Firebase-身份验证-发现注册但未验证电子邮件的用户 [英] Firebase - Auth - discover users who signed up but not verified email
问题描述
我已经建立了一个Firebase项目,用于其用户身份验证模块.我还使用了来自Github的
我已经进行了基本测试,并且在验证之前和之后,用户UID均未更改.
所以,这是我的问题-我是否正确进行了电子邮件验证?如果是这样(因此UI不会向我显示已验证与未验证),是否存在接受的访问Auth模块中这两组用户的方法?我看不到访问底层UID表及其属性(包括 emailVerified 属性)的方法.如果该功能不在控制台中,我不介意编写更多代码-只是希望在下一步中朝正确的方向前进.
Firebase控制台当前无法查看特定用户的电子邮件地址是否已通过验证.是的 API,获取用户列表,但是您无法筛选是否经过验证.
您可以检查是否通过以下方式验证了当前身份验证用户的电子邮件地址:
firebase.auth().currentUser.email已验证 您不能阻止谁注册.但是您可以轻松地确保只有具有经过验证的电子邮件地址的用户才能访问(某些)数据.例如:
{规则":{".read":"auth!= null&& auth.token.email_verified","gmailUsers":{"$ uid":{".write":"auth.token.email_verified == true&&auth.token.email.matches(/.*@ gmail.com $/)}}}} 上述规则确保只有具有经过验证的电子邮件地址的用户才能读取任何数据,只有具有经过验证的gmail地址的用户才能在 gmailUsers 下进行写.
I've set-up a Firebase project which I am using for it's user authentication module. I am also using the firebaseui-web project from Github.
My redirect on sign-on is working fine per this code:
// FirebaseUI config.
var uiConfig = {
'signInSuccessUrl': 'MY_REDIRECT.html',
'signInOptions': [
firebase.auth.EmailAuthProvider.PROVIDER_ID
],
// Terms of service url.
'tosUrl': '<your-tos-url>',
};
When the page loads (i.e. MY_REDIRECT.html) I'm checking the status of the user to see if they have verified their e-mail, and if not then invoke the sendEmailVerification method:
checkLoggedInUser = function() {
auth.onAuthStateChanged(function(user) {
if (user) {
// is email verified
if(user.emailVerified) {
// show logged in user in UI
$('#loggedinUserLink').html('Logged in:' + user.email + '<span class="caret"></span>');
} else {
// user e-mail is not verified - send verification mail and redirect
alert('Please check your inbox for a verification e-mail and follow the instructions');
// handle firebase promise and don't redirect until complete i.e. .then
user.sendEmailVerification().then(function() {
window.location.replace('index.html');
});
}
} else {
// no user object - go back to index
window.location.replace("index.html");
}
}, function(error) {
console.log(error);
});
};
window.onload = function() {
checkLoggedInUser()
};
All good so far - Firebase is doing what I want! Thanks guys :)
However, in the Firebase Console UI there doesn't appear to be a way of seeing if a user actually went to their inbox and clicked on the link to perform the verification. The UI looks like this:
I've run basic tests and the User UID doesn't change before and after verification has taken place.
So, here's my question - did I go about the e-mail verification correctly? If so (and therefore the UI doesn't show me verified vs unverified) is there an accepted method of accessing these two sets of users in the Auth module? I can't see the way to access the underlying table of UIDs and their properties (including the emailVerified property). I don't mind having to write more code if the functionality isn't in the Console - just looking to get nudged in the correct direction for my next step.
There is currently no way in the Firebase Console to see whether a specific user's email address has been verified. There is an API to get a list of users, but you can't filter on whether they're verified or not.
You can check whether the currently authenticated user's email address is verified with:
firebase.auth().currentUser.emailVerified
You cannot prevent who signs up. But you can easily ensure that only users with a verified email address can access (certain) data. For example:
{
"rules": {
".read": "auth != null && auth.token.email_verified",
"gmailUsers": {
"$uid": {
".write": "auth.token.email_verified == true &&
auth.token.email.matches(/.*@gmail.com$/)"
}
}
}
}
The above rules ensure that only users with a verified email address can read any data and only users with a verified gmail address can write under gmailUsers.
这篇关于Firebase-身份验证-发现注册但未验证电子邮件的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
