in Meteor, how to allow the same username but different company registration?
i want to set username with unique: false
how to custom Accounts package?
accounts_server.js
users._ensureIndex('username', { unique: true, sparse: true });
Having a unique username across your system has strong reasons, especially integrity and validation. Circumventing this functionality can lead to potential risks and may undermine the stability of the accounts packages as they are built around the assumption, that users are unique by username or email.
You can see that in the source, where Accounts.createUser is checking for unique usernames and emails, independently from the raw Mongo collection.
If you still insist to override this behavior (which I highly suggest to not to), you need to do everything manually (validation not included here):
import { Meteor } from 'meteor/meteor'
const createUser = ({ username, password, company }) => {
if (Meteor.users.find({ username, company }).count() > 0) {
throw new Error(`Account already exists for ${username}#${company}`)
}
const userId = Meteor.users.insert({ username, company })
Accounts.setPassword(userId, password)
return userId
}
Meteor.startup(() => {
Meteor.users.rawCollection().dropIndex('username_1')
Meteor.setTimeout(() => {
createUser({ username: 'johndoe', password: 'password', company: 'Software Inc.' })
createUser({ username: 'johndoe', password: 'password', company: 'Pro Software' })
}, 1000)
})
by doing so you need to override all Accounts methods (especially authentication and login) with your own implementation. However, as I said - better don't do it.
Better solution: Use Email instead
The combination of username and company name is already incorporated in the email pattern.
The easiest solution would therefore be to implement accounts based on email, rather than on the username:
const createUser = (email, password, company) => {
const userId = Accounts.createUser({ email, password })
Meteor.users.update(userId, { $set: { company }})
return userId
}
Related
I am trying to migrate users (including passwords) from an old symfony 2 application to firebase authentication (or google identity platform).
In the symfony2 application the passwords of the users are hashed using sha512 with a salt. I already found that users can be imported using their password and hash in the documentation of firebase (https://firebase.google.com/docs/auth/admin/import-users). However it seems like the sha512 hashing that is used by firebase is not the same as was used by symfony.
For the old symfony project the following configuration is used:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
By looking into the source I found that symfony given a salt and a password symfony will produce the hash like this: (in python code)
def get_hash(salt, password):
hash = password.encode('utf-8')
salted = hash + salt
hash = hashlib.sha512(salted).digest()
for i in range(1, 5000):
# symfony keeps adding salted for every iteration, this is something firebase does not it seems
hash = hashlib.sha512(hash + salted).digest()
return base64.b64encode(hash).decode('utf-8')
However this code does not allow me to login when i import it like in the code below. It however does produce the same hash as I have in my database of the symfony2 application:
app = firebase_admin.initialize_app()
salt = '{test}'.encode('utf-8')
hash = get_hash(salt=salt, password='xyz')
print('calculated hash', base64.b64encode(hash))
users = [
auth.ImportUserRecord(
uid='foobar',
email='foo#bar.com',
password_hash=hash,
password_salt=salt
)
]
hash_alg = auth.UserImportHash.sha512(rounds=5000)
try:
result = auth.import_users(users, hash_alg=hash_alg)
for err in result.errors:
print('Failed to import user:', err.reason)
except exceptions.FirebaseError as error:
print('Error importing users:', error)
I can however login with the password when i use the following fuction.
def get_hash(salt, password):
hash = password.encode('utf-8')
salted = salt + hash
hash = hashlib.sha512(salted).digest()
for i in range(1, 5000):
hash = hashlib.sha512(hash).digest()
return hash
I have already found a way to change the order of adding the salt but i can find no way to hash like this in firebase hash = hashlib.sha512(hash + salted).digest().
Now it seems like there is no way to migrate my password to firebase as the implementation of symfony is a bit different from the one used by firebase. Does anyone know a way to make sure I can still import my current hashes? This would be great.
If not, what would be alternative work arounds?
Is it possible to let firebase do a request to my own endpoint to verify password.
Another way would be to try to catch the signin process and send it to my own endpoint first, set the password in the background and then send the request to firebase?
You haven't specified what your client application is using, so I'm just going to assume it's a web application that will use the Firebase Web SDK.
To use this solution, you'll need to migrate the Symfony user data to Firestore under a private _migratedSymfonyUsers collection, where each document is the email of that user.
On the client, the process will be:
Collect email and password from the user
Attempt to sign in to Firebase with that email and password combination
If that failed, invoke a Callable Cloud Function with that email and password combination.
If function returned a success message (see below), reattempt signing in the user with the given email and password
Handle success/errors as appropriate
On the client, this would look like:
const legacySignIn = firebase.functions().httpsCallable('legacySignIn');
async function doSignIn(email, password) {
try {
return await firebase.auth()
.signInWithEmailAndPassword(email, password);
} catch (fbError) {
if (fbError.code !== "auth/user-not-found")
return Promise.reject(fbError);
}
// if here, attempt legacy sign in
const response = await legacySignIn({ email, password });
// if here, migrated successfully
return firebase.auth()
.signInWithEmailAndPassword(email, password);
}
// usage:
doSignIn(email, password)
.then(() => console.log('successfully logged in/migrated'))
.catch((err) => console.error('failed to log in', err));
In the Callable Cloud Function:
(optional) Assert that the request is coming from your application with App Check
Assert email and password were provided and throw error if not.
Assert that the email given exists in your migrated users and throw an error if not.
If in migrated users, hash the password and compare against the stored hash.
Throw an error if hashes don't match.
If hashes match, create a new Firebase user with that email and password combination
Once created, delete the migrated hash and return success message to the caller
On the server, this would look like:
const functions = require('firebase-functions');
const admin = require('firebase-admin');
function symfonyHash(pwd, salt) {
// TODO: Hash function
return /* calculatedHash */;
}
exports.legacySignIn = functions.https.onCall(async (data, context) => {
if (context.app == undefined) { // OPTIONAL
throw new functions.https.HttpsError(
'failed-precondition',
'The function must be called from an App Check verified app.');
}
if (!data.email || !data.password) {
throw new functions.https.HttpsError(
'invalid-argument',
'An email-password combination is required');
}
if (data.email.indexOf("/") > -1) {
throw new functions.https.HttpsError(
'invalid-argument',
'Email contains forbidden character "/"');
}
const migratedUserSnapshot = await admin.firestore()
.doc(`_migratedSymfonyUsers/${data.email}`);
if (!migratedUserSnapshot.exists) {
throw new functions.https.HttpsError(
'not-found',
'No user matching that email address was found');
}
const storedHash = migratedUserSnapshot.get("hash");
const calculatedHash = symfonyHash(password, salt);
if (storedHash !== calculatedHash) {
throw new functions.https.HttpsError(
'permission-denied',
'Given credential combination doesn\'t match');
}
// if here, stored and calculated hashes match, migrate user
// get migrated user data
const { displayName, roles } = migratedUserSnapshot.data();
// create the user based on migrated data
const newUser = await admin.auth().createUser({
email,
password,
...(displayName ? { displayName } : {})
});
if (roles) { // <- OPTIONAL
const roleMap = {
"symfonyRole": "tokenRole",
"USERS_ADMIN": "isAdmin",
// ...
}
const newUserRoles = [];
roles.forEach(symfonyRole => {
if (roleMap[symfonyRole]) {
newUserRoles.push(roleMap[symfonyRole]);
}
});
if (newUserRoles.length > 0) {
// migrate roles to user's token
await setCustomUserClaims(
newUser.uid,
newUserRoles.reduce((acc, r) => { ...acc, [r]: true }, {})
);
}
}
// remove the old user data now that we're done with it.
await hashSnapshot.ref.delete();
// return success to client
return { success: true };
});
How do you check whether a user is logged in via third party (Google, Facebook, ...) in the Meteor framework? Also, is this possible from the client?
There are multiple ways to do it. On the Server side you would have a function like Accounts.onCreateUser((options, user) => {... }).
If you already publish minimum data of the user, you can add a key using onCreateUser and save something like: loginVia: "email" or "FB" etc. Then you publish that key or get its value with a method.
The straight forward solution is to check if the social service exists if look for a particular service.
For Example:
const isFBUser: Meteor.users.find({ _id :.... }, { 'services.facebook': { $exists: true } }).count() // results in 1 record or 0 records = true / false
of if you want to know if the user is coming via email and not third party you can check for emails
const isThirdParty = Meteor.users.find({_id: ...}, emails: { $exists: true })
It is pretty common to also use a merge accounts system so that someone coming from FB with the email gigi#gmail.com will letter be allowed to log in to you app with the email instead of the social account. In this case, you would need to eventually save the source of the last login.
I'll leave here for you part of my onCreateUser as example of how to pull data out of a 3rd party user and save it in the use profile. On the same lines you can save the 3rd party source (as suggested above)
if (user.services) {
const fb = user.services.facebook
const google = user.services.google
let avatar = null
let fbi = null // I use this to keep a record of the FB user Id
let ggli = null // // I use this to keep a record of the Google user Id
if (fb) {
/**
* I upload to S3 and I don't wait for a response. A little risky...
*/
put_from_url(`https://graph.facebook.com/${fb.id}/picture?width=500&height=500`, `avatar/${fb.id}.jpg`, (err, res) => {
if (err) {
console.log('Could not upload FB photo to S3, ', err)
} else {
// console.log(res)
}
})
user.profile = extend(user.profile, {
firstName: fb.first_name,
lastName: fb.last_name,
email: fb.email,
displayName: fb.name,
gender: startCase(toLower(fb.gender)),
avatar: `${fb.id}.jpg`
})
avatar = `${fb.id}.jpg`
fbi = fb.id
roles = ['user', 'social']
}
if (google) {
/**
* I upload to S3 and I don't wait for a response. A little risky...
*/
put_from_url(google.picture + '?sz=500', `avatar/${google.id}.jpg`, err => {
if (err) {
console.log('Could not upload Google photo to S3, ', err)
}
})
user.profile = extend(user.profile, {
firstName: google.given_name,
lastName: google.family_name,
email: google.email,
displayName: google.name,
gender: startCase(toLower(google.gender)),
avatar: `${google.id}.jpg`
})
avatar = `${google.id}.jpg`
ggli = google.id
roles = ['user', 'social']
}
/**
* Create a slug for each user. Requires a display name for all users.
*/
let slug
slug = Meteor.call('/app/create/slug', user.profile.displayName, 'user')
Also please check the user object structure:
And check this out. Users via 3rd party don't have the email field so you can check its existence.
I am using Accounts.createUser to add new users to the database, but the problem is that, not all the attributes are added.
Here is my code to add new user:
import {Accounts} from 'meteor/accounts-base';
Template.addingUser.events({
'submit #addUser': function (e, t) {
e.preventDefault();
Session.set('name', t.find('#name').value);
Session.set('email', t.find('#email').value);
Session.set('telephoneOffice', t.find('#telephoneOffice').value);
Session.set('telephoneHouse', t.find('#telephoneHouse').value);
Session.set('salary', t.find('#salary').value);
let userId = Accounts.createUser({
username: Session.get('name'),
password: "123456",
email: Session.get('email'),
telephoneOffice: Session.get('telephoneOffice'),
telephoneHouse: Session.get('telephoneHouse'),
employeeSalary: Session.get('salary'),
annualLeave: 14
}, function (err) {
if (err)
console.log(err);
else
console.log('It worked...');
});
Accounts.sendEnrollmentEmail(userId);
}
});
only the name, email, and password are added.
How do I include the other information as well such as telephoneOffice?
You need to pass the extra data inside the profile object.
Accounts.createUser({
username: Session.get('name'),
password: "123456",
email: Session.get('email'),
profile: {
telephoneOffice: Session.get('telephoneOffice'),
telephoneHouse: Session.get('telephoneHouse'),
employeeSalary: Session.get('salary'),
annualLeave: 14
}
...
Accounts.createUser does not accept custom arguments beyond username, email, password, and profile. The default functionality for passing custom user info is to pass those fields such as telephoneOffice as part of the profile object, which is copied to user.profile in the document inserted to the user collection.
For example:
let userId = Accounts.createUser({
username: Session.get('name'),
password: "123456",
email: Session.get('email'),
profile: {
telephoneOffice: Session.get('telephoneOffice'),
telephoneHouse: Session.get('telephoneHouse'),
employeeSalary: Session.get('salary'),
annualLeave: 14
}
});
Note that the user.profile fields are by default modifiable by users. So it's there by legacy, but Meteor actually recommends avoiding using it for storage.
If you want those fields to be on user instead of user.profile, What you can do is to pass your custom params on the profile object as above, and then override the default behavior using Accounts.onCreateUser. Something like this:
Accounts.onCreateUser(function(options, user) {
if (options.profile)
_.extend(user, options.profile);
return user;
});
See more info here: https://guide.meteor.com/accounts.html#custom-user-data
I'm working on a firebase+angularjs app and I'm using the simple email and password authentication and it's working properly.
I'm just wondering if I can add extra user data on the user table which is being used by firebase email+password auth, like I want to add billing info and other details concerning the user without creating extra node/table on firebase to store these extra data.
Firebase stores the email/password users in a separate location, that you don't have direct access to. You cannot expand the data in this location.
Since many application developers want to access the user data in their application code, it is a common practice to store all users under a /users node inside the application database itself. The disadvantage is that you have to do this yourself. But the positive side of this is that you can store any extra information if you want.
See the Firebase guide on storing user data for sample code. From there:
var ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.onAuth(function(authData) {
if (authData && isNewUser) {
// save the user's profile into Firebase so we can list users,
// use them in Security and Firebase Rules, and show profiles
ref.child("users").child(authData.uid).set({
provider: authData.provider,
name: getName(authData)
});
}
});
NOTE: This method only works if you are using Firebase Admin SDK and you need to have end point on your server to manage custom tokens
Firebase Admin SDK has an option to create custom tokens with additional claims object, which can contain arbitrary data. This might be useful to store some user related info, like whether the user is premium user or not.
Additional claims data is accessible using auth object.
example
var uid = "some-uid"; //this can be existing user UID
var additionalClaims = {
premiumAccount: true,
some-user-property: 'some-value'
};
admin.auth().createCustomToken(uid, additionalClaims)
.then(function(customToken) {
// Send token back to client
})
.catch(function(error) {
console.log("Error creating custom token:", error);
});
additionalClaims are also accessible in Firebase security rules.
for more info read Firebase Custom Tokens
A Firebase User has a fixed set of basic properties—a unique ID, a primary email address, a name and a photo URL—stored in the project's user database, that can be updated by the user (iOS, Android, web). You cannot add other properties to the Firebase User object directly; instead, you can store the additional properties in your Firebase Realtime Database.
Firebase has a fixed set of user properties which can be updated but not added on to.
However you can add small amounts of data with the help of serialization and deserialization using JSON.stringify() and JSON.parse()
And then use any one of the unused properties to store the string
either in DisplayName, or photoURL property.
Keep in mind the data that can be added has to be small in size and stored as a string.
And this can be only possible with using the method in the FIREBASE SDK and not the angularfire as illustrated below
var user = firebase.auth().currentUser;
user.updateProfile({
displayName: "Jane Q. User",
photoURL: "https://example.com/jane-q-user/profile.jpg"
}).then(function() {
// Update successful.
}, function(error) {
// An error happened.
});
You could store more json like data in the photoURL or displaYName variable in the form of string here.
My answer is not angular related but I searched quiet a bit to find out how to do it using Polymer and Polymerfire so I add this answer to help people get it done faster than i did.
I had to add a separate node to db as Frank van Puffelen mentioned.
Imports:
<link rel="import" href="../bower_components/polymerfire/firebase-app.html">
<link rel="import" href="../bower_components/polymerfire/firebase-auth.html">
<link rel="import" href="../bower_components/polymerfire/firebase-document.html">
Then place anywhere in your app a <firebase-app> component:
<firebase-app
name="yourAppName"
api-key= "{{yourApi}}"
auth-domain= "{{yourAuthDomain}}"
database-url= "{{yourDbUrl}}"
>
</firebase-app>
After that you will need to use <firebase-auth> and <firebase-document>:
Template :
<firebase-auth
id="auth"
app-name="yourAppName"
signed-in="{{signedIn}}"
user="{{user}}">
</firebase-auth>
<firebase-document
id="document"
app-name="yourAppName"
path="{{usersPath}}" // e.g "/users"
data="{{userDocument}}">
</firebase-document>
Script:
this._register = function(){
var formValid = this.querySelector('#register-form').validate();
var auth = this.querySelector('#auth');
if(formValid && this.passWordsIdentic){
//The actual registration
auth.createUserWithEmailAndPassword(this.email, this.password).then(function(user){
console.log('auth user registration succes');
//Example values
this.userDocument.uid = user.uid;
this.userDocument.email = user.email;
this.userDocument.firstName = this.firstName;
this.userDocument.lastName = this.lastName;
this.userDocument.userName = this.userName;
this.$.document.save(this.usersPath).then(() => {
console.log("custom user registration succes");
this.$.document.reset();
});
}.bind(this)).catch(function(error) {
var errorCode = error.code;
var errorMessage = error.message;
console.log('error: ', errorCode);
);
}
}
And that's it, you may want to take a look at this excellent google codelab which is a good introduction into using firebase with polymer.
Here is the code of registration where add the extra fields in the Users table
import { AngularFireAuth } from "#angular/fire/auth";
constructor(private firebaseAuth: AngularFireAuth){}
registration(data: any, password: any) {
return this.firebaseAuth.auth.createUserWithEmailAndPassword(data.Email, password)
.then(res => {
res.user.updateProfile({
displayName: `${data.DisplayName}`
})
data.UserId = res.user.uid;
data.PhoneNumbers = [{
NumberType: '',
NumberValue: ''
}];
data.PhotoUrl = '';
data.Addresses = [{
AddressLine1: '',
AddressLine2: '',
City: '',
State: '',
Country: '',
PostalCode: '',
AddressType: ''
}];
data.IsDeleted = false;
this.fireStore.doc(`users/${res.user.uid}`).set(data);
this.toastr.success('User has been register successfully!', 'Successfull!');
return true;
}).catch(err => {
switch (err.code) {
case 'auth/email-already-in-use':
this.toastr.error(`Email address ${data.Email} already in use.`, 'Error!');
break;
case 'auth/invalid-email':
this.toastr.error(`Email address ${data.Email} is invalid.`, 'Error!');
break;
case 'auth/operation-not-allowed':
this.toastr.error('Error during sign up.', 'Error!');
break;
case 'auth/weak-password':
this.toastr.error('Password is not strong enough. Add additional characters including special characters and numbers.', 'Error!');
break;
default:
this.toastr.error(err.message, 'Error!');
break;
}
});
}
Here's a swift version. Your user structure ("table") is like
--users:
-------abc,d#email,com:
---------------email:abc.d#email.com
---------------name: userName
etc.
After you pass the auth FIRAuth.auth()?.createUser you can set the users in database as below:
let ref = FIRDatabase.database().reference()
let rootChild = ref.child("users")
let changedEmailChild = u.email?.lowercased().replacingOccurrences(of: ".", with: ",", options: .literal, range: nil) // Email doesn't support "," firebase doesn't support "."
let userChild = rootChild.child(changedEmailChild!)
userChild.child("email").setValue(u.email)
userChild.child("name").setValue(signup.name)
Please note that method is changed in v4.0.0. Therefore, you need to use the below code to retrieve the user profile:
afAuth.authState.subscribe((user: firebase.User) => {
this.displayName = user.displayName;
this.email = user.email;
this.photoURL = user.photoURL;
});
The answer from Frank is good, but things are a little different in Angular6/Firebase5/Angularfire5:
Here is my click handler for signing in a user:
this.afAuth.auth.signInWithPopup(new firebase.auth.GoogleAuthProvider()).then((e) => {
console.log("Log-In Success" + e.additionalUserInfo.profile.name);
if (e.additionalUserInfo.isNewUser)
this.addUserToDatabase(/*...*/);
}).catch((error) => {
console.log("Log-In Error: Google Sign-In failed");
});
I'm creating a new user with AngularFire. But when I sign the user up I also ask for first name and last name and I add that info after registration.
$firebaseSimpleLogin(fbRef).$createUser($scope.signupData.email, $scope.signupData.password).then(function (user) {
// Add additional information for current user
$firebase(fbRef.child('users').child(user.id).child("name")).$set({
first: $scope.signupData.first_name,
last: $scope.signupData.last_name
}).then(function () {
$rootScope.user = user;
});
});
The above code works, it creates node fin Firebase (users/user.id/ ...).
The problem
When I login with the new user I get the user default information: id, email, uid, etc. but no name. How can I associate that data automatically to the user?
You can't. Firebase hides the complexity of login management by storing the login details in its own datastore. This process knows nothing of your app's forge, which means it doesn't know if or where you're storing any additional user information. It returns the data that it does know about as a convenience (id, uid, email, md5_hash, provider, firebaseAuthToken).
It's up to your app to then take the [u]id and grab whatever app specific user information you need (such as first name, last name). For an Angular app, you'd want to have a UserProfile service which retrieves the data you're looking for once you get the authentication success broadcast.
Also, in your snippet, consider changing
.child(user.id)
to
.child(user.uid)
This will come in handy if you ever support Facebook/Twitter/Persona authentication later on. uid looks like "simplelogin:1" - it helps to avoid unlikely but possible id clashes across providers.
I have the same issue on this and feel like noone actually has a clear answer (2 years on). But here is the rough structure of how such a service could look like:
app.factory('Auth', function(FURL, $firebaseAuth, $firebaseObject, $rootScope, $window){
var ref = new Firebase(FURL);
var auth = $firebaseAuth(ref);
var Auth = {
user: {},
login: function(user){
return auth.$authWithPassword({
email: user.email,
password: user.password
});
},
signedIn: function(){
return !!Auth.user.provider;
},
logout: function(){
return auth.$unauth;
}
};
// When user auths, store auth data in the user object
auth.$onAuth(function(authData){
if(authData){
angular.copy(authData, Auth.user);
// Set the profile
Auth.user.profile = $firebaseObject(ref.child('profile').child(authData.uid));
Auth.user.profile.$loaded().then(function(profile){
$window.localStorage['gym-key'] = profile.gym.toString();
});
} else {
if(Auth.user && Auth.user.profile){
Auth.user.profile.$destroy();
}
}
});
return Auth;
});