These are chat archives for waterlock/waterlock

30th
Nov 2015
Benedict Chen
@benedictchen
Nov 30 2015 06:56
hey guys, i have no idea how to use waterlock
i've set things up, i can login via /auth/login by sending a POST request
but the stuff it sends back is not what i expect
there is no JSON web token
and worse is that it sends back the password in the payload
{
"id": 3,
"createdAt": "2015-11-30T06:20:58.000Z",
"updatedAt": "2015-11-30T06:20:58.000Z",
"auth": {
"password": "$2a$10$3JqupjfQsnwinnAEuPHZwOm37TiBADabX2SGzpSWS9f6i1oVsC4de",
"email": "abc@abc.com",
"id": 1,
"createdAt": "2015-11-30T06:20:58.000Z",
"updatedAt": "2015-11-30T06:20:58.000Z",
"resetToken": null
}
}
{
  "id": 3,
  "createdAt": "2015-11-30T06:20:58.000Z",
  "updatedAt": "2015-11-30T06:20:58.000Z",
  "auth": {
    "password": "$2a$10$3JqupjfQsnwinnAEuPHZwOm37TiBADabX2SGzpSWS9f6i1oVsC4de",
    "email": "abc@abc.com",
    "id": 1,
    "createdAt": "2015-11-30T06:20:58.000Z",
    "updatedAt": "2015-11-30T06:20:58.000Z",
    "resetToken": null
  }
}
Register isn't much bettr
{
  "auth": {
    "user": 6,
    "password": "$2a$10$vY7R1cUMktsFHVvgXBHEvOB4IjEQZhwxyLl/DqJeW/m1KQUy8CQpW",
    "email": "ab123c@abc.com",
    "resetToken": null,
    "id": 4,
    "createdAt": "2015-11-30T06:58:50.000Z",
    "updatedAt": "2015-11-30T06:58:50.000Z"
  },
  "id": 6,
  "createdAt": "2015-11-30T06:58:50.000Z",
  "updatedAt": "2015-11-30T06:58:50.000Z"
}
@sunnypatel Yes, i just experienced that
you have to use some workaround i found on Stackoverflow
stick this in AuthController.js

 module.exports = waterlock.waterlocked({


  register: function(req, res) {
    var params = req.params.all();
    var def = waterlock.Auth.definition;
    var criteria = {};
    var scopeKey = def.email !== undefined ? 'email' : 'username';

    var attr = {
      password: params.password
    }
    attr[scopeKey] = params[scopeKey];
    criteria[scopeKey] = attr[scopeKey];
    waterlock.engine.findAuth(criteria, function(err, user) {
      if (user) {
        return res.badRequest({
          error: 'User already exists'
        });
      }
      else {
        waterlock.engine.findOrCreateAuth(criteria, attr, function(err, user) {
          if (err) {
            return res.badRequest(err);
          }
          delete user.password;
          return res.ok(user);
        });
      }
    });
  },

});
this stuff is so damned frustrating, thinking about just implementing authentication from scratch