Startseite Erkunden Hilfe
Anmelden
fgm
/
meteor__authdemo
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0
Struktur: de108dd937
Branches Tags
meteor__authdem...
/
docs
/
accounts-base
Frederic G. MARAND de108dd937 Docs: accounts-base / accounts_common.js vor 9 Jahren
..
README.md de108dd937 Docs: accounts-base / accounts_common.js vor 9 Jahren

README.md

account-base package

Files documented

  • accounts_common.js
  • accounts_rate_limit.js
  • globals_client.js
  • globals_server.js
  • package.js
  • url_client.js
  • url_server.js

Constants

  • DEFAULT_LOGIN_EXPIRATION_DAYS = 90. Default login token lifetime. Used by AccountsCommon_getTokenLifetimeMs().
  • MIN_TOKEN_LIFETIME_CAP_SECS = 3600. Maximum value of "soon". Used by AccountsCommon._tokenExpiresSoon(when).
  • EXPIRE_TOKENS_INTERVAL_MS = 100000. Frequency of token expiration checks. Used by setExpireTokensInterval(accounts) in accounts_server.js.
  • CONNECTION_CLOSE_DELAY_MS = 10000. Logout delay for other clients. Used by Meteor.logoutOtherClients(), added from accounts_server.js.

Classes

AccountsClient

  • url_client.js additions:
    • _attemptToMatchHash() : Try to match the saved value of window.location.hash to one of the reserved hashes, to trigger an Accounts operation. On success, invokes passed handler which, when called from _initUrlMatching(), will always be defaultSuccessHandler().
    • _initUrlMatching(): called by constructor. Inits extra data on instance and invokes _attemptToMatchHash()
    • onResetPasswordLink() Register a function to call when a reset password link is clicked in an email sent by on of the hash handlers. See Accounts-onResetPasswordLink
    • onEmailVerificationLink() Register a function to call when an email verification link is clicked in an email sent by a hash handler. See Accounts-onEmailVerificationLink
    • onEnrollmentLink() Register a function to call when an account enrollment link is clicked in an email sent by a hash handler. See Accounts-onEnrollmentLink
    • Globals read
      • window.location.hash. Reserved hashes:
        • reset-password
        • verify-email
        • enroll-account
      • defaultSuccessHandler()
      • attemptToMatchHash()

AccountsCommon (accounts_common.js)

Base class for AccountsClient / AccountsServer.

  • constructor(options).
    • initializes connection, then users.
    • Options can contain:
    • connection, ddpUrl see initConnection()
    • sendVerificationEmail, forbidClientAccountCreation, restrictCreationByEmailDomain, loginExpirationInDays, and oauthSecretKey (side-effect, not saved). see config(options)
  • addDefaultRateLimit() : enable per-connection, per-method rate limiter for login, createUser, resetPassword forgotPassword to 5 calls every 10 seconds. Added from accounts_rate_limits.js.
  • config(options). Set up config for the accounts system. Call this on both the client the server.
    • Checks and filters options, before saving them to _options.
    • Setting an unknown option throws
    • Setting an already set option throws
    • Options can contain:
      • sendVerificationEmail {Boolean}: Send email address verification emails to new users created from client signups.
      • forbidClientAccountCreation {Boolean} Do not allow clients to create accounts directly. Security issue #828 exists if this is not called on both client and server
      • restrictCreationByEmailDomain {Function or String} Require created users to have an email matching the function or having the string as domain.
      • loginExpirationInDays {Number} Number of days since login until a user is logged out (login token expires).
      • oauthSecretKey When using the oauth-encryption package, the 16 byte key using to encrypt sensitive account credentials in the database, encoded in base64.
        • Warns if the oauth-encryption package is not present
        • Throws if used on client
        • Removed from saved config after passing if to the oauth-encryption package
  • ConfigError: legacy, initialized from service-configuration package during Meteor.startup().
  • connection: the MongoDB connection. If set to null, the users collection will be local (avoid !)
  • LoginCancelledError: specific error class to use when a login sequence is cancelled
  • loginServiceConfiguration: legacy, initialized from service-configuration package during Meteor.startup().
  • removeDefaultRateLimit() : disable the rate limiter for the methods below (from accounts_rate_limits.js).
  • user(): returns the currently logged-in user by finding it from Mongo based on the userId() value. Defaults to null.
  • userId(): Error("userId method not implemented") Basically an abstract method to be refined in child classes
  • users: the users collection
  • onLogin(func): Register a callback to be called after a login attempt succeeds.
  • onLoginFailure(func): Register a callback to be called after a login attempt fails.
  • _getTokenLifetimeMs(): get the remaining login token lifetime in msec. Taken from loginExpirationInDays if it exists. Defaults to DEFAULT_LOGIN_EXPIRATION_DAYS (= 90) days in msec.
  • _initConnection(options) - Options can contain
    • connection: the connection on which to load the users collection
    • ddpUrl: if connection is not set, connect to this URL
    • some non-portable, going-away, mechanism for OAuth
    • if none if available, Meteor.connection will be used as a default
  • _onLoginHook(). As per hook.js, Hook system is under development. Use onLogin(func) to make use of it.
  • _onLoginFailureHook(). As per hook.js, Hook system is under development. Use onLoginFailure(func) to make use of it.
  • _options = {} - used directly by packages like accounts-password and `accounts-ui-unstyled.
  • _tokenExpiration(when): when is a token (timestamp, used to be any number in earlier versions). It is converted to Date, and added with _getTokenLifetimeMs() to return the expiration date for the when.
  • _tokenExpiresSoon(when): when is a token (timestamp). True if it expires in less the smaller of 0.1 * _getTokenLifetimeMs()and 1 hour.
  • side-effect in accounts_rate_limits.js : loading this file initializes the rate-limiter for addDefaultRateLimit() and removeDefaultRateLimit(). This is why the package has a dependency on ddp-rate-limiter.

AccountsServer

  • methods. These 3 methods are public but marked (in 1.2.1) as likely not to remain so
    • resetPassword() : generates a password reset link (from token)
    • verifyEmail(): generates an email verification link (from token)
    • enrollAccount(): generates an account enrollment link (from token)

AccountsTest

  • methods
    • attemptToMatchHash() facade for attemptToMatchHash() function
    • Globals read
      • Accounts (see globals_server.js)

Meteor

  • userId: a copy of the Accounts.usedId() method
  • user(): a copy of the Accounts.user() method

Functions

url_client.js

  • defaultSuccessHandler() : suspends autologin, invokes other handles for the same hash, passing them a closure capable of enabling autologin.

Dependencies / Exports (package.js et al.)

Exports

Symbol Client Server Test
Accounts O O O
AccountsClient O
AccountsServer O
AccountsTest O

Dependencies

Package Client Server Specifics
underscore O O
ecmascript O O
ddp-rate-limiter O O
localstorage O
tracker O
check O
random O O
ejson O
callback-hook O O
service-configuration O O unordered (needs Accounts.connection)
ddp O O
mongo O O expected abstraction in the future
blaze O weak: define {{currentUser}}
autopublish O weak: publish extra users fields
oauth-encryption O weak
NPM crypto O in accounts_server.js

Objects (globals_(client|server).js)

  • Accounts
    • on client: new AccountsClient() (extends AccountsCommon)
    • on server: new AccountsServer(Meteor.server) (extends AccountsCommon)
  • Meteor
    • new field users for the users collection. Name is expected to become configurable in future versions.