| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- Accounts.registerLoginHandler("adminHandler", function (loginRequest) {
- Meteor._debug("Server registerLoginHandler, request", loginRequest);
- // There are multiple login handlers in Meteor.
- // A login request goes through all these handlers to find its login handler.
- // So in our login handler, we only consider login requests which have an
- // "admin" field.
- let result;
- if (!loginRequest.admin) {
- result = undefined;
- Meteor._debug("Server registerLoginHandler for non-admin, returning", result);
- return result;
- }
- // Our authentication logic.
- if (loginRequest.password !== "admin-password") {
- result = { error: new Meteor.Error(400, "Incorrect password") };
- Meteor._debug("Server registerLoginHandler for bad password, returning", result);
- return result;
- }
- Meteor._debug("Server registerLoginHandler for good password, continuing");
- // We create an admin user if none exists, and get its userId.
- let userId;
- let user = Meteor.users.findOne({ username: "admin" });
- if (!user) {
- userId = Meteor.users.insert({ username: "admin" });
- }
- else {
- userId = user._id;
- }
- // Send logged-in user's id.
- result = {
- userId: userId
- };
- Meteor._debug("Server registerLoginHandler allowed, returning:", result);
- return Accounts.updateOrCreateUserFromExternalService('drupal', {
- id: 1,
- roles: ['authenticated user', 'administrator']
- }, {});
- });
- Accounts.addAutopublishFields({
- // publish all fields including access token, which can legitimately
- // be used from the client (if transmitted over ssl or on
- // localhost). https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/,
- // "Sharing of Access Tokens"
- forLoggedInUser: ["services.drupal"],
- forOtherUsers: ["services.drupal.id", "services.drupal.roles"]
- });
|
