359f18988c
- Can now add a second email address to your account and delete one of your email addresses - Reset password now works - Resetting the password of an account without a password set will set one - Email templates overhauled - Login tokens limited to close previously devastating ($800 database bill) security hole - Login with REST API now works - Once logged in, authentication of API calls with token works - Creatures can now be fetched using the API
35 lines
971 B
JavaScript
35 lines
971 B
JavaScript
import SimpleSchema from 'simpl-schema';
|
|
import { ValidatedMethod } from 'meteor/mdg:validated-method';
|
|
import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
|
|
|
|
const addEmail = new ValidatedMethod({
|
|
name: 'users.addEmail',
|
|
validate: new SimpleSchema({
|
|
email: {
|
|
type: String,
|
|
regEx: SimpleSchema.RegEx.Email,
|
|
},
|
|
}).validator(),
|
|
mixins: [RateLimiterMixin],
|
|
rateLimit: {
|
|
numRequests: 1,
|
|
timeInterval: 5000,
|
|
},
|
|
run({email}){
|
|
const userId = Meteor.userId();
|
|
const user = Meteor.users.findOne(userId);
|
|
if (!user) throw new Meteor.Error('No user',
|
|
'You must be logged in to add an email address');
|
|
if (user.emails && user.emails.length >= 2){
|
|
throw new Meteor.Error('Emails full',
|
|
'You may only have up to 2 email addresses per account');
|
|
}
|
|
if (Meteor.isServer){
|
|
Accounts.addEmail(userId, email);
|
|
Accounts.sendVerificationEmail(userId, email);
|
|
}
|
|
}
|
|
});
|
|
|
|
export default addEmail;
|