node.jskuzzle

How to attach extra data to user (for password reset) with Kuzzle


I want to make a reset password feature on a Kuzzle stack but I don't know where to put extra data (like a token for reset password) in the user document.

Furthermore, the user should not be able to change the data itself.

Should I use security.updateUser endpoint and prevent user access with a hook or a pipe ?


Solution

  • Yes you can use the security.updateUser endpoint to add extra data to your user.

    What you can do to prevent the user itself to change his data is either create a role which forbid access to the controller security and action updateUser (see https://docs.kuzzle.io/guide/1/essentials/security) or make a pipe plugin on before:updateUser which will remove the extra data from the query if present (see https://docs.kuzzle.io/plugins/1/essentials/pipes)

    Full disclosure: I work at Kuzzle