javascript - 密码在激活邮件中

Question

是否可以将用户密码放入激活电子邮件中？

我有一个电子邮件模板，我想输入密码，以便用户知道初始密码。

但是密码属性是直接散列的并且不以明文形式提供，因此我可以将其放入电子邮件中。我也不想拥有额外的属性(property)，例如清除密码，然后将存储在数据库中(即使可能是很短的时间)。我搜索了 transient 属性，但目前似乎不可能。

有什么提示可以帮助我归档包含初始密码的激活电子邮件吗？

Answer 1

对于某人来说，我所做的就是如何解决同样的问题:

首先，为了能够创建没有密码的用户，我在保存用户之前生成了一个用户。

User.observe('before save', function(ctx, next) {
    var model = (ctx.instance) ? ctx.instance : ctx.data;

    if (!model.password) {
        //generate short random password
        model.password = Math.random().toString(36).slice(-8);
    }

    next();
});

然后我实现了自己的方法来激活用户:

/**
 * 
 * Activates the user account and sets the new password.
 * 
 */
User.activate = function(credentials, cb) {
    //check if email and token was provided
    if (!credentials.email || !credentials.verificationToken) {
         var crednetialsErr = "Email or token are invalid. Please check your inputs.";
         return cb(crednetialsErr, false);
    }

    //find the user with the given informations
    User.findOne({
        where: {
            and: [
                {email: credentials.email},
                {verificationToken: credentials.verificationToken}
            ] 
        } 
    }, function(err, user) {
        if (err) {
            //error occured while find the user object
            return cb(err, false);
        }

        if (!user) {
            //no user was found
            var crednetialsErr = "Email or verificationToken are invalid. Please check your inputs.";
            return cb(crednetialsErr, false);
        }

        //set the new password
        user.password = credentials.password;

        user.save(function(err, user) {
            var redirectUrl = '/';

            if (err) {
                cb(err, false);
            }

            //confirms the user account and activates it
            User.confirm(user.id, credentials.verificationToken, redirectUrl, function(err) {
                cb(err, true);
            });
        });
    });
};


/**
 * 
 * Description of the new activate remote function.
 * 
 */
User.remoteMethod(
    'activate', 
    {
      description: 'Activates the user and sets the given password',
      accepts: [
          {
              arg: 'credentials',
              type: 'object',
              required: true,
              http: {
                  source: 'body'
              },
              description: 'Must contains \'email\',\'verificationToken\' and \'password\' key.'
          },
      ],
      returns: {arg: "success", type: 'bool'},
      http: {
          verb: "post" 
      }
    }
);