问题
I'm having an issue with Firebase and it's email verification flow. I'm able to create a new user, email with a link to verify email address is delivered with no issues. Now, just for testing purposes I'm not clicking on the link to verify the email, but, if I open the app, I'm able to access and do anything. I'm not sure what I'm missing or what I'm doing wrong. I've been stuck with this for the past couple days. Any help is greatly appreciated.
my code
@IBAction func loginBtnTapped(_ sender: Any) {
SVProgressHUD.show()
guard let email = emailTxt.text,
let password = passwordTxt.text else { return }
Auth.auth().signIn(withEmail: email, password: password) {
(user, error) in
if error != nil {
let alert = UIAlertController(title: "Login Error",
message:"Incorrect Email and/or Password", preferredStyle: .alert)
alert.addAction(UIAlertAction(title: "OK", style:
.default) { _ in })
self.present(alert, animated: true){}
if let error = error {
print("error: \(error.localizedDescription)")
}
if Auth.auth().currentUser?.isEmailVerified == false {
let alert = UIAlertController(title: "Unable to
login", message:"Pending: email verification", preferredStyle:
.alert)
alert.addAction(UIAlertAction(title: "OK", style:
.default) { _ in })
self.present(alert, animated: true){}
print("")
SVProgressHUD.dismiss()
}
}
self.dismiss(animated: true, completion: nil)
SVProgressHUD.dismiss()
}
}
Expected results
Newly created user should not be able to login and open the app unless email is verified.
回答1:
you need to check on the firebase databasae for the field that says "is email verified" and then if that BOOL value is TRUE, then let them in the app. the bool value will turn to TRUE automatically after they click the link in their email. so instead of doing it like your'e doing, query the user table for that user and check the boolean value for whether they are verified, if they are not, then don't let them in. good luck and have a fabulous day
回答2:
You should keep the user account disabled until the email address is verified. That seems to be the only way to securely forbid login.
Typically, you may use sendSignInLinkToEmail() to send an email address validation message with specific URL. The user will be automatically redirected to this url after the email validation process.
In our case, we invite user to create a password and then activate their account before redirecting them to the login screen.
回答3:
Firebase Authentication is about authenticating users. If you type (say) the correct email address and password, we trust that you are you.
If you only want to allow data access to users who have verified their email address, that is possible (and know as authorization). You'll check this in the backend that you're trying to protect though, for example in security rules of your Firestore database, as shown here (Firebase) Firestore security rules - allow if email verified without custom tokens?
Also see
- How to stop users from signing in without verifying e-mail I.D. first in Firebase?
- Prevent user account creation with sign in by email in firestore
- Only let pre-verified users log into Firebase
- Is it possible to enable Firebase email authentication but disable sign in?
回答4:
I was able to get this working as expected. The user needs to verify the email, if not, they cannot access the app. I did not have to modify the rules in Firebase. Hope this helps anyone.
loginVC
private var authUser : User? {
return Auth.auth().currentUser
}
public func verifyEmail() {
authUser?.reload(completion: { (err) in
if err == nil {
if self.authUser!.isEmailVerified == true {
self.dismiss(animated: true, completion: nil)
} else {
let alert = UIAlertController(title: "Confirm your email
address.", message: "A confirmation email has been sent to" + " " +
((self.emailTxt.text)!) + " . " + "Click on the confirmation link to activate
your account. ", preferredStyle: .alert)
let actionTaken = UIAlertAction(title: "OK", style:
.default, handler: nil)
alert.addAction(actionTaken)
self.present(alert, animated: true, completion: nil)
}
}
})
}
@IBAction func loginBtnTapped(_ sender: Any) {
SVProgressHUD.show()
guard let email = emailTxt.text,
let password = passwordTxt.text else { return }
Auth.auth().signIn(withEmail: email, password: password) { (user,
error) in
self.verifyEmail()
if error != nil {
let alert = UIAlertController(title: "Login Error",
message:"Error: \(error!.localizedDescription)", preferredStyle: .alert)
alert.addAction(UIAlertAction(title: "OK", style: .default) { _
in })
self.present(alert, animated: true){}
if let error = error {
print("error: \(error.localizedDescription)")
}
}
SVProgressHUD.dismiss()
}
}
来源:https://stackoverflow.com/questions/58515141/firebase-email-verification-not-working-as-expected-without-verification-the-us