I'm using meteor-accounts and accounts-password in an application and would like users to be able to reset their passwords. At present there's no need for any customisation of any of the forms and so I've used a common layout with {{> atForm }} and a configuration file of /lib/config.js containing the following:
AccountsTemplates.configure({
showForgotPasswordLink: true,
enablePasswordChange: true,
sendVerificationEmail: true,
enforceEmailVerification: true,
confirmPassword: true,
showResendVerificationEmailLink: true,
continuousValidation: true,
privacyUrl: 'privacy',
});
Clicking on a 'reset password' link produces URLs like the following:
http://localhost:3000/#/reset-password/hMny_A8tdOpNubxtk8mC3BE0vYSJm35K80B2hwwV1CR
However, these are completely useless in that they redirect to the root URL for the application whilst apparently changing the password; users therefore can't log in after clicking on one of these links. A user account looks like this after clicking one:
{ "_id" : "LcQSCiG7ib5F49tPN", "createdAt" : ISODate("2017-03-04T21:33:57.050Z"), "services" : { "password" : { "bcrypt" : "<redacted>", "reset" : { "token" : "l4HdPzoKkeIUdUeUC5x9NmUiQMnRsY1MRLvYk6Wvqw1", "email" : "<redacted>", "when" : ISODate("2017-03-04T21:51:32.171Z"), "reason" : "reset" } }, "email" : { "verificationTokens" : [ { "token" : "K88HXjzI2UO8vARZv6l6Qf0mUJ1hstInnrJK-8hayzk", "address" : "<redacted>", "when" : ISODate("2017-03-04T21:33:57.072Z") }, { "token" : "NMGLelAWKcCFglRj7aQvZoP85N-_YdWJZ2FcPWu5U8D", "address" : "<redacted>", "when" : ISODate("2017-03-04T21:52:55.930Z") } ] }, "resume" : { "loginTokens" : [ ] } }, "emails" : [ { "address" : "<redacted>", "verified" : false } ] }
Everything else works (e.g. signing up with confirmation emails). I'm using Blaze templates and Flow Router including useraccounts:flow-routing.
I seem to be missing something here and would appreciate it if someone would be able to point me in the correct direction to get this working.
Based on your explanation, I think you are missing some keys things to get this working.
First, remember that useraccounts:flow-routing does not provide routes out of the box.
There are no routes provided by default, but you can easily configure routes for sign in, sign up, forgot password, reset password, change password, enroll account using AccountsTemplates.configureRoute
Given that info, you need to at least configure the default route for reset password.
The simplest way is to make the call passing in only a route code (available route codes are: signIn, signUp, changePwd, forgotPwd, resetPwd, enrollAccount).
Here is an example.
AccountsTemplates.configureRoute('resetPwd');
The default will route the user to the fullPageAtForm so they can re-enter a new password.
Take a look at the useraccounts:flow-routing readme for more details.
Related
I'm trying to get started with Firebase and I just want to make sure that this data structure is optimized for Firebase.
The conversation object/tree/whatever looks like this:
conversations: {
"-JRHTHaKuITFIhnj02kE": {
user_one_id: "054bd9ea-5e05-442b-a03d-4ff8e763030b",
user_two_id: "0b1b89b7-2580-4d39-ae6e-22ba6773e004",
user_one_name: "Christina",
user_two_name: "Conor",
user_one_typing: false,
user_two_typing: false,
last_message_text: "Hey girl, what are you doing?",
last_message_type: "TEXT",
last_message_date: 0
}
}
and the messages object looks like so:
messages: {
"-JRHTHaKuITFIhnj02kE": {
conversation: "-JRHTHaKuITFIhnj02kE",
sender: "054bd9ea-5e05-442b-a03d-4ff8e763030b",
message: "Hey girl, what are you doing?",
message_type: "TEXT",
message_date: 0
}
}
Is storing the name relative to the user in the conversation object needed, or can I easily look up the name of the user by the users UID on the fly? Other than the name question, is this good? I don't want to get started with a really bad data structure.
Note: Yes, i know the UID for the conversation & message are the same, I got tired of making up variables.
I usually model the data that I need to show in a single screen in a single location in the database. That makes it possible to retrieve that data with a single read/listener.
Following that train of thought it makes sense to keep the user name in the conversation node. In fact, I usually keep the username in each message node too. The latter prevents the need for a lookup, although in this case I might be expanding the data model a bit far for the sake of keep the code as simple as possible.
For the naming of the chat: if this is a fairly standard chat app, then user may expect to have a persistent 1:1 chat with each other, so that every time you and I chat, we end up in the same room. A good approach for accomplishing that in the data model, can be found in this answer: Best way to manage Chat channels in Firebase
I don't think you structured it right. You should bare in mind "What if" complete analysis.
Though, I would recommend structuring it this way (I made it up for fun, not really tested in-terms of performance when getting a huge traffic. but you can always do denormalization to increase performance when needed):
{
"conversation-messages" : {
"--JpntMPN_iPC3pKDUX9Z" : {
"-Jpnjg_7eom7pMG6LDe1" : {
"message" : "hey! Who are you?",
"timestamp" : 1432165992987,
"type" : "text",
"userId" : "user:-Jpnjcdp6YXM0auS1BAT"
},
"-JpnjibdwWpf1k-zS3SD" : {
"message" : "Arya Stark. You?",
"timestamp" : 1432166001453,
"type" : "text",
"userId" : "user:-OuJffgdYY0jshTFD"
},
"-JpnkqRjkz5oT9sTrKYU" : {
"message" : "no one. a man has no name.",
"timestamp" : 1432166295571,
"type" : "text",
"userId" : "user:-Jpnjcdp6YXM0auS1BAT"
}
}
},
"conversations-metadata" : { // to show the conversation list from all users for each user
"-JpntMPN_iPC3pKDUX9Z" : {
"id": "-JpntMPN_iPC3pKDUX9Z",
"date":995043959933,
"lastMsg": "no one. a man has no name.",
"messages_id": "-JpntMPN_iPC3pKDUX9Z"
}
},
"users" : {
"user:-Jpnjcdp6YXM0auS1BAT" : {
"id" : "user:-Jpnjcdp6YXM0auS1BAT",
"name" : "many-faced foo",
"ProfileImg" : "...."
"conversations":{
"user:-Yabba_Dabba_Doo" : {
"conversation_id": "-JpntMPN_iPC3pKDUX9Z",
"read" : false
}
}
},
"user:-Yabba_Dabba_Doo" : {
"id" : "user:-Yabba_Dabba_Doo",
"name" : "Arya Stark",
"ProfileImg" : "...."
"conversations":{
"user:-Jpnjcdp6YXM0auS1BAT" : {
"conversation_id": "-JpntMPN_iPC3pKDUX9Z",
"read" : true
}
}
}
}
}
I have an application that i have built and i want to create login credentials for users. Since the app is only available on a local network(intra-net) i want the users to skip having to activate their accounts via email.
I created an account with this code
Accounts.createUser({email: "hidden#gmail.com",password:"123456"});
and this is the account in the
db.users.find().pretty()
this is the result
{
"_id" : "up6WA7JmPzEQtXznt",
"createdAt" : ISODate("2016-04-22T20:46:14.299Z"),
"services" : {
"password" : {
"bcrypt" : "$2a$10$INrFYYAfQ4nUqQjM8TCmKez2Ni0NPU9s51AOolX4I0sXHZFi5WxkK"
},
"resume" : {
"loginTokens" : [
{
"when" : ISODate("2016-04-22T20:46:14.385Z"),
"hashedToken" : "w9W2/XZNS8r3zGdo8tIFqf2zPFiRuuMhpQIAIlle8Jk="
}
]
}
},
"emails" : [
{
"address" : "hidden#gmail.com",
"verified" : false
}
]
}
How can i verify my email without sending an activation email?.
I found this function http://docs.meteor.com/#/full/accounts_verifyemail
to verify the account. How can i obtain the token to start with?.
You don't need to verify your users at all. Meteor.loginWithPassword would work with unverified email addresses just as fine.
Verification flag is more like a hint for you. You could for example disable parts of your app until you're certain that the address really belongs to the user. But in your case it's unnecessary.
I am using the 'accounts-base' and 'accounts-password' packages and the Accounts.createUser method to create users from a login form (i.e. I am not using the accounts-ui package).
the documentation explains that the user thus created includes a 'services' object
"containing data used by particular login services. For example, its
reset field contains tokens used by forgot password links, and its
resume field contains tokens used to keep you logged in between
sessions."
This is true and accounts created using my login form all have loginTokens. However, when I refresh the browser, these tokens are deleted and the user is logged-out.
The documentation appears to suggest that resume tokens are handled automatically by the accounts-base / accounts-password packages. What have I missed?
Accounts.createUser({
username: username,
email: username,
password: password
}, function (err) {
if (err) {
alert(err)
} else {
Router.go('/member/' + Meteor.userId() +'/edit')
}
});
creates:
"resume" :
{ "loginTokens" :
[
{
"when" : ISODate("2014-04-17T22:13:50.832Z"),
"hashedToken" : "KstqsW9aHqlw6pjfyQcO6jbGCiCiW3LGAXJaVS9fQ+o="
}
]
}
...but on refresh:
"resume" : { "loginTokens" : [ ] } },
After an exhaustive audit of my code I found that I was (idiotically) invoking the Accounts.logout method outside the confines of the log-out button event. It had somehow become 'orphaned' during an earlier re-factoring of the code
So all my fault.
I have just glanced over the MongoDB collection for users and it seems to allow multiple login providers for a single user. From what I see, everything seems to be "there": Multiple services, different resume tokens ...
But is there currently a documented way to "associate" a new login provider with an existing user? I couldn't find anything in the official Docs :(
Or is there anything preventing this in the collection "schema"? Just in case, here is how it looks for a single user using the "password" login service.
{
"createdAt" : 123456,
"services" : {
"password" : {
"srp" : {
"identity" : "XXX",
"salt" : "XXX",
"verifier" : "XXX"
}
},
"resume" : {
"loginTokens" : [
{
"token" : "XXX",
"when" : 123456
}
]
}
},
"emails" : [
{
"address" : "foo#example.org",
"verified" : false
}
],
"_id" : "7f98645e-df24-4015-8075-2463c6c8cfc5"
}
With the current version of meteor (0.8.0.3) it is not possible to make use of multiple login providers out of the box. But there is package on athmosphere which allows this.
I haven't tested this, but from what I know you can login the user with password, and then call Meteor.loginWithFacebook, for example, while the user is logged in. This should add the Facebook information to the current user's data.
I'm trying to add some rules programmatically, I'm following this tutorial to manage different price list depending of the rules. To create the rules it usesa default_rules_configuration hook which will be executed "when the rules will be loaded".
1 - It's not really clear, when "rules are being loaded", apparently running the cron do it. Is it the only way to trigger it ?
2 - Is there a way to add rules programmatically, so rule can be added in the insert role hook, or is this default_rules hook the only way to do it ?
Thanks
1 - According to hook_default_rules_configuration() documentation:
This hook is invoked when rules configurations are loaded.
The function is actually called when you clear your cache as this is when Drupal rebuilds the default entities provided in code through entity_defaults_rebuild().
You can examine the full call stack as to how hook_default_rules_configuration function is called using debug_backtrace()
2 - To set a rule that reacts on inserting a role, you actually have to create a rule that reacts on a user insert action and then check the role saved to see if it matches the role that you're interested in reacting to.
I find it easier to do this via the UI. Here's an export of a rule that checks to see if the user is assigned the anonymous role and sends an email to admin if so:
{ "rules_role_change_rule" : {
"LABEL" : "Role change rule",
"PLUGIN" : "reaction rule",
"REQUIRES" : [ "rules" ],
"ON" : [ "user_insert" ],
"IF" : [
{ "user_has_role" : { "account" : [ "account" ], "roles" : { "value" : { "1" : "1" } } } }
],
"DO" : [
{ "mail" : {
"to" : "admin#website.com",
"subject" : "User role changed",
"message" : "User role has changed",
"from" : "drupal#website.com",
"language" : [ "" ]
}
}
]
}
}
You would still have to implement hook_default_rules_configuration but replace the rule in the tutorial with one that suits your needs.