-
-
Save gr2m/5463426 to your computer and use it in GitHub Desktop.
| // sign up | |
| account.signUp('[email protected]', 'secret'); | |
| // sign in | |
| account.signIn('[email protected]', 'secret'); | |
| // sign in via oauth | |
| account.signInWith('twitter'); | |
| // sign out | |
| account.signOut(); | |
| // change password | |
| account.changePassword('currentpassword', 'newpassword'); | |
| // change username | |
| account.changeUsername('currentpassword', 'newusername'); | |
| // reset password | |
| account.resetPassword('[email protected]'); | |
| // destroy account and all its data | |
| account.destroy('currentpassword'); | |
| // all methods could alternatively accept a parameter hash | |
| // that would also allow for additional user info | |
| account.signUp({ | |
| username: 'joe2000', | |
| password: 'secret', | |
| birthday: '1984-05-09', | |
| email: '[email protected]' | |
| }); | |
| // that would also allow for a general change method, | |
| // that changeUsername or changePassword would simply | |
| // be shortcuts for | |
| account.change({ | |
| birthday: '1984-05-09', | |
| }); | |
| account.change({ | |
| username: 'joe3000', | |
| password: 'secret' | |
| }); |
// To verify if a user is sign in
account.isSignIn('[email protected]');
this is awesome, lots of great ideas! I also thought about passing an object with {username, password} instead of two separate parameters to signIn for example.
I'm not sure if I'd merge signIn and signUp into one function. One reason that comes to my mind immediately: what if I just typed the username wrong? Would it create a new account right away?
that's a great idea, the parameter could be optional to check:
// user is signed in
account.isSignedIn()
// user is signed in as [email protected]
account.isSignedIn('[email protected]')is there any way to enable notifications on gists commets / forks?
I've never understood the reason to use 'username' instead of just 'email' and 'password'.
Leaving out email is looking for trouble, as there is no way to recover forgotten password without it.
Surprisingly, many sites and apps out there still leave the email optional.
And if 'email' is asked, forcing the user to come up with 'username' is unnecessary burden.
It is painful to make up when many usernames are already taken.
Then it is painful to remember. And then it is impossible to recover without email.
So basically 'usernames' are useless.
Did I miss anything?
Restrictions for usernames, e.g. only valid emails, is app specific. So in your case, signUp("joe", "secret") should fail with an error message, that "joe" is not a valid email address.
The actual API should not be affected by that.
This stuff still seems to be thinking about the backend too much. In a nobackend system that I'm playing with in my spare time, I just delegate all of that to Mozilla persona. As a developer I don't want to care about signup. The developer code gets given the persona validated email address of the person signing in, and the hash of it (in case they want to send it to other users for displaying gravatars).
So the code I want to write is something like .login() / .logout() and .onLogin=.onLogout= . I really don't care about 'signup'.
Actually Clojure on Coils already lets front end only developers write full backend code securely without having to code the backend:
https://github.com/zubairq/coils
: see here for an actaul source file to see the login functionality calling SQL statements:
https://github.com/zubairq/coils/blob/master/src/webapp/client/views/loginpanel.cljs
With all the security breaches around I'd rather not maintain another set of username/passwords. How would it work when I want to use Facebook/Twitter/OAuth/SAML for signup/login?
var provider = 'twitter' // can be what ever the backend supports, like 'google', 'facebook', etc
account.signInWith(provider);It's already in the code above.
what about:
account.attr = 'something'
Instead of change method? Breaks the order? I.e because account is a namespace for account functions?
Great ideas!
Hi!
I've created the signUp(email, password) function using Firebase.
You can see it in action here (and edit the code obviously): http://codepen.io/rezozo/pen/jEbQEL
-- Jonathan
How to add capcha support?
WOW! This is amazing!
var u = new User(); // the User Class (ValueObject) can be reused for anything else
u.username ="joe2000";
u.password = "secret";
u.birthday = "1984-05-09";
u.email = "[email protected]"
Users.signUp(u);
And this all with full IntelliSense:
you just have to type u.
then hit ctrl+space
and the IDE shows you all possible values and you just have to choose them!
That way you can create your Objects and leave them alone.
You no longer have to remember any variable.
instead of a JSON Object where yopu have to remember or lookup possible object variables:
account.signUp({
username: 'joe2000',
password: 'secret',
birthday: '1984-05-09',
email: '[email protected]'
});
something like u = User().email('[email protected]').password('').sudo() could give me a window.user and if pass is wrong, just send an email that allows to sign in once, or change password + autosignin in the other window. Omittting .password() would make the signin code attempt to use whatever browser or other APIs available and fallback to the email-as-login approach. If browser has multiple possibilities like Persona, Oauths, SQRL, then a stored cookie is used to record stats on how succesful the approaches have been, to avoid begging for Facebook Oauth from someone who never used it before, but show it immediately to one who exclusively prefers it.
This is pretty awesome. Might incorporate this in my next project!