问题
I've created a login and registration screen that works with my Flutter app, using Firebase as the backend authentication service. I'm able to switch between the login, registration and reset password screens well.
The Issue
At the moment, the registration screen accepts any email address that is entered, whether or not it is real. For example, if I were to type in gvevg@gverwbgw.com, it would allow the user to register. This is obviously an issue, when it comes to fake accounts and spam etc.
The Aim
I would basically like to be able to edit my code, to automatically generate an email address verification email, which prevents the user from signing in, before their email address has been verified. The code I have made uses a Future, FirebaseAuth and async/await to make this happen.
My Current Code
Firstly, I define an AuthBase abstract class, that creates the 'createUserWithEmailAndPassword' function (amongst others) as follows:
abstract class AuthBase {
Stream<User> get onAuthStateChanged;
Future<User> currentUser();
Future<User> createUserWithEmailAndPassword(String email, String password);
}
Then, I create an Auth function, that implements AuthBase, gets the current user from Firebase and creates the registration Future function, as follows:
class Auth implements AuthBase {
final _firebaseAuth = FirebaseAuth.instance;
// This creates the user ID token variable (if one doesn't already exist) which is then populated using one of the login methods.
User _userFromFirebase(FirebaseUser user) {
if (user == null) {
return null;
}
return User(uid: user.uid);
}
// This helps to get the user from Google Firebase, noting if there is or isn't a user with those login details already.
@override
Stream<User> get onAuthStateChanged {
return _firebaseAuth.onAuthStateChanged.map(_userFromFirebase);
}
// This identifies the current user, who is logged in at the time.
@override
Future<User> currentUser() async {
final user = await _firebaseAuth.currentUser();
return _userFromFirebase(user);
}
// This creates the user account for an email-and-password sign-in, with firebase, if it doesn't already exist.
@override
Future<User> createUserWithEmailAndPassword(
String email, String password) async {
final authResult = await _firebaseAuth.createUserWithEmailAndPassword(
email: email, password: password);
return _userFromFirebase(authResult.user);
}
}
My Question
How do I edit my code, so that it allows me to implement email verification automatically for any user that wants to sign in with email? I believe the sendEmailVerification() function must use FirebaseUser, although I am not sure how to implement it here. I would appreciate any help. Thanks!
回答1:
Email+password authentication requires nothing more than that the user knows the combination of email+password. It doesn't in itself require the email address to be verified to sign in. If you want the email address to be verified before allowing access to other data, you can do that by checking the user's token for the email_verified claim for example in the security rules of your database.
Also see:
- How do I lock down Firebase Database to any user from a specific (email) domain?
- Firebase email verification at SignUp
- How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
- Only let pre-verified users log into Firebase
来源:https://stackoverflow.com/questions/60280970/verify-a-users-email-address-before-confirming-registration-with-flutter-and-f