Firebase:电子邮件验证和用户登录名才能访问该页面 [英] Firebase: Email verification and user login to be able to access the page

问题描述

我创建了一个表格"main.html#！/register"，以允许用户输入他们的名字，姓氏，电子邮件和登录名.一旦所有输入的人都发送了电子邮件验证，因此他们无法在验证电子邮件之前进入页面"main.html#！/成功".

好消息是:如果他们尝试在未确认电子邮件的情况下从登录页面访问访问页面，则将无法访问. 坏消息是:注册后，如果他们输入"main.html#！/success"，便可以打开此页面！

用例: 未经注册，用户将无法访问"main.html#！/成功" 如果用户尚未验证电子邮件，则无法从登录页面"main.html#！/login"访问"main.html#！/成功" 问题是:注册后，用户无需电子邮件确认即可直接访问"main.html#！/成功".

问题: 如何使用电子邮件验证条件 user.emailVerified 和用户auth $ requireSignIn()允许访问页面"main.html#！/success"? 我设置了一个resolve函数，以防止未经注册的任何访问.

这是我的密码 1-解析功能: 身份验证是我创建的服务

 when('/success', {
  templateUrl: 'views/success.html',
  controller: 'SuccessController',
  resolve: {
    currentAuth: function(Authentication) {
    return Authentication.requireAuth();
    } //currentAuth
  }//resolve
}).

身份验证服务中的

2码

requireAuth: function() {
    return auth.$requireSignIn();
}, //require Authentication

3-注册功能(在服务中)

register: function(user) {   
  auth.$createUserWithEmailAndPassword(
    user.email,
    user.password
  ).then(function(regUser) {
    var regRef = ref.child('users')
      .child(regUser.uid).set({
        date: firebase.database.ServerValue.TIMESTAMP,
        regUser: regUser.uid,
        firstname: user.firstname,
        lastname: user.lastname,
        email: user.email 
      }); //userinfo
    regUser.sendEmailVerification().then(function() {
      // Email sent.
        alert("your Email is verified: " + regUser.emailVerified) ;
    }).catch(function(error) {
      // An error happened.
        alert(error);
    });
  }).catch(function(error) {
    $rootScope.message = error.message;
  }); //createUserWithEmailAndPassword
} //register

3-登录功能

login: function(user) {
            auth.$signInWithEmailAndPassword(
            user.email,
            user.password
          ).then(function(user) {
                if(user.emailVerified){
                  $location.path('/success');
                }
                else{
                $rootScope.message= "Please validate your registration first : "+user.emailVerified;
                }
          }).catch(function(error) {
            $rootScope.message = error.message;
          }); //signInWithEmailAndPassword
}, //login

解决方案

您正在尝试在客户端强制执行此操作.相反，您应该根据Firebase规则对已验证的登录用户实施访问权限.例如:

".write": "$user_id === auth.uid && auth.token.email_verified == true"

I have created a form "main.html#!/register" to allow users to enter their: firstname, lastname, email and login. Once all those entered an email verification is sent, so that they cannot get to the page "main.html#!/success" before verifying the email.

The good news is: If they try to get to the access page from the login page without confirming the Email, they will not be able to access. The bad news is: Right after the registration, if they enter the "main.html#!/success" they will be able to open this page !!

Use case: The user is not able to access to "main.html#!/success" without any registration The user is not able to access the "main.html#!/success" from the login page "main.html#!/login", if he has not verified his email The problem is : The user is able to access the "main.html#!/success" right after the registration without email confirmation.

Question: How can I use the email verification condition user.emailVerified and the user auth $requireSignIn() to allow the access to the page "main.html#!/success" ? I had put a resolve function to prevent any access without the registration.

Here is my codes 1-resolve function: Authentication is a service I have created

 when('/success', {
  templateUrl: 'views/success.html',
  controller: 'SuccessController',
  resolve: {
    currentAuth: function(Authentication) {
    return Authentication.requireAuth();
    } //currentAuth
  }//resolve
}).

2-code in the Authentication service

requireAuth: function() {
    return auth.$requireSignIn();
}, //require Authentication

3- the register function (it is in the service)

register: function(user) {   
  auth.$createUserWithEmailAndPassword(
    user.email,
    user.password
  ).then(function(regUser) {
    var regRef = ref.child('users')
      .child(regUser.uid).set({
        date: firebase.database.ServerValue.TIMESTAMP,
        regUser: regUser.uid,
        firstname: user.firstname,
        lastname: user.lastname,
        email: user.email 
      }); //userinfo
    regUser.sendEmailVerification().then(function() {
      // Email sent.
        alert("your Email is verified: " + regUser.emailVerified) ;
    }).catch(function(error) {
      // An error happened.
        alert(error);
    });
  }).catch(function(error) {
    $rootScope.message = error.message;
  }); //createUserWithEmailAndPassword
} //register

3- login function

login: function(user) {
            auth.$signInWithEmailAndPassword(
            user.email,
            user.password
          ).then(function(user) {
                if(user.emailVerified){
                  $location.path('/success');
                }
                else{
                $rootScope.message= "Please validate your registration first : "+user.emailVerified;
                }
          }).catch(function(error) {
            $rootScope.message = error.message;
          }); //signInWithEmailAndPassword
}, //login

解决方案

You are trying to enforce this on the client side. Instead you should enforce access for verified signed in users from your Firebase rules. For example:

".write": "$user_id === auth.uid && auth.token.email_verified == true"

这篇关于Firebase:电子邮件验证和用户登录名才能访问该页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！