I am trying to create the following authentication for an app: User enters phone number and receives an SMS with a code generated in the server (the SMS is handled through an external service). If the user enters the right code he is logged in. This means I must have two login stages: registering user with a phone and logging him in with the code, so this is what I think the client should look like:
Meteor.getSmsCode = function(phone, username, callback) {
Accounts.callLoginMethod({
methodName: 'getsmscode',
methodArguments: [{
getsmscode: true,
phone: phone,
username: username
}],
userCallback: callback
});
};
Meteor.loginWithCode = function(phone, code, callback) {
Accounts.callLoginMethod({
methodName: 'login',
methodArguments: [{
hascode: true,
phone: phone,
code: code
}],
userCallback: callback
});
};
But I am confused about the server side - there should be two methods: the first should only register a user (and communicate with the SMS service) and second should log him in.
This is the server test code for now:
Meteor.users.insert({phone: '123456789', code: '123', username:'ilyo'});
Accounts.registerLoginHandler(function(loginRequest) {
var user = Meteor.users.findOne({phone: loginRequest.phone});
if(user.code !== loginRequest.code) {
return null;
}
var stampedToken = Accounts._generateStampedLoginToken();
var hashStampedToken = Accounts._hashStampedToken(stampedToken);
Meteor.users.update(userId,
{$push: {'services.resume.loginTokens': hashStampedToken}}
);
return {
id: user._id,
token: stampedToken.token
};
});
And this is what happens when I try it:
- Why an I getting the
500? - Why doesn't the user have a
codeandphonefields? - What method should I use for the
getSmsCode?
