问题
I need to prevent user authentication if their email isn't found in allowedUsers. It doesn't really affect the app, since all the actions will be performed on the users list, but it will be nice if the authentication doesn't happen.
loginWithGoogle() {
const userDetails = this.afAuth.auth.signInWithPopup(new firebase.auth.GoogleAuthProvider())
.then(user => {
console.log(user.user.uid);
const queryObservable = this.db.list('/allowedUsers', {
query: {
orderByChild: 'email',
equalTo: user.user.email,
}
}).subscribe(data => {
if (data.length > 0) {
const userObj = {
admin: false,
...
email: data[0].email,
name: data[0].name,
verified: false,
};
this.addUser(userObj, user.user.uid);
}
});
});
return userDetails;
}
回答1:
There is no way to prevent a user from authenticating with Firebase Authentication. All they do when they authenticate is say "I am X Yz" and prove it.
What you can do however is prevent that they have access to you database. For example to only allow white-listed users read-access to your database:
{
"rules": {
".read": "root.child('allowedUsers').child(auth.uid).exists()"
}
}
Also see:
- How to disable Signup in Firebase 3.x
- Firebase Authentication State Change does not fire when user is disabled or deleted (inverted version of your whitelist)
来源:https://stackoverflow.com/questions/45789144/firebase-prevent-user-authentication