Auth session add constraint (v4.1)

[Mzzay]

Hi, is it possible to add constraint on authentication ?

I want to log the user just if he has a specific value in db.

Something like this :
session: { serializer: 'lucid', model: 'App/Models/User', scheme: 'session', uid: 'email', password: 'password', typeId: 'typel_id' },

and use like this :
await auth.attempt(email, password,typeId)

Thanks for help.

[thetutlage]

Well, you can fetch the user yourself and then use auth.login method. For example:

const user = await User
  .query()
  .where('email', email)
  .where('other', 'constraints')
  .firstOrFail()


const isValid = await Hash.verify(user.password, password)
if(isValid) {
  await auth.login(user)
}

[Mzzay]

it's the default user model:

class User extends Model {
  static boot () {
    super.boot()

    /**
     * A hook to hash the user password before saving
     * it to the database.
     */
    this.addHook('beforeSave', async (userInstance) => {
      if (userInstance.dirty.password) {
        userInstance.password = await Hash.make(userInstance.password)
      }
    })
  }

  /**
   * A relationship on tokens is required for auth to
   * work. Since features like `refreshTokens` or
   * `rememberToken` will be saved inside the
   * tokens table.
   *
   * @method tokens
   *
   * @return {Object}
   */
  tokens () {
    return this.hasMany('App/Models/Token')
  }
}

[Mzzay]

If I log user I have this :

User {
  __setters__: [
    '$attributes',
    '$persisted',
    'primaryKeyValue',
    '$originalAttributes',
    '$relations',
    '$sideLoaded',
    '$parent',
    '$frozen',
    '$visible',
    '$hidden'
  ],
  '$attributes': {
    ..... 
  },
  '$persisted': true,
  '$originalAttributes': {
    ....
  },
  '$relations': {},
  '$sideLoaded': {},
  '$parent': null,
  '$frozen': false,
  '$visible': undefined,
  '$hidden': undefined
}

[thetutlage]

Ahh you are using v4. I thought you are on v5.

Still the user.password shouldn't be undefined. Can you share the actual code you are running? Or better share a sample repo to reproduce the issue.

Also in v4 the hash arguments are swapped. So it should be

await Hash.verify(password, user.password)

[Mzzay]

yes I'm on v4, sorry.
But yes user.password still undefined.
I log user before

[Mzzay]

Ok, it's working but I need to use user.$attributes.password