1. 技术文章
  2. Firebase email verification not working as expected, without verification the user is able to login

Firebase email verification not working as expected, without verification the user is able to login

冷暖自知 提交于 2020-01-16 17:09:15

问题


I'm having an issue with Firebase and it's email verification flow. I'm able to create a new user, email with a link to verify email address is delivered with no issues. Now, just for testing purposes I'm not clicking on the link to verify the email, but, if I open the app, I'm able to access and do anything. I'm not sure what I'm missing or what I'm doing wrong. I've been stuck with this for the past couple days. Any help is greatly appreciated.

my code

@IBAction func loginBtnTapped(_ sender: Any) {

    SVProgressHUD.show()
    guard let email = emailTxt.text,
        let password = passwordTxt.text else { return }

    Auth.auth().signIn(withEmail: email, password: password) { 
(user, error) in
        if error != nil {
            let alert = UIAlertController(title: "Login Error", 
message:"Incorrect Email and/or Password", preferredStyle: .alert)
            alert.addAction(UIAlertAction(title: "OK", style: 
.default) { _ in })
            self.present(alert, animated: true){}
            if let error = error {
                print("error: \(error.localizedDescription)")
            }
           if Auth.auth().currentUser?.isEmailVerified == false {
                let alert = UIAlertController(title: "Unable to 
login", message:"Pending: email verification", preferredStyle: 
.alert)
                alert.addAction(UIAlertAction(title: "OK", style: 
.default) { _ in })
                self.present(alert, animated: true){}
                print("")
            SVProgressHUD.dismiss()
            }
        }
            self.dismiss(animated: true, completion: nil)
            SVProgressHUD.dismiss()
        }
    }

Expected results

Newly created user should not be able to login and open the app unless email is verified.


回答1:


you need to check on the firebase databasae for the field that says "is email verified" and then if that BOOL value is TRUE, then let them in the app. the bool value will turn to TRUE automatically after they click the link in their email. so instead of doing it like your'e doing, query the user table for that user and check the boolean value for whether they are verified, if they are not, then don't let them in. good luck and have a fabulous day




回答2:


You should keep the user account disabled until the email address is verified. That seems to be the only way to securely forbid login.

Typically, you may use sendSignInLinkToEmail() to send an email address validation message with specific URL. The user will be automatically redirected to this url after the email validation process.

In our case, we invite user to create a password and then activate their account before redirecting them to the login screen.




回答3:


Firebase Authentication is about authenticating users. If you type (say) the correct email address and password, we trust that you are you.

If you only want to allow data access to users who have verified their email address, that is possible (and know as authorization). You'll check this in the backend that you're trying to protect though, for example in security rules of your Firestore database, as shown here (Firebase) Firestore security rules - allow if email verified without custom tokens?

Also see

  • How to stop users from signing in without verifying e-mail I.D. first in Firebase?
  • Prevent user account creation with sign in by email in firestore
  • Only let pre-verified users log into Firebase
  • Is it possible to enable Firebase email authentication but disable sign in?



回答4:


I was able to get this working as expected. The user needs to verify the email, if not, they cannot access the app. I did not have to modify the rules in Firebase. Hope this helps anyone.

loginVC

private var authUser : User? {
        return Auth.auth().currentUser
    }
    public func verifyEmail() {
        authUser?.reload(completion: { (err) in
            if err == nil {
                if self.authUser!.isEmailVerified == true {
                   self.dismiss(animated: true, completion: nil)
                } else {
                    let alert = UIAlertController(title: "Confirm your email 
address.", message: "A confirmation email has been sent to" + "  " + 
((self.emailTxt.text)!) + " . " + "Click on the confirmation link to activate 
your account. ", preferredStyle: .alert)
                    let actionTaken = UIAlertAction(title: "OK", style: 
.default, handler: nil)
                    alert.addAction(actionTaken)
                    self.present(alert, animated: true, completion: nil)
                }
            }
        })
    }


    @IBAction func loginBtnTapped(_ sender: Any) {
        SVProgressHUD.show()
        guard let email = emailTxt.text,
            let password = passwordTxt.text else { return }

        Auth.auth().signIn(withEmail: email, password: password) { (user, 
error) in
            self.verifyEmail()
            if error != nil {
                let alert = UIAlertController(title: "Login Error", 
message:"Error: \(error!.localizedDescription)", preferredStyle: .alert)
                alert.addAction(UIAlertAction(title: "OK", style: .default) { _ 
in })
                self.present(alert, animated: true){}
                if let error = error {
                    print("error: \(error.localizedDescription)")
                }
            }
            SVProgressHUD.dismiss()
        }

    }


来源:https://stackoverflow.com/questions/58515141/firebase-email-verification-not-working-as-expected-without-verification-the-us

标签
swift
firebase
firebase-authentication
email-validation
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!