From 73e265d8fd050ae3daa67472b4465a5c49d68910 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Sat, 20 Apr 2019 15:18:33 +0300 Subject: Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! --- packages/meteor-useraccounts-core/lib/server.js | 184 ++++++++++++++++++++++++ 1 file changed, 184 insertions(+) create mode 100644 packages/meteor-useraccounts-core/lib/server.js (limited to 'packages/meteor-useraccounts-core/lib/server.js') diff --git a/packages/meteor-useraccounts-core/lib/server.js b/packages/meteor-useraccounts-core/lib/server.js new file mode 100644 index 00000000..2a925dc7 --- /dev/null +++ b/packages/meteor-useraccounts-core/lib/server.js @@ -0,0 +1,184 @@ +/* global + AT: false, + AccountsTemplates: false +*/ +"use strict"; + +// Initialization +AT.prototype.init = function() { + console.warn("[AccountsTemplates] There is no more need to call AccountsTemplates.init()! Simply remove the call ;-)"); +}; + +AT.prototype._init = function() { + if (this._initialized) { + return; + } + + // Checks there is at least one account service installed + if (!Package["accounts-password"] && (!Accounts.oauth || Accounts.oauth.serviceNames().length === 0)) { + throw Error("AccountsTemplates: You must add at least one account service!"); + } + + // A password field is strictly required + var password = this.getField("password"); + if (!password) { + throw Error("A password field is strictly required!"); + } + + if (password.type !== "password") { + throw Error("The type of password field should be password!"); + } + + // Then we can have "username" or "email" or even both of them + // but at least one of the two is strictly required + var username = this.getField("username"); + var email = this.getField("email"); + + if (!username && !email) { + throw Error("At least one field out of username and email is strictly required!"); + } + + if (username && !username.required) { + throw Error("The username field should be required!"); + } + + if (email) { + if (email.type !== "email") { + throw Error("The type of email field should be email!"); + } + + if (username) { + // username and email + if (username.type !== "text") { + throw Error("The type of username field should be text when email field is present!"); + } + } else { + // email only + if (!email.required) { + throw Error("The email field should be required when username is not present!"); + } + } + } else { + // username only + if (username.type !== "text" && username.type !== "tel") { + throw Error("The type of username field should be text or tel!"); + } + } + + // Possibly publish more user data in order to be able to show add/remove + // buttons for 3rd-party services + if (this.options.showAddRemoveServices) { + // Publish additional current user info to get the list of registered services + // XXX TODO: use + // Accounts.addAutopublishFields({ + // forLoggedInUser: ['services.facebook'], + // forOtherUsers: [], + // }) + // ...adds only user.services.*.id + Meteor.publish("userRegisteredServices", function() { + var userId = this.userId; + return Meteor.users.find(userId, {fields: {services: 1}}); + /* + if (userId) { + var user = Meteor.users.findOne(userId); + var services_id = _.chain(user.services) + .keys() + .reject(function(service) {return service === "resume";}) + .map(function(service) {return "services." + service + ".id";}) + .value(); + var projection = {}; + _.each(services_id, function(key) {projection[key] = 1;}); + return Meteor.users.find(userId, {fields: projection}); + } + */ + }); + } + + // Security stuff + if (this.options.overrideLoginErrors) { + Accounts.validateLoginAttempt(function(attempt) { + if (attempt.error) { + var reason = attempt.error.reason; + if (reason === "User not found" || reason === "Incorrect password") { + throw new Meteor.Error(403, AccountsTemplates.texts.errors.loginForbidden); + } + } + return attempt.allowed; + }); + } + + if (this.options.sendVerificationEmail && this.options.enforceEmailVerification) { + Accounts.validateLoginAttempt(function(attempt) { + if (!attempt.allowed) { + return false; + } + + if (attempt.type !== "password" || attempt.methodName !== "login") { + return attempt.allowed; + } + + var user = attempt.user; + if (!user) { + return attempt.allowed; + } + + var ok = true; + var loginEmail = attempt.methodArguments[0].user.email.toLowerCase(); + if (loginEmail) { + var email = _.filter(user.emails, function(obj) { + return obj.address.toLowerCase() === loginEmail; + }); + if (!email.length || !email[0].verified) { + ok = false; + } + } else { + // we got the username, lets check there's at lease one verified email + var emailVerified = _.chain(user.emails) + .pluck('verified') + .any() + .value(); + + if (!emailVerified) { + ok = false; + } + } + if (!ok) { + throw new Meteor.Error(401, AccountsTemplates.texts.errors.verifyEmailFirst); + } + + return attempt.allowed; + }); + } + + //Check that reCaptcha secret keys are available + if (this.options.showReCaptcha) { + var atSecretKey = AccountsTemplates.options.reCaptcha && AccountsTemplates.options.reCaptcha.secretKey; + var settingsSecretKey = Meteor.settings.reCaptcha && Meteor.settings.reCaptcha.secretKey; + + if (!atSecretKey && !settingsSecretKey) { + throw new Meteor.Error(401, "User Accounts: reCaptcha secret key not found! Please provide it or set showReCaptcha to false." ); + } + } + + // Marks AccountsTemplates as initialized + this._initialized = true; +}; + +AccountsTemplates = new AT(); + +// Client side account creation is disabled by default: +// the methos ATCreateUserServer is used instead! +// to actually disable client side account creation use: +// +// AccountsTemplates.config({ +// forbidClientAccountCreation: true +// }); + +Accounts.config({ + forbidClientAccountCreation: true +}); + +// Initialization +Meteor.startup(function() { + AccountsTemplates._init(); +}); -- cgit v1.2.3-1-g7c22