I’m building a user registration and password reset interaction with the
accounts-password package and having some problems, hoping someone here can help. I’m trying to build the following interaction:
- User signs up for an account, they get an email sent to them via
Accounts.sendEnrollmentEmailwith a link to click to create their password and complete account setup.
- When the user enters their new password, I want the server side to validate the password strength (min length, requires at least on special character, etc)
- when the password is strong enough and the account is created, the email address for their account completed and marked as verified
Number 2 doesn’t seem possible currently, I’m hoping I’m just misunderstasnding how to use
accounts-password. My is the following:
- For # 2 above, the function
Accounts.resetPassword(token, newPassword)with the token the user received in their email is
only available on the client. Because of this, it’s impossible to do validation on the new password on the server. Why is this not available on the server as well? It would be great if similar to
Accounts.validateNewUserthere was a
Accounts.validateNewPassword()method, so that I could trust calling
Accounts.resetPassword(token, newPassword)from the client will have its password strength enforced.