0

I am reluctantly implementing my own user accounts system because Meteor uses bcrypt to store encrypted passwords and my Dovecot/Postfix email system running on an Ubuntu instance uses SHA512. The Debian/Ubuntu folks have chosen to not implement bcrypt in their Linux distribution necessitating this rather painful exercise. This requires me to grab the unencrypted password in my own users accounts hack to generate and save an SHA512 version which I subsequently use to provision email service for my members.

I implemented the solution offered by @bgmaster and @stubailo below but it doesn't seem to work with FlowRouter. As @bgmaster pointed, he was not able to get it to work with iron:router. In my case, the onEnrollmentLink callback never gets fired apparently because FlowRouter gains control before the the function can execute. If I drop the 'enroll-account/token' route, FlowRouter complains about not having a route.

Before I rip out FlowRouter, has anybody been able to implement their own user accounts system using core Meteor accounts and FlowRouter? Better yet, is there any way to grab the unencrypted password during the standard accounts workflow? I would much prefer to use the built-in 'accounts-ui' package or even 'useraccounts'.

Thanks!

Using onResetPasswordLink, onEnrollmentLink, and onEmailVerificationLink methods properly in Meteor

Community
  • 1
  • 1
Gary Ebersole
  • 63
  • 3

1 Answers1

1

You'll have to roll your own UI then use Accounts.createUser()

I strongly recommend you compute the SHA512 hash on the client before you call Accounts.createUser() and pass the hash in as part of the profile object so that it ends up being saved with the account.

The email verification link shouldn't matter since the password isn't captured at that point but you'll also need to create your own password reset UI.

Michel Floyd
  • 18,793
  • 4
  • 24
  • 39
  • Thanks, Michel. Good suggestion to use the profile object when I'm creating the new user. I was using a separate 'member' document for that type of additional information but this is good for all the passwords. That works but, as you note, I still have to handle password reset operations and I don't have a solution for that yet. I'm able to capture the password with my own UI and update the SHA password but Meteor seems to have problems on the 'done' function in the on****Link callbacks. – Gary Ebersole May 09 '16 at 23:30
  • iirc the trick with the verification link _et al_ callbacks in combination with the router is in moving these links from `/#/*` to a specific route that doesn't conflict with the router's home route. See http://stackoverflow.com/a/33578408/2805154 – Michel Floyd May 09 '16 at 23:46
  • Michel, after considering your suggestion, I realized you were on the right path. I need to handle the full UI including forgot/change/reset operations. Rather than use send***Email methods which are tied to the on****Link methods (my problem), I need to send my own emails with links that I handle outside the Meteor accounts package. It's always tempting to try to step in the middle of a workflow and leverage all the good work others have done but it doesn't look like it will work. Thanks again. – Gary Ebersole May 09 '16 at 23:50
  • In my app I reused the verification and reset workflows but handled their routes explicitly. All worked out. Enjoy! – Michel Floyd May 09 '16 at 23:52
  • I'm already setting the links with 'absoluteUrl' at startup to remove the '#'. The problem seems to be that the on***Link functions never get fired. Maybe it's not a conflict between FlowRouter and AutoLogin in the accounts package. Might be link-related. Thanks. – Gary Ebersole May 09 '16 at 23:59