Add 'Meteor.setPassword' on the server. Relax constraints around setting an initial password for users.

2026-05-02 03:01:46 -04:00 · 2012-09-26 15:35:25 -07:00
parent c0815f5061
commit 5def0ac65f
2 changed files with 55 additions and 9 deletions
--- a/packages/accounts-password/passwords_server.js
+++ b/packages/accounts-password/passwords_server.js
@@ -304,6 +304,15 @@
  });


+  Meteor.setPassword = function (userId, newPassword) {
+    var user = Meteor.users.findOne(userId);
+    if (!user)
+      throw new Meteor.Error(403, "User not found");
+    var newVerifier = Meteor._srp.generateVerifier(newPassword);
+
+    Meteor.users.update({_id: user._id}, {
+      $set: {'services.password.srp': newVerifier}});
+  };


  ////////////
@@ -388,20 +397,27 @@
      extra = {};
    }

-    // XXX relax these constraints!
-
+    // XXX allow an optional callback?
    if (callback) {
      throw new Error("Meteor.createUser with callback not supported on the server yet.");
    }

-    if (options.password || options.srp)
-      throw new Error("Meteor.createUser on the server does not let you set a password yet.");
-
-    if (!options.email)
-      throw new Error("Meteor.createUser on the server requires email.");
-
    var userId = createUser(options, extra);
-    Meteor.accounts.sendEnrollmentEmail(userId, options.email);
+
+    // send email if the user has an email and no password
+    var user = Meteor.users.findOne(userId);
+    if (
+        // user has email address
+      (user && user.emails && user.emails.length &&
+       user.emails[0].address) &&
+        // and does not have a password
+      !(user.services && user.services.password &&
+        user.services.password.srp)) {
+
+      var email = user.emails[0].address;
+      Meteor.accounts.sendEnrollmentEmail(userId, email);
+    }
+
    return userId;
  };

--- a/packages/accounts-password/passwords_tests.js
+++ b/packages/accounts-password/passwords_tests.js
@@ -204,6 +204,36 @@ if (Meteor.isServer) (function () {
    });


+  Tinytest.add(
+    'passwords - setPassword',
+    function (test) {
+      var username = Meteor.uuid();
+
+      var userId = Meteor.createUser({username: username}, {});
+
+      var user = Meteor.users.findOne(userId);
+      // no services yet.
+      test.equal(user.services.password, undefined);
+
+      // set a new password.
+      Meteor.setPassword(userId, 'new password');
+      user = Meteor.users.findOne(userId);
+      var oldVerifier = user.services.password.srp;
+      test.isTrue(user.services.password.srp);
+
+      // reset with the same password, see we get a different verifier
+      Meteor.setPassword(userId, 'new password');
+      user = Meteor.users.findOne(userId);
+      var newVerifier = user.services.password.srp;
+      test.notEqual(oldVerifier.salt, newVerifier.salt);
+      test.notEqual(oldVerifier.identity, newVerifier.identity);
+      test.notEqual(oldVerifier.verifier, newVerifier.verifier);
+
+      // cleanup
+      Meteor.users.remove(userId);
+    });
+
+

  // XXX would be nice to test Meteor.accounts.config({forbidSignups: true})
 }) ();