问题
I’m creating a multi-user app where only the admin can add new users through an invitation. I looked at Passport but I don’t see a way to implement a kind of “invitation strategy” (similar to Devise in RoR); any ideas ?
回答1:
The Strategy is how you authenticate someone, where Invitations are about how users register. They're two different areas of concern in your app.
What I do is have the Invitation be created by the admin and so on, and when the user clicks on the link to their invitation the middleware isn't restricted by Passport, but I verify that the token is correct (hasn't expired, etc), and then direct them to a page where they can set their password.
Depending on the user experience I want, I normally have the invitation be an actual separate model from the User, so that there's no user model instance until the person accepts the invitation, but if you don't want the 'extra' object, you can always set the user password to some random string and then let them reset it as part of the registration.
来源:https://stackoverflow.com/questions/37142727/node-passport-invitation-strategy