Is this something that is usually done? Or do you handle this with client-side validation + Accounts.validateNewUser / loginAttempt on the server? Is there a good example for how to setup a Meteor.users Schema + client-side / server validation or is this usually done a case by case basis?
That’s basically a case by case basis, but the general premise would be to not trust the client and do that validation on the server.
Meteor’s built in account validation functions and their callbacks are your friend.
You can then use a validation library to do the actual validation within those blocks.
1 Like
Thanks! But do you usually validate up against a Schema? If so, how do you handle password validation on the server?
I don’t usually validate against a schema unless I’m creating my own custom authentication.
You can take a look at https://atmospherejs.com/useraccounts/core for a flexible accounts system or for inspiration.
Validating passwords is a bit of a problem since they arrive at the server already encrypted.
You can take a look at this https://atmospherejs.com/bjwiley2/serverside-login to see how he has done it. This package does login on the server side and validates there. But it means the username/password combination is sent to the server in pain text. Therefore you should then use SSL to protect that.
2 Likes
Just a tip for anyone working with how to validate signup client-side / server-side - try Meteor Useraccounts, it was exactly what I was looking for! Setup a Simple Schema and tons of possibilities to customise signup / sign in flow.