Change password encryption in GET users/login request with loopback

Question

I have to implement a strongloop API connected to an existing MySQL Database. I'm currently trying to create a model based on User, but I am kinda struggling with the loggin in request.

The problem is: the users in my DB already have a password, but the encryption isn't the same as the one used in loopback. Is there a way to change all password-linked requests in strongloop in order to use my encryption? And a little trickier: is there a way to chose the encryption based on a boolean value in my model (ie. I'm thinking about migrating all the passwords, but I have to make sure my users can still log in with their old and dirty encrypted password)

Thank you,

bjorge

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

Answer 1

I think you could, but it would be pretty painful to alter the built-ins to that degree. It would probably be better to inject new routes in a boot script, and conditionally use the helper functions on the built-in User model, e.g. User.verify(), User.confirm(), etc.

Something like this roughly:

module.exports = function (app) {
    //get User model from the express app
    var UserModel = app.models.User;

    //get your custom model
    var customModel = app.models.someCustomModel;

    app.post('/login', function (req, res) {        

        //parse user credentials from request body
        const userCredentials = {
            "username": req.body.username,
            "password": req.body.password
        }

        if (customModel.someBoolean == true) {
            //do your login stuff
        } else {
            UserModel.login(userCredentials, 'user', function (err, result) {           
                //handle response
            });     
        }

    });

}

Change password encryption in GET users/login request with loopback

Sign up