Merge PR 2081 into devel

History.md

@@ -101,6 +101,9 @@ Patches contributed by GitHub users aldeed, apendua, arbesfeld, awwx, dandv,
 davegonzalez, justinsb, mquandalle, Neftedollar, Pent, sdarnell, and timhaines.
 
 
+* A validate login hook can now override the exception thrown from
+  `beginPasswordExchange` like it can for other login methods.
+
 
 ## v0.8.0.1
 

packages/accounts-base/accounts_server.js

@@ -309,6 +309,9 @@ Accounts._reportLoginFailure = function (methodInvocation, methodName, methodArg
 
   validateLogin(methodInvocation.connection, attempt);
   failedLogin(methodInvocation.connection, attempt);
+  // validateLogin may mutate attempt to set a new error message. Return
+  // the modified version.
+  return attempt;
 };
 
 

packages/accounts-password/password_server.js

@@ -73,12 +73,13 @@ Meteor.methods({beginPasswordExchange: function (request) {
     // the second step method ('login') is called. If a user calls
     // 'beginPasswordExchange' but then never calls the second step
     // 'login' method, no login hook will fire.
-    Accounts._reportLoginFailure(self, 'beginPasswordExchange', arguments, {
+    // The validate login hooks can mutate the exception to be thrown.
+    var attempt = Accounts._reportLoginFailure(self, 'beginPasswordExchange', arguments, {
       type: 'password',
       error: err,
       userId: user && user._id
     });
-    throw err;
+    throw attempt.error;
   }
 
   // Save results so we can verify them later.

packages/accounts-password/password_tests.js

@@ -33,7 +33,12 @@ if (Meteor.isClient) (function () {
     }, 10 * 1000, 100);
   };
   var invalidateLoginsStep = function (test, expect) {
-    Meteor.call("testInvalidateLogins", true, expect(function (error) {
+    Meteor.call("testInvalidateLogins", 'fail', expect(function (error) {
+      test.isFalse(error);
+    }));
+  };
+  var hideActualLoginErrorStep = function (test, expect) {
+    Meteor.call("testInvalidateLogins", 'hide', expect(function (error) {
       test.isFalse(error);
     }));
   };
@@ -616,6 +621,28 @@ if (Meteor.isClient) (function () {
         })
       );
     },
+    validateLoginsStep,
+    function (test, expect) {
+      Meteor.loginWithPassword(
+        "no such user",
+        "some password",
+        expect(function (error) {
+          test.isTrue(error);
+          test.equal(error.reason, 'User not found');
+        })
+      );
+    },
+    hideActualLoginErrorStep,
+    function (test, expect) {
+      Meteor.loginWithPassword(
+        "no such user",
+        "some password",
+        expect(function (error) {
+          test.isTrue(error);
+          test.equal(error.reason, 'hide actual error');
+        })
+      );
+    },
     validateLoginsStep
   ]);
 

packages/accounts-password/password_tests_setup.js

@@ -15,24 +15,34 @@ Accounts.onCreateUser(function (options, user) {
 });
 
 
-// connection id -> true
+// connection id -> action
 var invalidateLogins = {};
 
 
 Meteor.methods({
-  testInvalidateLogins: function (flag) {
-    if (flag)
-      invalidateLogins[this.connection.id] = true;
+  testInvalidateLogins: function (action) {
+    if (action)
+      invalidateLogins[this.connection.id] = action;
     else
       delete invalidateLogins[this.connection.id];
   }
 });
 
 
 Accounts.validateLoginAttempt(function (attempt) {
-  return ! (attempt &&
-            attempt.connection &&
-            invalidateLogins[attempt.connection.id]);
+  var action =
+    attempt &&
+    attempt.connection &&
+    invalidateLogins[attempt.connection.id];
+
+  if (! action)
+    return true;
+  else if (action === 'fail')
+    return false;
+  else if (action === 'hide')
+    throw new Meteor.Error(403, 'hide actual error');
+  else
+    throw new Error('unknown action: ' + action);
 });