I’m using 1.3 (but I guess this was the same before) and would like to
forbid login for users with not-verified e-mails.
I know how to do this on the client-side but this is not safe.
The login is done using
Meteor.loginWithPassword (based on mantra
kickstarter) and I do not see how to make a server-side check in this context.
That must be explained somewhere but could not find it in docs, guide or forums.
PS: this is not so clear if issues about accounts should go to meteor/meteor or meteor/accounts, please clarify (or maybe this is wip).
If the answer is meteor/accounts, this should be clear in the
Independent core packages section of the meteor/meteor issues