只让预先验证的用户登录 Firebase [英] Only let pre-verified users log into Firebase
问题描述
现在,我只希望已经注册并通过我们软件验证的用户登录,并且我已经在 Firebase 中保存了用户的电子邮件列表(去除了特殊字符).目前,当用户登录时,我使用以下功能检查他们的电子邮件是否在此列表中:
Right now, I only want users who have already registered and been verified with our software to login, and I have saved the list of emails of users (stripped of special characters) inside Firebase. Currently, when the user logs in, I use the following function to check if their email is in this list:
function isEmailValid(userEmail, trueCallback, falseCallback) {
var emailHash = userEmail.replace(/[^a-zA-Z0-9]/g, "");
firebase
.database()
.ref("validEmails/" + emailHash)
.on("value", snapshot => {
if (snapshot.val()) {
trueCallback(snapshot.val());
} else {
falseCallback();
}
});
}
尽管此方法有效,但它非常笨拙,因为用户仍然可以在调用函数回调之前最初登录,并且他们的电子邮件仍然显示在 Firebase 的身份验证"选项卡中.
Although this method works, it is quite unwieldy, as the user is still able to log in initially before the function callback is called, and their email is still shown in the "Authentication" tab in Firebase.
是否有更好的方法来仅允许预先验证的用户登录 Firebase?
Is there a better way to only allowed pre-verified users to log into Firebase?
推荐答案
我很确定之前已经讨论过这个问题:目前没有办法阻止用户使用 Firebase 身份验证登录.但是,如果您想阻止他们访问后端资源,您可以检查他们的电子邮件地址是否在服务器端安全规则(针对实时数据库、存储或 Firestore)或您自己的服务器端代码中进行了验证.
I'm pretty sure this has been covered before: there currently is no way to prevent users from signing in with Firebase Authentication. But if you want to prevent them from accessing backend resources, you can check whether their email address is verified either in the server-side security rules (for Realtime Database, Storage, or Firestore), or in your own server-side code.
在 I/O 大会上,演示了 Cloud Function 中即将推出的功能,该功能允许您防止签名在没有经过验证的电子邮件地址的用户中.但我不知道这个功能什么时候会在公共 API 中可用.
At I/O a demo was given of upcoming functionality in Cloud Function that would allow you to prevent signing in users without a verified email address. But I don't know when this functionality will available in a public API.
另见:
这篇关于只让预先验证的用户登录 Firebase的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
