Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Creating user with no password in Meteor

Tags:

authentication

meteor

accounts

I have a unique user creation flow which is as follows:

  1. User comes to my site for the first time and they click a button.
  2. I create a User in the DB for them and set a localStorage key with the UID.
  3. Use goes about creating data and I save the data in the DB and associate it with the UID.
  4. User comes back, and if they have UID set in localStorage, I show them the data they previously created.
  5. User can click Register to create a "real" account from which point they will have to login with username and password or another service (e.g. Facebook).

So, how would I accomplish this with Meteor Accounts and the User model?

In a nutshell:

  • I need to create User mongo document with no information (about the user).
  • I need to authenticate a user by just having a UID (acting as a "password").
like image 680
Gezim Avatar asked Dec 12 '12 20:12

Gezim

People also ask

What is the meteor user () function for?

The Meteor Accounts system builds on top of the userId support in publish and methods . The core packages add the concept of user documents stored in the database, and additional packages add secure password authentication, integration with third party login services, and a pre-built user interface.

Which of the following user accounts packages are provided by the meteor developer group?

Here's a complete list of login providers for which Meteor actively maintains core packages: Facebook with accounts-facebook. Google with accounts-google. GitHub with accounts-github.

2 Answers

  1. Register onCreateUser to add an "anonymous" field ({anonymous:1}) when a random password is used, maybe generated with Meteor.uuid().
  2. Add a timestamp field ({created:new Date()}) to clean out old, anonymous accounts.
  3. Perform old anonymous user maintenance, like deleting anonymous users more than one hour old: Meteor.autorun(function() {Meteor.users.find({anonymous:1,$where:"new Date() - this.created > 360000"}).forEach(function (user) {
    Meteor.users.remove({_id:user._id})}});
  4. On the client:
    1. Always prompt for a "nickname." This will become the official username, or will sit in the system forever used.
    2. Check if client is logged in. If not, create a user with nickname and a "magic number" password, which logs you in. When they click register, write "Register" at the top, but actually just change their password and $set:{anonymous:0}

Don't use localStorage, and don't use UIDs. The session cookie IS your UID.

like image 80
DoctorPangloss Avatar answered Nov 08 '22 06:11

DoctorPangloss

I don't know how to help with the authentication, but as for creating a blank User object, I've successfully done the following on the server-side (with a different name...):

Meteor.users.insert({profile: {name: 'Oompa Loompa'}, foo: 'bar'});

like image 42
zorlak Avatar answered Nov 08 '22 07:11

zorlak
Sign in to Comment

Related questions

Maven JGitFlow plugin authentication for HTTPS
Spring Security Authentication Success With Wrong Password
SQL Azure Integrated Authentication with a cloud-only Azure Active Directory fails
Wordpress Auth + Nonces + Ajax + No Templating - Cookie nonce is invalid
Identityserver4 and API in single project
Docker Jupyter Token Authenticaion : Invalid Credential
SAAS per seat authentication
How to authenticate users on TortoiseHg web server?
Basic authentication and session management library for PHP?
i *must* store third party credentials in my database. best way?
Adding confirmable module to an existing site using Devise
How does NetTcpBinding(read WindowsStreamSecurityBindingElement) encrypt/sign messages?
ASMX web service to allow anonymous access
Basic Authentication with PHP gives an endless loop
Asp.Net MVC3 - FormsAuthentication, How to expire cookie when browser closing?
Facebook Access Tokens - Server-Side Authentication
Google Account sign-in error (two-factor authentication) [closed]
How to automatically login as a user using Spring Security without knowing their password?
pgadmin3: FATAL: Ident authentification failed for user "postgres"
CAS authentication of a RESTful web service

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!