Meteor login without password


Is there any way to hijack the Accounts system to allow logging in a user from the server without the need for a password?

I have a 'fast user switching' concept that requires a user to login as usual each day, but the system is multi-user and so I want to allow them to switch quickly with the use of a four digit keycode. What I need is a way to change the logged in user by code rather than needing a full username/password combination.



Yes, it's quite easy actually.

Just create a collection that stores pin code/userid combinations and create a new loginhandler (Accounts.registerLoginHandler)

In the loginhandler fetch the userid for the provided pin code and do something like:

https://gist.github.com/anonymous/86245712c1dee5d2bdbd (untested, but you get the idea)

You could also save the pincode field in the users collection, that's up to you of course


I don't think so. If you don't need a password at all, you could hard-code the password. Change every account (affected accounts) to a hard-coded value and then you use that same value to perform the login. You can change the password of any account on the server.

If you want to use at keycode, you code use this as a password as well.

In case you go for the hard-coding, you might want to set an environment variable, which holds the password. Simply start Meteor like this:

SECRET="yourpassword" meteor

And then you can access the password on the server via:

var password = process.env.SECRET;