-
Notifications
You must be signed in to change notification settings - Fork 278
/
server.js
171 lines (151 loc) · 6.17 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
// Initialization
AT.prototype.init = function() {
console.warn("[AccountsTemplates] There is no more need to call AccountsTemplates.init()! Simply remove the call ;-)");
};
AT.prototype._init = function() {
if (this._initialized)
return;
// Checks there is at least one account service installed
if (!Package["accounts-password"] && (!Accounts.oauth || Accounts.oauth.serviceNames().length === 0))
throw Error("AccountsTemplates: You must add at least one account service!");
// A password field is strictly required
var password = this.getField("password");
if (!password)
throw Error("A password field is strictly required!");
if (password.type !== "password")
throw Error("The type of password field should be password!");
// Then we can have "username" or "email" or even both of them
// but at least one of the two is strictly required
var username = this.getField("username");
var email = this.getField("email");
if (!username && !email)
throw Error("At least one field out of username and email is strictly required!");
if (username && !username.required)
throw Error("The username field should be required!");
if (email){
if (email.type !== "email")
throw Error("The type of email field should be email!");
if (username){
// username and email
if (username.type !== "text")
throw Error("The type of username field should be text when email field is present!");
}else{
// email only
if (!email.required)
throw Error("The email field should be required when username is not present!");
}
}
else{
// username only
if (username.type !== "text" && username.type !== "tel")
throw Error("The type of username field should be text or tel!");
}
// Possibly publish more user data in order to be able to show add/remove
// buttons for 3rd-party services
if (this.options.showAddRemoveServices){
// Publish additional current user info to get the list of registered services
// XXX TODO:
// ...adds only user.services.*.id
Meteor.publish("userRegisteredServices", function() {
var userId = this.userId;
return Meteor.users.find(userId, {fields: {services: 1}});
/*
if (userId){
var user = Meteor.users.findOne(userId);
var services_id = _.chain(user.services)
.keys()
.reject(function(service){return service === "resume";})
.map(function(service){return "services." + service + ".id";})
.value();
var projection = {};
_.each(services_id, function(key){projection[key] = 1;});
return Meteor.users.find(userId, {fields: projection});
}
*/
});
}
// Security stuff
if (this.options.overrideLoginErrors){
Accounts.validateLoginAttempt(function(attempt){
if (attempt.error){
var reason = attempt.error.reason;
if (reason === "User not found" || reason === "Incorrect password")
throw new Meteor.Error(403, "Login forbidden");
}
return attempt.allowed;
});
}
if (this.options.sendVerificationEmail && this.options.enforceEmailVerification){
Accounts.validateLoginAttempt(function(info){
if (info.type !== "password" || info.methodName !== "login")
return true;
var user = info.user;
if (!user)
return true;
var ok = true;
var loginEmail = info.methodArguments[0].user.email;
if (loginEmail){
var email = _.filter(user.emails, function(obj){
return obj.address === loginEmail;
});
if (!email.length || !email[0].verified)
ok = false;
}
else {
// we got the username, lets check there's at lease one verified email
var emailVerified = _.chain(user.emails)
.pluck('verified')
.any()
.value();
if (!emailVerified)
ok = false;
}
if (!ok)
throw new Meteor.Error(401, "Please verify your email first. Check the email and follow the link!" );
return true;
});
}
//Check that reCaptcha secret keys are available
if (this.options.showReCaptcha) {
var atSecretKey = AccountsTemplates.options.reCaptcha && AccountsTemplates.options.reCaptcha.secretKey;
var settingsSecretKey = Meteor.settings.reCaptcha && Meteor.settings.reCaptcha.secretKey;
if (!atSecretKey && !settingsSecretKey) {
throw new Meteor.Error(401, "User Accounts: reCaptcha secret key not found! Please provide it or set showReCaptcha to false." );
}
}
// ------------
// Server-Side Routes Definition
//
// this allows for server-side iron-router usage, like, e.g.
// Router.map(function(){
// this.route("fullPageSigninForm", {
// path: "*",
// where: "server"
// action: function() {
// this.response.statusCode = 404;
// return this.response.end(Handlebars.templates["404"]());
// }
// });
// })
// ------------
AccountsTemplates.setupRoutes();
// Marks AccountsTemplates as initialized
this._initialized = true;
};
// Fake server-side IR plugin to allow for shared routing files
Iron.Router.plugins.ensureSignedIn = function (router, options) {};
AccountsTemplates = new AT();
// Client side account creation is disabled by default:
// the methos ATCreateUserServer is used instead!
// to actually disable client side account creation use:
//
// AccountsTemplates.config({
// forbidClientAccountCreation: true
// });
Accounts.config({
forbidClientAccountCreation: true
});
// Initialization
Meteor.startup(function(){
AccountsTemplates._init();
});