Control access to a Meteor Web app using EPFL's Tequila authentication system
Like the passport-tequila npm, but for Meteor
Usage
$ meteor add epfl:accounts-tequila
Then in main.js:
import Tequila from 'meteor/epfl:accounts-tequila' Meteor.startup(function() { Tequila.start({ upsert: false, ... }) })
Fake Tequila server
This package is attuned to passport-tequila's fake Tequila server. To use it, use one of the two methods in the paragraphs below.
In-process fake Tequila
- Create a
settings.jsonfile that contains
{ "fake_tequila": { "requestauth": { "uniqueid": "243371", "displayname": "Dominique Quatravaux", "group": "epfl-dojo,idev-fsd" } } }
- Change your Meteor app to run Tequila.start({fakeLocalServer: Meteor.settings.fake_tequila }, ...)
- Run meteor with
meteor run --settings settings.json
Out-of-process fake Tequila
- Clone
passport-tequilaoutside of your Meteor project: git clone git@gitlab.com:epfl-sti/passport-tequila.git - Create a
tequila.jsonfile that contains
{ "requestauth": { "uniqueid": "243371", "displayname": "Dominique Quatravaux", "group": "epfl-dojo,idev-fsd" } }
- Run
node test/bin/fake_tequila_server --config-file tequila.json - Change your Meteor app to run
Tequila.start({fakeLocalServer: { port: 3011 }, ... })
API Reference
Functions
start(opts)
Enable Tequila with a redirect-based flow.
Accessing any of the app's HTML URLs will now redirect to Tequila, unless a ?key= URL parameter is present (indicating we are back from Tequila, in which case the key be passed as a Meteor login method parameter over DDP - The JS and CSS URLs are not guarded in this way, so that the app may initialize as normal).
Kind: global function
| Param | Type | Description |
|---|---|---|
| opts | Object | Options |
| opts.client | string | Passed to passport-tequila's Protocol object |
| opts.service | string | Passed to passport-tequila's Protocol object |
| opts.request | string | Passed to passport-tequila's Protocol object |
| opts.require | string | Passed to passport-tequila's Protocol object |
| opts.tequila_host | string | Passed to passport-tequila's Protocol object |
| opts.tequila_port | string | Passed to passport-tequila's Protocol object |
| opts.bypass | Array.<string> | List of URL patterns that are not redirected to Tequila |
| opts.control | Array.<string> | List of URL patterns that are redirected to Tequila, subject to the exceptions stated above (i.e. not matching opts.bypass, and not when a ?key= URL parameter is present) |
| opts.fakeLocalServer | boolean | Object | Either { port: portNumber } to use a Tequila server already running out-of-process, or true for an in-process Tequila server on an ephemeral port |
| opts.getUserId | function | Function that takes the Tequila fetchattributes RPC response fields, and returns either the Meteor user ID to be used (which must be a string - See https://stackoverflow.com/a/24972966/435004) or a Promise of same. Also, If opts.upsert is not false, non-existent users will be auto-created with the return value as their Meteor user ID; see opts.upsert for details. The default behavior is to return either tequilaAttributes.uniqueid if it exists, or tequilaAttributes.user otherwise. |
| opts.upsert | function | Function that takes the Tequila fetchattributes RPC response fields, and returns either the things that should be upserted in this user's Meteor.user record (the one whose ID is the return value of opts.getUserId) or a Promise for same. The default implementation returns { $set: { tequila: tequilaAttributes }}. Set opts.upsert to false if you don't want accounts-tequila to perform automatic upsertion for you (in which case you may program opts.getUserId to auto-create users before completing its Promise). If neither your code (in opts.getUserId) nor accounts-tequila (with opts.upsert) auto-creates users, then users without a pre-existent entry in the Meteor.user collection get a Tequila:user-unknown exception to their login method call. |
upsertUser(id, setAttributes) ⇒
Upsert (update or insert) a record in Meteor.users
Newly created users must have an _id that is a string (see
https://stackoverflow.com/a/24972966/435004). We use either
tequila.uniqueid (i.e. the person's SCIPER number) or
tequila.user (i.e. the person's GASPAR user name), in this order
of preference, depending on which is defined.
Kind: global function Returns: Promise Resolves to the Meteor.user record when upsertion completes
| Param | Type | Description |
|---|---|---|
| id | string | The Meteor.user ID to upsert as - Must be a string as per https://stackoverflow.com/a/24972966/435004 |
| setAttributes | Object | A standard MongoDB upsert payload, e.g. { $set: { foo: "bar" }} |