Registration of participants Meteor
I'm looking for a way to set up logins so that an admin can provide the user with an account and a temporary one-time password (via email) that allows the user to register on the site (the user cannot create an account on their own).
The first time a user logs on to the system, they will be prompted to change the temporary password provided by the administrator.
I have accounts - ui and accounts - password, but user can create a new account at will.
If it matters, I plan on using Autoform and Iron Router for this.
I am looking for Meteor documents for "registration" but the information is sparse IMO. Is there a fully working example somewhere to help me get started?
source to share
To disable the usual way of creating an account, use Accounts.config:
forbidClientAccountCreation Boolean
Calls to createUser from the client will be rejected. Also, if you are using ui accounts, the "Create Account" link will not be available.
Then instead of a temporary password, I think you should create an account without a password and then useAccounts.sendEnrollmentEmail
to send an email to the user to select it.
To create an account without a password on the server and the user chooses his own password, call createUser with an email address and then call Accounts.sendEnrollmentEmail. This will send an enter email with a link to set an initial password.
So, something like this:
Accounts.config({forbidClientAccountCreation: true});
Meteor.methods({
adminCreateAccount: function (accountAttributes) {
if(Meteor.user() && Meteor.user().role == "admin") {
var accountId = Accounts.createUser({
'username': accountAttributes.username,
'email': accountAttributes.emailAddress
});
Accounts.sendEnrollmentEmail(accountId);
}
}
});
source to share
What can you do is
- let admin create user (Accounts.createUser)
- add a marker (for example
user.profile.changedInitialPwd
) to be set when the user changed his pwd) - use some validation logic to make sure the user has changed their password before they are allowed to login
eg.
Accounts.validateLoginAttempt(function(attempt){
if (attempt.user && !attempt.user.profile.changedInitialPwd ) {
console.log('Initial password not changed');
return false; // the login is aborted
}
return true;
});
source to share