Using EE as a headless CMS - Handling authentication
Development and Programming
Hi all,
We are rebuilding an existing project built in EE 2.10 to use Node.js / Express.js as the front end and keeping EE as the backend. We have upgraded EE to v 6.x but most of our users were registered on the EE 2 site.
So EE will only be used for admins to log in and manage content / users but all website users will be served up content using Node / Express.
The issue we have right now is around registering new users via Node. The registration library in EE looks like it is using various encryption methods:
private $hash_algos = array(
128 => 'sha512',
64 => 'sha256',
40 => 'sha1',
32 => 'md5'
);
It’s not clear to me which we should be using to hash the user’s password and also not clear how the salting works.
Does anyone have insight into what EE is doing exactly when it registers a new user?
Thanks.
What you’ve touched on above is in regards to the encryption algorithm used to verify password authentication.
You mention using EE as a backend. The best way I have found going about this is to utilize actions.
Check the database table exp_actions for the action with the method “register_user” or something like that
You will the send a HTTP POST request with the new users info as the data. One of the data items should be ACT=#… where # is the corresponding action_id.
As for using actions in EE, I use PostMan to test the hand shake process. I would highly recommend using this resource if you plan to use EE as a back end like you mentioned.
There are a number of ways to control the response after a registered user is setup. I would recommend using an extension hook. This will allow total flexibility with you’re front end.
Let me know if you’d like me to more thoroughly explain this. There is more detail about this process than what I have touched on.