在使用Flutter和Firebase确认注册之前,请先验证用户的电子邮件地址 [英] Verify a user's email address before confirming registration, with Flutter and Firebase
问题描述
我使用Firebase作为后端身份验证服务,创建了与我的Flutter应用程序一起使用的登录和注册屏幕.我可以很好地在登录,注册和重置密码屏幕之间进行切换.
问题
目前,注册屏幕会接受输入的任何电子邮件地址,无论该地址是否真实.例如,如果我输入gvevg@gverwbgw.com,它将允许用户注册.当涉及到假帐户和垃圾邮件等时,这显然是一个问题.
目标
我基本上希望能够编辑我的代码,以自动生成电子邮件地址验证电子邮件,从而防止用户在验证电子邮件地址之前登录.我编写的代码使用 Future
, FirebaseAuth
和 async/await
来实现.
我的当前代码
首先,我定义一个AuthBase抽象类,该类创建"createUserWithEmailAndPassword"函数(以及其他函数),如下所示:
抽象类AuthBase {流<用户>得到onAuthStateChanged;未来<用户>当前用户();未来<用户>createUserWithEmailAndPassword(字符串电子邮件,字符串密码);}
然后,我创建一个实现AuthBase的Auth函数,从Firebase获取当前用户并创建注册 Future
函数,如下所示:
class Auth实现AuthBase {final _firebaseAuth = FirebaseAuth.instance;//这会创建用户ID令牌变量(如果尚不存在),然后使用一种登录方法填充该变量.用户_userFromFirebase(FirebaseUser用户){如果(使用者==空值){返回null;}返回User(uid:user.uid);}//这有助于从Google Firebase吸引用户,并指出是否已有使用这些登录详细信息的用户.@override流<用户>得到onAuthStateChanged {返回_firebaseAuth.onAuthStateChanged.map(_userFromFirebase);}//这将标识当前登录的当前用户.@override未来<用户>currentUser()异步{最终用户=等待_firebaseAuth.currentUser();返回_userFromFirebase(user);}//如果不存在,则使用firebase创建用于电子邮件和密码登录的用户帐户.@override未来<用户>createUserWithEmailAndPassword(字符串电子邮件,字符串密码)异步{最后的authResult =等待_firebaseAuth.createUserWithEmailAndPassword(电子邮件:电子邮件,密码:密码);返回_userFromFirebase(authResult.user);}}
我的问题
我如何编辑代码,以便它使我可以自动为要使用电子邮件登录的任何用户实施电子邮件验证?我相信 sendEmailVerification()
函数必须使用 FirebaseUser
,尽管我不确定如何在此处实现它.我将不胜感激任何帮助.谢谢!
电子邮件+密码身份验证仅要求用户知道电子邮件+密码的组合即可.它本身并不需要验证电子邮件地址即可登录.如果要在允许访问其他数据之前验证电子邮件地址,可以通过如何将Firebase数据库锁定到来自特定(电子邮件)域的任何用户?
I've created a login and registration screen that works with my Flutter app, using Firebase as the backend authentication service. I'm able to switch between the login, registration and reset password screens well.
The Issue
At the moment, the registration screen accepts any email address that is entered, whether or not it is real. For example, if I were to type in gvevg@gverwbgw.com, it would allow the user to register. This is obviously an issue, when it comes to fake accounts and spam etc.
The Aim
I would basically like to be able to edit my code, to automatically generate an email address verification email, which prevents the user from signing in, before their email address has been verified. The code I have made uses a Future
, FirebaseAuth
and async/await
to make this happen.
My Current Code
Firstly, I define an AuthBase abstract class, that creates the 'createUserWithEmailAndPassword' function (amongst others) as follows:
abstract class AuthBase {
Stream<User> get onAuthStateChanged;
Future<User> currentUser();
Future<User> createUserWithEmailAndPassword(String email, String password);
}
Then, I create an Auth function, that implements AuthBase, gets the current user from Firebase and creates the registration Future
function, as follows:
class Auth implements AuthBase {
final _firebaseAuth = FirebaseAuth.instance;
// This creates the user ID token variable (if one doesn't already exist) which is then populated using one of the login methods.
User _userFromFirebase(FirebaseUser user) {
if (user == null) {
return null;
}
return User(uid: user.uid);
}
// This helps to get the user from Google Firebase, noting if there is or isn't a user with those login details already.
@override
Stream<User> get onAuthStateChanged {
return _firebaseAuth.onAuthStateChanged.map(_userFromFirebase);
}
// This identifies the current user, who is logged in at the time.
@override
Future<User> currentUser() async {
final user = await _firebaseAuth.currentUser();
return _userFromFirebase(user);
}
// This creates the user account for an email-and-password sign-in, with firebase, if it doesn't already exist.
@override
Future<User> createUserWithEmailAndPassword(
String email, String password) async {
final authResult = await _firebaseAuth.createUserWithEmailAndPassword(
email: email, password: password);
return _userFromFirebase(authResult.user);
}
}
My Question
How do I edit my code, so that it allows me to implement email verification automatically for any user that wants to sign in with email? I believe the sendEmailVerification()
function must use FirebaseUser
, although I am not sure how to implement it here. I would appreciate any help. Thanks!
Email+password authentication requires nothing more than that the user knows the combination of email+password. It doesn't in itself require the email address to be verified to sign in. If you want the email address to be verified before allowing access to other data, you can do that by checking the user's token for the email_verified
claim for example in the security rules of your database.
Also see:
- How do I lock down Firebase Database to any user from a specific (email) domain?
- Firebase email verification at SignUp
- How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
- Only let pre-verified users log into Firebase
这篇关于在使用Flutter和Firebase确认注册之前,请先验证用户的电子邮件地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!