loopbackjs

I'm working on a project that uses Loopback as a framework, and includes users and authentication. I added a password reset route generated and sent in an email, and everything seemed to be working correctly. Recently, I discovered that the password reset does not appear to be working. The process for resetting the password here is: Call password reset method for user Send email from reset event, including user ID and access token From reset link, set $http.defaults.headers.common.authorization to the passed token Call user.prototype$updateAttributes (generated by lb-ng) to update password

I'm reading Access control concepts of Loopback ( https://docs.strongloop.com/display/public/LB/Authentication%2C+authorization%2C+and+permissions ) and I don't understand how happened that Principal is not a model, but Role , RoleMapping , ACL are models with a full set of REST API methods and are listed in model-config.json ? When I tried to include Principal in model-config.json along with Role , RoleMapping and ACL I got error: "ACL": { "dataSource": "db", "public": false }, "RoleMapping": { "dataSource": "db", "public": false }, "Role": { "dataSource": "db", "public": false }, "Principal"

Im trying to list all the Users in my loopback 2.0 app using the REST API and I'm getting the following error: { "error": { "name": "Error", "status": 401, "message": "Authorization Required", "statusCode": 401, "stack": "...." } } I manually added the ACL to the model-config.json file: "User": { "dataSource": "db", "acls": [ { "principalType": "ROLE", "principalId": "$everyone", "permission": "ALLOW", "accessType": "*" } ] }, Since that failed, I created a model based on the User built-in model: { "name": "Admin", "base": "User", "properties": {}, "validations": [], "relations": {}, "acls": [

I'm unable to connect to Keycloak from Loopback. I've been trying to use the keycloak-connect lib: https://github.com/keycloak/keycloak-nodejs-connect This is my current server/boot/root.js module.exports = function (server) { var session = require('express-session'); var Keycloak = require('keycloak-connect'); var memoryStore = new session.MemoryStore(); var keycloak = new Keycloak({ store: memoryStore }); server.use(session({ secret: 'xxx', resave: false, saveUninitialized: true, store: memoryStore, })) server.use(keycloak.middleware({})); server.get('/*', keycloak.protect(), function (req,

I am looking for example where I can call loopback's custom method from Android. To explain more, lets say I have a method on server side with name "greet(name)" that will greet someone. I want to invoke that from Android. Any example, or link is ok. Thanks in advance. Jahid In the examples below, I'll assume your model is called Greeter and the static method Greeter.greet is invoked via GET /greeters/greet?name=Alex . First of all, you need to describe the REST mapping of your method. Then you can call the method using invokeMethod . public class GreeterRepository extends ModelRepository

We've been trying to implement ACID transactions in Loopback without success. The only examples in the documentation use the 'create' method.We've tried completely overriding the events as well as multiple variations of Operation Hooks. We have only been able to get the create example to work. Core Requirement : We need to be able to start a transaction in the create and update methods for a specific model and then update multiple tables in the transaction (either using Loopback's ORM functions or directly with SQL) with the ability to commit or rollback based on business rules. For example ,

I have a problem I can't find an answer to in Loopback's docs. Say I have a model Company and a model Employee . There is an 1Xn relation between the Company and its Employees . When /api/Employees is called, server returns all the employees. I only want to return the list of employees who are in the same company with the user requesting the list. For this, I created a remote hook Employee.beforeRemote('find', function(context, modelInstance, next) { var reject = function() { process.nextTick(function() { next(null, false); }); }; // do not allow anonymous users var userId = context.req