如何在没有 currentUser 的情况下检查用户电子邮件是否在 firebase 中经过验证
在我的应用程序中,我面临着一种情况,我有用户的电子邮件但没有密码,因此我无法登录并且无法获取 Firebase auth.currentUser 我想知道在发送密码重置之前用户电子邮件是否经过验证链接,因为重置密码后将验证用户电子邮件,但我没有 currentUser,因此无法使用 curruser.isEmailVerified
如何检查?
Firebase云功能在这里可以使用吗?
解释: 用户未登录,用户忘记密码,用户想要重置密码,但我想知道用户是否已验证,因为在注册时我正在发送验证链接,并将该用户存储在我的数据库中(如果电子邮件已验证但有)无法保证用户会单击该链接,但无论用户是否单击链接,用户都将通过身份验证,但无法保证验证,因为未经验证的用户尝试重置密码,然后 Firebase 允许用户这样做,如果用户发送电子邮件给用户以重置密码重置密码然后现在用户已验证但我无法将该用户存储在我的数据中,因为我无法区分已验证的用户和未验证的用户我想在重置密码完成后存储该未验证的用户
In my app I am facing a situation in which I have email of user but not have password, so I can't log in and can't get Firebase auth.currentUser I want to know is user email verified or not before sending password reset link because after reset password user email will be verified but i don't have currentUser so can't use curruser.isEmailVerified
How can I check it ?
Is Firebase cloud functions usable here ?
Explanation:
User is not logged in , user forgot password and user want to reset password but I want to know is user is verified or not because at sign up time I am sending verification link and store that user in my database if email is verified but there is no assurity that user will click on that link but user will be authenticated whether user click on link or not but verification is not assured now that unverified user try to reset password then firebase allow user to do that send email to user to reset password if user reset password then now user is verified but I can't store that user in my data because I can't distinguish verified user and unverified user I want to store that unverified user after reset password is done
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您计划从 Firebase 客户端 SDK 发送验证电子邮件,那么您必须登录用户,并且您应该有权从中访问电子邮件验证属性。如果您只需要另一种方法来检查用户的电子邮件是否已验证而不登录用户,那么您可以使用 具有云功能的Admin SDK:
这里
userRecord将包含有关用户电子邮件验证的信息。然后您可以使用
generatePasswordResetLink()创建密码重置链接,但您必须设置自定义电子邮件服务才能从云功能发送电子邮件。此外,如果用户可以收到密码重置链接,则意味着他们可以访问电子邮件,因此电子邮件已通过该链接进行验证。只需使用 Firebase Auth REST API 即可请求验证电子邮件或密码重置电子邮件绕过此类检查。如果您严格希望阻止任何人从 Firebase 客户端 SDK 获取密码重置链接,您可能必须使用一些额外的凭据运行自定义逻辑。
If you are planning to send verification email from Firebase Client SDKs then you'll have to login the user and you should have access to email verified property from that. If you just need another way to check if user's email is verified without logging in user, then you can use Admin SDK with Cloud functions:
Here
userRecordwill contain information about user's email verification.Then you can use
generatePasswordResetLink()to create a password reset link but you'll have to setup a custom email service to send emails from a Cloud function.Also, if user can receive password reset link that means they have access to the email and hence email is verified with that. One can simply use Firebase Auth REST API to request a verification email or password reset email bypassing such checks. If you strictly want to prevent anyone getting password reset links from Firebase client SDKs you might have to run your custom logic with some additional credentials.