Skip to content

Users API

Provides methods to build a custom user registration flow on the server-side that integrates with the Coronium Core user system, as well as, advanced user queries. You can also use OAuth client IDs as user identifiers via the OAuth API.

Advanced Usage

These methods are for advanced use cases. In general you should use the client-side Users module for your user management.

register

Registers a new user into the Coronium user system. This method marks a "join" event for statistical purposes.

The user is automatically marked as confirmed and active. Email confirmations are not supported through this method. See the client-side Users module instead if you need email confirmations.

Users created using the server-side register method are not able to log in using the client-side login method. You must create a custom server-side API method and log the user in using the server-side login method. See the login method below.

core.users.register(username, password, scope, meta)

Parameters

Name Description Type Required
username An optional display name for the user. To create an anonymous user pass nil to this parameter, and a generic name will automatically be created. String or Nil Y
password An optional password for the user. To create a user without a password, pass nil to this parameter. Anonymous users cannot have passwords, so if you pass nil for the username, you must pass nil here as well. String or Nil Y
scope The application scope this user should belong to. To get the current client application scope see the Input section of the API module, or supply your own. String Y
meta Addtional information for the user registration (see Meta Keys below). Table N

Important

String values are automatically run through mysql.escape. Do not double-escape values.

Passwords

Supply the password as plain text. It will be hashed before being added to the user record.

Meta Keys

The following keys are currently supported in the meta table:

  • email (string)
  • group (string)
  • extra (table)
  • login (boolean)

The login key, when set to true, will mark a "login" in addition to a "join" event when the user is created. The default is false. This can be helpful when conditionally creating new users. See also login.

The extra key is a key/value based table that you can use to store additional custom data to the user record. The extra table can only contain String, Number, and Boolean data types.

The full meta table structure looks like:

--meta table
{
  email = "me@home.com",
  group = "cadets",
  extra = {
    color = "Blue",
    age = 24,
    winner = true
  },
  login = true
}

Anonymous Users

If you create an anonymous user (see examples below), you must add an OAuth provider using addAuthProvider to be able to log the user in.

Returns

The newly created users unique ID as a string, or nil, error, and error code.

Example

--Custom server-side API (main.lua)
local api = core.api()

--api methods have an additonal argument
--called `scope` that contains the 
--scope for the current client call.
function api.registerUser(input, scope)

  -- Example 1
  -- Create an anonymous user. You must add an OAuth provider
  -- to be able to log this user in.
  local user_id, err, code = core.users.register(nil, nil, scope)

  --== Add an OAuth provider here with the returned user_id.

  -- Example 2
  -- Create an anonymous user, with email and group. You must add an OAuth provider
  -- to be able to log this user in.
  local user_id, err, code = core.users.register(nil, nil, scope, {
    group = "cadets",
    email = "me@home.com"
  })

  --== Add an OAuth provider here with the returned user_id.

  -- Example 3
  -- Create a named user, no password.
  local user_id, err, code = core.users.register("Donna", nil, scope)

  -- Example 4
  -- Create a named user with password.
  local user_id, err, code = core.users.register("Donna", "mypass123", scope)

  -- Example 5
  -- Create a named user, with email and extra.
  local user_id, err, code = core.users.register("Billy", nil, scope, {
    email = "me@home.com",
    extra = {
      color = "Green",
      age = 36
    }
  })

  -- Example 6
  -- Create an named user in a different scope, with extra.
  local user_id, err, code = core.users.register("Bob", nil, "Space Race", {
    extra = {
      likes_pizza = true
    }
  })

  -- Handle any errors by logging
  if not user_id then
    core.log(err)
  end

  --OR

  --Pass the err and code downstream
  if not user_id then
    return core.error(err, code)
  end

  --Return something on success
  return true

end

return api

Errors Codes

The Users module methods return a string error as well as a error "status" code. You can use these codes to adjust your application logic. A listing of current error codes can be found in the Status Codes section. The codes are generally more helpful on the client-side.

Linking OAuth Providers

See the OAuth API to learn how to associate your Coronium users OAuth providers.

login

Login a user with a username (with or without password), user_id, or OAuth client_id. This method marks a "login" event for statistical purposes.

core.users.login(login_type)

Parameters

Name Description Type Required
login_type A key/value table. See example below. Table Y

Important

String values are automatically run through mysql.escape. Do not double-escape values.

Returns

A user record as a table, or nil, error and error code.

Example

-- By username and password
local user, err, code = core.users.login({
  username='Timmy', 
  password = 'pass1234',
  scope='Fun Run'
})

-- By username
local user, err, code = core.users.login({
  username='Timmy', 
  scope='Fun Run'
})

--By OAuth ID
local user, err, code = core.users.login({
  provider = core.FACEBOOK,
  client_id="fb_id-1234", 
  scope='Space Race'
})

--By User ID
local user, err, code = core.users.login({
  user_id="aad3eba3-9c9c-9a1b-f236de1e3752"
})

update

Update a user in the Coronium user system. If you do not have a user_id, first use the users.getWithQuery method to get one.

core.users.update(user_id, update_params)

Updating OAuth

To update OAuth provider information for a user see the updateAuthProvider method.

Parameters

Name Description Type Required
user_id The users unique identifier. String Y
update_params A table of key/value pairs to update. Table Y

Important

String values are automatically run through mysql.escape. Do not double-escape values.

The following keys are updatable:

  • username (string)
  • password (string)
  • email (string)
  • group (string)
  • extra (table)
  • active (boolean)

Updating Passwords

Supply the password as plain text. It will be hashed before being updated and added to the user record.

The extra table can only contain String, Number, and Boolean data types. You can update, add, and remove multiple keys in the extra table within a single update call.

--extra table
extra = {
  color = "Blue",
  age = 24,
  winner = true
}

To remove keys from the extra table you must pass a special constant core.NULL to the key.

--extra table
extra = {
  color = core.NULL, --remove the color key on update
  age = 24,
  winner = true
}

Returns

The updated users information as a table, or nil, error, and error code.

Example

--[[
Assuming the record already has an `extra` table like so:
{
  color = "Blue",
  age = 24,
  winner = true
}
--]]

--Update the user record
local res, err, errcode = core.users.update("aad3eba3...", {
  password = "superpass123",
  email = "me@town.com"
  extra = {
    color = "Red", --change color key
    high_score = 12300 --add high_score key
    age = core.NULL --remove age key
  }
})

--[[
The `extra` table for the record will now be:
{
  color = "Red",
  high_score = 12300,
  winner = true
}
--]]

delete

Remove a user from the Coronium user system. If you do not have a user_id, first use the users.getWithQuery method to get one.

core.users.delete(user_id)

Parameters

Name Description Type Required
user_id The users unique identifier. String Y

Returns

The records removed as a number (usually a 1), or nil, error, and error code.

Example

local res, err, code = core.users.delete("aad3eba3-9c9c-9a1b-f236de1e3752")

get

Get a users full data record. This method does not mark a "login" event for the user. See login.

core.users.get(user_id)

OAuth Users

To get a user with an OAuth provider client ID, see the getWithProvider method in the OAuth API.

Example

local user, err, code = core.users.get("aad3eba3-9c9c-9a1b-f236de1e3752")

getGroup

Get a set of active user records based on group and application scope.

core.users.getGroup(scope, group, limit)

Parameters

Name Description Type Required
scope The application scope to be queried. String Y
group The group name to search for. String Y
limit Limit the records returned. See Limit below. Default is 100. Number or Table N

Active Users Only

This method only returns users that are marked as being active. See getWithQuery if you need users in a group regardless of active status.

Limit

To limit the rows returned, supply a number value to the limit parameter. To offset the limit, supply a table array of number values. For example, to return rows 6-15, then pass {5, 10}.

Returns

The records found as a table array, or nil, error, and error code. If limit is set to 1, then a single table with the user data is returned (not an array).

Example

local api = core.api()

function api.getUserGroup(input, scope)

  --use current scope from the client calling
  local users, err, code = core.users.getGroup(scope, "cadets", 10)

  --OR

  --provide your own scope as a string value
  local users, err, code = core.users.getGroup("Fun Run", "cadets", 10)

  ...
end

return api

getWithQuery

Get user record(s) based on specific query parameters.

core.users.getWithQuery(scope, query_params)

Parameters

Name Description Type Required
scope The application scope to be queried. String Y
query_tbl A table with the query parameters (see below). Table N

Query Table Keys

Name Description Type Required
active The active state of the user. Boolean N
country_code A two letter country identifier. String N
email The users email address. String N
group The group name to search within. String N
username The users username. String N
password A hashed password (see also hashPassword). String N
orderby The sorting attributes. See Orderby below. Table N
limit Limit the records returned. See Limit below. Number or Table N

Important

String values are automatically run through mysql.escape. Do not double-escape values.

Orderby

The orderby key should be a table filled with column = direction pairs. The direction can be either "ASC" for ascending order or "DESC" for descending order. See example below.

Limit

To limit the rows returned, supply a number value to the limit key. To offset the limit, supply a table array of number values. For example, to return rows 6-15, then limit = {5, 10}.

Returns

The records found as a table array, or nil, error, and error code. If limit is set to 1, then a single table with the user data is returned (not an array). If no query parameters are provided, returns users in the supplied scope, with a default limit of 100.

Example

local users, err, code = core.users.getWithQuery("Space Race", {
  group = "cadets",
  active = true,
  orderby = { username = "ASC" },
  limit = 20
})

getAndMerge

Get a user record, and merge multiple associated database and table quries related to the user into the users record.

core.users.getAndMerge(user_id, merge_tbl)

Parameters

Name Description Type Required
user_id The users unique identifier. String Y
merge_tbl A table array of database queries. See mysql.selectMerge String Y

Important

String values are automatically run through mysql.escape. Do not double-escape values.

Creating Associations

To use this method properly, you must create additonal databases with tables. The tables that you wish to associate to the user must have a user_id column filled with the users unique identifier. You can create the associations using the client-side or server-side MySQL module.

Returns

A user record with the associated queries included as the key name assigned in the query table. See mysql.selectMerge for more information on how the query entries work.

Errors

If the user is not found the method will return nil, error, and error code. If the user is found but any associated database queries fail, the user record will still be returned with any successful associated queries. On failed associations, the key property of the failed database query will contain an errors key describing the errors.

Example

local users, err, code = core.users.getAndMerge("aad3eba3...", {
  {
    db = "locations",
    tbl = "spots",
    columns = { "longitude", "latitude" },
    limit = 10,
    orderby = { longitude = "DESC" },
    key = "spots"
  }
})

Send an email to a newly registered user to confirm their email address. See also Confirmations.

core.users.sendConfirmationLink(user_id, options)

Mailgun Account Required

A valid Mailgun account is required to use this method. See the Mailgun Config section for more information.

Parameters

Name Description Type Required
user_id The users unique ID to send the confirmation link to. String Y
options A table with email confirmation options (see below). Table Y

Confirmation Options Keys

Name Description Type Required
from_email The senders email address. This is usually your address. String Y
subject The confirmation email subject line. String Y
email_tpl Identifier for a custom confirmation email template. String N
tpl_keys Additional template keys for the custom confirmation email template. Table N

Returns

A String indicating the sent state from Mailgun, can be "OK" or "Failed", or nil, error, and error code.

Note: If the user is not registered with an email address, this action will return an error.

Example

local res, err, code = core.users.sendConfirmationLink("0091633d...", {
  from_email = "code@develephant.com",
  subject = "Email confirmation"
})

See the Confirmations section for more detailed information.

Send an email to a user with a special link to reset the users password. See also Password Reset.

core.users.sendPasswordResetLink(to_email, scope, options)

Mailgun Account Required

A valid Mailgun account is required to use this method. See the Mailgun Config section for more information.

Parameters

Name Description Type Required
to_email The users email address to send the reset link to. String Y
scope The application scope to be queried. String Y
options A table with email reset options (see below). Table Y

Reset Options Keys

Name Description Type Required
from_email The senders email address. This is usually your address. String Y
subject The password reset email subject line. String Y
tpl_name Identifier for a custom password reset email template. String N
tpl_keys Additional template keys for the custom password reset email template. Table N

Returns

A boolean true value on success, or nil and an error.

Example

local res, err = core.users.sendPasswordResetLink("me@home.com", "Fun Run", 
  {
    from_email = "myapp@domain.com",
    subject = "Password Reset Request",     
  }
)

See the Password Reset section for more detailed information.

hashPassword

A utility method for hashing a plain text password. Generally used with getWithQuery or for rolling your own systems.

Important Note

All User module methods that deal with passwords will automatically handle the password hashing. Do not double hash passwords or they will not work properly.

The server-side methods register and update automatically do password hashing and do not require this method.

core.users.hashPassword(plain_text)

Parameters

Name Description Type Required
plain_text A plain text password that will be hashed into a Users module compatiable version. String Y

Returns

The hashed password as a hexadecimal String.

Example

local hashed_pw = core.users.hashPassword("tacos4Lunch!")

--hashed_pw will contain something like: 8b4c621decfdbb6b72c2cf179b3c344d