Skip to content

Commit

Permalink
Update configuration docs
Browse files Browse the repository at this point in the history
  • Loading branch information
Morishiri committed Jul 16, 2022
1 parent f4e22ea commit b1854ea
Showing 1 changed file with 41 additions and 0 deletions.
41 changes: 41 additions & 0 deletions docs/docs/auth/dbauth.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,16 @@ If you'd rather create your own, you might want to start from the generated page

Almost all config for dbAuth lives in `api/src/functions/auth.js` in the object you give to the `DbAuthHandler` initialization. The comments above each key will explain what goes where. Here's an overview of the more important options:

### login.enabled

Allow users to call login. Defaults to true. Needs to be explicitly set to false to disable the flow.

```jsx
login: {
enabled: false
}
```

### login.handler()

If you want to do something other than immediately let a user log in if their username/password is correct, you can add additional logic in `login.handler()`. For example, if a user's credentials are correct, but they haven't verified their email address yet, you can throw an error in this function with the appropriate message and then display it to the user. If the login should proceed, simply return the user that was passed as the only argument to the function:
Expand All @@ -113,6 +123,16 @@ login: {
}
```

### signup.enabled

Allow users to sign up. Defaults to true. Needs to be explicitly set to false to disable the flow.

```jsx
signup: {
enabled: false
}
```

### signup.handler()

This function should contain the code needed to actually create a user in your database. You will receive a single argument which is an object with all of the fields necessary to create the user (`username`, `hashedPassword` and `salt`) as well as any additional fields you included in your signup form in an object called `userAttributes`:
Expand Down Expand Up @@ -157,6 +177,16 @@ const onSubmit = async (data) => {
}
```

### forgotPassword.enabled

Allow users to request a new password via a call to `forgotPassword`. Defaults to true. Needs to be explicitly set to false to disable the flow.
When disabling this flow you probably want to disable `resetPassword` as well.

```jsx
forgotPassword: {
enabled: false
}
```
### forgotPassword.handler()

This handler is invoked if a user is found with the username/email that they submitted on the Forgot Password page, and that user will be passed as an argument. Inside this function is where you'll send the user a link to reset their password—via an email is most common. The link will, by default, look like:
Expand All @@ -167,6 +197,17 @@ If you changed the path to the Reset Password page in your routes you'll need to

https://example.com/reset-password?resetKey=${user.resetKey}

### resetPassword.enabled

Allow users to reset their password via a code from a call to `forgotPassword`. Defaults to true. Needs to be explicitly set to false to disable the flow.
When disabling this flow you probably want to disable `forgotPassword` as well.

```jsx
resetPassword: {
enabled: false
}
```

### resetPassword.handler()

This handler is invoked after the password has been successfully changed in the database. Returning something truthy (like `return user`) will automatically log the user in after their password is changed. If you'd like to return them to the login page and make them log in manually, `return false` and redirect the user in the Reset Password page.
Expand Down

0 comments on commit b1854ea

Please sign in to comment.