从Firebase删除特定用户 [英] Delete a specific user from Firebase
问题描述
有什么办法可以从firebase中获取特定的用户帐户,然后将其删除?
Is there a way I can get a specific user account from firebase and then delete it?
例如:
// I need a means of getting a specific auth user.
var user = firebase.auth().getUser(uid);
// Note the getUser function is not an actual function.
之后,我要删除该用户及其附加数据:
After, I want to delete that user and their additional data:
// This works
user.delete().then(function() {
// User deleted.
var ref = firebase.database().ref(
"users/".concat(user.uid, "/")
);
ref.remove();
});
Firebase文档指出,如果用户删除了当前已登录:
Firebase Documentation states that users can be deleted if they are currently logged in:
firebase.auth().currentUser.delete()
我的目的是允许登录的管理员用户从系统中删除其他用户.
推荐答案
在使用客户端SDK进行Firebase身份验证时,您只能删除当前已登录的用户帐户.其他任何情况都将带来巨大的安全风险,因为它将允许您的应用程序的用户删除彼此的帐户.
When using the client-side SDKs for Firebase Authentication, you can only delete the user account that is currently signed in. Anything else would be a huge security risk, as it would allow users of your app to delete each other's account.
用于Firebase身份验证的管理SDK 旨在用于受信任的环境,例如开发机器,您控制的服务器或Cloud Functions.因为它们在受信任的环境中运行,所以它们可以执行客户端SDK无法执行的某些操作,例如
The Admin SDKs for Firebase Authentication are designed to be used in a trusted environment, such as your development machine, a server that you control, or Cloud Functions. Because they run in a trusted environment, they can perform certain operations that the client-side SDKs can't perform, such as deleting user accounts by simply knowing their UID.
另请参阅:
另一种常见方法是将白名单/黑名单保留在Firebase数据库中,然后基于该白名单授权用户.请参阅如何在Firebase 3.x中禁用注册
Another common approach is to keep a whitelist/blacklist in for example the Firebase Database and authorize user based on that. See How to disable Signup in Firebase 3.x
这篇关于从Firebase删除特定用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
