Login without password (team member feature)

Hello guys,

My case is that I want to have a feature that a user can create team member, and then members can login as the user’s behaviour.

So my concept is that I’ll make a custom form that check for team member’s email and password, then I’ll login that member as the main user.

How can I force a member can login without the main user’s password?

Thanks for your helps!

When you create the record of the new team member, add a hash value. Send the link with the hash to that team member by email during the creation of his account. Save the hash as cookie. Check the hash during login. Provide functionality to allow the team member to email the link to him again

How can I manually login a user with the hash? And where should I store that hash inside user collection?

So what you mean is, you want a single Meteor user account to have login access from multiple email/password combinations (for example)? And you want a page that can create and remove email/password combinations?

This is very tricky, because surely you see that you’d be reproducing the Accounts package. Like what if a “team member” needs to reset her password? How would the system know which specific team member logged on? Would you use another identifier? Do you see how that reduces to creating another Accounts package?

The alternative is you create a user account for each team member; you create a separate thing called an Organization; and users and things that belong to users actually all belong to an Organization.

As a concrete example, imagine you’re creating Galaxy, Meteor’s web host. Every user has a corresponding organization. Users can invite other users into their organization. Web sites belong to organizations, always, never to users. Some users can never leave the organization (some sense of owner). Etc, etc.

You have to do this work somewhere. Either you use organizations, or you create something that’s basically an Accounts package. It’s going to be really tempting to just let multiple email/password combinations login to the same user account (that’s pretty easy to hack into accounts-password), but you’re going to immediately run into a bunch of other problems over time. I’d recommend just biting the bullet and create an organization system.