accounts-admin-password allows you to login with an admin's password. You can refresh the page and your session will not be lost.
accounts-admin-password relies on the alanning:roles package, and it requires you to create users with the role admin.
This is different from the gwendall:impersonate package, which will reverse back to the admin user whenever a user refreshes.
Add the package to your project
meteor add brewhk:accounts-admin-password
Use Meteor.loginWithAdminPassword exactly the same way as you would with Meteor.loginWithPassword, but with the admin's password instead of the user's password. Like Meteor.loginWithPassword, Meteor.loginWithAdminPassword is only available on the client.
E.g.
// Login with admin password
Meteor.loginWithAdminPassword(user, password, function (error) {
if(!error) {
// Success
} else {
// Failure
}
});
accounts-admin-password creates a new client-side method Meteor.loginWithAdminPassword which is the same as Meteor.loginWithPassword. The only difference is we're passing in an additional option - withAdminPassword - and the password property is renamed adminPassword. This prevents the password login handler from process the request, and leaves it for our own login handler to pick up the request.
The password is hashed with
Accounts._hashPasswordbefore being sent over the wire.
First, the options is checked for validity. The validators are copied from the accounts-password package.
Next, we check for our withAdminPassword flag inside the options object. If this is set to true then we know we should handle it.
We then use Roles.getUsersInRole from the alanning:roles package `` to get all the users that are admins. We then use a for loop to check whether the password belongs to any of the admins.
If it does, then we get the user and add a login token to the user's resume using Accounts._generateStampedLoginToken and Accounts._insertLoginToken
The token is returned alongside the user's id and the user is logged in.