Redwood v0.36
adds two feature requests to dbAuth (see PR#3111):
- Ability to deny login to a user that would otherwise be able to log in (username and password match). A great example of this is a user that hasn’t verified their email address yet.
- Ability to skip auto-login after successful signup. Now you can return a message to the user instead, something like “Verify your email to finish signup”.
See the dbAuth Configuration docs for more info.
These are breaking changes. Follow the Upgrade Guide below.
1. New loginHandler()
By throwing an error with a message in the new loginHandler()
option, you can deny them access and show a message:
2. signupHandler()
Updates
If you return a user from this function then that user will be signed in.
If you return a string, they will NOT be logged in, and {message: "My text here"}
will be returned when you call the signUp()
function that you get from useAuth()
.
If you throw an error, {error: "Error message"}
will be returned from signUp()
.
Upgrade Guide for Breaking Changes
api/src/functions/auth.js
This will require that users who have implemented dbAuth since the last release add a loginHandler()
function in their api/src/functions/auth.js
setup.
A new instance of DbAuthHandler
is created and passed several options. loginHandler()
needs to be added to that list:
const authHandler = new DbAuthHandler(event, context, {
db: db,
authModelAccessor: 'user',
authFields: {
id: 'id',
username: 'email',
hashedPassword: 'hashedPassword',
salt: 'salt',
},
signupHandler: ({ username, hashedPassword, salt, userAttributes }) => {
return db.user.create({
data: {
email: username,
hashedPassword: hashedPassword,
salt: salt,
// name: userAttributes.name
},
})
},
loginExpires: 60 * 60 * 24 * 365 * 10,
// ********* ADD THIS FUNCTION ************
loginHandler: (user) => {
return user
},
})
No changes are necessary to signupHandler()
as this is NEW functionality and existing functionality (returning a user or throw an error) is preserved.
Login/Signup Components
The response from signUp()
is now an object with an error
key if there was an error, or a message
key if signupHandler()
returns a string. Previously, error messages were returned with a message
key only.
If a user is returned and logged in, an object is returned with an id
key containing the id
of the user.
Docs
Generated functions and components have updated comments explaining what to return in these functions in various circumstances. See this related Doc: Authentication | RedwoodJS Docs