├── .npm └── package │ ├── .gitignore │ ├── README │ └── npm-shrinkwrap.json ├── .versions ├── README.md ├── accounts-passwordless-tests.js ├── client ├── init-url-matching.js └── login-by-token.js ├── package.js └── server ├── find-user-by-token.js ├── login-by-phone.js ├── login-config.js ├── send-login-email.js └── send-login-sms.js /.npm/package/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | -------------------------------------------------------------------------------- /.npm/package/README: -------------------------------------------------------------------------------- 1 | This directory and the files immediately inside it are automatically generated 2 | when you change this package's NPM dependencies. Commit the files in this 3 | directory (npm-shrinkwrap.json, .gitignore, and this README) to source control 4 | so that others run the same versions of sub-dependencies. 5 | 6 | You should NOT check in the node_modules directory that Meteor automatically 7 | creates; if you are using git, the .gitignore file tells git to ignore it. 8 | -------------------------------------------------------------------------------- /.npm/package/npm-shrinkwrap.json: -------------------------------------------------------------------------------- 1 | { 2 | "dependencies": { 3 | "twilio": { 4 | "version": "2.5.2", 5 | "resolved": "https://registry.npmjs.org/twilio/-/twilio-2.5.2.tgz", 6 | "from": "twilio@2.5.2", 7 | "dependencies": { 8 | "deprecate": { 9 | "version": "0.1.0", 10 | "resolved": "https://registry.npmjs.org/deprecate/-/deprecate-0.1.0.tgz", 11 | "from": "deprecate@0.1.0" 12 | }, 13 | "jwt-simple": { 14 | "version": "0.1.0", 15 | "resolved": "https://registry.npmjs.org/jwt-simple/-/jwt-simple-0.1.0.tgz", 16 | "from": "jwt-simple@0.1.0" 17 | }, 18 | "q": { 19 | "version": "0.9.7", 20 | "resolved": "https://registry.npmjs.org/q/-/q-0.9.7.tgz", 21 | "from": "q@0.9.7" 22 | }, 23 | "request": { 24 | "version": "2.55.0", 25 | "resolved": "https://registry.npmjs.org/request/-/request-2.55.0.tgz", 26 | "from": "request@2.55.0", 27 | "dependencies": { 28 | "aws-sign2": { 29 | "version": "0.5.0", 30 | "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.5.0.tgz", 31 | "from": "aws-sign2@0.5.0" 32 | }, 33 | "bl": { 34 | "version": "0.9.4", 35 | "resolved": "https://registry.npmjs.org/bl/-/bl-0.9.4.tgz", 36 | "from": "bl@0.9.4", 37 | "dependencies": { 38 | "readable-stream": { 39 | "version": "1.0.33", 40 | "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.33.tgz", 41 | "from": "readable-stream@1.0.33", 42 | "dependencies": { 43 | "core-util-is": { 44 | "version": "1.0.1", 45 | "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.1.tgz", 46 | "from": "core-util-is@1.0.1" 47 | }, 48 | "inherits": { 49 | "version": "2.0.1", 50 | "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz", 51 | "from": "inherits@2.0.1" 52 | }, 53 | "isarray": { 54 | "version": "0.0.1", 55 | "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", 56 | "from": "isarray@0.0.1" 57 | }, 58 | "string_decoder": { 59 | "version": "0.10.31", 60 | "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", 61 | "from": "string_decoder@0.10.31" 62 | } 63 | } 64 | } 65 | } 66 | }, 67 | "caseless": { 68 | "version": "0.9.0", 69 | "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.9.0.tgz", 70 | "from": "caseless@0.9.0" 71 | }, 72 | "combined-stream": { 73 | "version": "0.0.7", 74 | "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-0.0.7.tgz", 75 | "from": "combined-stream@0.0.7", 76 | "dependencies": { 77 | "delayed-stream": { 78 | "version": "0.0.5", 79 | "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-0.0.5.tgz", 80 | "from": "delayed-stream@0.0.5" 81 | } 82 | } 83 | }, 84 | "forever-agent": { 85 | "version": "0.6.1", 86 | "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz", 87 | "from": "forever-agent@0.6.1" 88 | }, 89 | "form-data": { 90 | "version": "0.2.0", 91 | "resolved": "https://registry.npmjs.org/form-data/-/form-data-0.2.0.tgz", 92 | "from": "form-data@0.2.0", 93 | "dependencies": { 94 | "async": { 95 | "version": "0.9.2", 96 | "resolved": "https://registry.npmjs.org/async/-/async-0.9.2.tgz", 97 | "from": "async@0.9.2" 98 | } 99 | } 100 | }, 101 | "har-validator": { 102 | "version": "1.8.0", 103 | "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-1.8.0.tgz", 104 | "from": "har-validator@1.8.0", 105 | "dependencies": { 106 | "bluebird": { 107 | "version": "2.10.2", 108 | "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-2.10.2.tgz", 109 | "from": "bluebird@2.10.2" 110 | }, 111 | "chalk": { 112 | "version": "1.1.1", 113 | "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.1.tgz", 114 | "from": "chalk@1.1.1", 115 | "dependencies": { 116 | "ansi-styles": { 117 | "version": "2.1.0", 118 | "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.1.0.tgz", 119 | "from": "ansi-styles@2.1.0" 120 | }, 121 | "escape-string-regexp": { 122 | "version": "1.0.3", 123 | "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.3.tgz", 124 | "from": "escape-string-regexp@1.0.3" 125 | }, 126 | "has-ansi": { 127 | "version": "2.0.0", 128 | "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", 129 | "from": "has-ansi@2.0.0", 130 | "dependencies": { 131 | "ansi-regex": { 132 | "version": "2.0.0", 133 | "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.0.0.tgz", 134 | "from": "ansi-regex@2.0.0" 135 | } 136 | } 137 | }, 138 | "strip-ansi": { 139 | "version": "3.0.0", 140 | "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.0.tgz", 141 | "from": "strip-ansi@3.0.0", 142 | "dependencies": { 143 | "ansi-regex": { 144 | "version": "2.0.0", 145 | "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.0.0.tgz", 146 | "from": "ansi-regex@2.0.0" 147 | } 148 | } 149 | }, 150 | "supports-color": { 151 | "version": "2.0.0", 152 | "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", 153 | "from": "supports-color@2.0.0" 154 | } 155 | } 156 | }, 157 | "commander": { 158 | "version": "2.9.0", 159 | "resolved": "https://registry.npmjs.org/commander/-/commander-2.9.0.tgz", 160 | "from": "commander@2.9.0", 161 | "dependencies": { 162 | "graceful-readlink": { 163 | "version": "1.0.1", 164 | "resolved": "https://registry.npmjs.org/graceful-readlink/-/graceful-readlink-1.0.1.tgz", 165 | "from": "graceful-readlink@1.0.1" 166 | } 167 | } 168 | }, 169 | "is-my-json-valid": { 170 | "version": "2.12.2", 171 | "resolved": "https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.12.2.tgz", 172 | "from": "is-my-json-valid@2.12.2", 173 | "dependencies": { 174 | "generate-function": { 175 | "version": "2.0.0", 176 | "resolved": "https://registry.npmjs.org/generate-function/-/generate-function-2.0.0.tgz", 177 | "from": "generate-function@2.0.0" 178 | }, 179 | "generate-object-property": { 180 | "version": "1.2.0", 181 | "resolved": "https://registry.npmjs.org/generate-object-property/-/generate-object-property-1.2.0.tgz", 182 | "from": "generate-object-property@1.2.0", 183 | "dependencies": { 184 | "is-property": { 185 | "version": "1.0.2", 186 | "resolved": "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz", 187 | "from": "is-property@1.0.2" 188 | } 189 | } 190 | }, 191 | "jsonpointer": { 192 | "version": "2.0.0", 193 | "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-2.0.0.tgz", 194 | "from": "jsonpointer@2.0.0" 195 | }, 196 | "xtend": { 197 | "version": "4.0.1", 198 | "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz", 199 | "from": "xtend@4.0.1" 200 | } 201 | } 202 | } 203 | } 204 | }, 205 | "hawk": { 206 | "version": "2.3.1", 207 | "resolved": "https://registry.npmjs.org/hawk/-/hawk-2.3.1.tgz", 208 | "from": "hawk@2.3.1", 209 | "dependencies": { 210 | "boom": { 211 | "version": "2.10.1", 212 | "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz", 213 | "from": "boom@2.10.1" 214 | }, 215 | "cryptiles": { 216 | "version": "2.0.5", 217 | "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz", 218 | "from": "cryptiles@2.0.5" 219 | }, 220 | "hoek": { 221 | "version": "2.16.3", 222 | "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz", 223 | "from": "hoek@2.16.3" 224 | }, 225 | "sntp": { 226 | "version": "1.0.9", 227 | "resolved": "https://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz", 228 | "from": "sntp@1.0.9" 229 | } 230 | } 231 | }, 232 | "http-signature": { 233 | "version": "0.10.1", 234 | "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-0.10.1.tgz", 235 | "from": "http-signature@0.10.1", 236 | "dependencies": { 237 | "asn1": { 238 | "version": "0.1.11", 239 | "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.1.11.tgz", 240 | "from": "asn1@0.1.11" 241 | }, 242 | "assert-plus": { 243 | "version": "0.1.5", 244 | "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.1.5.tgz", 245 | "from": "assert-plus@0.1.5" 246 | }, 247 | "ctype": { 248 | "version": "0.5.3", 249 | "resolved": "https://registry.npmjs.org/ctype/-/ctype-0.5.3.tgz", 250 | "from": "ctype@0.5.3" 251 | } 252 | } 253 | }, 254 | "isstream": { 255 | "version": "0.1.2", 256 | "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz", 257 | "from": "isstream@0.1.2" 258 | }, 259 | "json-stringify-safe": { 260 | "version": "5.0.1", 261 | "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", 262 | "from": "json-stringify-safe@5.0.1" 263 | }, 264 | "mime-types": { 265 | "version": "2.0.14", 266 | "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.0.14.tgz", 267 | "from": "mime-types@2.0.14", 268 | "dependencies": { 269 | "mime-db": { 270 | "version": "1.12.0", 271 | "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.12.0.tgz", 272 | "from": "mime-db@1.12.0" 273 | } 274 | } 275 | }, 276 | "node-uuid": { 277 | "version": "1.4.3", 278 | "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.3.tgz", 279 | "from": "node-uuid@1.4.3" 280 | }, 281 | "oauth-sign": { 282 | "version": "0.6.0", 283 | "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.6.0.tgz", 284 | "from": "oauth-sign@0.6.0" 285 | }, 286 | "qs": { 287 | "version": "2.4.2", 288 | "resolved": "https://registry.npmjs.org/qs/-/qs-2.4.2.tgz", 289 | "from": "qs@2.4.2" 290 | }, 291 | "stringstream": { 292 | "version": "0.0.5", 293 | "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz", 294 | "from": "stringstream@0.0.5" 295 | }, 296 | "tough-cookie": { 297 | "version": "2.2.0", 298 | "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.2.0.tgz", 299 | "from": "tough-cookie@2.2.0" 300 | }, 301 | "tunnel-agent": { 302 | "version": "0.4.1", 303 | "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.1.tgz", 304 | "from": "tunnel-agent@0.4.1" 305 | } 306 | } 307 | }, 308 | "scmp": { 309 | "version": "0.0.3", 310 | "resolved": "https://registry.npmjs.org/scmp/-/scmp-0.0.3.tgz", 311 | "from": "scmp@0.0.3" 312 | }, 313 | "string.prototype.startswith": { 314 | "version": "0.2.0", 315 | "resolved": "https://registry.npmjs.org/string.prototype.startswith/-/string.prototype.startswith-0.2.0.tgz", 316 | "from": "string.prototype.startswith@0.2.0" 317 | }, 318 | "underscore": { 319 | "version": "1.8.3", 320 | "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz", 321 | "from": "underscore@1.8.3" 322 | } 323 | } 324 | } 325 | } 326 | } 327 | -------------------------------------------------------------------------------- /.versions: -------------------------------------------------------------------------------- 1 | accounts-base@1.2.8 2 | accounts-password@1.1.12 3 | accounts-ui@1.1.9 4 | accounts-ui-unstyled@1.1.12 5 | allow-deny@1.0.5 6 | babel-compiler@6.8.4 7 | babel-runtime@0.1.9_1 8 | base64@1.0.9 9 | binary-heap@1.0.9 10 | blaze@2.1.8 11 | blaze-tools@1.0.9 12 | boilerplate-generator@1.0.9 13 | caching-compiler@1.0.6 14 | caching-html-compiler@1.0.6 15 | callback-hook@1.0.9 16 | check@1.2.3 17 | ddp@1.2.5 18 | ddp-client@1.2.9 19 | ddp-common@1.2.6 20 | ddp-rate-limiter@1.0.5 21 | ddp-server@1.2.9 22 | deps@1.0.12 23 | diff-sequence@1.0.6 24 | ecmascript@0.4.7 25 | ecmascript-runtime@0.2.12 26 | ejson@1.0.12 27 | email@1.0.15 28 | geojson-utils@1.0.9 29 | html-tools@1.0.10 30 | htmljs@1.0.10 31 | id-map@1.0.8 32 | jquery@1.11.9 33 | less@2.6.4 34 | local-test:poetic:accounts-passwordless@1.0.4 35 | localstorage@1.0.11 36 | logging@1.0.14 37 | meteor@1.1.16 38 | minifier-js@1.1.13 39 | minimongo@1.0.17 40 | modules@0.6.5 41 | modules-runtime@0.6.5 42 | mongo@1.1.9_1 43 | mongo-id@1.0.5 44 | npm-bcrypt@0.8.6_2 45 | npm-mongo@1.4.45 46 | observe-sequence@1.0.12 47 | ordered-dict@1.0.8 48 | poetic:accounts-passwordless@1.0.4 49 | promise@0.7.3 50 | random@1.0.10 51 | rate-limit@1.0.5 52 | reactive-dict@1.1.8 53 | reactive-var@1.0.10 54 | retry@1.0.8 55 | routepolicy@1.0.11 56 | service-configuration@1.0.10 57 | session@1.1.6 58 | sha@1.0.8 59 | spacebars@1.0.12 60 | spacebars-compiler@1.0.12 61 | srp@1.0.9 62 | templating@1.1.13 63 | templating-tools@1.0.4 64 | tracker@1.0.14 65 | ui@1.0.11 66 | underscore@1.0.9 67 | webapp@1.2.10 68 | webapp-hashing@1.0.9 69 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # accounts-passwordless 2 | 3 | ## Installation 4 | 5 | `meteor add poetic:accounts-passwordless` 6 | 7 | ## Usage 8 | 9 | This package allows you to login users without asking for a password. Authentication is handled using tokens distributed via email. The package exposes an additional `login` object within the `Accounts.emailTemplates` config for customization. The config options can be found in [Meteor's email templates docs](http://docs.meteor.com/#/full/accounts_emailtemplates). 10 | 11 | In addition, this package exposes the core `accounts-base`, `accounts-ui`, and `accounts-password` packages. 12 | 13 | First, from your server call `Accounts.sendLoginEmail(userId, email);`. This will send an email to your user with a login link in the form of http://localhost:3000/#/login/{token}. 14 | 15 | After login is resolved the `Accounts.onLoginFromLink` handler will be called. As with Meteor's other redirect handlers, this function should be defined in top level code and not wrapped in `Meteor.startup`. The handler should be defined in client code and takes the following form: 16 | 17 | ``` 18 | Accounts.onLoginFromLink(function(err, response){ 19 | // err is a Meteor.Error object 20 | // response is a success object in the form of { userId: docId } 21 | }); 22 | ``` 23 | 24 | If `onLoginFromLink` is called without error the user is authenticated and attached to `Meteor.userId()` and `Meteor.user()`, as well as `this.userId` on the server. 25 | 26 | ## SMS Phone Login 27 | 28 | SMS Phone login is now supported with accounts passwordless. To use this option you need to have a twilio account and a valid SID, AUTH, and FROM number. Once these are setup you can make a serverside method that will send the message. A simple example would be: 29 | 30 | ``` 31 | Meteor.methods({ 32 | phoneLogin: function(phone){ 33 | let user = Meteor.users.findOne({'profile.phone': phone}); 34 | 35 | let twilio = { 36 | sid: 'your-twilio-side', 37 | auth: 'your-twilio-auth-token', 38 | from: 'your-twilio-from-phone-number' 39 | }; 40 | 41 | let customMessage = "Welcome back to my app your invite code is : [code]"; 42 | Accounts.sendLoginSms(user._id, phone, twilio, customMessage); 43 | }, 44 | }); 45 | ``` 46 | 47 | `Accounts.sendLoginSms` is the function that will use twilio with your credentials to send a message to the phone (number) passed. This also expects a `user._id` so that the newly generated auth token can be set on that user. 48 | 49 | The customMessage should contain one place in the string where `"[code]"` will be replaced by the value of the actual code generated internally. The placement of this does not matter but the string must contain that in order for the code to be replaced. 50 | 51 | If no custom string is passed then a default message will be sent with the code. 52 | 53 | Once that Method has ran, a user will be sent the text message to the phone number provided. Afterwards you can now log the user in with the code that was sent with a bit of clientside event code. Another example of this would look like: 54 | 55 | ``` 56 | Template.login.events({ 57 | 'click .send-auth': function(){ 58 | let phoneNumber = $('.login').val(); 59 | Meteor.call('phoneLogin', phoneNumber); 60 | }, 61 | 62 | 'click .submit-code': function(){ 63 | let phoneNumber = $('.login').val(); 64 | let code = $('.code').val(); 65 | Accounts.loginByPhone(code, phoneNumber, propName, (err) => { 66 | if (err) { 67 | throw new Error("User not found with that code and phone number"); 68 | } 69 | }); 70 | } 71 | }); 72 | ``` 73 | 74 | Notice the first event calls the serverside method you created from the client. The second event takes the code, phoneNumber, and a propName as arguments and will login the user if they Match. 75 | propName is used to query the phone number in the database. 76 | 77 | #### phoneMasterCode 78 | You can set up a master code for phone like this: 79 | ``` 80 | Accounts.phoneMasterCode = '1111'; 81 | ``` 82 | -------------------------------------------------------------------------------- /accounts-passwordless-tests.js: -------------------------------------------------------------------------------- 1 | // Write your tests here! 2 | // Here is an example. 3 | Tinytest.add('example', function (test) { 4 | test.equal(true, true); 5 | }); 6 | -------------------------------------------------------------------------------- /client/init-url-matching.js: -------------------------------------------------------------------------------- 1 | // This code mostly taken from https://github.com/meteor/meteor/blob/676a9fa0fddb6a823c11cb1bfecfc533dd797373/packages/accounts-base/url_client.js 2 | 3 | var Ap = {}; 4 | 5 | // We only support one callback per URL. 6 | var accountsCallbacks = {}; 7 | 8 | // All of the special hash URLs we support for accounts interactions 9 | var accountsPaths = ["reset-password", "verify-email", "enroll-account", "login"]; 10 | 11 | var savedHash = window.location.hash; 12 | 13 | Ap._initUrlMatching = function () { 14 | // By default, allow the autologin process to happen. 15 | this._autoLoginEnabled = true; 16 | 17 | 18 | // Try to match the saved value of window.location.hash. 19 | this._attemptToMatchHash(); 20 | }; 21 | 22 | // Separate out this functionality for testing 23 | 24 | Ap._attemptToMatchHash = function () { 25 | attemptToMatchHash(this, savedHash, defaultSuccessHandler); 26 | }; 27 | 28 | // Note that both arguments are optional and are currently only passed by 29 | // accounts_url_tests.js. 30 | function attemptToMatchHash(accounts, hash, success) { 31 | accountsPaths.forEach(function(urlPart){ 32 | var token; 33 | 34 | var tokenRegex = new RegExp("^\\#\\/" + urlPart + "\\/(.*)$"); 35 | var match = hash.match(tokenRegex); 36 | 37 | if (match) { 38 | token = match[1]; 39 | 40 | // XXX COMPAT WITH 0.9.3 41 | if (urlPart === "login") { 42 | accounts._loginToken = token; 43 | } 44 | } else { 45 | return; 46 | } 47 | 48 | // If no handlers match the hash, then maybe it's meant to be consumed 49 | // by some entirely different code, so we only clear it the first time 50 | // a handler successfully matches. Note that later handlers reuse the 51 | // savedHash, so clearing window.location.hash here will not interfere 52 | // with their needs. 53 | window.location.hash = ""; 54 | 55 | // Do some stuff with the token we matched 56 | success.call(accounts, token, urlPart); 57 | }); 58 | } 59 | 60 | Accounts.onLoginFromLink = function(callback){ 61 | if (accountsCallbacks["login"]) { 62 | Meteor._debug("Accounts.onLoginFromLink was called more than once. " + 63 | "Only one callback added will be executed."); 64 | } 65 | 66 | accountsCallbacks["login"] = callback; 67 | }; 68 | 69 | function defaultSuccessHandler(token, urlPart) { 70 | Meteor.call('findUserByToken', token, function(err, user){ 71 | if (! err) { 72 | Accounts.verifyEmail(token, function(e){ 73 | var response = {}; 74 | 75 | if (! e && user) { response.user = user } 76 | 77 | Meteor.setTimeout(function(){ 78 | if (accountsCallbacks[urlPart]) { 79 | accountsCallbacks[urlPart](e, response); 80 | } 81 | }, 500) 82 | }); 83 | } 84 | }); 85 | }; 86 | 87 | Ap._initUrlMatching(); 88 | -------------------------------------------------------------------------------- /client/login-by-token.js: -------------------------------------------------------------------------------- 1 | Accounts.loginByPhone = function(code, phoneNumber, propName, callback){ 2 | Meteor.call('loginByPhone', code, phoneNumber, propName, function(err, token){ 3 | if(err){ 4 | if(_.isFunction(callback)){ 5 | callback(err); 6 | } 7 | } else { 8 | Meteor.loginWithToken(token, callback); //Really our callback should be called after Meteor.loginWithToken executed and returns a result 9 | } 10 | }); 11 | }; 12 | -------------------------------------------------------------------------------- /package.js: -------------------------------------------------------------------------------- 1 | Package.describe({ 2 | name: 'poetic:accounts-passwordless', 3 | version: '1.0.4', 4 | summary: 'create and login users without requiring a password', 5 | git: 'https://github.com/poetic/accounts-passwordless', 6 | documentation: 'README.md' 7 | }); 8 | 9 | Npm.depends({ 10 | 'twilio': '2.5.2', 11 | }); 12 | 13 | Package.onUse(function(api) { 14 | api.versionsFrom('1.1.0.2'); 15 | 16 | api.use([ 17 | 'random', 18 | 'accounts-base', 19 | 'accounts-ui', 20 | 'accounts-password' 21 | ], [ 22 | 'client', 'server' 23 | ]); 24 | 25 | api.addFiles([ 26 | 'server/login-config.js', 27 | 'server/send-login-email.js', 28 | 'server/send-login-sms.js', 29 | 'server/find-user-by-token.js', 30 | 'server/login-by-phone.js', 31 | ], 'server'); 32 | 33 | 34 | api.addFiles('client/login-by-token.js', 'client'); 35 | api.addFiles('client/init-url-matching.js', 'client'); 36 | 37 | api.imply([ 38 | 'accounts-base', 'accounts-ui', 'accounts-password' 39 | ]); 40 | }); 41 | 42 | Package.onTest(function(api){}); 43 | -------------------------------------------------------------------------------- /server/find-user-by-token.js: -------------------------------------------------------------------------------- 1 | Meteor.methods({ 2 | findUserByToken: function(token){ 3 | return Meteor.users.findOne({ 4 | 'services.email.verificationTokens.token': token 5 | }); 6 | }, 7 | }); 8 | -------------------------------------------------------------------------------- /server/login-by-phone.js: -------------------------------------------------------------------------------- 1 | Meteor.methods({ 2 | loginByPhone: function(code, phone, propName){ 3 | var phoneKey = propName ? propName : 'profile.phone'; 4 | 5 | // user master code if it exist 6 | var phoneMasterCode = Accounts.phoneMasterCode; 7 | if (phoneMasterCode && phoneMasterCode === code) { 8 | var phoneQuery = {}; 9 | phoneQuery[phoneKey] = phone; 10 | var userByPhone = Meteor.users.findOne(phoneQuery); 11 | 12 | if(!userByPhone){ 13 | throw new Error("User not found with that phone number"); 14 | } 15 | 16 | var tokenRecord = { 17 | token: Random.secret(), 18 | phone: phone, 19 | when: new Date().getTime(), 20 | code: phoneMasterCode 21 | }; 22 | 23 | Accounts._insertLoginToken(userByPhone._id, tokenRecord); 24 | return tokenRecord.token; 25 | } 26 | 27 | var query = { 'services.phone.verificationTokens.code': code }; 28 | query[phoneKey] = phone; 29 | var user = Meteor.users.findOne(query); 30 | 31 | if(!user){ throw new Error("User not found with that code and phone number"); } 32 | 33 | var when = user.services.phone.verificationTokens.when; 34 | var token = user.services.phone.verificationTokens.token; 35 | 36 | /* if the time is within 10 minutes */ 37 | var tokenIsFresh = new Date().getTime() - when < 10 * 60 * 1000; 38 | return tokenIsFresh && token; 39 | } 40 | }); 41 | -------------------------------------------------------------------------------- /server/login-config.js: -------------------------------------------------------------------------------- 1 | Accounts.urls.login = function(token){ 2 | return Meteor.absoluteUrl('#/login/' + token); 3 | }; 4 | 5 | Accounts.emailTemplates.login = { 6 | subject: function(user){ 7 | return 'Login to ' + Accounts.emailTemplates.siteName; 8 | }, 9 | 10 | text: function(user, url){ 11 | return "Click on the link below to login.\n" + 12 | "\n" + url; 13 | }, 14 | }; 15 | -------------------------------------------------------------------------------- /server/send-login-email.js: -------------------------------------------------------------------------------- 1 | // taken mostly from https://github.com/meteor/meteor/blob/master/packages/accounts-password/password_server.js#L573 2 | 3 | Accounts.sendLoginEmail = function(userId, address){ 4 | var user = Meteor.users.findOne(userId); 5 | 6 | if (! user) { 7 | throw new Error("Can't find user"); 8 | } 9 | 10 | if (! address) { 11 | var email = _.find(user.emails || [], function (e) { 12 | return !e.verified; 13 | }); 14 | 15 | address = (email || {}).address; 16 | } 17 | 18 | if (!address || !_.contains(_.pluck(user.emails || [], 'address'), address)) { 19 | throw new Error("No such email address for user."); 20 | } 21 | 22 | var tokenRecord = { 23 | token: Random.secret(), 24 | address: address, 25 | when: new Date() 26 | }; 27 | 28 | Meteor.users.update( 29 | { _id: userId }, 30 | { $push: {'services.email.verificationTokens': tokenRecord } } 31 | ); 32 | 33 | Meteor._ensure(user, 'services', 'email'); 34 | 35 | if (!user.services.email.verificationTokens) { 36 | user.services.email.verificationTokens = []; 37 | } 38 | 39 | user.services.email.verificationTokens.push(tokenRecord); 40 | 41 | var loginUrl = Accounts.urls.login(tokenRecord.token); 42 | 43 | var options = { 44 | to: address, 45 | from: Accounts.emailTemplates.login.from 46 | ? Accounts.emailTemplates.login.from(user) 47 | : Accounts.emailTemplates.from, 48 | subject: Accounts.emailTemplates.login.subject(user), 49 | text: Accounts.emailTemplates.login.text(user, loginUrl) 50 | }; 51 | 52 | if (typeof Accounts.emailTemplates.login.html === 'function') { 53 | options.html = Accounts.emailTemplates.login.html(user, loginUrl); 54 | } 55 | 56 | if (typeof Accounts.emailTemplates.headers === 'object') { 57 | options.headers = Accounts.emailTemplates.headers; 58 | } 59 | 60 | Email.send(options); 61 | }; 62 | -------------------------------------------------------------------------------- /server/send-login-sms.js: -------------------------------------------------------------------------------- 1 | Accounts.sendLoginSms = function(userId, phoneNumber, twilioOptions, customMessage){ 2 | var twilio = Npm.require('twilio')(twilioOptions.sid, twilioOptions.auth); 3 | var from = twilioOptions.from; 4 | var user = Meteor.users.findOne(userId); 5 | 6 | if (! user) { throw new Error("Can't find user"); } 7 | if (! phoneNumber) { throw new Error("Requires a valid phone number for SMS"); } 8 | if (! twilio || ! from) { throw new Error("Requires valid twilio credentials for SMS sending"); } 9 | 10 | var tokenRecord = { 11 | token: Random.secret(), 12 | phone: phoneNumber, 13 | when: new Date().getTime(), 14 | code: getCode() 15 | }; 16 | 17 | Meteor.users.update( 18 | { _id: userId }, 19 | { $set: {'services.phone.verificationTokens': tokenRecord } } 20 | ); 21 | 22 | Accounts._insertLoginToken(user._id, tokenRecord); 23 | sendCode(tokenRecord.code, phoneNumber, twilio, from, customMessage); 24 | }; 25 | 26 | function sendCode(code, phoneNumber, twilio, from, customMessage){ 27 | var body; 28 | if(typeof(customMessage) === 'string' && customMessage.length > 0){ 29 | body = customMessage.replace('[code]', code); 30 | } else { 31 | body = 'Your verification code is: ' + code; 32 | } 33 | 34 | twilio.sendMessage({ 35 | to: phoneNumber, 36 | from: from, 37 | body: body 38 | }, function(err, responseData) { 39 | }); 40 | } 41 | 42 | function getCode(){ 43 | var code = ''; 44 | for(var i = 0; i < 4; i++){ 45 | code += String(Math.floor(Math.random()*10)); 46 | } 47 | return code; 48 | } 49 | --------------------------------------------------------------------------------