从firebase中删除用户 [英] Remove a user from firebase
问题描述
我正在尝试以编程方式从我的firebase中删除用户。 removeuser方法有2个参数,电子邮件和密码。现在电子邮件不难发现,因为它存储在auth变量中+我在创建用户时将其添加到我的数据库中。但是,我应该如何找出用户的密码?
I am trying to remove a user programatically from my firebase. The method removeuser takes 2 arguments, email and password. Now email is not hard to find out since this is stored in the auth variable + I am adding it in my database when a user is created. However, how am I supposed to find out the password from the user?
当我创建用户时,我会将生成的md5_hash信息与此用户一起添加到我的数据库中。但是,我无法将此值转换回真实密码。
When I create a user I do add the generated md5_hash information with this user in my database. However, I can not convert this value back to the real password.
我显然也不想将真实密码存储在数据库中,因为这只是问题。
I also obviously do not want to store the real password in the database since this is just asking for problems.
所以我想知道,有什么显而易见的我在这里找不到如何用他的密码以编程方式从数据库中删除用户? (为什么我甚至需要他的密码来删除他?)
So I'm wondering, is there anything overly obvious I am missing here on how to remove a user programatically from the database, with his password? (Why do I actually even need his password to remove him?)
编辑:为了澄清,我只允许管理员删除用户,所以他有一个列表在我的firebase中创建的每个用户。让用户删除自己的用户帐户仍然不是那么容易,因为(我认为)firebase哈希算法不公开,所以我无法检查他是否输入了正确的密码。
To clarify, I am only allowing an admin to delete users, so he has a list of every user that has been created in my firebase. Having a user delete his own user account is still not so easy since (I presume) the firebase hashing algorithm is not public, so there's no way for me to check if he did input the correct password.
推荐答案
Firebase简单登录是基于 Firebase自定义登录,并提供有用的原语,用于通过常用方式验证用户。
Firebase Simple Login is a service built on-top of Firebase Custom Login, and provides useful primitives for authenticating users via common means.
按照设计,Firebase Simple Login可以不允许您以编程方式访问用户的密码,因为它只会增加不安全处理或存储密码的风险。今天,可用于删除电子邮件/密码哈希映射的唯一两种方法是使用电子邮件和密码通过客户端API,或通过 https://< YOUR-的管理面板FIREBASE> .firebaseio.com 。
By design, Firebase Simple Login does not give you access to the users' passwords programmatically, as it only increases the risk that they are not handled or stored securely. Today, the only two methods that can be used to remove an email / password hash mapping is either via the client API using the email and password, or via the admin panel at https://<YOUR-FIREBASE>.firebaseio.com.
请记住,在使用电子邮件/密码登录时,Firebase简单登录只会创建一个新的映射电子邮件地址和密码哈希,但不会在您的Firebase中存储任何信息。另请注意,无法将用户ID黑名单,因此如果删除映射,用户可以重新创建它。
Keep in mind that when using email / password login, Firebase Simple Login simply creates a new mapping between an email address and a password hash, but does not store any information in your Firebase. Also note that there is no way to "blacklist" a user id, so if you remove the mapping, the user could re-create it.
如果要禁止/阻止用户,更好的方法是在黑名单用户的Firebase中创建一个新列表,然后使用安全规则确保该用户在列表中(即用户被阻止,如果 root .child('blocked-users')。hasChild(auth.uid))。
If you want to ban / block users, a better approach would be to create a new list in Firebase of your "blacklisted" users, and then use security rules to ensure that that user is in the list (i.e. user is blocked if root.child('blocked-users').hasChild(auth.uid)).
这篇关于从firebase中删除用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
