The accounts module manages user accounts on the Weble IoT Universal Gateway: creation, listing, modification, deletion, password management, and authentication.
Load it with:
peer('supervision').require('accounts', function(err, accounts){
// accounts.getAccounts(...), accounts.insertAccount(...), accounts.authenticate(...)
})
All methods return secured account objects — sensitive fields like password and salt are stripped before being sent over the wire.
getAccounts(callback)Return all configured user accounts as an array.
accounts.getAccounts(function(err, list){
list.forEach(function(a){
console.log(a.id, a.username, a.administrator ? 'admin' : 'user')
})
})
getAccountById(id, callback)Return a single account by id.
insertAccount(account, callback)Create a new account. Pass an object or an array of objects to insert several at once.
accounts.insertAccount({
id : 'jdoe',
username : 'jdoe',
password : 'initialPassword!',
name : 'Jane Doe',
administrator : false,
defaultVisu : '/dashboards/main'
}, function(err, created){
if(err) return console.error(err)
console.log('created', created.id)
})
Required fields: username, password. Common optional fields:
| Field | Description |
|---|---|
id |
Account identifier (defaults to a generated value if omitted) |
name |
Display name |
administrator |
true for admin accounts (full access) |
defaultVisu |
Comma-separated list of view paths to load on login |
allowDeviceLogin |
Allow login via device UUID instead of password |
salt |
Per-account password salt (auto-generated by updateAccountPassword) |
updateAccount(account, callback)Modify an existing account. Pass an object containing the id and the fields to update — only those fields are touched.
accounts.updateAccount({
id : 'jdoe',
name : 'Jane M. Doe'
}, function(err, updated){
if(err) console.error(err)
})
Pass an array to update several accounts at once.
updateAccountPassword(obj, callback)Change an account's password. The password is hashed and a fresh salt is generated.
accounts.updateAccountPassword({
id : 'jdoe',
password : 'newSecretPassword!'
}, function(err){
if(err) console.error(err)
})
deleteAccount(arr, callback)Permanently remove one or several accounts. Pass an id, an account object, or an array of ids/objects.
accounts.deleteAccount('jdoe', function(err, removed){
if(err) console.error(err)
})
authenticate(username, password, dynamicSalt, callback)Verify credentials against the account store. The callback returns the account object on success or 'UNKNOWN_ACCOUNT' on failure.
accounts.authenticate('jdoe', md5('secret'), null, function(err, account){
if(err) return console.error('login failed:', err)
console.log('logged in as', account.username, '(admin:', account.administrator + ')')
})
The function accepts the password in several forms transparently — plain, MD5-hashed, or salted with a dynamicSalt. This is the same primitive used internally by POST /auth.
getAccountSalt(username, callback)Return the static salt of an account by username — used by clients that want to pre-hash a password before sending it.
mustChangePassword(id, callback)Returns whether the given account is flagged for a forced password change at the next login.
If an account has allowDeviceLogin: true, mobile devices can authenticate by registering their UUID with the account. The system then accepts the UUID as a substitute for the password — useful for paired mobile apps that should not have to store the user's password.
setAccountDevice(id, device, callback)Register a device for an account. The device object must contain at least a uuid field.
accounts.setAccountDevice('jdoe', {
uuid : 'a1b2c3d4-...',
name : "Jane's iPhone"
}, function(err){
if(err) console.error(err)
})
Calling setAccountDevice for the same UUID on a different account moves the device — a UUID can only be paired with one account at a time.
| Event | Arguments | Description |
|---|---|---|
account inserted |
(account) |
New account created |
account updated |
(account) |
Account modified |
account <id> updated |
(account) |
Specific account modified |
account removed |
(account) |
Account deleted |
account <id> removed |
(account) |
Specific account deleted |
initialized |
none | Account store finished loading at startup |
var users = ['alice', 'bob', 'carol'].map(function(name){
return {
id : name,
username : name,
password : 'TempPass!42',
administrator : false
}
})
accounts.insertAccount(users, function(err){
if(err) console.error(err)
else console.log('created', users.length, 'accounts')
})
accounts.getAccounts(function(err, list){
var nonAdmins = list.filter(function(a){ return !a.administrator })
accounts.updateAccount(nonAdmins.map(function(a){
return { id: a.id, mustChangePassword: true }
}), function(err){
if(err) console.error(err)
})
})