1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
/* global
AccountsTemplates
*/
"use strict";
Meteor.methods({
ATCreateUserServer: function(options) {
if (AccountsTemplates.options.forbidClientAccountCreation) {
throw new Meteor.Error(403, AccountsTemplates.texts.errors.accountsCreationDisabled);
}
// createUser() does more checking.
check(options, Object);
var allFieldIds = AccountsTemplates.getFieldIds();
// Picks-up whitelisted fields for profile
var profile = options.profile;
profile = _.pick(profile, allFieldIds);
profile = _.omit(profile, "username", "email", "password");
// Validates fields" value
var signupInfo = _.clone(profile);
if (options.username) {
signupInfo.username = options.username;
if (AccountsTemplates.options.lowercaseUsername) {
signupInfo.username = signupInfo.username.trim().replace(/\s+/gm, ' ');
options.profile.name = signupInfo.username;
signupInfo.username = signupInfo.username.toLowerCase().replace(/\s+/gm, '');
options.username = signupInfo.username;
}
}
if (options.email) {
signupInfo.email = options.email;
if (AccountsTemplates.options.lowercaseUsername) {
signupInfo.email = signupInfo.email.toLowerCase().replace(/\s+/gm, '');
options.email = signupInfo.email;
}
}
if (options.password) {
signupInfo.password = options.password;
}
var validationErrors = {};
var someError = false;
// Validates fields values
_.each(AccountsTemplates.getFields(), function(field) {
var fieldId = field._id;
var value = signupInfo[fieldId];
if (fieldId === "password") {
// Can"t Pick-up password here
// NOTE: at this stage the password is already encripted,
// so there is no way to validate it!!!
check(value, Object);
return;
}
var validationErr = field.validate(value, "strict");
if (validationErr) {
validationErrors[fieldId] = validationErr;
someError = true;
}
});
if (AccountsTemplates.options.showReCaptcha) {
var secretKey = null;
if (AccountsTemplates.options.reCaptcha && AccountsTemplates.options.reCaptcha.secretKey) {
secretKey = AccountsTemplates.options.reCaptcha.secretKey;
} else {
secretKey = Meteor.settings.reCaptcha.secretKey;
}
var apiResponse = HTTP.post("https://www.google.com/recaptcha/api/siteverify", {
params: {
secret: secretKey,
response: options.profile.reCaptchaResponse,
remoteip: this.connection.clientAddress,
}
}).data;
if (!apiResponse.success) {
throw new Meteor.Error(403, AccountsTemplates.texts.errors.captchaVerification,
apiResponse['error-codes'] ? apiResponse['error-codes'].join(", ") : "Unknown Error.");
}
}
if (someError) {
throw new Meteor.Error(403, AccountsTemplates.texts.errors.validationErrors, validationErrors);
}
// Possibly removes the profile field
if (_.isEmpty(options.profile)) {
delete options.profile;
}
// Create user. result contains id and token.
var userId = Accounts.createUser(options);
// safety belt. createUser is supposed to throw on error. send 500 error
// instead of sending a verification email with empty userid.
if (! userId) {
throw new Error("createUser failed to insert new user");
}
// Call postSignUpHook, if any...
var postSignUpHook = AccountsTemplates.options.postSignUpHook;
if (postSignUpHook) {
postSignUpHook(userId, options);
}
// Send a email address verification email in case the context permits it
// and the specific configuration flag was set to true
if (options.email && AccountsTemplates.options.sendVerificationEmail) {
Accounts.sendVerificationEmail(userId, options.email);
}
},
// Resend a user's verification e-mail
ATResendVerificationEmail: function (email) {
check(email, String);
var user = Users.findOne({ "emails.address": email });
// Send the standard error back to the client if no user exist with this e-mail
if (!user) {
throw new Meteor.Error(403, "User not found");
}
try {
Accounts.sendVerificationEmail(user._id);
} catch (error) {
// Handle error when email already verified
// https://github.com/dwinston/send-verification-email-bug
throw new Meteor.Error(403, "Already verified");
}
},
});
|