node.js - Disable login after resetting password in Meteor accounts-password -
how disable login after resetting password in meteor accounts-password package?
after sending reset link guest's email, have code reset password,
accounts.resetpassword(this.props.params.token, this.refs.password.value.trim(),(err) => { if(err){ bert.alert( err, 'danger', 'growl-top-right'); } else { bert.alert( "password changed.", 'success', 'growl-top-right'); } this.setstate({resetpassword:false}); this.refs.password.value = ""; }); after few seconds, auto login user dashboard page. problem here is, have different type of users, guest (which cannot login), admin (who has access manage users) , staff ( verified user of app). if guest reset password, automatically logged in wrong.
how can disable autologin?
by way, using meteor + react js react-router.
here validate login attempt code,
accounts.validateloginattempt((data)=>{ if(data.error) return data.error; if(!data.user.emails[0].verified) throw new meteor.error(403, 'verify email account first'); if((data.user.profile && data.user.profile.retired) || (data.user.roles.company.includes("guest"))) throw new meteor.error(403, 'account must accepted admin'); else return true; });
you can use accountsserver#validateloginattempt(func) method test whether user of object passed callback guest, , if so, return falsy value.
this done on server-side.
this answer provides example implementation based on whether user has verified email.
Comments
Post a Comment