Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Checking a user's password in meteor JS

Tags:

javascript

meteor

In my Meteor application I want to change another user's password. I would like to know if there is any way to get the old password before changing it.

This is my server side method:

 updateuser(id,password, options) {
    try {
        Meteor.users.update({ _id: id }, { $set: options })
        Accounts.setPassword(id, password, options)
    }
    catch (e) {
        return false;
        throw new Meteor.Error(500, 'updateUser error', e);
    }
}

I would like to know if the old password is correct or not.

like image 761
sana Avatar asked Dec 14 '16 15:12

sana

1 Answers

You cannot get the old password as it is hashed, but you can check whether or not it is correct if you have it in plaintext.

You can use the Accounts._checkPassword(user, password) methods in order to check if the old password is correct. It is implemented here.

user should be the user object and password should be the plain text password string.

If the result (which is an object) does not contain an error property, then the password is correct.

You can also take a look (for inspiration) at the implementation of the method used for handling calls to Accounts.changePassword(oldPassword, newPassword, [callback]), which changes the current user's password.

If you don't want to send the plain text password to the server (and it is generally better not to send the plain text version), you can hash it on the client using SHA256, by passing it to Accounts._hashPassword(plainTextPassword) (implemented here, in the accounts-password package).

// on the client
>>> Accounts._hashPassword("foobar");

{
  "digest":"c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2",
  "algorithm":"sha-256"
}

Call your server method with the results of this function. Assuming you have the SHA256 hashed password as oldPassword in your method:

//on the server
const user = Meteor.users.findOne(userId);
Accounts._checkPassword(user, "wrongPassword");
// results in:
{ userId: 'theuserid',
  error: 
   { [Error: Incorrect password [403]]
     error: 403,
     reason: 'Incorrect password',
     details: undefined,
     message: 'Incorrect password [403]',
     errorType: 'Meteor.Error' } }

Accounts._checkPassword(user, oldPassword);
// results in the following if the password is correct
{ userId: 'theuserid' }
like image 65
MasterAM Avatar answered Oct 25 '22 11:10

MasterAM
Sign in to Comment

Related questions

forceNetwork is not zero indexed
Highcharts - how to disable color change on mouseover/hover
Differences between 'child_added' and 'value' firebase?
React - this.props looks undefined
angular 2 error: Can't resolve all parameters for FormGroup
Is it allowed to use window.postMessage() in a chrome extension?
Manually create passport session for already logged in User
Rendering new component on click in react
Have trouble assigning the id when creating the table dynamically using javaScript
fabricjs , After rotating object is it possible to get left,top and right position of viritual rectagle
WebStorm 2016.3 + Electron: Unresolved function or method
extract time from timestamp in js
How to apply common CSS styles to many Shadow Roots at once?
lodash - _.some() with condition/counter
Check if mail is read, gmail api
Jquery and html:: Getting the nearest data attribute
Operator $arrayElemAt in aggregation with Mongo < 3.2
Script created by webpack executing twice
horizontal menu scroll without scrollbar
Vue.js: access global value in template string

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!