Merge branch 'devel' of https://github.com/VulcanJS/Vulcan into devel

packages/vulcan-accounts/imports/helpers.js

@@ -6,12 +6,12 @@ try {
 }
 export const loginButtonsSession = Accounts._loginButtonsSession;
 export const STATES = {
-  SIGN_IN: Symbol('SIGN_IN'),
-  SIGN_UP: Symbol('SIGN_UP'),
-  PROFILE: Symbol('PROFILE'),
-  PASSWORD_CHANGE: Symbol('PASSWORD_CHANGE'),
-  PASSWORD_RESET: Symbol('PASSWORD_RESET'),
-  ENROLL_ACCOUNT: Symbol('ENROLL_ACCOUNT')
+  SIGN_IN: Symbol.for('SIGN_IN'),
+  SIGN_UP: Symbol.for('SIGN_UP'),
+  PROFILE: Symbol.for('PROFILE'),
+  PASSWORD_CHANGE: Symbol.for('PASSWORD_CHANGE'),
+  PASSWORD_RESET: Symbol.for('PASSWORD_RESET'),
+  ENROLL_ACCOUNT: Symbol.for('ENROLL_ACCOUNT')
 };
 
 export function getLoginServices() {

packages/vulcan-users/lib/server/mutations.js

@@ -87,13 +87,25 @@ const specificResolvers = {
       if (!email) {
         throw new Error('Invalid email');
       }
-      return await authenticateWithPassword(email, password);
+      const authResult = await authenticateWithPassword(email, password);
+      // set an HTTP-only cookie so the user is authenticated
+      const { /*userId,*/ token } = authResult;
+      const tokenCookie = {
+        path: '/',
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'development' ? false : true,
+        // expires: //
+        //sameSite: ''
+      };
+      context.req.res.cookie('meteor_login_token', token, tokenCookie);
+      return authResult;
     },
     async logout(root, args, context) {
       if (!(context && context.userId)) {
         throw new Error('User already logged out');
       }
       const { userId } = context;
+      context.req.res.clearCookie('meteor_login_token');
       return await logout(userId);
     },
     async signup(root, args, context) {