当用户使用电子邮件和密码登录时,auth.provider未设置为“密码” [英] auth.provider is not set to 'password' when user signs-in with email and password
问题描述
我正在开发一个使用Firebase的iOS应用程序(最新版本),并且在使用安全规则进行身份验证时,遇到安全规则中 auth.provider 表达式的问题电子邮件和密码。我期望 auth.provider 表达式返回 password ,但是它看起来像返回 anonymous 。
在Firebase控制台中,我启用了电子邮件/密码和Google作为提供程序,并设置了以下安全规则:
{
rules:{
users:{
$ uid: {
//允许用户读取
.read:auth.uid === $ uid,
//非易失性存储器匿名用户可以写
.write:auth.uid === $ uid& auth.provider!=='匿名'
//更多,为简洁省略
}
}
}
}
在我的应用程序中,当以用户XYZ用电子邮件和密码登录时,我无法在/ users / XYZ节点下设置值。我得到权限被拒绝的错误。用户使用Google凭证登录时,情况并非如此,按预期方式运行。
看起来罪魁祸首是条件 auth .provider!=='匿名'。对于电子邮件/密码登录,我期望提供者等于 password ;相反,它似乎设置为 anonymous 。 Firebase文档列出了密码作为auth.provider的可能值: https: //firebase.google.com/docs/reference/security/database/#auth
这个问题有更大的影响,当一个启用新的匿名身份验证功能(请参阅 https://firebase.google.com/docs/auth/ IOS /匿名AUTH )。据我了解,在安全规则中使用 auth.provider 将允许区分匿名用户和密码用户。
我是在看一个bug还是在我推理的某个地方犯了一个初学者的错误?
$ b $ p
这里是SDK版本我正在使用(从CocoaPods输出摘录):
使用Firebase(3.2.1)
使用FirebaseAuth(3.0。 2)
使用FirebaseDatabase(3.0.1)
< Firebase团队证实,他们身边有一个bug,正在修复。与此同时,有一个解决方法可以在下面的链接中找到:
https://groups.google.com/d/topic/firebase-talk/C-ljg-CCKl0/discussion
解决方法包括使用以下安全规则来检测使用电子邮件地址进行身份验证的用户:
auth.token.firebase.identities.email!== null
I am developing an iOS app using Firebase (the newest) and I am having trouble with the auth.provider expression in the security rules when the user is authenticated using an email and password. I expect the auth.provider expression to return password but instead it looks like it returns anonymous.
In the Firebase console, I have enabled Email/Password and Google as providers, and have set up the following security rules:
{
"rules": {
"users": {
"$uid": {
// the user is allowed to read
".read": "auth.uid === $uid",
// the non-anonymous user is allowed to write
".write": "auth.uid === $uid && auth.provider !== 'anonymous'"
// more here, omitted for brevity
}
}
}
}
In my app, when signing in as a user XYZ with an e-mail and password, I am not able to set a value under the /users/XYZ node. I am getting a "permission denied" error. This is not the case with users signing-in with Google credentials, where it works as expected.
It looks like the culprit is the condition auth.provider !== 'anonymous'. For an e-mail/password sign-in, I expect the provider to be equal to password; instead it appears to be set to anonymous. The Firebase documentation lists "password" as a possible value for auth.provider: https://firebase.google.com/docs/reference/security/database/#auth
This issue has bigger ramifications, when one enables the new "anonymous authentication" feature (see https://firebase.google.com/docs/auth/ios/anonymous-auth). As I understand it, using auth.provider in the security rules would allow one to distinguish between an "anonymous" user and a "password" user.
Am I looking at a bug or am I making a beginner's mistake somewhere in my reasoning?
For reference, here are the SDK versions I am using (excerpt from CocoaPods output):
Using Firebase (3.2.1)
Using FirebaseAuth (3.0.2)
Using FirebaseDatabase (3.0.1)
The Firebase team confirmed that there is a bug somewhere on their side and are working for a fix. In the meantime, there is a workaround to be found in the link below:
https://groups.google.com/d/topic/firebase-talk/C-ljg-CCKl0/discussion
The workaround consists of using the following security rule for detecting that the user authenticated using an e-mail address:
auth.token.firebase.identities.email !== null
这篇关于当用户使用电子邮件和密码登录时,auth.provider未设置为“密码”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
