How to prevent auto login after create user

Question

I add accounts-password and accounts-base packages in Meteor

When I create user like this:

Accounts.createUser({username: username, password : password}, function(err){
          if (err) {
            // Inform the user that account creation failed
            console.log("Register Fail!") 
            console.log(err)
          } else {
               console.log("Register Success!")
            // Account has been created and the user has logged
          }    
  });

Account has been created and the user has logged.

for instance, I log in as an administrator and I want to create a account for somebody,but I don't want to log out after create account.

How to prevent auto login after create user ?

I find source code of accouts-password packages:

48 - 63 lines:

// Attempt to log in as a new user.
Accounts.createUser = function (options, callback) {
  options = _.clone(options); // we'll be modifying options

  if (!options.password)
    throw new Error("Must set options.password");
  var verifier = Meteor._srp.generateVerifier(options.password);
  // strip old password, replacing with the verifier object
  delete options.password;
  options.srp = verifier;

  Accounts.callLoginMethod({
    methodName: 'createUser',
    methodArguments: [options],
    userCallback: callback
  });
};

Should I modify the source code to solve this problem?

Any help is appreciated.

Answer 1

You're trying to use client side accounts management to perform a task it hasn't been designed for.

Client side accounts package purpose is to specifically allow new users to create their account and expect to be logged in immediately.

You have to remember that certain functions can be ran on the client and/or on the server with different behaviors, Accounts.createUser docs specifies that : "On the client, this function logs in as the newly created user on successful completion."

On the contrary, "On the server, it returns the newly created user id." (it doesn't mess with the currently logged in user on the client).

In order to solve your problem, you should write a server side method creating a new user and be able to call it from your client side admin panel, after filling correctly a user creation form of your own design.

Answer 2

If you really want this behavior you would need to modify password_server.js

and remove lines 474-475 containing:

// client gets logged in as the new user afterwards.
this.setUserId(result.id);

So the User would not be logged in after the user is created.