创建用户后如何防止自动登录

Question

I add accounts-password and accounts-base packages in Meteor

When I create user like this:

Accounts.createUser({username: username, password : password}, function(err){
          if (err) {
            // Inform the user that account creation failed
            console.log("Register Fail!") 
            console.log(err)
          } else {
               console.log("Register Success!")
            // Account has been created and the user has logged
          }    
  });

Account has been created and the user has logged.

for instance, I log in as an administrator and I want to create a account for somebody,but I don't want to log out after create account.

How to prevent auto login after create user ?

I find source code of accouts-password packages:

48 - 63 lines:

// Attempt to log in as a new user.
Accounts.createUser = function (options, callback) {
  options = _.clone(options); // we'll be modifying options

  if (!options.password)
    throw new Error("Must set options.password");
  var verifier = Meteor._srp.generateVerifier(options.password);
  // strip old password, replacing with the verifier object
  delete options.password;
  options.srp = verifier;

  Accounts.callLoginMethod({
    methodName: 'createUser',
    methodArguments: [options],
    userCallback: callback
  });
};

Should I modify the source code to solve this problem?

Any help is appreciated.

Answer 1

You're trying to use client side accounts management to perform a task it hasn't been designed for.

Client side accounts package purpose is to specifically allow new users to create their account and expect to be logged in immediately.

You have to remember that certain functions can be ran on the client and/or on the server with different behaviors, Accounts.createUser docs specifies that : "On the client, this function logs in as the newly created user on successful completion."

On the contrary, "On the server, it returns the newly created user id." (it doesn't mess with the currently logged in user on the client).

In order to solve your problem, you should write a server side method creating a new user and be able to call it from your client side admin panel, after filling correctly a user creation form of your own design.

Answer 2

If you really want this behavior you would need to modify password_server.js

and remove lines 474-475 containing:

// client gets logged in as the new user afterwards.
this.setUserId(result.id);

So the User would not be logged in after the user is created.

Answer 3

I had the same problem. I wanted to create an admin interface where an administrator can set a user's password but not pass it to a server method in plaintext. The client side of Accounts.createUser already deals with this, so I just alter the normal sequence of events in accounts-password/password-server.js in the presence of a flag. Its not perfect or pretty but seems to work and you don't have to modify the accounts-password package directly.

Meteor.startup(function ()
    {

        // store the default createUser method handler
        var default_create_user = Meteor.server.method_handlers.createUser;

        // remove it so we can register our own
        delete Meteor.server.method_handlers.createUser;

        Meteor.methods({createUser: function (options) {

            var default_login_method = Accounts._loginMethod;

            // check if noAutoLogin flag is present
            if (options.noAutoLogin)
            {
                // temporarily disable the login method while creating our user

                // NB: it might be possible that simultaneous calls to createUser that do want the default behavior
                // would use the altered Accounts._loginMethod instead

                Accounts._loginMethod = function(s, m, a, p, fn)
                {
                    // this is the callback that is constructed with a closure of the options array and calls internal create functions
                    fn();

                    // restore default _loginMethod so other calls are not affected
                    Accounts._loginMethod = default_login_method;
                }
            }

            // invoke the default create user now that the login behavior has been short-circuited
            default_create_user(options);

        }});
    });

Answer 4

If you want to continue using Accounts.createUser on the client without logging the user in. You can call Meteor.logout() from createUser 's optional callback .

Accounts.createUser(user, err => {
  if (err) {
    // handle error
    return;
  }

  // Prevent unwanted login
  Meteor.logout();
});