I’m developing a simple application using Meteor to learn the framework. I’m using the accounts-password package which incorporates the accounts-base package.
User’s will create an account and their email address will serve as their username for login in. This all works perfectly fine as intended. Now I want to take this to the next level.
I want to have the ability to temporarily ban a user for a temporary set period of time - let’s say a week.
Is this functionality possible using the accounts-password package or is there another package that exists which will accomplish this functionality? Otherwise how can I implement this functionality on my own?
I’ve also asked this question on stack-overflow here: View Question
If it’s was me I’d just use a date library or new Date() in a mongo collection. If the Date() is less than the stored date, prevent that user from executing any specific functionality.
You can do it like @nicholasbydesign suggested. Another suggestion would be more complicated. Many moons ago, I used the roles package by alanning and created a role banned and created a separate collection to store all bans. I did this because I also stored a reason and allowed for some different types and so on … Then I used a chron-job to periodically (24h) check if a user should be unbanned. Depending on what your use case is, this might be a total overkill.
1 Like
To expand on @nicholasbydesign’s answer, the suggested way of doing this is to implement a bannedUntil field on your user documents in the Meteor.users collection.
Then, depending on the desired granularity of the ban, you can throw or return in method calls based on the value of the user’s bannedUntil field. If you want to ban the user from logging in, you can accomplish this in the login hook provided by AccountsServer.validateLoginAttempt, by either throwing or returning a falsy value, depending on the value of the bannedUntil field on the user document.
I really appreciate your overkill suggestion actually, the more functionality I get out of it the better, it’s just a shame that there’s not actually a standard way of doing this yet…
By the way, it would be convenient to store ban history inside user account, there’s no real need to make a separate collection. Every ban record should only be an object, storing expiration time and description.
@barrydoyle18
Just validate login attempt by checking if there are any unexpired bans.
If you think about it, even if it was implemented for you, it would be just 3 small functions.
2 Likes