I'm developing a simple application using Meteor to learn the framework. I'm using the accounts-password package which incorporates the accounts-base package.
User's will create an account and their email address will serve as their username for login in. This all works perfectly fine as intended. Now I want to take this to the next level.
I want to have the ability to temporarily ban a user for a temporary set period of time - let's say a week.
Is this functionality possible using the accounts-password package or is there another package that exists which will accomplish this functionality? Otherwise how can I implement this functionality on my own?
How about using something like isBanned flag in the users collection against each user? That way, you check for this flag before logging the user in. You could further extend this by having a date field when the ban was applied and later have a way to calculate the elapsed time to see if the ban can be auto-lifted.
db.users.findOne()
{
[...]
"username" : "superadmin",
"profile" : {
"isActive" : true,
"createdBy" : "system",
// is this user banned?
"isBanned" : false,
"updatedAt" : ISODate("2016-10-07T17:33:42.773Z"),
"loginTime" : ISODate("2016-10-07T17:25:44.068Z"),
"logoutTime" : ISODate("2016-10-07T17:33:42.660Z")
},
"roles" : [
"superAdmin"
]
}
Your login form events could be like:
Template.loginForm.events({
'submit #login-form': function(event,template){
event.preventDefault();
// Check for isBanned flag
if(Meteor.users.find({username: template.find("#userName").value,isBanned: false}) {
Meteor.loginWithPassword(
template.find("#userName").value,
template.find("#password").value,
function(error) {
if (error) {
// Display the login error to the user however you want
console.log("Error logging in. Error is: " + error);
Session.set('loginErrorMessage', error.message);
Router.go('/');
}
}
);
Meteor.call('updateLoginTime');
Router.go('loggedIn');
},
}