diff options
Diffstat (limited to 'packages/meteor-useraccounts-core/lib/server_methods.js')
-rw-r--r-- | packages/meteor-useraccounts-core/lib/server_methods.js | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/packages/meteor-useraccounts-core/lib/server_methods.js b/packages/meteor-useraccounts-core/lib/server_methods.js new file mode 100644 index 00000000..500440d7 --- /dev/null +++ b/packages/meteor-useraccounts-core/lib/server_methods.js @@ -0,0 +1,142 @@ +/* global + AccountsTemplates +*/ +"use strict"; + +Meteor.methods({ + ATCreateUserServer: function(options) { + if (AccountsTemplates.options.forbidClientAccountCreation) { + throw new Meteor.Error(403, AccountsTemplates.texts.errors.accountsCreationDisabled); + } + + // createUser() does more checking. + check(options, Object); + var allFieldIds = AccountsTemplates.getFieldIds(); + + // Picks-up whitelisted fields for profile + var profile = options.profile; + profile = _.pick(profile, allFieldIds); + profile = _.omit(profile, "username", "email", "password"); + + // Validates fields" value + var signupInfo = _.clone(profile); + if (options.username) { + signupInfo.username = options.username; + + if (AccountsTemplates.options.lowercaseUsername) { + signupInfo.username = signupInfo.username.trim().replace(/\s+/gm, ' '); + options.profile.name = signupInfo.username; + signupInfo.username = signupInfo.username.toLowerCase().replace(/\s+/gm, ''); + options.username = signupInfo.username; + } + } + + if (options.email) { + signupInfo.email = options.email; + + if (AccountsTemplates.options.lowercaseUsername) { + signupInfo.email = signupInfo.email.toLowerCase().replace(/\s+/gm, ''); + options.email = signupInfo.email; + } + } + + if (options.password) { + signupInfo.password = options.password; + } + + var validationErrors = {}; + var someError = false; + + // Validates fields values + _.each(AccountsTemplates.getFields(), function(field) { + var fieldId = field._id; + var value = signupInfo[fieldId]; + + if (fieldId === "password") { + // Can"t Pick-up password here + // NOTE: at this stage the password is already encripted, + // so there is no way to validate it!!! + check(value, Object); + return; + } + + var validationErr = field.validate(value, "strict"); + if (validationErr) { + validationErrors[fieldId] = validationErr; + someError = true; + } + }); + + if (AccountsTemplates.options.showReCaptcha) { + var secretKey = null; + + if (AccountsTemplates.options.reCaptcha && AccountsTemplates.options.reCaptcha.secretKey) { + secretKey = AccountsTemplates.options.reCaptcha.secretKey; + } else { + secretKey = Meteor.settings.reCaptcha.secretKey; + } + + var apiResponse = HTTP.post("https://www.google.com/recaptcha/api/siteverify", { + params: { + secret: secretKey, + response: options.profile.reCaptchaResponse, + remoteip: this.connection.clientAddress, + } + }).data; + + if (!apiResponse.success) { + throw new Meteor.Error(403, AccountsTemplates.texts.errors.captchaVerification, + apiResponse['error-codes'] ? apiResponse['error-codes'].join(", ") : "Unknown Error."); + } + } + + if (someError) { + throw new Meteor.Error(403, AccountsTemplates.texts.errors.validationErrors, validationErrors); + } + + // Possibly removes the profile field + if (_.isEmpty(options.profile)) { + delete options.profile; + } + + // Create user. result contains id and token. + var userId = Accounts.createUser(options); + // safety belt. createUser is supposed to throw on error. send 500 error + // instead of sending a verification email with empty userid. + if (! userId) { + throw new Error("createUser failed to insert new user"); + } + + // Call postSignUpHook, if any... + var postSignUpHook = AccountsTemplates.options.postSignUpHook; + if (postSignUpHook) { + postSignUpHook(userId, options); + } + + // Send a email address verification email in case the context permits it + // and the specific configuration flag was set to true + if (options.email && AccountsTemplates.options.sendVerificationEmail) { + Accounts.sendVerificationEmail(userId, options.email); + } + }, + + // Resend a user's verification e-mail + ATResendVerificationEmail: function (email) { + check(email, String); + + var user = Meteor.users.findOne({ "emails.address": email }); + + // Send the standard error back to the client if no user exist with this e-mail + if (!user) { + throw new Meteor.Error(403, "User not found"); + } + + try { + Accounts.sendVerificationEmail(user._id); + } catch (error) { + // Handle error when email already verified + // https://github.com/dwinston/send-verification-email-bug + throw new Meteor.Error(403, "Already verified"); + } + }, +}); |