diff --git a/package-lock.json b/package-lock.json index 33a2daa607..b8702f8048 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2920,12 +2920,6 @@ "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.9.tgz", "integrity": "sha512-HOpZf6eXmnl7la+cUdMnLvUxKNqLUzJvgIziQ0DiF3JwSImNphIqdGqzj6hIKyX04MmV0poclQ7+wjWvxQyR2A==", "dev": true - }, - "lodash.mergewith": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz", - "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==", - "dev": true } } }, @@ -4169,12 +4163,6 @@ "integrity": "sha512-HOpZf6eXmnl7la+cUdMnLvUxKNqLUzJvgIziQ0DiF3JwSImNphIqdGqzj6hIKyX04MmV0poclQ7+wjWvxQyR2A==", "dev": true }, - "lodash.mergewith": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz", - "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==", - "dev": true - }, "loose-envify": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", @@ -4273,12 +4261,6 @@ "value-equal": "^0.4.0" } }, - "lodash.mergewith": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz", - "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==", - "dev": true - }, "prop-types": { "version": "15.7.2", "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz", @@ -15567,9 +15549,9 @@ "integrity": "sha512-AOYza4+Hf5z1/0Hztxpm2/xiPZgi/cjMqdnKTUWTBSKchJlxXXuUSxCCl8rJlf4g6yww/j6mA8nC8Hw/EZWxKQ==" }, "lodash.mergewith": { - "version": "4.6.0", - "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.0.tgz", - "integrity": "sha1-FQzwoWeR9ZA7iJHqsVRgknS96lU=" + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz", + "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==" }, "lodash.omit": { "version": "4.5.0", diff --git a/packages/vulcan-accounts/imports/helpers.js b/packages/vulcan-accounts/imports/helpers.js index a6afd669d8..131f953fe4 100755 --- a/packages/vulcan-accounts/imports/helpers.js +++ b/packages/vulcan-accounts/imports/helpers.js @@ -6,12 +6,12 @@ try { } export const loginButtonsSession = Accounts._loginButtonsSession; export const STATES = { - SIGN_IN: Symbol('SIGN_IN'), - SIGN_UP: Symbol('SIGN_UP'), - PROFILE: Symbol('PROFILE'), - PASSWORD_CHANGE: Symbol('PASSWORD_CHANGE'), - PASSWORD_RESET: Symbol('PASSWORD_RESET'), - ENROLL_ACCOUNT: Symbol('ENROLL_ACCOUNT') + SIGN_IN: Symbol.for('SIGN_IN'), + SIGN_UP: Symbol.for('SIGN_UP'), + PROFILE: Symbol.for('PROFILE'), + PASSWORD_CHANGE: Symbol.for('PASSWORD_CHANGE'), + PASSWORD_RESET: Symbol.for('PASSWORD_RESET'), + ENROLL_ACCOUNT: Symbol.for('ENROLL_ACCOUNT') }; export function getLoginServices() { diff --git a/packages/vulcan-users/lib/server/mutations.js b/packages/vulcan-users/lib/server/mutations.js index c87bc0d87f..143174161c 100644 --- a/packages/vulcan-users/lib/server/mutations.js +++ b/packages/vulcan-users/lib/server/mutations.js @@ -87,13 +87,25 @@ const specificResolvers = { if (!email) { throw new Error('Invalid email'); } - return await authenticateWithPassword(email, password); + const authResult = await authenticateWithPassword(email, password); + // set an HTTP-only cookie so the user is authenticated + const { /*userId,*/ token } = authResult; + const tokenCookie = { + path: '/', + httpOnly: true, + secure: process.env.NODE_ENV === 'development' ? false : true, + // expires: // + //sameSite: '' + }; + context.req.res.cookie('meteor_login_token', token, tokenCookie); + return authResult; }, async logout(root, args, context) { if (!(context && context.userId)) { throw new Error('User already logged out'); } const { userId } = context; + context.req.res.clearCookie('meteor_login_token'); return await logout(userId); }, async signup(root, args, context) {