I have an application that i have built and i want to create login credentials for users. Since the app is only available on a local network(intra-net) i want the users to skip having to activate their accounts via email.
I created an account with this code
Accounts.createUser({email: "hidden#gmail.com",password:"123456"});
and this is the account in the
db.users.find().pretty()
this is the result
{
"_id" : "up6WA7JmPzEQtXznt",
"createdAt" : ISODate("2016-04-22T20:46:14.299Z"),
"services" : {
"password" : {
"bcrypt" : "$2a$10$INrFYYAfQ4nUqQjM8TCmKez2Ni0NPU9s51AOolX4I0sXHZFi5WxkK"
},
"resume" : {
"loginTokens" : [
{
"when" : ISODate("2016-04-22T20:46:14.385Z"),
"hashedToken" : "w9W2/XZNS8r3zGdo8tIFqf2zPFiRuuMhpQIAIlle8Jk="
}
]
}
},
"emails" : [
{
"address" : "hidden#gmail.com",
"verified" : false
}
]
}
How can i verify my email without sending an activation email?.
I found this function http://docs.meteor.com/#/full/accounts_verifyemail
to verify the account. How can i obtain the token to start with?.
You don't need to verify your users at all. Meteor.loginWithPassword would work with unverified email addresses just as fine.
Verification flag is more like a hint for you. You could for example disable parts of your app until you're certain that the address really belongs to the user. But in your case it's unnecessary.
Related
Is there a way to check if a user has deploy permissions via the Artifactory REST API?
I am sending requests to the Artifactory server using cURL.
Yes, use the /api/storage/{repo-key}/{item}?permissions API. See the docs at https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-EffectiveItemPermissions
The docs explain the meaning of the permission chars.
GET /api/storage/libs-release-local/org/acme?permissions
{
"uri": "http://localhost:8081/artifactory/api/storage/libs-release-local/org/acme"
"principals": {
"users" : {
"bob": ["r","w","m"],
"alice" : ["d","w","n", "r"]
},
"groups" : {
"dev-leads" : ["m","r","n"],
"readers" : ["r"]
}
}
}
I'm using meteor-accounts and accounts-password in an application and would like users to be able to reset their passwords. At present there's no need for any customisation of any of the forms and so I've used a common layout with {{> atForm }} and a configuration file of /lib/config.js containing the following:
AccountsTemplates.configure({
showForgotPasswordLink: true,
enablePasswordChange: true,
sendVerificationEmail: true,
enforceEmailVerification: true,
confirmPassword: true,
showResendVerificationEmailLink: true,
continuousValidation: true,
privacyUrl: 'privacy',
});
Clicking on a 'reset password' link produces URLs like the following:
http://localhost:3000/#/reset-password/hMny_A8tdOpNubxtk8mC3BE0vYSJm35K80B2hwwV1CR
However, these are completely useless in that they redirect to the root URL for the application whilst apparently changing the password; users therefore can't log in after clicking on one of these links. A user account looks like this after clicking one:
{ "_id" : "LcQSCiG7ib5F49tPN", "createdAt" : ISODate("2017-03-04T21:33:57.050Z"), "services" : { "password" : { "bcrypt" : "<redacted>", "reset" : { "token" : "l4HdPzoKkeIUdUeUC5x9NmUiQMnRsY1MRLvYk6Wvqw1", "email" : "<redacted>", "when" : ISODate("2017-03-04T21:51:32.171Z"), "reason" : "reset" } }, "email" : { "verificationTokens" : [ { "token" : "K88HXjzI2UO8vARZv6l6Qf0mUJ1hstInnrJK-8hayzk", "address" : "<redacted>", "when" : ISODate("2017-03-04T21:33:57.072Z") }, { "token" : "NMGLelAWKcCFglRj7aQvZoP85N-_YdWJZ2FcPWu5U8D", "address" : "<redacted>", "when" : ISODate("2017-03-04T21:52:55.930Z") } ] }, "resume" : { "loginTokens" : [ ] } }, "emails" : [ { "address" : "<redacted>", "verified" : false } ] }
Everything else works (e.g. signing up with confirmation emails). I'm using Blaze templates and Flow Router including useraccounts:flow-routing.
I seem to be missing something here and would appreciate it if someone would be able to point me in the correct direction to get this working.
Based on your explanation, I think you are missing some keys things to get this working.
First, remember that useraccounts:flow-routing does not provide routes out of the box.
There are no routes provided by default, but you can easily configure routes for sign in, sign up, forgot password, reset password, change password, enroll account using AccountsTemplates.configureRoute
Given that info, you need to at least configure the default route for reset password.
The simplest way is to make the call passing in only a route code (available route codes are: signIn, signUp, changePwd, forgotPwd, resetPwd, enrollAccount).
Here is an example.
AccountsTemplates.configureRoute('resetPwd');
The default will route the user to the fullPageAtForm so they can re-enter a new password.
Take a look at the useraccounts:flow-routing readme for more details.
I'm developing a simple application using Meteor to learn the framework. I'm using the accounts-password package which incorporates the accounts-base package.
User's will create an account and their email address will serve as their username for login in. This all works perfectly fine as intended. Now I want to take this to the next level.
I want to have the ability to temporarily ban a user for a temporary set period of time - let's say a week.
Is this functionality possible using the accounts-password package or is there another package that exists which will accomplish this functionality? Otherwise how can I implement this functionality on my own?
How about using something like isBanned flag in the users collection against each user? That way, you check for this flag before logging the user in. You could further extend this by having a date field when the ban was applied and later have a way to calculate the elapsed time to see if the ban can be auto-lifted.
db.users.findOne()
{
[...]
"username" : "superadmin",
"profile" : {
"isActive" : true,
"createdBy" : "system",
// is this user banned?
"isBanned" : false,
"updatedAt" : ISODate("2016-10-07T17:33:42.773Z"),
"loginTime" : ISODate("2016-10-07T17:25:44.068Z"),
"logoutTime" : ISODate("2016-10-07T17:33:42.660Z")
},
"roles" : [
"superAdmin"
]
}
Your login form events could be like:
Template.loginForm.events({
'submit #login-form': function(event,template){
event.preventDefault();
// Check for isBanned flag
if(Meteor.users.find({username: template.find("#userName").value,isBanned: false}) {
Meteor.loginWithPassword(
template.find("#userName").value,
template.find("#password").value,
function(error) {
if (error) {
// Display the login error to the user however you want
console.log("Error logging in. Error is: " + error);
Session.set('loginErrorMessage', error.message);
Router.go('/');
}
}
);
Meteor.call('updateLoginTime');
Router.go('loggedIn');
},
}
I am using the 'accounts-base' and 'accounts-password' packages and the Accounts.createUser method to create users from a login form (i.e. I am not using the accounts-ui package).
the documentation explains that the user thus created includes a 'services' object
"containing data used by particular login services. For example, its
reset field contains tokens used by forgot password links, and its
resume field contains tokens used to keep you logged in between
sessions."
This is true and accounts created using my login form all have loginTokens. However, when I refresh the browser, these tokens are deleted and the user is logged-out.
The documentation appears to suggest that resume tokens are handled automatically by the accounts-base / accounts-password packages. What have I missed?
Accounts.createUser({
username: username,
email: username,
password: password
}, function (err) {
if (err) {
alert(err)
} else {
Router.go('/member/' + Meteor.userId() +'/edit')
}
});
creates:
"resume" :
{ "loginTokens" :
[
{
"when" : ISODate("2014-04-17T22:13:50.832Z"),
"hashedToken" : "KstqsW9aHqlw6pjfyQcO6jbGCiCiW3LGAXJaVS9fQ+o="
}
]
}
...but on refresh:
"resume" : { "loginTokens" : [ ] } },
After an exhaustive audit of my code I found that I was (idiotically) invoking the Accounts.logout method outside the confines of the log-out button event. It had somehow become 'orphaned' during an earlier re-factoring of the code
So all my fault.
I have just glanced over the MongoDB collection for users and it seems to allow multiple login providers for a single user. From what I see, everything seems to be "there": Multiple services, different resume tokens ...
But is there currently a documented way to "associate" a new login provider with an existing user? I couldn't find anything in the official Docs :(
Or is there anything preventing this in the collection "schema"? Just in case, here is how it looks for a single user using the "password" login service.
{
"createdAt" : 123456,
"services" : {
"password" : {
"srp" : {
"identity" : "XXX",
"salt" : "XXX",
"verifier" : "XXX"
}
},
"resume" : {
"loginTokens" : [
{
"token" : "XXX",
"when" : 123456
}
]
}
},
"emails" : [
{
"address" : "foo#example.org",
"verified" : false
}
],
"_id" : "7f98645e-df24-4015-8075-2463c6c8cfc5"
}
With the current version of meteor (0.8.0.3) it is not possible to make use of multiple login providers out of the box. But there is package on athmosphere which allows this.
I haven't tested this, but from what I know you can login the user with password, and then call Meteor.loginWithFacebook, for example, while the user is logged in. This should add the Facebook information to the current user's data.