Feature request: verify password before some methods


#1

Currently, it’s not easy to verify one’s password before some danger operations, for example, dealing with security configurations and enter admin panels.

Suggestions:

  • An API to verify the user’s password:
    • Available on client, like Accounts.verifyPassword(password).
    • When fired, verify user password with server and get a token from server and store on client, which is valid in 15min or so. This token will be used in checking the verify status in next steps.
  • Have a API available in methods to ask for verifying, like Accounts.requiresPasswordVerify():
    • When fired, This throws an special error if no valid token found on client, or do nothing means password verified.
    • Developers can make the client call Accounts.verifyPassword(password) and rerun the method when the special error occurs.

#2

Btw, I think it can be able to be done as a package, but it’s something that most app needs and it’s about security, so I think this should goes to core.