只允许预先验证的用户登录Firebase [英] Only let pre-verified users log into Firebase

问题描述

现在，我只希望已经注册并已通过我们的软件验证的用户登录，并且我已经将用户的电子邮件列表(带有特殊字符的邮件)保存在Firebase中.当前，当用户登录时，我使用以下功能检查其电子邮件是否在此列表中:

function isEmailValid(userEmail, trueCallback, falseCallback) {
  var emailHash = userEmail.replace(/[^a-zA-Z0-9]/g, "");
  firebase
    .database()
    .ref("validEmails/" + emailHash)
    .on("value", snapshot => {
      if (snapshot.val()) {
        trueCallback(snapshot.val());
      } else {
        falseCallback();
      }
    });
}

尽管此方法有效，但相当麻烦，因为用户仍然可以在调用函数回调之前最初登录，并且他们的电子邮件仍显示在Firebase的身份验证"选项卡中.

是否有更好的方法只允许经过预验证的用户登录Firebase?

解决方案

我很确定以前已经对此进行了介绍:当前无法阻止用户使用Firebase身份验证登录.但是，如果要阻止他们访问后端资源，则可以检查是否在服务器端安全规则(针对实时数据库，存储或Firestore)或您自己的服务器端代码中验证了他们的电子邮件地址. /p>

在I/O上，演示了Cloud Function中即将推出的功能，该功能使您可以防止签名在没有经过验证的电子邮件地址的用户中.但是我不知道何时可以在公共API中使用此功能.

另请参阅:

• Firebase防止在电子邮件验证之前创建帐户
• 如何预防验证电子邮件之前，Firebase/Vue.js中的用户身份验证
• 如何将Firebase数据库锁定到来自特定(电子邮件)域的任何用户?

Right now, I only want users who have already registered and been verified with our software to login, and I have saved the list of emails of users (stripped of special characters) inside Firebase. Currently, when the user logs in, I use the following function to check if their email is in this list:

function isEmailValid(userEmail, trueCallback, falseCallback) {
  var emailHash = userEmail.replace(/[^a-zA-Z0-9]/g, "");
  firebase
    .database()
    .ref("validEmails/" + emailHash)
    .on("value", snapshot => {
      if (snapshot.val()) {
        trueCallback(snapshot.val());
      } else {
        falseCallback();
      }
    });
}

Although this method works, it is quite unwieldy, as the user is still able to log in initially before the function callback is called, and their email is still shown in the "Authentication" tab in Firebase.

Is there a better way to only allowed pre-verified users to log into Firebase?

解决方案

I'm pretty sure this has been covered before: there currently is no way to prevent users from signing in with Firebase Authentication. But if you want to prevent them from accessing backend resources, you can check whether their email address is verified either in the server-side security rules (for Realtime Database, Storage, or Firestore), or in your own server-side code.

At I/O a demo was given of upcoming functionality in Cloud Function that would allow you to prevent signing in users without a verified email address. But I don't know when this functionality will available in a public API.

Also see:

• Firebase Prevent Creating Account Before Email Verification
• How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
• How do I lock down Firebase Database to any user from a specific (email) domain?

这篇关于只允许预先验证的用户登录Firebase的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！