发表新帖
发表新帖

Is there a way to restrict registrations in firebase

前端 未结
关注
3 1851
刺人心
刺人心 2020-12-02 16:11

Is there a way to restrict users from registering firebase email/password accounts so that new users can\'t sign up? I have a small app that only a few admins need to have a

相关标签:
3条回答
  • 滥情空心
    2020-12-02 16:44

    You can also turn off new user registration by adding a cloud function that deletes new users upon registration. See this answer:

    How to prevent new user registration on Firebase?

    0 讨论(0)
  • 猫巷女王i
    2020-12-02 16:50

    @RobDiMarco provided a great answer, but it has a flaw.

    The rule root.child('admins').hasChild(auth.uid) will pass, in case auth.uid will be an empty string.

    You can test this in Firebase Database Security Simulator, clearing out uid field ({ "provider": "anonymous", "uid": ""}).

    This rule root.child('admins').child(auth.uid).val() === true will not pass with an empty uid.

    0 讨论(0)
  • 梦如初夏
    2020-12-02 16:52

    Firebase Simple Login is an abstraction built on top of Firebase Custom Login for convenience. When using the email / password authentication, it's worth keeping in mind that this is just creating a mapping between that email and password, and automatically generating authentication tokens for use in your security rules.

    In your specific case, if all of the "admin" users have already been created, you can achieve the behavior you're looking for through security rules. For example, if you want to only allow read / write access to your Firebase data tree to authenticated users in that list, try writing top-level read / write security rules that require that user to be in the "admins" list:

    {
  ".read"  : "auth != null && root.child('admins').hasChild(auth.uid)",
  ".write" : "auth != null && root.child('admins').hasChild(auth.uid)"
}

    Those rules above ensure that the user is authenticated (via auth != null) and require that the authenticated user's id is in the list of admins (root.child('admins').hasChild(auth.uid)).

    The last step is to actually make those users admins, by writing them to the admins subtree. Let's say you have users 1, 4, and 7 to make admins, update your data tree to reflect the following:

    {
  ...
  "admins": {
    "1": true,
    "4": true,
    "7": true
  }
}

    As a result of this, even if other users are able to generate new email / password mappings using Firebase Simple Login, those mappings will have no impact on your application as it is restricted using security rules.

    0 讨论(0)
 看不清?
提交回复
热议问题