This Meteor app which uses accounts-password package and a custom login form with autopublish package removed, creates a user account using Accounts.createUser on the server.
Even though a user has been created and verified db.users.find({}).pretty() in the meteor mongo terminal, this command Meteor.users.find().fetch() in the browser console gives an empty array []
edit
Meteor.user() in the browser console returns null
edit 2
The steps to fire the Accouts.createUser is as follows:
A template button event calls a method A, which on the server it stores the username and password in a global object, then calls a method B which then calls a server side function which calls Acounts.createUser using the username and password in the global object.
server.js
Meteor.publish('users', function () {
if (this.userId) {
return Meteor.users.find({_id: this.userId});
}
});
client.js
Meteor.subscribe('users');
Is this normal? and if so, how does meteor know which browser "session" belongs to which client? Thanks
Have a look at the docs for Accounts.createUser:
On the client, this function logs in as the newly created user on successful completion. On the server, it returns the newly created user id.
So if you only create the user from the server, the user won't be automatically logged in. If the user isn't logged in, his/her user document won't be published.
You have two choices:
Call Accounts.createUser from the client.
Ask the user to login after the account is created on the server.
Related
I'm developing an app using nativescript and firebase.
On the firebase.init method i use
persist : true
When i close the app and reopen it the init method gets the current user on the
onAuthStateChanged callback
But still not understand the whole process.
My question is :
Is the init method anought for user reauthentication ??
Or should i do something more??
save the email and password on local storage and when the app startup call in the ngoninit the login function with the email and password from local storage
if the data exist the login process will finish successfully if not used will move to the login page.
How do I add another user while I'm logged in in a Meteor application. I want to give to an admin an ability to create users himself without logging out.
For login system I use accounts-password#1.3.2
If I use Accounts.createUser(user, function (e) { ... } then it logs out my admin and after a page refresh it logs in with a new user instead.
SOLVED:
Thanks to below answers I created
Meteor.call('addingUser.insert', user);
on the front where user is an object of values and then
'addEmployee.insert'(user) {
Accounts.createUser(user);
}
on the back end and a user was added successfully with an appropriately generated bcrypt password.
If you create the user in a Meteor method (ie on the server, not the client), it will create the user in the backend, and not change the login status of the current user.
Create a method that handles user creation (you could use accounts-password for this) in the server. Call that method in the client.
for more info about accounts-password refer to this: http://docs.meteor.com/api/passwords.html#Accounts-createUser
Let me know if this works or not. Thanks!
Heres my problem:
I wan't to be able to create new users for my website, from my website. This is only aloud though, if I have the "isAdmin" flag set to true in the realtime db under /users/myid.
Generally I would have done this with a security rule but the problem here is that I need to use the admin SDK, since the normal "createNewUser" method signs in to the newly created user automatically. I as an admin though, want to be able to create a new user and stay logged in as myself. So what I wan't to do is use ajax post request to my server with my uid und the new userdata which is to be created. My server then checks if the given uid has the isAdmin flag and if so creates the user with the firebase admin SDK which provides such a method.
But, anyone, if they have an admins uid, could hit up that request and create a new user. (My clients definetely get uid's from other users).
So how would I go about proving to the server that I am actually logged in with that uid.
From my understanding, tokens are used to be able to write to the database, but I don't need that permission, I just need to prove that I'm actually logged in with that uid.
Is there something I'm missing? Thanks a lot guys!
Was easier then I thought. This will generate a token on the client side:
firebase.auth().currentUser.getToken(true).then(function(token) {
// send request to server with generated token
}).catch(function(error) {
// handle error
});
Which I can then verify on the server like so:
admin.auth().verifyIdToken(idToken)
.then(function(decodedToken) {
var uid = decodedToken.uid;
// user is logged in
}).catch(function(error) {
// user is not logged in, or other error occured
});
Taken from https://firebase.google.com/docs/auth/admin/verify-id-tokens
I have seen the recommended method of
Meteor.users.update({}, {$set: { "services.resume.loginTokens" : [] }});
to logout a user, but that only works when the page is refreshed.
I'm looking for a way that when I remove the user from the database, it logs out the user. I need the following code to force a logout on the client IF the client was logged in for that user. I cannot wait for the user to refresh the page.
Meteor.users.remove({_id: this.userId})
EDIT:
I have verified that this behavior in on my angular pages and not when I'm on a Meteor template. When I am on a Meteor template, it seems to work, but when I move to an angular route it stops behaving as required.
You need to be using something reactive that is tied in to checking who the current user is.
If your using iron router, there is examples of using login mappers to redirect users to login pages when the user is unauthorized.
Something akin to
if(!Meteor.user()) { window.location = '/login'; };
If you delete the user from the users table, that will invalidate and redirect you.
Obviously you would need to have conditions that protect certain areas from invalidating this - but the general idea is in just using reactive variables.
I have two meteor apps that use the same database, one is a mobile app (primary) and the other is a desktop app.
From the desktop app, I would like to call the remote mobile method to create a listing so that I don't have to duplicate code 'Listing.create'.
I was under the assumption that my logged in Meteor.userId on the desktop app would be transferred while calling the remote mobile method, but this is not true, as it is undefined.
I also have Oauth and Email auth, and there doesn't seem to be an easy way to login using OAuth (logging in via call 'login' works well for passwords).
What's the best way to call the remote method since it fails without being logged in? I suppose I could pass in the userId as a string but that would open the method up to hacking
Mobile server, m.foo.com, MONGO_URL bar.com
Meteor.methods({
'Listing.create': function(){
if (!this.userId) throw new Meteor.Error(503, 'No user account');
...
db.listings.insert(...);
}
})
// on client
Meteor.userId() // 1234
Desktop server, foo.com, MONGO_URL bar.com
MobileDDP = DDP.connect('http://m.foo.com')
MobileDDP.call('Listing.create', function(err, res) {
console.log(err, res)
});
Yes. The method is along the same lines as this answer: Authenticating with Meteor via DDP (and SRP?)
The only difference is instead of using ddp-tools you use Meteor.call("login".. instead, matching the parameters to the type of login.
If the login is of a Facebook, or other OAuth login, you would have to use a loginToken instead of the normal username and password.