I’ve been using Astronomy for my schema/ORM needs, and it is great so far.
However, I am not sure how I should use Astronomy in conjuction with Accounts.onCreateUser when creating a new user account.
Specifically, I am using:
Accounts.createUser to create a new user
Accounts.onCreateUser to add additional fields (beyond basic fields like username, password, email, etc.) to the new user that I am trying to create
For example:
User = Astro.Class({
// some default fields and values declared here ...
});
Accounts.createUser({
email: someEmail,
username: someUsername,
password: somePassword,
secret: someSecret,
secret2: someSecret2,
secret3: someSecret3,
...
});
Accounts.onCreateUser(function(options, user) {
var newUser = new User();
newUser.set(user);
newUser.set({
secret: options.secret
secret: options.secret2,
secret: options.secret3,
...
});
// My problem: server throws an error here and complains
// bc newUser is not a mongoDB document
return newUser;
}
Problems that I am facing:
I can’t simply return the newUser object b’c Accounts.onCreateUser requires that I return a mongoDB document (which the newUser object isn’t).
I can’t simply extend the user object with the secret fields in the Accounts.onCreateUser function and return that user object. I have ~20 fields and associating default values that I’ve defined in my astronomy User schema, and those fields+values would not be initialized unless myself or someone else calls newUser.save().
Does anyone have any suggestions or tips of how I should tackle this situation? Thank you.
You do know that Meteor’s account system lets you specify profile information (anything you want) to save with the user’s email/username and password, right?
The profile field is, unless specifically denied, updatable by the user and is also not a good practice to use for holding secrets.
Besides, it is going to be deprecated mostly because of these reasons. So a (near) future Meteor version may not even have a profile field so we need to figure out a way for Astronomu to play nice with Accounts anyway.
Thanks for the suggestion. But like other people have mentioned, it is not recommended to put any secrete (or information) that you won’t want the users to see or be able to edit in the profile.
Well, if it’s secret info that only that user should see (i.e. it’s about them), it’s ok to store in profile, no? Doesn’t matter if they can see their own info.
But if profile is going to be deprecated at some point, this is good to know. I’m using it currently in an app to store user details such as address, phone number, etc. So it’s better to move that into a separate collection?
I’m not going into details of security, however if you want to use Astronomy in the onCreateUser method you should return not an astronomy document but something like this:
In fact the way how the get() method works is not correct now :(. I will introduce the raw() or getRaw() method this or next week. I should change the way how the get() method works. However I can’t do it because it would be compatibility breaking change. So I don’t know what should I do in this situation :P.
You could either use a separate collection or another key in the user document. Whichever fits your requirements best. I’ve already moved away from profile.