Firebase:电子邮件验证和用户登录才能访问该页面 [英] Firebase: Email verification and user login to be able to access the page
问题描述
我创建了一个表单main.html#!/register"以允许用户输入他们的:名字、姓氏、电子邮件和登录名.一旦所有输入的人都发送电子邮件验证,因此他们无法在验证电子邮件之前进入页面main.html#!/success".
I have created a form "main.html#!/register" to allow users to enter their: firstname, lastname, email and login. Once all those entered an email verification is sent, so that they cannot get to the page "main.html#!/success" before verifying the email.
好消息是:如果他们在未确认电子邮件的情况下尝试从登录页面访问访问页面,他们将无法访问.坏消息是:注册后,如果他们输入main.html#!/success",他们将能够打开这个页面!!
The good news is: If they try to get to the access page from the login page without confirming the Email, they will not be able to access. The bad news is: Right after the registration, if they enter the "main.html#!/success" they will be able to open this page !!
用例:未注册用户无法访问main.html#!/success"如果用户没有验证他的电子邮件,他将无法从登录页面main.html#!/login"访问main.html#!/success"问题是:用户无需电子邮件确认即可在注册后立即访问main.html#!/success".
Use case: The user is not able to access to "main.html#!/success" without any registration The user is not able to access the "main.html#!/success" from the login page "main.html#!/login", if he has not verified his email The problem is : The user is able to access the "main.html#!/success" right after the registration without email confirmation.
问题:如何使用电子邮件验证条件 user.emailVerified 和用户身份验证 $requireSignIn() 来允许访问页面main.html#!/success"?我已经放置了一个解析函数来防止未经注册的任何访问.
Question: How can I use the email verification condition user.emailVerified and the user auth $requireSignIn() to allow the access to the page "main.html#!/success" ? I had put a resolve function to prevent any access without the registration.
这是我的代码1-解析功能:身份验证是我创建的一项服务
Here is my codes 1-resolve function: Authentication is a service I have created
when('/success', {
templateUrl: 'views/success.html',
controller: 'SuccessController',
resolve: {
currentAuth: function(Authentication) {
return Authentication.requireAuth();
} //currentAuth
}//resolve
}).
身份验证服务中的 2-code
2-code in the Authentication service
requireAuth: function() {
return auth.$requireSignIn();
}, //require Authentication
3- 注册函数(在服务中)
3- the register function (it is in the service)
register: function(user) {
auth.$createUserWithEmailAndPassword(
user.email,
user.password
).then(function(regUser) {
var regRef = ref.child('users')
.child(regUser.uid).set({
date: firebase.database.ServerValue.TIMESTAMP,
regUser: regUser.uid,
firstname: user.firstname,
lastname: user.lastname,
email: user.email
}); //userinfo
regUser.sendEmailVerification().then(function() {
// Email sent.
alert("your Email is verified: " + regUser.emailVerified) ;
}).catch(function(error) {
// An error happened.
alert(error);
});
}).catch(function(error) {
$rootScope.message = error.message;
}); //createUserWithEmailAndPassword
} //register
3-登录功能
login: function(user) {
auth.$signInWithEmailAndPassword(
user.email,
user.password
).then(function(user) {
if(user.emailVerified){
$location.path('/success');
}
else{
$rootScope.message= "Please validate your registration first : "+user.emailVerified;
}
}).catch(function(error) {
$rootScope.message = error.message;
}); //signInWithEmailAndPassword
}, //login
推荐答案
您正试图在客户端强制执行此操作.相反,您应该根据 Firebase 规则对经过验证的登录用户强制执行访问权限.例如:
You are trying to enforce this on the client side. Instead you should enforce access for verified signed in users from your Firebase rules. For example:
".write": "$user_id === auth.uid && auth.token.email_verified == true"
这篇关于Firebase:电子邮件验证和用户登录才能访问该页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!