Merge pull request #181 from thevahidal/180_allow_optional_fields_use…

…rs_table 180 allow optional fields users table
thevahidal · Apr 23, 2024 · 01a4948 · 01a4948
2 parents dbfee1e + 98d42d5
commit 01a4948
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 5 deletions.
diff --git a/docs/auth.md b/docs/auth.md
@@ -2,7 +2,7 @@
 
 Soul incorporates a robust user authentication system that handles user accounts, groups, permissions, and cookie-based user sessions. This section provides an overview of how the default implementation works.
 
-Authentication is switched off by default in Soul, but is enabled when either of the `-a` or  `--auth` flags are provided at the command line.
+Authentication is switched off by default in Soul, but is enabled when either of the `-a` or `--auth` flags are provided at the command line.
 
 ### Overview
 
@@ -132,4 +132,6 @@ Note that you need to be logged in using a user with a role that has creating us
 
 Additionally, it's important to note that the `/api/tables/_users/rows/` endpoint functions slightly differently compared to other `/api/tables/<table_name>/rows/` endpoints. When creating or updating user data through this endpoint, we need to provide the raw passwords, which are then automatically hashed before being stored in the `_hashed_password` field. This extra step enhances the security of the stored passwords.
 
+When creating a user, the required fields are `username` and `password`. However, you also have the flexibility to include additional optional fields. To do this, you will need to modify the schema of the `_users` table in your database using a suitable database editor GUI tool. Simply add the desired field(s) to the database schema for the `_users` table. Once the schema is updated, you can pass the optional field(s) from your client application during user creation.
+
 Furthermore, when retrieving user data, the endpoint automatically filters out sensitive information such as the `_hashed_password` and `_salt` fields. This precautionary measure is in place to address security concerns and ensure that only necessary and non-sensitive information is included in the returned results.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "soul-cli",
-  "version": "0.7.4",
+  "version": "0.7.5",
   "description": "A SQLite REST and Realtime server",
   "main": "src/server.js",
   "bin": {

diff --git a/src/controllers/auth/user.js b/src/controllers/auth/user.js
@@ -92,7 +92,7 @@ const registerUser = async (req, res) => {
     }
   */
 
-  const { username, password } = req.body.fields;
+  const { username, password, ...optionalFields } = req.body.fields;
 
   try {
     if (!username) {
@@ -156,6 +156,7 @@ const registerUser = async (req, res) => {
         salt,
         hashed_password: hashedPassword,
         is_superuser: 'false',
+        ...optionalFields,
       },
     });