如何验证Firebase中已转义的基于电子邮件的用户帐户? [英] How to authenticate escaped email-based user accounts in Firebase?
问题描述
我使用的是Firebase Simple Login的电子邮件/密码验证选项。
我将用户的数据以转义邮件的形式存储为键,其中。字符已被替换为,(因为Firebase不允许存储在键中)。而不是使用用户ID作为键。问题是,在安全规则中,我不能使用正则表达式对auth.email变量的转义邮件进行认证。所以我不能做到以下几点:
users:{
$ user:{
.read:auth.email == $ user,
.write:auth.email == $ user
}
}
,因为每个$ user看起来像'some,one @ domain,co,uk',而auth.email是'ome.one@domain .co.uk'。
有没有办法解决这个问题?我是否需要在每个$用户中存储用户ID以使用户方式的认证成为可能?在这种情况下,我想简单地将用户数据存储在基于id的节点而不是转义的电子邮件中将会更容易一些。 如果您使用的是Firebase简单登录电子邮件/密码身份验证,则建议您根据 uid 字段,这些字段不会更改,并且在Firebase的所有用户中都是唯一的,无论他们是通过电子邮件/密码,Facebook还是Google等进行身份验证。
之前版本的Firebase身份验证(例如,Firebase简单登录)将电子邮件地址放在安全规则 auth 变量中,但是被删除,因为(1)并非所有用户都有电子邮件地址,(2)用户可能有多个电子邮件地址,(3)电子邮件地址可以更改。因此,他们对于Firebase中的索引并不理想。
原始答案:然而,如果您想要根据电子邮件地址输入数据,则可以使用 .replace()安全规则中的方法来直接在安全规则中用逗号直接替换句点。例如:
。read:root.child('users')。child(auth.email.replace '。',','))。exists()
请参阅 https://www.firebase.com/docs/security/string/replace.html 了解更多详情。
I am using email/password auth option of Firebase Simple Login.
I store my users' data with escaped emails as keys, where '.' characters have been replaced with ',' (as Firebase doesn't allow storing '.'s in keys) rather than using user ids as keys. The problem is that in security rules I cannot use regex to authenticate escaped emails against the auth.email variable. So I cannot do the following:
users: {
$user: {
".read": "auth.email == $user",
".write": "auth.email == $user"
}
}
because each $user looks like 'some,one@domain,co,uk' while the auth.email is 'some.one@domain.co.uk'.
Is there a way around this problem? Do I need to store the user id inside each $user to make user-wise authentication possible? In this case I guess it would be easier to simply store user data in id-based nodes rather than escaped emails.
Update:
If you're using Firebase Simple Login email / password authentication, it is recommended that you key users based upon the uid field, which will not change and is unique across all users of your Firebase, whether they are authenticating via email / password, Facebook, Google, etc.
Prior versions of Firebase authentication (i.e. Firebase Simple Login) put an email address in the security rules auth variable, but this was removed because (1) not all users will have email addresses, (2) users may have multiple email addresses, and (3) email addresses can change. As a result, they're not ideal for indexes in Firebase.
Original Answer:
However, if you'd rather key your data based upon e-mail address, you can use the .replace() method in security rules to simply replace the periods with commas directly in your security rules. For example:
".read": "root.child('users').child(auth.email.replace('.', ',')).exists()"
See https://www.firebase.com/docs/security/string/replace.html for more details.
这篇关于如何验证Firebase中已转义的基于电子邮件的用户帐户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
