Is there any package that sends a user an email if he (or a hacker) logs on from a different device or location?
For example like:
If there is no package for this
Accounts.validateLoginAttempt (function(attempt) {
console.log(attempt);
}
would print out:
connection: clientAddress: 127.0.0.1
user-agent: Macintosh; Intel Mac … Chrome…
accept-language: de-DE, en-US, …
If you save that to a collection or to the profile you could be able to that with meteor. A’m I right?
corvid
2
You can probably just push that to an “approved devices” field with some kind of sendApprovalEmail extension on accounts.
Accounts.validateLoginAttempt(function (attempt) {
if (attempt.user.locked) {
attempt.allowed = false;
}
if (!_.contains(attempt.user.approvedDevices, attempt.connection)) {
Accounts.sendApprovalEmail(attempt.user._id);
attempt.allowed = false;
}
return attempt;
});
Accounts.sendApprovalEmail = function (userId) {
const token = Random.secret();
Meteor.users.update(userId, {
$set: {
locked: true,
'services.password.approve': {
token: token,
when: new Date()
}
}
});
const user = Meteor.users.findOne(userId);
Email.send(user.emails[0], {
from: 'Accounts security',
text: `Please visit this link to verify your account ${Meteor.absoluteUrl('verify_account/' + token)}`
})
}
1 Like
Thanks! I will try that out.
