Forum | Appery.io

How do I do a query to return the user password?

If I use this code:

var XHRResponse = XHR.send("GET", "https://api.appery.io/rest/1/db/users", {
"headers": {
"X-Appery-Database-Id": DBID,
"X-Appery-Master-Key": MKey
},
"parameters": {
"where": '{"username":"' + username + '"}'
}
});
response.success(XHRResponse.body[0], "text/plain");

This code returns everything but not the password?
How can I solve this?

Hi Ray,

A password is stored encrypted. This is for personal data security reasons.

Hi Katya,

Then maybe you can help me with this:

How can I log a user on to the system ("Users" collection) after a user has authenticated with Facebook Connect ?

The reason I wanted to query the password, was after user authenticated with facebook, I can automatically log the user on with his email and password.

Any suggestions?

Thanks

Hi,

Unfortunately directly it can't be done now.

But you can create new user when login from facebook and link this user to goal user through the field with pointer type.

Hi Igor,

Thanks for your answer.
I'm not very sure what you mean in your answer. Would it be possible for you to give more detail? Maybe a short example?

Thank you.

or is there another way to get a "sessionToken" instead of doing a login through the "users" collection?

Hi Ray,

I will ask our developers is there other way to get the token without pass. It would be more preferable and easy. Please wait for our response.

About the way Igor told:

The workflow is following:
ol
liUser open Login page and login with Facebook or other external service./li

liClient code define an email (from Facebook) and send it to some server code./li

liThis server code search users collection for this email./li

liIf there is no item with this email server code will create it with predefined password (like masterkey known only to your server code)./li

liAfter, server code login with email and this predefined password and return the token for these separate user./li
/ol
That's all.

Hi Illya,

Thank you for your reply. I just want to comment on the workflow points:

This method is good when the email is new and I need to create the new user and password on the User collection, because technically I already have the username and password and therefore I can do the login and get the sessionToken.

But when the email already exists on the Users collection, I need a way to login the user to get the sessionToken without knowing the password.

Hi Ray,

You can save an entered password in localStorage, and use it the next time.

Hi,

Thanks for the reply. But the original question still remains unanswered...
Is there a way to obtain the "sessionToken" without knowing the user's password?