diff --git a/packages/accounts-base/accounts_common.js b/packages/accounts-base/accounts_common.js index fdd45a2890..210fc004c7 100644 --- a/packages/accounts-base/accounts_common.js +++ b/packages/accounts-base/accounts_common.js @@ -244,7 +244,7 @@ export class AccountsCommon { * @param {Number} options.passwordResetTokenExpiration The number of milliseconds from when a link to reset password is sent until token expires and user can't reset password with the link anymore. If `passwordResetTokenExpirationInDays` is set, it takes precedent. * @param {Number} options.passwordEnrollTokenExpirationInDays The number of days from when a link to set initial password is sent until token expires and user can't set password with the link anymore. Defaults to 30. * @param {Number} options.passwordEnrollTokenExpiration The number of milliseconds from when a link to set initial password is sent until token expires and user can't set password with the link anymore. If `passwordEnrollTokenExpirationInDays` is set, it takes precedent. - * @param {Boolean} options.ambiguousErrorMessages Return ambiguous error messages from login failures to prevent user enumeration. Defaults to `false`, but in production environments it is recommended it defaults to `true`. + * @param {Boolean} options.ambiguousErrorMessages Return ambiguous error messages from login failures to prevent user enumeration. Defaults to `true`. * @param {Number} options.bcryptRounds Allows override of number of bcrypt rounds (aka work factor) used to store passwords. The default is 10. * @param {MongoFieldSpecifier} options.defaultFieldSelector To exclude by default large custom fields from `Meteor.user()` and `Meteor.findUserBy...()` functions when called without a field selector, and all `onLogin`, `onLoginFailure` and `onLogout` callbacks. Example: `Accounts.config({ defaultFieldSelector: { myBigArray: 0 }})`. Beware when using this. If, for instance, you do not include `email` when excluding the fields, you can have problems with functions like `forgotPassword` that will break because they won't have the required data available. It's recommend that you always keep the fields `_id`, `username`, and `email`. * @param {String|Mongo.Collection} options.collection A collection name or a Mongo.Collection object to hold the users. diff --git a/packages/accounts-password/password_server.js b/packages/accounts-password/password_server.js index e2537f2c5c..5e15f66fcb 100644 --- a/packages/accounts-password/password_server.js +++ b/packages/accounts-password/password_server.js @@ -1074,17 +1074,7 @@ Accounts.createUserVerifyingEmail = // method calling Accounts.createUser could set? // -Accounts.createUserAsync = - async (options, callback) => { - options = { ...options }; - - // XXX allow an optional callback? - if (callback) { - throw new Error("Accounts.createUser with callback not supported on the server yet."); - } - - return createUser(options); - }; +Accounts.createUserAsync = createUser // Create user directly on the server. // diff --git a/packages/accounts-password/password_tests.js b/packages/accounts-password/password_tests.js index 88461e7d91..b21b4e6d3d 100644 --- a/packages/accounts-password/password_tests.js +++ b/packages/accounts-password/password_tests.js @@ -1896,4 +1896,32 @@ if (Meteor.isServer) (() => { test.equal(url.searchParams.get('test'), extraParams.test); }); + Tinytest.addAsync('passwords - createUserAsync', async test => { + const username = Random.id(); + const email = `${username}-intercept@example.com`; + const password = 'password'; + + const userId = await Accounts.createUserAsync({ + username: username, + email: email, + password: password + }); + + test.isTrue(userId, 'User ID should be returned'); + const user = await Meteor.users.findOneAsync(userId); + test.equal(user.username, username, 'Username should match'); + test.equal(user.emails[0].address, email, 'Email should match'); + + Accounts.config({ + ambiguousErrorMessages: false, + }) + + await test.throwsAsync(async () => { + await Accounts.createUserAsync({ + username: username, + email: email, + password: password + }); + }, 'already exists'); + }); })();