从 Firebase 中删除特定用户 [英] Delete a specific user from Firebase
问题描述
有没有办法从 firebase 获取特定用户帐户然后将其删除?
Is there a way I can get a specific user account from firebase and then delete it?
例如:
// I need a means of getting a specific auth user.
var user = firebase.auth().getUser(uid);
// Note the getUser function is not an actual function.
之后,我想删除该用户及其附加数据:
After, I want to delete that user and their additional data:
// This works
user.delete().then(function() {
// User deleted.
var ref = firebase.database().ref(
"users/".concat(user.uid, "/")
);
ref.remove();
});
Firebase 文档 指出如果用户当前已登录:
Firebase Documentation states that users can be deleted if they are currently logged in:
firebase.auth().currentUser.delete()
我的目标是允许登录的管理员用户从系统中删除其他用户.
推荐答案
在使用客户端 SDK 进行 Firebase 身份验证时,您只能删除当前登录的用户帐户.否则将带来巨大的安全风险,因为它会允许您应用的用户删除彼此的帐户.
When using the client-side SDKs for Firebase Authentication, you can only delete the user account that is currently signed in. Anything else would be a huge security risk, as it would allow users of your app to delete each other's account.
用于 Firebase 身份验证的 Admin SDK 旨在用于受信任的环境,例如您的开发机器、您控制的服务器或 Cloud Functions.因为它们运行在受信任的环境中,所以它们可以执行某些客户端 SDK 无法执行的操作,例如 只需知道用户的 UID 即可删除用户帐户.
The Admin SDKs for Firebase Authentication are designed to be used in a trusted environment, such as your development machine, a server that you control, or Cloud Functions. Because they run in a trusted environment, they can perform certain operations that the client-side SDKs can't perform, such as deleting user accounts by simply knowing their UID.
另见:
另一种常见的方法是在 Firebase 数据库等中保留白名单/黑名单,并基于此对用户进行授权.请参阅如何在 Firebase 3.x 中禁用注册
Another common approach is to keep a whitelist/blacklist in for example the Firebase Database and authorize user based on that. See How to disable Signup in Firebase 3.x
这篇关于从 Firebase 中删除特定用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
