splendido / meteor-accounts-meld Goto Github PK

If i made a service account (like "Facebuk") and later i made an account-password standar account and i verify then i obtain this in the users collection document.

"emails" : [
                {
                        "address" : "XXX",
                        "verified" : true
                }
        ],
        "registered_emails" : [
                {
                        "address" : "XXX",
                        "verified" : true
                }
        ]

If i verify an email. Can you erase the "emails" profile? Two emails fields are unnecesary.

Thanks

Need to request hosting from MDG?

Hi,

Just checking, should this work with Meteor 1.3?

So I just added redis-oplog to my project

https://github.com/cult-of-coders/redis-oplog

meteor add cultofcoders:redis-oplog
meteor add disable-oplog

With its default settings

And I get this error

W20180226-10:52:11.373(4)? (STDERR) Error: use "new" to construct a Mongo.Collection
W20180226-10:52:11.374(4)? (STDERR)     at new Mongo.Collection (packages/mongo/collection.js:30:11)
W20180226-10:52:11.374(4)? (STDERR)     at packages/splendido_accounts-meld.js:116:15
W20180226-10:52:11.374(4)? (STDERR)     at packages/splendido_accounts-meld.js:702:4
W20180226-10:52:11.374(4)? (STDERR)     at packages/splendido_accounts-meld.js:751:4
W20180226-10:52:11.374(4)? (STDERR)     at packages/splendido_accounts-meld.js:764:3
W20180226-10:52:11.374(4)? (STDERR)     at infos.forEach.info (/Users/hayksafaryan/projects/b2c/.meteor/local/build/programs/server/boot.js:414:13)
W20180226-10:52:11.374(4)? (STDERR)     at Array.forEach (<anonymous>)
W20180226-10:52:11.375(4)? (STDERR)     at /Users/hayksafaryan/projects/b2c/.meteor/local/build/programs/server/boot.js:413:9
W20180226-10:52:11.375(4)? (STDERR)     at /Users/hayksafaryan/projects/b2c/.meteor/local/build/programs/server/boot.js:463:5
W20180226-10:52:11.375(4)? (STDERR)     at Function.run (/Users/hayksafaryan/projects/b2c/.meteor/local/build/programs/server/profile.js:510:12)
=> Exited with code: 1

Im having a weird error. The module is working exactly as expected on local host but not on the live site.

When i try to run it on live it gets to the callback

www.MYWEBSITE.com/_oauth/facebook?close&DATA_FROM_LOGIN
OR
www.MYWEBSITE.com/_oauth/google?close&DATA_FROM_LOGIN

then just sits there.

On localhost it closes the popup and adds the info to the user. Am i missing something?

I'm using loginWith and all works like a charm, but i want to use this, to link accounts-password and service-accounts with "serviceAddedCallback", but i don't understand where i can call meld!!!...can someone help me.

Thanks... #

This was the flow I used:
Create user with G+\Facebook sign-in.
Create another user with Twitter sign-in
Choose to add G+/Facebook when signed-in with the Twitter account.
With this, the registered_emails field from my FB account did not over to my new merged acount, when it should have.

I get an issue when using this and it's not working on my end (tested accounts-password and accounts-facebook accounts if they could meld, they don't):

I20170227-15:04:55.905(0)? Exception in onLogin callback: Error: After filtering out keys not in the schema, your modifier is now empty
I20170227-15:04:55.917(0)? at [object Object].doValidate (packages/aldeed_collection2-core.js:416:11)
I20170227-15:04:55.920(0)? at [object Object].Mongo.Collection.(anonymous function) [as update] (packages/aldeed_collection2-core.js:214:25)
I20170227-15:04:55.924(0)? at updateEmails (packages/splendido_accounts-emails-field.js:191:16)
I20170227-15:04:55.927(0)? at runAndHandleExceptions (packages/callback-hook.js:152:24)
I20170227-15:04:55.931(0)? at packages/callback-hook.js:159:12
I20170227-15:04:55.935(0)? at packages/accounts-base/accounts_server.js:167:5
I20170227-15:04:55.938(0)? at [object Object]._.extend.each (packages/callback-hook.js:128:15)
I20170227-15:04:55.942(0)? at AccountsServer.Ap._successfulLogin (packages/accounts-base/accounts_server.js:166:21)
I20170227-15:04:55.945(0)? at AccountsServer.Ap.attemptLogin (packages/accounts-base/accounts_server.js:356:10)
I20170227-15:04:55.948(0)? at [object Object].methods.login (packages/accounts-base/accounts_server.js:533:21)
I20170227-15:05:12.045(0)? Exception in onLogin callback: Error: After filtering out keys not in the schema, your modifier is now empty
I20170227-15:05:12.046(0)? at [object Object].doValidate (packages/aldeed_collection2-core.js:416:11)
I20170227-15:05:12.046(0)? at [object Object].Mongo.Collection.(anonymous function) [as update] (packages/aldeed_collection2-core.js:214:25)
I20170227-15:05:12.046(0)? at updateEmails (packages/splendido_accounts-emails-field.js:191:16)
I20170227-15:05:12.047(0)? at runAndHandleExceptions (packages/callback-hook.js:152:24)
I20170227-15:05:12.048(0)? at packages/callback-hook.js:159:12
I20170227-15:05:12.048(0)? at packages/accounts-base/accounts_server.js:167:5
I20170227-15:05:12.048(0)? at [object Object]..extend.each (packages/callback-hook.js:128:15)
I20170227-15:05:12.049(0)? at AccountsServer.Ap._successfulLogin (packages/accounts-base/accounts_server.js:166:21)
I20170227-15:05:12.049(0)? at AccountsServer.Ap._attemptLogin (packages/accounts-base/accounts_server.js:356:10)
I20170227-15:05:12.050(0)? at [object Object].methods.login (packages/accounts-base/accounts_server.js:533:21)

Hi,

I've got an application that uses accounts-core. Is there any way I can use accounts-meld in it? I've tried to add the package and use it with default configuration but I'm not getting any merge of users.

Inside the app I've got a part where the users is allowed to add is facebook account using "Meteor.loginWithFacebook();" and the merge works perfectly.

Thanks

Hi Luca,

I just want to point out that despite your great work on this package, there is one consequence that users should be aware of (Perhaps it should be added to the README?)...

    // Removes the old user
    Meteor.users.remove(srcUser._id);
    // Updates the current user
    Meteor.users.update(dstUser._id, {
        $set: _.omit(dstUser, "_id", "services")
    });
    Meteor.users.update(dstUser._id, {
        $set: newServices
    });

If a user has an existing account, and logs in with a new provider, he gets the ID of the new account. This may destroy relationships with other collections as well as other systems (not part of the meteor app, but part of the same tech infrastructure, such as a search index or a postgres database, redis store, etc.) that user the user ID.

I think that you may have implemented it this way to preserve the existing new login session the user establishes (i.e., he logs in as a new user, and you don't want to remove THAT account), but it does create a data integrity issue.

The doc mentions LinkedIn as a supported service. But looking in the usual Meteor resources, I can find no recent information about how LinkedIn can be added as a service (including compatibility with useraccounts packages).
Any remark or advice that could be added to the doc?

From the doc:

At the moment it is not possible to do the contrary: a call to Meteor.loginWithPassword will log out the current user and login the one associated with the password service. After this, only in case the email used with the password service is already verified, the two account will be elected for melding

Why this limitation? Any technical difficulty?

Hey,

Not sure if this is intended or not, but serviceAddedCallback does not fire when a user that is not logged in tries to login with a service that another user has a verified email matching (this happens at line 593 of accounts-meld-server.js).

The reason I had to get this to fire is because I have an onCreateUser callback that fires when someone logs in with Facebook for the first time that copies info into the user.profile object.

In order to make this happen I called the original function storing the return value (to be returned after), called the callback and returned the return value. Reason for calling the original function is so that it copies the new service data into the user.

All works. I'm not great with git/github so here is the code I used starting from line 633 of accounts-meld-server.js:

// Now calls original updateOrCreateUserFromExternalService
var returnValue = origUpdateOrCreateUserFromExternalService.apply(this, arguments);

// Updates the registered_emails field
AccountsEmailsField.updateEmails({
    user: otherUser
});

// Need to also call serviceAddedCallback when a service is added to a non-logged in user
var serviceAddedCbk = AccountsMeld.getConfig('serviceAddedCallback');
if (serviceAddedCbk) {
    serviceAddedCbk(otherUser._id, serviceName);
}

// Return the previous return value here to avoid calling
// original function again
return returnValue;

Hope this helps. Dave

Is this still being maintained? Don't see much activity recently and it seems as if Meteor 1.4.x broke it as it worked for me in an older project on 1.3 but is not never called on 1.4.2. I would appreciate any help here if this is still an active project. I can also provide more info if desired. Thank you

Consider the following attack scenario:

The app supports login with either the Giggle service or the LinkedOut service. User has a Giggle account and logs into the app using his Giggle account which provides his verified email addreess of [email protected]. User does not want to allow LinkedOut to authenticate him to the app. Perhaps user has a weaker password on his LinkedOut account. Perhaps user doesn't trust LinkedOut for some reason. Perhaps user doesn't have a LinkedOut account and doesn't plan to get one. Attacker guesses users weak LinkedOut password or, due to a LinkedOut vulnerability, manages to otherwise break into user's LinkedOut account (or create a new one) with "verified" email address of [email protected]. Attacker signs in to app using that LinkedOut account and, because it has the same verified email address as the user's Giggle account, the attacker's app account is merged/melded with the user's app account, giving the attacker control over the user's app account. When the user signed up with the app using his Giggle account, he did not realize (and had no reason to expect) that his app account security was in any way related to the security of his LinkedOut account. As a result, the app has betrayed the user's trust.

One way (and I'd argue the simplest and most secure way) to prevent the above attack is to require that the user be logged in to both services at the same time before initiating a meld. This is already the case when a logged in user logs in using a different service. So this issue only applies to the case where a logged out user logs in using a service where he has a verified email address that matches the verified email address associated with a different service on an existing account.

FWIW, I don't think setting askBeforeMeld to true will fix this. It looks like doing so will just ask the attacker to confirm that the accounts should be melded.

My suggested fix is to remove this code, and this code. A user would still be able to meld his accounts but he'd need to be logged in to two at a time.

The primary downside to such a change would be that the package would no longer prevent a user from creating multiple accounts with the same email address. If such behavior is desirable, it can be achieved more directly by registering a validateNewUser handler that checks for existing users with the same verified email.

Hi,
is there a way to retrive info like gender, hometown, birthday... ecc ecc from a facebook user?

Thanks a lot!

I have just tried to log-in using Twitter and realized the account is not melded.

So I went deeper into your doc, but I am still not sure. Can you please confirm the following?:

• A Twitter account cannot be melded because it does not provide any email field.
• A Github account cannot be melded because it does not provide a "verified email" field.
• A Google account can be melded because it provides a "verified email" field.
• Facebook and LinkedIn accounts can be melded because, although they do not provide a "verified email" field, the "email" field they provide is inevitably "verified" due to Facebook and LinkedIn enrollment processes.

If you confirm this, I think the doc should be updated to make this immediately understandable.

do you support login or signup with stripe?

In my app, I am asking user to update their email-id for a twitter sign-in. Once I know their email-id, I can automatically meld the account with the same email-id (if another with fb/google/linked-in/email already exists).

Is there a way I can make a call on the server and the accounts will be melded?

Hi,

i have faced the error, possibly related to recent update in Meteor minimongo (as I'm researched it is possibly about updateEmails:

=> Client modified -- refreshing           
I20150319-22:18:40.051(2)? Exception in onLogin callback: MongoError: '$set' is empty. You must specify a field like so: {$mod: {<field>: ...}}
I20150319-22:18:40.051(2)?     at Object.Future.wait (/home/shkomg/.meteor/packages/meteor-tool/.1.0.43.171erx9++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:398:15)         
I20150319-22:18:40.051(2)?     at [object Object].<anonymous> (packages/meteor/helpers.js:119:1)
I20150319-22:18:40.051(2)?     at [object Object].MongoConnection.(anonymous function) [as update] (packages/mongo/mongo_driver.js:678:1)
I20150319-22:18:40.051(2)?     at [object Object].Mongo.Collection.(anonymous function) (packages/mongo/collection.js:575:1)
I20150319-22:18:40.052(2)?     at [object Object].Mongo.Collection.(anonymous function) [as update] (packages/aldeed:collection2/collection2.js:159:1)                                    
I20150319-22:18:40.052(2)?     at updateEmails (packages/splendido:accounts-meld/lib/accounts-emails-field/lib/accounts-emails-field.js:88:1)                                             
I20150319-22:18:40.052(2)?     at Package (packages/splendido:accounts-meld/lib/accounts-meld-hooks.js:10:1)
I20150319-22:18:40.052(2)?     at runWithEnvironment (packages/meteor/dynamics_nodejs.js:108:1)
I20150319-22:18:40.052(2)?     at packages/meteor/dynamics_nodejs.js:121:1
I20150319-22:18:40.053(2)?     at packages/accounts-base/accounts_server.js:87:1
I20150319-22:18:40.053(2)?     - - - - -                                                                                                                                                  
I20150319-22:18:40.053(2)?     at Object.toError (/home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/utils.js:114:11)    
I20150319-22:18:40.053(2)?     at /home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/collection/core.js:577:27           
I20150319-22:18:40.054(2)?     at /home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1195:7                        
I20150319-22:18:40.054(2)?     at /home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1903:9                        
I20150319-22:18:40.054(2)?     at Server.Base._callHandler (/home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/base.js:453:41)                                    
I20150319-22:18:40.054(2)?     at /home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:487:18         
I20150319-22:18:40.054(2)?     at [object Object].MongoReply.parseBody (/home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)                             
I20150319-22:18:40.055(2)?     at [object Object].<anonymous> (/home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:445:20)                                 
I20150319-22:18:40.056(2)?     at [object Object].emit (events.js:95:17)
I20150319-22:18:40.056(2)?     at [object Object].<anonymous> (/home/shkomg/.meteor/packages/mongo/.1.1.0.1q3w6s6++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/connection_pool.js:207:13) 

Your help is really needed.

Thank you.

Hi this is splendido!

But please...one example and deploy it to .meteor...is free xD

Thanks, this package looks great for the multiple login services problem.

Hi Luca,

Thanks again for this amazing work in creating this package. I just had a look at https://github.com/splendido/test-accounts-meld and once signed-in I see Add Facebook, Google and so on buttons.

My question is how would it is possible to be able to add these button to some template lets say 'profile' or something?

It would be great to have a helper to be able to show those buttons where ever needed.

Thanks mate :)

Not sure if this is part of the development roadmap; was testing use with q42's accounts-microsoft package...

Env: already logged into an account provisioned by .loginWithLinkedIn(); attempted .loginWithMicrosoft...client side it threw a 500 error, server side it thew a:

Exception while invoking method 'login' TypeError: Object [object Object] has no method 'map'

I20160115-13:47:50.696(-6)? at getEmailsFromService (packages/splendido_accounts-emails-field/packages/splendido_accounts-emails-field.js:95:1)
I20160115-13:47:50.696(-6)? at packages/splendido_accounts-emails-field/packages/splendido_accounts-emails-field.js:149:1
I20160115-13:47:50.697(-6)? at Function..each..forEach (packages/underscore/underscore.js:113:1)
I20160115-13:47:50.697(-6)? at Object.updateEmails (packages/splendido_accounts-emails-field/packages/splendido_accounts-emails-field.js:142:1)
I20160115-13:47:50.697(-6)? at AccountsServer.updateOrCreateUserFromExternalService (packages/splendido_accounts-meld/packages/splendido_accounts-meld.js:565:1)
I20160115-13:47:50.697(-6)? at [object Object].Package (packages/accounts-oauth/oauth_server.js:55:1)
I20160115-13:47:50.697(-6)? at accounts_server.js:462:32
I20160115-13:47:50.697(-6)? at tryLoginMethod (accounts_server.js:239:14)
I20160115-13:47:50.697(-6)? at AccountsServer.Ap._runLoginHandlers (accounts_server.js:459:18)
I20160115-13:47:50.697(-6)? at [object Object].methods.login (accounts_server.js:522:27)

Haven't had a chance to dive into it much yet, but thought to throw this in the list in case anyone else was trying to make this work.

Thanks for the awesome plugin; tremendously helpful for some of the Meteor apps I'm developing.

Hi, great package, thanks!

1. When melding, can you configure which account gets deleted? Eg delete the one that was just created, keeping the one with the oldest createdAt?
2. "In case a new service is added to the current user object without the need of any meld action, the serviceAddedCallback can be used to update, e.g., the user profile." In what circumstances is a new service added to an existing account instead of a meld happening between two accounts?

Hello,

How do I unlink melded accounts? For example, lets say that I registered with Gmail ([email protected]) and then linked Facebook while logged in ([email protected]). I try removing the services.facebook field, but when I try logging in with Facebook again ([email protected]) again it melds the accounts again. Do I need to remove [email protected] from the registered_emails list?

Under the above circumstances, the log in process is cancelled at a certain point to save some logout/login operations.
This makes updateEmail inside the Accounts.onLogin callback not being called!

Looking at the accounts-base code, it seems that services' data is possibly added to the user object somehow encrypted with the user._id. See this:

https://github.com/meteor/meteor/blob/devel/packages/accounts-base/accounts_server.js#L1136

the function pinEncryptedFieldsToUser is defined here:

https://github.com/meteor/meteor/blob/devel/packages/accounts-base/accounts_server.js#L919

So the question is: when we merge to accounts moving services from one to another with someting like _.defaults(dst_user.services, src_user.services); is it fine or should we re-encrypt all services' data fields with the new dst_user._id?

...in any case, at the first log in using a particular service the above cited function will be re run and all service data re-encrypted!

So the actual question is: could it be that some particular service data field contains information that will be needed before the next log in with that service?

Here is my scenario. Lets say a user logs in with Google and the email address is [email protected]. Once in the app, he adds manually, as secondary email, [email protected]. Later on, the user decides to log in with LinkedIn which is the [email protected] associated to the account. Right now accounts-meld is working fine when it is the same email address for both service but it seems that it doesn't recognize the secondary email (added manually and email is verified). When I try to login with the linkedIn service I get a Email already exists error message from accountsuser-core package.

Am I missing something here ?

In the announcement of Meteor Update:

loginWithGithub now requests user:email scope by default, and attempts to fetch the user's emails. If no public email has been set, we use the primary email instead. We also store the complete list of emails. #4545

The doc says:

meldUserCallback = function(src_user, dst_user){
    // modify the dst_user object here (in place) if there is 
    // something inside src_user that must be preserved
};

and:

this is how it is called:
var meldedUser = meldUserCallback(src_user, dst_user);

This sounds contradictory to me. Should I modify dst_user in place or return the keys I want you to copy into dst_user?

Also:

In particular the line:
meldedUser = _.omit(meldedUser, '_id', 'services', 'emails', 'registered_emails');
ensures that any accidental modification to sensitive fields will be neglected...

I am not sure accidental modification is prevented if I modify dst_user in place.

So a thought on security. Rather then just checking if the local email is verified would it not be better to send a meld accounts request email?

In the email it could say something like:

Someone has requested to add {{serviceName}} account {{name}} 
to the account associated with this email.

Is this your account at {{serviceName}}? 

yes/no

This is a great and comprehensive package - thanks for all your work.

I have an issue in my application where members may belong to various groups. If someone has signed up with a service (like Facebook) and joins a group, their user_id is used as their memberId in the Members collection. Then if the same person registers (new registration) with their email address with a verification email, the accounts-meld works great - but I want to be able to change their memberId in the Members collection using the MeldDBCallback function, and I can't seem to get it to work (the Members.update doesn't happen).

I followed the documentation as follows:
var meldDBCallback = function(src_user_id, dst_user_id){
Members.update(
{MemberId: src_user_id},
{$set: {MemberId: dst_user_id}},
{multi: true}
);
};

AccountsMeld.configure({
meldDBCallback: meldDBCallback
});

What am I missing? Any help would be greatly appreciated - thanks, Bob

hello splendido! I really need the option to allow connect multiple accounts of same social network for example connect 3 different Facebook accounts just make them available in the Meteor.user() services collection. Is it hard to accomplish is there any issues with that? It's basically for API calls (not for FB). Thanks

Hello, I just started trying accounts-meld and am hoping you can help me through an issue.

Currently, let's say a user is logged in via email. He decides to connect his Twitter account by clicking a button. The button then calls Meteor.loginWithTwitter. Locally, there is an error thrown that says

Service correctly added to the current user, no need to proceed!

And then I see that the Twitter credentials are added to the logged in user. However, in production the error thrown is

No matching login attempt found

And no Twitter credentials are added. I wonder what I am doing incorrectly and how I can troubleshoot what is going on? Thank you.

When melding two users, the older user is deleted. The new user is updated with the old user services, but it seems the old user _id is lost.
This is unfortunate, because the old user _id might already be used in other places to associate the user with some other data.
In my application for example, I have a collection that associates a userId with a postId. Each time an account is melded, this creates an orphan record (i.e. linked to a deleted user).
Could the old user _id be preserved when melding two users?

An attacker can determine whether a target user has an account with the app. Consider the following scenario:

A human rights activist has a Giggle account associated with his real name and email address. He uses his Giggle account to login to a fictional "Overthrow Kim Jung-on Forums" app. The North Korean government suspects him, compromises LinkedOut such that they can create a LinkedOut account with his email address (or compromises his LinkedOut account), and then uses the LinkedOut account to login to the app. Since the email addresses are the same, accounts-meld melds (or asks to meld) the accounts and the government then knows that the user has an account on the app. If you find this scenario too far-fetched, consider an app like AshleyMadison.com and let the attacker be a black-hat out to blackmail users.

Aside 1: accounts-password has this privacy issue even when there is no melding/merging. You can determine whether a particular email address is already registered simply by trying to create an account with that email address and seeing whether an error occurs. Sites where having an account is itself risky should not be using accounts-password for that reason. But those sites should not have this privacy issue introduced because they use splendido:accounts-meld.

Aside 2: You might think you can address the privacy issue by only offering the meld/merge to the existing user (i.e. the account with the Giggle service). However, there is still a scenario where the attacker signs up using the bogus LinkedOut account before the victim signs up. When the victim signs up, the attacker then knows about it.

My suggested fix is the same as for issue #30. Specifically don't meld (or ask to meld) two accounts unless the user has logged into both at the same time. The primary downside to such a change would be that the package would no longer prevent a user from creating multiple accounts with the same email address. Apps that desire such behavior can achieve it without accounts-meld by just registering a validateNewUser handler that checks for existing users with the same verified email.

If I run 'meteor update', your test app stops working.

W20150904-12:11:41.189(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:41.191(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:41.191(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:41.191(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:41.191(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:41.192(-4)? (STDERR) 
W20150904-12:11:41.192(-4)? (STDERR) /Users/priyankasharma/.meteor/packages/meteor-tool/.1.1.4.js2pp6++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:245
W20150904-12:11:41.192(-4)? (STDERR)                        throw(ex);
W20150904-12:11:41.192(-4)? (STDERR)                              ^
W20150904-12:11:41.192(-4)? (STDERR) ReferenceError: Router is not defined
W20150904-12:11:41.192(-4)? (STDERR)     at app/lib/router.js:1:36
W20150904-12:11:41.192(-4)? (STDERR)     at app/lib/router.js:26:3
W20150904-12:11:41.192(-4)? (STDERR)     at /Users/priyankasharma/Meteor/qoll/test-accounts-meld/.meteor/local/build/programs/server/boot.js:222:10
W20150904-12:11:41.192(-4)? (STDERR)     at Array.forEach (native)
W20150904-12:11:41.192(-4)? (STDERR)     at Function._.each._.forEach (/Users/priyankasharma/.meteor/packages/meteor-tool/.1.1.4.js2pp6++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/underscore/underscore.js:79:11)
W20150904-12:11:41.192(-4)? (STDERR)     at /Users/priyankasharma/Meteor/qoll/test-accounts-meld/.meteor/local/build/programs/server/boot.js:117:5
=> Exited with code: 8
W20150904-12:11:44.458(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:44.458(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:44.458(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:44.458(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:44.458(-4)? (STDERR) You now need a routing package like useraccounts:iron-routing or useraccounts:flow-routing to be able to configure routes!
W20150904-12:11:44.459(-4)? (STDERR) 
W20150904-12:11:44.460(-4)? (STDERR) /Users/priyankasharma/.meteor/packages/meteor-tool/.1.1.4.js2pp6++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:245
W20150904-12:11:44.460(-4)? (STDERR)                        throw(ex);
W20150904-12:11:44.460(-4)? (STDERR)                              ^
W20150904-12:11:44.467(-4)? (STDERR) ReferenceError: Router is not defined
W20150904-12:11:44.467(-4)? (STDERR)     at app/lib/router.js:1:36
W20150904-12:11:44.468(-4)? (STDERR)     at app/lib/router.js:26:3
W20150904-12:11:44.468(-4)? (STDERR)     at /Users/priyankasharma/Meteor/qoll/test-accounts-meld/.meteor/local/build/programs/server/boot.js:222:10
W20150904-12:11:44.468(-4)? (STDERR)     at Array.forEach (native)
W20150904-12:11:44.468(-4)? (STDERR)     at Function._.each._.forEach (/Users/priyankasharma/.meteor/packages/meteor-tool/.1.1.4.js2pp6++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/underscore/underscore.js:79:11)
W20150904-12:11:44.469(-4)? (STDERR)     at /Users/priyankasharma/Meteor/qoll/test-accounts-meld/.meteor/local/build/programs/server/boot.js:117:5
=> Exited with code: 8

Hi, back on Meteor 1.1, this package worked fine for me... now, after update, I get this error when any user logs in:

I20151005-23:51:15.821(-3)? Exception in onLogin callback: Error: When the modifier option is true, validation object must have at least one operator
I20151005-23:51:15.821(-3)? at checkModifier (packages/aldeed_simple-schema/packages/aldeed_simple-schema.js:2293:1)
I20151005-23:51:15.821(-3)? at doValidation1 (packages/aldeed_simple-schema/packages/aldeed_simple-schema.js:2343:1)
I20151005-23:51:15.822(-3)? at doValidation (packages/aldeed_simple-schema/packages/aldeed_simple-schema.js:2758:1)
I20151005-23:51:15.822(-3)? at SimpleSchemaValidationContext.simpleSchemaValidationContextValidate as validate
I20151005-23:51:15.822(-3)? at [object Object].doValidate (packages/aldeed_collection2/packages/aldeed_collection2.js:372:1)
I20151005-23:51:15.822(-3)? at [object Object].Mongo.Collection.(anonymous function) as update
I20151005-23:51:15.822(-3)? at updateEmails (packages/splendido_accounts-emails-field/packages/splendido_accounts-emails-field.js:171:1)
I20151005-23:51:15.822(-3)? at runAndHandleExceptions (packages/callback-hook/hook.js:133:1)
I20151005-23:51:15.822(-3)? at packages/callback-hook/hook.js:140:1
I20151005-23:51:15.822(-3)? at accounts_server.js:165:5

First, thank you for the package.

Second:
I have to provide an API sign up with a Google JSON Web Token in my web app - for a mobile app.
It would have been very useful to be able to call Accounts.updateOrCreateUserFromExternalService from the server, with my user data and also get melded accounts.

Issue:

You use currentUser = Meteor.user() , which gives the following error:

Error in method "/api/setuser/", Error: Error: Meteor.userId can only be invoked in method calls. Use this.userId in publish functions.
    at Object.Meteor.userId (packages/accounts-base/accounts_server.js:19:1)
    at Object.Meteor.user (packages/accounts-base/accounts_server.js:24:1)
    at Object.updateOrCreateUserFromExternalService (packages/splendido:accounts-meld/lib/accounts-meld-server.js:495:1)
    at Object.HTTP.methods./api/setuser.post (app/server/api/user.js:159:28)
    at packages/cfs:http-methods/http.methods.server.api.js:574:1

Because you override the original method, I can't use it. Can you provide an export of the original ? It would of course be great if we could meld accounts from the server.

I can request additional permission to access verified e-mail in app dashboard Twitter provides. And after that I get email value in Meteor's services entry.

So now melding can work also for Twitter.