Async methods must return promises.

src/api/session.coffee

@@ -11,7 +11,7 @@ exports.signInWithPassword = ({email, password}) ->
 
   # Invalid credentials if the user does not exists or if the password
   # does not check.
-  @throw 'INVALID_CREDENTIAL' unless user and user.checkPassword password
+  @throw 'INVALID_CREDENTIAL' unless user and $wait user.checkPassword password
 
   # Stores the user identifier in the session.
   @session.set 'user_id', user.get 'id'

src/api/user.coffee

@@ -37,10 +37,10 @@ exports.changePassword = ({old, new: newP}) ->
   user = $wait @users.first @session.get 'user_id'
 
   # Checks its old password.
-  @throw 'INVALID_CREDENTIAL' unless user.checkPassword old
+  @throw 'INVALID_CREDENTIAL' unless $wait user.checkPassword old
 
   # Sets the new password.
-  user.setPassword newP
+  $wait user.setPassword newP
 
   # Updates the user.
   $wait @users.update user
@@ -91,7 +91,7 @@ exports.set = ({id, email, password, permission}) ->
   # Updates the provided properties.
   user.set {email} if email?
   user.set {permission} if permission?
-  user.setPassword password if password?
+  $wait user.setPassword password if password?
 
   # Updates the user.
   $wait @users.update user

src/main.coffee

@@ -249,7 +249,7 @@ exports = module.exports = $coroutine (args) ->
   unless $wait xo.users.exists()
     email = 'admin@admin.net'
     password = 'admin' # TODO: Should be generated.
-    xo.users.create email, password, 'admin'
+    $wait xo.users.create email, password, 'admin'
     console.log "[INFO] Default user: “#{email}” with password “#{password}”"
 
   return $eventToPromise webServer, 'close'

src/xo.coffee

@@ -64,21 +64,21 @@ class $User extends $Model
   validate: -> # TODO
 
   # FIXME: Async function should be explicit and return promise.
-  setPassword: (password) ->
+  setPassword: $coroutine (password) ->
     @set 'pw_hash', $wait $hash password
     return
 
   # Checks the password and updates the hash if necessary.
   #
   # FIXME: Async function should be explicit and return promise.
-  checkPassword: (password) ->
+  checkPassword: $coroutine (password) ->
     hash = @get 'pw_hash'
 
     unless $wait $verifyHash password, hash
       return false
 
     if $needsRehash hash
-      @setPassword password
+      $wait @setPassword password
 
     return true
 
@@ -96,11 +96,11 @@ class $Users extends $RedisCollection
   model: $User
 
   # FIXME: Async function should be explicit and return promise.
-  create: (email, password, permission) ->
+  create: $coroutine (email, password, permission) ->
     user = new $User {
       email: email
     }
-    user.setPassword password
+    $wait user.setPassword password
     user.set 'permission', permission unless permission is undefined
 
     @add user
@@ -150,9 +150,9 @@ class $XO extends $EventEmitter
 
       return
 
-  start: (config) ->
+  start: $coroutine (config) ->
     # Connects to Redis.
-    redis = $createRedisClient config.redis.uri
+    redis = $createRedisClient config.redis?.uri
 
     # Creates persistent collections.
     @servers = new $Servers {