359f18988c
- Can now add a second email address to your account and delete one of your email addresses - Reset password now works - Resetting the password of an account without a password set will set one - Email templates overhauled - Login tokens limited to close previously devastating ($800 database bill) security hole - Login with REST API now works - Once logged in, authentication of API calls with token works - Creatures can now be fetched using the API
38 lines
1.1 KiB
JavaScript
38 lines
1.1 KiB
JavaScript
import SimpleSchema from 'simpl-schema';
|
|
import { ValidatedMethod } from 'meteor/mdg:validated-method';
|
|
import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
|
|
|
|
const removeEmail = new ValidatedMethod({
|
|
name: 'users.removeEmail',
|
|
validate: new SimpleSchema({
|
|
email: {
|
|
type: String,
|
|
regEx: SimpleSchema.RegEx.Email,
|
|
},
|
|
}).validator(),
|
|
mixins: [RateLimiterMixin],
|
|
rateLimit: {
|
|
numRequests: 1,
|
|
timeInterval: 5000,
|
|
},
|
|
run({email}){
|
|
const userId = Meteor.userId();
|
|
const user = Meteor.users.findOne(userId);
|
|
if (!user) throw new Meteor.Error('No user',
|
|
'You must be logged in to remove an email address');
|
|
if (!user.emails){
|
|
throw new Meteor.Error('No email to remove',
|
|
'No email addresses are associated with this account');
|
|
}
|
|
if (user.emails.length == 1){
|
|
throw new Meteor.Error('Can\'t remove last email',
|
|
'You may not remove the last email address from your account');
|
|
}
|
|
if (Meteor.isServer){
|
|
Accounts.removeEmail(userId, email);
|
|
}
|
|
}
|
|
});
|
|
|
|
export default removeEmail;
|