How to create custom user authentication in Meteor?
I am trying to create the following authentication for an application: User enters a phone number and receives an SMS with a code generated on the server (the SMS is processed through an external service). If the user enters the correct code, they are logged in. This means that I must have two stages of logging in: registering a user with a phone and entering it with a code, so I think the client should look like this:
Meteor.getSmsCode = function(phone, username, callback) {
Accounts.callLoginMethod({
methodName: 'getsmscode',
methodArguments: [{
getsmscode: true,
phone: phone,
username: username
}],
userCallback: callback
});
};
Meteor.loginWithCode = function(phone, code, callback) {
Accounts.callLoginMethod({
methodName: 'login',
methodArguments: [{
hascode: true,
phone: phone,
code: code
}],
userCallback: callback
});
};
But I'm confused about the server side - there should be two methods, the first one should register the user (and communicate with the SMS service) and the second one should register it.
This is the server test code:
Meteor.users.insert({phone: '123456789', code: '123', username:'ilyo'});
Accounts.registerLoginHandler(function(loginRequest) {
var user = Meteor.users.findOne({phone: loginRequest.phone});
if(user.code !== loginRequest.code) {
return null;
}
var stampedToken = Accounts._generateStampedLoginToken();
var hashStampedToken = Accounts._hashStampedToken(stampedToken);
Meteor.users.update(userId,
{$push: {'services.resume.loginTokens': hashStampedToken}}
);
return {
id: user._id,
token: stampedToken.token
};
});
And this is what happens when I try:
- Why am I getting
500
? - Why doesn't the user have fields
code
andphone
? - Which method should you use for
getSmsCode
?
source to share
Meteor.createUser is described in How do I create a backend for users in Meteor?
Then Accounts.onCreateUser will contain the business logic http://docs.meteor.com/#accounts_oncreateuser
A more accurate message for 500 will be server side. Probably security.
source to share
Your login handler should return an object like this:
{ userId: user._id }
Sorry, I don't understand the whole problem, I disagree with your complete approach, but it looks like you are on the right track to get the function you want.
Also, this question is one year old, now there are several packets in the atmosphere that address this type of authentication =)
source to share