Differential · ameagher · Sep 14, 2014 · Sep 20, 2014 · Sep 20, 2014 · rgoomar
diff --git a/client/views/signUp/signUp.coffee b/client/views/signUp/signUp.coffee
@@ -48,119 +48,120 @@ AccountsEntry.entrySignUpHelpers = {
     Session.get('email')
 }
 
-AccountsEntry.entrySignUpEvents = {
-  'submit #signUp': (event, t) ->
-    event.preventDefault()
-
-    username =
-      if t.find('input[name="username"]')
-        t.find('input[name="username"]').value.toLowerCase()
-      else
-        undefined
-    if username and AccountsEntry.settings.usernameToLower then username = username.toLowerCase()
-
-    signupCode =
-      if t.find('input[name="signupCode"]')
-        t.find('input[name="signupCode"]').value
-      else
-        undefined
-
-    trimInput = (val)->
-      val.replace /^\s*|\s*$/g, ""
-
-    email =
-      if t.find('input[type="email"]')
-        trimInput t.find('input[type="email"]').value
-      else
-        undefined
-    if AccountsEntry.settings.emailToLower and email then email = email.toLowerCase()
-
-    formValues = SimpleForm.processForm(event.target)
-    extraFields = _.pluck(AccountsEntry.settings.extraSignUpFields, 'field')
-    filteredExtraFields = _.pick(formValues, extraFields)
-    password = t.find('input[type="password"]').value
-
-    fields = AccountsEntry.settings.passwordSignupFields
-
-
-    passwordErrors = do (password)->
-      errMsg = []
-      msg = false
-      if password.length < 7
-        errMsg.push t9n("error.minChar")
-      if password.search(/[a-z]/i) < 0
-        errMsg.push t9n("error.pwOneLetter")
-      if password.search(/[0-9]/) < 0
-        errMsg.push t9n("error.pwOneDigit")
-
-      if errMsg.length > 0
-        msg = ""
-        errMsg.forEach (e) ->
-          msg = msg.concat "#{e}\r\n"
-
-        Session.set 'entryError', msg
-        return true
+if !Accounts._options.forbidClientAccountCreation
+  AccountsEntry.entrySignUpEvents = {
+    'submit #signUp': (event, t) ->
+      event.preventDefault()
+
+      username =
+        if t.find('input[name="username"]')
+          t.find('input[name="username"]').value.toLowerCase()
+        else
+          undefined
+      if username and AccountsEntry.settings.usernameToLower then username = username.toLowerCase()
+
+      signupCode =
+        if t.find('input[name="signupCode"]')
+          t.find('input[name="signupCode"]').value
+        else
+          undefined
+
+      trimInput = (val)->
+        val.replace /^\s*|\s*$/g, ""
+
+      email =
+        if t.find('input[type="email"]')
+          trimInput t.find('input[type="email"]').value
+        else
+          undefined
+      if AccountsEntry.settings.emailToLower and email then email = email.toLowerCase()
+
+      formValues = SimpleForm.processForm(event.target)
+      extraFields = _.pluck(AccountsEntry.settings.extraSignUpFields, 'field')
+      filteredExtraFields = _.pick(formValues, extraFields)
+      password = t.find('input[type="password"]').value
+
+      fields = AccountsEntry.settings.passwordSignupFields
+
+
+      passwordErrors = do (password)->
+        errMsg = []
+        msg = false
+        if password.length < 7
+          errMsg.push t9n("error.minChar")
+        if password.search(/[a-z]/i) < 0
+          errMsg.push t9n("error.pwOneLetter")
+        if password.search(/[0-9]/) < 0
+          errMsg.push t9n("error.pwOneDigit")
+
+        if errMsg.length > 0
+          msg = ""
+          errMsg.forEach (e) ->
+            msg = msg.concat "#{e}\r\n"
+
+          Session.set 'entryError', msg
+          return true
+
+        return false
+
+      if passwordErrors then return
+
+      emailRequired = _.contains([
+        'USERNAME_AND_EMAIL',
+        'EMAIL_ONLY'], fields)
+
+      usernameRequired = _.contains([
+        'USERNAME_AND_EMAIL',
+        'USERNAME_ONLY'], fields)
+
+      if usernameRequired && username.length is 0
+        Session.set('entryError', t9n("error.usernameRequired"))
+        return
 
-      return false
+      if username && AccountsEntry.isStringEmail(username)
+        Session.set('entryError', t9n("error.usernameIsEmail"))
+        return
 
-    if passwordErrors then return
+      if emailRequired && email.length is 0
+        Session.set('entryError', t9n("error.emailRequired"))
+        return
 
-    emailRequired = _.contains([
-      'USERNAME_AND_EMAIL',
-      'EMAIL_ONLY'], fields)
+      if AccountsEntry.settings.showSignupCode && signupCode.length is 0
+        Session.set('entryError', t9n("error.signupCodeRequired"))
+        return
 
-    usernameRequired = _.contains([
-      'USERNAME_AND_EMAIL',
-      'USERNAME_ONLY'], fields)
 
-    if usernameRequired && username.length is 0
-      Session.set('entryError', t9n("error.usernameRequired"))
-      return
-
-    if username && AccountsEntry.isStringEmail(username)
-      Session.set('entryError', t9n("error.usernameIsEmail"))
-      return
-
-    if emailRequired && email.length is 0
-      Session.set('entryError', t9n("error.emailRequired"))
-      return
-
-    if AccountsEntry.settings.showSignupCode && signupCode.length is 0
-      Session.set('entryError', t9n("error.signupCodeRequired"))
-      return
-
-
-    Meteor.call 'entryValidateSignupCode', signupCode, (err, valid) ->
-      if valid
-        newUserData =
-          username: username
-          email: email
-          password: AccountsEntry.hashPassword(password)
-          profile: filteredExtraFields
-        Meteor.call 'entryCreateUser', newUserData, (err, data) ->
-          if err
-            console.log err
-            T9NHelper.accountsError err
-            return
-          #login on client
-          isEmailSignUp = _.contains([
-            'USERNAME_AND_EMAIL',
-            'EMAIL_ONLY'], AccountsEntry.settings.passwordSignupFields)
-          userCredential = if isEmailSignUp then email else username
-          Meteor.loginWithPassword userCredential, password, (error) ->
-            if error
+      Meteor.call 'entryValidateSignupCode', signupCode, (err, valid) ->
+        if valid
+          newUserData =
+            username: username
+            email: email
+            password: AccountsEntry.hashPassword(password)
+            profile: filteredExtraFields
+          Meteor.call 'entryCreateUser', newUserData, (err, data) ->
+            if err
               console.log err
-              T9NHelper.accountsError error
-            else if Session.get 'fromWhere'
-              Router.go Session.get('fromWhere')
-              Session.set 'fromWhere', undefined
-            else
-              Router.go AccountsEntry.settings.dashboardRoute
-      else
-        console.log err
-        Session.set 'entryError', t9n("error.signupCodeIncorrect")
-        return
-}
+              T9NHelper.accountsError err
+              return
+            #login on client
+            isEmailSignUp = _.contains([
+              'USERNAME_AND_EMAIL',
+              'EMAIL_ONLY'], AccountsEntry.settings.passwordSignupFields)
+            userCredential = if isEmailSignUp then email else username
+            Meteor.loginWithPassword userCredential, password, (error) ->
+              if error
+                console.log err
+                T9NHelper.accountsError error
+              else if Session.get 'fromWhere'
+                Router.go Session.get('fromWhere')
+                Session.set 'fromWhere', undefined
+              else
+                Router.go AccountsEntry.settings.dashboardRoute
+        else
+          console.log err
+          Session.set 'entryError', t9n("error.signupCodeIncorrect")
+          return
+  }
 
 Template.entrySignUp.helpers(AccountsEntry.entrySignUpHelpers)
 

diff --git a/server/entry.coffee b/server/entry.coffee
@@ -10,24 +10,25 @@ Meteor.startup ->
 
   @AccountsEntry = AccountsEntry
 
-  Meteor.methods
-    entryValidateSignupCode: (signupCode) ->
-      check signupCode, Match.OneOf(String, null, undefined)
-      not AccountsEntry.settings.signupCode or signupCode is AccountsEntry.settings.signupCode
+  if !Accounts._options.forbidClientAccountCreation
+    Meteor.methods
+      entryValidateSignupCode: (signupCode) ->
+        check signupCode, Match.OneOf(String, null, undefined)
+        not AccountsEntry.settings.signupCode or signupCode is AccountsEntry.settings.signupCode
 
-    entryCreateUser: (user) ->
-      check user, Object
-      profile = AccountsEntry.settings.defaultProfile || {}
-      if user.username
-        userId = Accounts.createUser
-          username: user.username,
-          email: user.email,
-          password: user.password,
-          profile: _.extend(profile, user.profile)
-      else
-        userId = Accounts.createUser
-          email: user.email
-          password: user.password
-          profile: _.extend(profile, user.profile)
-      if (user.email && Accounts._options.sendVerificationEmail)
-        Accounts.sendVerificationEmail(userId, user.email)
+      entryCreateUser: (user) ->
+        check user, Object
+        profile = AccountsEntry.settings.defaultProfile || {}
+        if user.username
+          userId = Accounts.createUser
+            username: user.username,
+            email: user.email,
+            password: user.password,
+            profile: _.extend(profile, user.profile)
+        else
+          userId = Accounts.createUser
+            email: user.email
+            password: user.password
+            profile: _.extend(profile, user.profile)
+        if (user.email && Accounts._options.sendVerificationEmail)
+          Accounts.sendVerificationEmail(userId, user.email)