When I develop a Meteor app, I can get user's information from third party(not oauth), so how to set current_user variable without Accounts.loginWithPassword or Accounts.loginWith[Service] methods?
Accounts.createUser only return a userid,
I doubt this is even possible as something like this would let anyone with someone's userId log in to their account without their password.
Related
I am trying to create a simple web app in node.js (backend only), which would store some user data on Firestore. I want to use my own credentials management, and I believe that signInWithCustomToken() should be my ticket to ensure different users can't access each other's data. The problem however is that if I run
const firebaseAuth = getAuth(app)
// authToken is a jwt token created by my backent
const response = await signInWithCustomToken(firebaseAuth, authToken)
console.log(response)
I keep getting the mysterious auth/missing-identifier error, about which I couldn't find anything (it is not identical to auth/missing-client-identifier I believe).
Where is the problem? Is my code wrong, or did I set up something incorrectly in the Firebase?
Using firebase 9.8.1
I was also getting this error using firebase v9, but I was only getting this error with Facebook login. I switched to use firebase/compat methods and it worked for me. It's a temporary fix until more light can be shed on this error. I couldn't find the auth/missing-identifier error in any firebase docs so I'm not entirely sure what the underlying issue actually is.
I'd like to have defaulted up to sms the tfa method and skip the user choice on it, providing the code automatically on login and then verifying it.
I tried setting into the db manually sms but the setup form is shown anyway.
Digging a bit into the code, i saw it requires both method and secret set into the db to consider user already set-upped.
Creating a script in init for giving all users a tf_totp_secret solved.
for user in User.all():
if user.tf_totp_secret is None:
user.tf_totp_secret = flask_security.twofactor.generate_totp()
I have an app written in MeteorJS, the functionality is only for logged in users, and all the documents in Mongo have an userId field for each logged in user.
However, I want now to add a "demo" functionality, were on the landing page the user can click instead of "log on" a "try out the demo" button.
The main difference in functionality would be, that the "demo user" doesn't store anything in the MongoDb database and all data and operations are performed only on the local MiniMongo database.
Is there any easy way to achieve this?
I know about new Meteor.Collection(null) that it is only locally, but I define the collection on the global level of the app where I don't have access to Meteor.userId()' orthis.userId` so it would have to check on every place which collection to use.
Ended up with following approach:
On place were I define my collections (shared code between server and client) I define two collections:
var Docs = new Meteor.Collection("docs");
var DocsOffline = new MeteorCollection(null);
no in each meteor method I access the collection using following variable:
let docsSource = Meteor.userId() ? Docs : DocsOffline;
and then operate on docsSource
On the client in the getMeteorData mixin method I have similar approach to make the data available (I use ReactJS)
I'm building a Meteor app where I don't care if two people have the same email address because I'm using the username as login key.
I've been searching for a way to setup Meteor Accounts (accounts-password) to make this possible but I couldn't find any resource.
Is it even possible ? Should I roll my own registration mechanism just for that small difference ?
In account-base.js, this index is set
Meteor.users._ensureIndex('emails.address', {unique: 1, sparse: 1});
This is what set the behaviour. We need to drop that index. Looking at the doc, i see that
Meteor.users._dropIndex({"emails.address": 1});
will do the trick, BUT, I am new i Meteor, so I don't know where to put this and if this is the best approach.
I put it in a server file and it worked fine... but research more
This screencast shows how to retrieve additional user profile attributes from external authentication. But I don't understand how can I update the user account every time user logs in with possibly updated profile attributes? Is onCreateUser called every time user authenticates or just the first time? From what I understand it is just the first time. So how can I hook into login process to update attributes?
You need to hook into when someone logs in and then update the attributes manually.
Firstly you need something that tells when the user is logged in. At the moment you could use a client based solution (where a call is made to the server a second time on a successful login) using something like meteor-prescence or by editing the core packages and placing them in your /packages directory.
Alter the accounts-base package with the file accounts-server.js to create a 'hook' when the user logs in at
Meteor.methods({
login: function(options) {
.....
if (result !== null)
//Run here
this.setUserId(result.id);
return result;
},
});
Then at the //Run Here add a function that connects to facebook and gets the data you need. Or in the Meteor.call method that you would call from the client if you decide to use meteor-prescence or a similar library or method. It would be something similar to this:
if(Meteor.user().services.facebook.accessToken) {
var graph = Npm.require('fbgraph');
graph.setAccessToken(Meteor.user().services.facebook.accessToken);
graph.get('/me',{},function(err,result) {
//Update your user (you could also alter services.facebook instead
Meteor.users.update(Meteor.userId, {$set: {profile:result}});
}
}
In the above the example is for facebook using the fbgraph node module (which you would need to install) - or use the method described here to use Npm modules without a seperate package. You could to the same in principle for other providers too. Note you don't have to use a synchronous type call here to your provider as it is ok the data could be updated shortly after they log in.
Another place you could hook into is also in the _setUserId method in the livedata package.