安全规则只允许用户通过验证的电子邮件写入 [英] Security rule to only allow write for users with verified emails

问题描述

我有一个非常简单的写入安全规则，应该只允许拥有经过验证的电子邮件的用户写入数据，

I have very simple write security rule that should only allow users with verified email to write data,

"someNode": {
  ".write": "auth.token.emailVerified === true"
}

出于某种原因，我仍然在模拟器中使用特定用户令牌和在我的应用程序中使用相同用户获得权限被拒绝.我在客户端仔细检查了用户对象，它确实有 emailVerified === true 因此我不确定为什么这不起作用.

For some reason I am still getting permission denied in simulator with specific users token and in my app with same user. I double checked user object in client and it indeed has emailVerified === true hence I am not sure to why this is not working.

截图:

推荐答案

原来 auth.token.emailVerified 应该是 auth.token.email_verified 它有点不一致此类数据如何在客户端呈现.

Turns out auth.token.emailVerified should be auth.token.email_verified its a bit inconsistent with how such data is presented on client side.

这篇关于安全规则只允许用户通过验证的电子邮件写入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！