Is there any way to log out a user (or all users) from the server? Basically I'm trying to log out all users every time the meteor server starts up or restarts.
You could clear up all the loginTokens which would force everyone to log back in
Meteor.users.update({}, {$set: { "services.resume.loginTokens" : [] }});
What this does is it clear's each users loginTokens so that they wont match up if the user tries to log in, then they would have to log back in. To alter who to target change the initial query (currently {})
Related
I often got message like the following when using my Meteor App:
09-15 22:42:52.400 3233 3233 I chromium: [INFO:CONSOLE(970)] "Error logging in with token: Error: You've been logged out by the server. Please log in again. [403]", source: http://localhost:12056/packages/meteor.js?hash=9725414143125e6990547986c27b473f43c89e8b (970)
I think it's because the token is expired for some reason (for example when I use Accounts.setPassword to change the user's password by force on server side, I will sure get this at next login attempt)
I don't want to know how to solve this question, I want to know, if there is an event or something else I can be informed when logged out by server, because I determine whether to go "main" page or "login" page by whether Meteor.userId() has value. when logged out by server, even Meteor.userId() has value, last login state is already invalid and re-login is needed.
So, maybe I missed this somewhere in the docs but I couldn't find anything of the sort.
I wan't my users to have to type in their current password to be able to create a new one. From what I understand if the user is authenticated he is able to update his password without providing his current one.
Even if this might be somewhat secure I would rather have him type his old one to prevent people from going on already authenticated sessions from say family members or so and changing the pw.
Is there any way to do this?
(I have no problem using the Admin SDK since I already set up a server for these kind of things)
UPDATE: (Use - reauthenticateWithCredential)
var user = firebaseApp.auth().currentUser;
var credential = firebase.auth.EmailAuthProvider.credential(
firebase.auth().currentUser.email,
providedPassword
);
// Prompt the user to re-provide their sign-in credentials
user.reauthenticateWithCredential(credential).then(function() {
// User re-authenticated.
}).catch(function(error) {
// An error happened.
});
PREVIOUS VERSION
you can use reauthenticate API to do so. I am assuming you want to verify a current user's password before allowing the user to update it. So in web you do something like the following:
reauthenticateAndRetrieveDataWithCredential- DEPRECATED
firebase.auth().currentUser.reauthenticateAndRetrieveDataWithCredential(
firebase.auth.EmailAuthProvider.credential(
firebase.auth().currentUser.email,
providedPassword
)
);
If this succeeds, then you can call
firebase.auth().currentUser.updatePassword(newPassword);
So I'm creating a new user as my template is created. The user is being created successfully, and automatically is logged in however if I sign out and then try to sign in , I get the 'user not found'. Here is my code
Template.hello.onCreated(function helloOnCreated() {
// counter starts at 0
this.counter = new ReactiveVar(0);
var userObject = {
username: "anotherTest",
mail: "anotherTest#me.com",
password: "testingME"
};
Accounts.createUser(userObject, function(error){
console.log('User created');
console.log(error);
});
});
And here is the full project in case it is needed.
https://github.com/hayk94/UbMvp/tree/accountsTEST
Do you know what is the problem?
You're trying to use client side accounts management to perform a task it hasn't been designed for.
Client side accounts package purpose is to specifically allow new users to create their account and expect to be logged in immediately.
You have to remember that certain functions can be run on the client and/or on the server with different behaviors, Accounts.createUser docs specify that : "On the client, this function logs in as the newly created user on successful completion."
On the contrary, "On the server, it returns the newly created user id." (it doesn't mess with the currently logged in user on the client).
In order to solve your problem, you should write a server side method creating a new user and be able to call it from your client side admin panel, after filling correctly a user creation form of your own design.
How do you get the _id of the user that logged in. I have tried the following combinations and I get errors, or undefined
Upon user creation, the user is automatically signed into the application. Is the user that is returned by the Accounts.onCreateUser function occurring after the user is logged in?
Accounts.onLogin(function(){
var user = this.userId / Meteor.user() / Meteor.user()._id
console.log(user)
})
http://docs.meteor.com/#/full/accounts_onlogin
The Accounts.onLogin(function(){}), come with 1 parameter user.
When it is known which user was attempting to login, the Meteor user
object. This will always be present for successful logins.
from the docs.
So this should work.
Accounts.onLogin(function(user){
console.log(user.user._id)
});
And you should see, all the user document into the server console,check this meteorpad for an example.
NOTE: this feature is only available on server side check this Hooks Accounts.onLogin/onLoginFailure should be available on client
You can always get the _id of the logged-in user via Meteor.userId(). This also works inside the Accounts.onLogin callback
Accounts.onLogin(function() {
console.log(Meteor.userId());
})
I need to create a log with successful logins and denied logins. I must save user that try access.
I don't know if hook_user_login is the correct way to do this task.
Appreciate any guidance to investigate. Thanks :)
hook_user_login() is only invoked when a user successfully logs in.
The hook you should implement is hook_watchdog().
function hook_watchdog(array $log_entry) {
switch ($log_entry['message']) {
case 'Login attempt failed for %user.':
// Somebody tried logging in as $log_entry['variables']['%user'],
// and failed.
break;
case 'Session opened for %name.':
// The login for $log_entry['variables']['%name'] was successful.
break;
}
}
Notice that:
Both $log_entry['variables']['%user'] (for when the login failed) and $log_entry['variables']['%name'] (for when the login was successful) are usernames, not the user object.
When the login was successful, $log_entry['user'] is the user object for the user who right logged in, an `$log_entry['uid'] is the user ID.
The other variables that could be helpful are:
$log_entry['request_uri']
$log_entry['referer']
$log_entry['ip']
$log_entry['timestamp']
Drupal already keeps a log of those events in admin/reports/dblog; you simply need to filter them by type (user).
There could be a reason to implement hook_watchdog() to keep a log for any failed/successful login, though: The database log is limited to N entries (where N could be 100, 1000, 10000, 100000, 1000000, basing on what set on admin/config/development/logging), and it is for all the messages passed to watchdog(); once the limit is reached, the old messages are lost.