Reputation: 222
How to restrict account creation by user accounts-password?
I'm working on an application where only the admin should be able to create users for the system; meaning the user is restricted from creating an account but can login if login credentials were made for him/her.
I'm thinking about using houston:admin to manually create users, but how can I restrict users from creating an account using accounts-ui?
Should I use different packages to achieve this altogether?
Upvotes: 1
Views: 144
Answers (1)
Reputation: 16488
You have several ways to prevent users from creating accounts:
throwing an error in the Accounts.onCreateUser() callback (server only):
Accounts.onCreateUser(function(options, user) { if (/* some logic to figure out if current user is an admin */) { return user; } throw new Meteor.Error("user creation disabled."); });This will prevent the account from being created if the current user is not an admin.
configuring
Accountsto forbid account creation (both client and server):Accounts.config({ forbidClientAccountCreation: true });which rejects calls to
createUser()from the client (but will not prevent user creation using oAuth services).
A combination of both is a likely course of action. Take a look at the linked documentation for more details.
Upvotes: 2
Related Questions
- Meteor Account disable create-account function from website
- meteor: Creating users using accounts-password on the server side
- Meteor.. accounts- password-- Create account on client without login
- How do I prevent new users being created in a meteor app?
- Meteor - Validate user password on server on new user creation
- Meteor: User account management and creation by Admin only
- Meteor: accounts-password
- Creating user with no password in Meteor
- Creating account using accounts-password in meteor
- Accounts.createUser create users, but only from the server and not allow the client to create user