly or view it on GitHub
#879.

@diasalvatore
Copy link
Author

Ok, it could be a workaround for the password, but what about email uniqueness? I would allow multiple accounts with same email.

@bajtos
Copy link
Member

bajtos commented Dec 4, 2014

It is not possible to drop the uniqueness constraint on User email. User.login supports both username and email, and if email was not unique, it would not be possible to tell which user is logging in.

@bajtos bajtos closed this as completed Dec 4, 2014
@bajtos bajtos added the question label Dec 4, 2014
@slgoldberg
Copy link

But @bajtos , the mere fact that User.login supports both methods implies there are two use-cases it handles: one is where username is unique, and the other is where email is unique. It should be straightforward to choose which use-case you want, and be assured of the semantics only in that one.

So, can I really not override the uniqueness of email if I never log my users in using email? My derived model (e.g. MyUser) would not offer an email-based login, only realm + username.

Please can you confirm that it's still true there's no solution for me? It's really hard to believe I would have to build my own User class from the ground up just to do what otherwise seems very straightforward override behavior.

(And before you ask -- of course it makes sense to have multiple or even no email addresses associated with User. There are many examples, among them: (1) migrating accounts from an old system where username was unique and not email address, and (2) using the passport plugin to link users' accounts to other services, i.e. where there is no email-based login provided at all.)

Email as pseudo-primary key to login is mostly a thing of the past. It would actually be smart to consider dropping email altogether in the User model and if people want to add a relationship between Users and emails, let them add it in themselves in their derived model. I will never use any of Loopback's built-in User email confirmation dialog, for example -- again, because I won't require email at all in many cases.

So for my use-case, am I forced to either build my own User model from the ground up, or to finagle fake email addresses that are unique just to satisfy this constraint?

Am I really in the minority wanting this functionality?

Thanks.

Steve

@slgoldberg
Copy link

Ah hah -- man, sometimes it's really hard piecing together what's what from a Google search given how active development is on this (though, that's a good thing of course).

Anyway, I think I figured out that in fact you do correctly support this dichotomy of uses in the current implementation of the built-in User model (as of 2016, anyway). I see in the code, all I needed to do was add "realmRequired": true to the options object in my derived user model, e.g.:

{
  "name": "MyUser",
  "base": "User",
  "idInjection": true,
  "options": {
    "validateUpsert": true,
    "realmRequired": true
  },
 ...
}

With realmRequired: true, email is not required to be unique. Excellent!

So that's pretty much just what I needed in my case (I am fine requiring realm, as I said above, it makes total sense that realm+username would replace email as the primary-ish key.

Thanks a lot -- I'm good to go. Though as usual, maybe there's something I can do to help improve the docs, will look at it again later and update this if so with proposed improvement (or not :-) ).

Steve

@pulkitsinghal
Copy link

How can I remove default validation (like the one on email and password)?

In the sample below, I remove everything from the custom MyModel which extends User:

  1. the validations on username and email are removed
  2. the password field is removed
  3. the username and email fields are removed
{
  "name": "MyModel",
  "base": "User",
  "properties": {
    "email": false,
    "username": false,
    "password": false
  }
}
...
module.exports = function(MyModel) {
  MyModel.disableRemoteMethod("login", true);
  MyModel.disableRemoteMethod("logout", true);
  MyModel.on('dataSourceAttached', function() {
    console.log('MyModel', 'on.dataSourceAttached()');
    delete MyModel.validations.email; //delete MyModel.app.models.User.validations.email;
    delete MyModel.validations.username; //delete MyModel.app.models.User.validations.username;
  });
};

Some ideas came from: issue #1137

How can this be helpful? Well what if you're trying to experiment with a multi-tenant setup where MyModel is actually OrgModel? It may help.

@buzai
Copy link

buzai commented Jul 29, 2016

In your built-in user model inside, a lot of places to use the mailbox this thing, so can not simply delete this thing. Delete will influence to reset the password, and even affect the secret key generation, I think we should provide an optional project, configuration into the phone number or e-mail address, user name is to make configuration options for unique personality, but need to choose a as a unique ID.
Of course, if you replace the mailbox with a phone number, a lot of places need to change, first of all, you may not need to change the token, but the certification section has to make a lot of changes.

@pulkitsinghal
Copy link

In your built-in user model inside, a lot of places to use the mailbox this thing, so can not simply delete this thing. Delete will influence to reset the password, and even affect the secret key generation, I think we should provide an optional project, configuration into the phone number or e-mail address, user name is to make configuration options for unique personality, but need to choose a as a unique ID.
Of course, if you replace the mailbox with a phone number, a lot of places need to change, first of all, you may not need to change the token, but the certification section has to make a lot of changes.

In my example code in my previous comment, I am not changing the built-in user model, I'm changing MyModel which inherited from user model. So no harm done, I hope you agree @buzai? Unless I'm nuking a shared prototype unknowingly? Let me know.

@buzai
Copy link

buzai commented Aug 1, 2016

@pulkitsinghal , I'm not saying you destroy something, I think if you do not use it's own mailbox, then how to generate the user's token it, then you have to write your own method of generating token, there is a lot of built-in methods you can not use the fact, I think if we do so, not as a direct write a model, rather than inherited user. I look at the code inside the user's login and also implements several methods to create a similar, but those methods and mailbox properties coupled together.

@flam312 flam312 mentioned this issue Aug 15, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@diasalvatore @pulkitsinghal @bajtos @slgoldberg @Spark-star @buzai