当新用户注册Web应用程序时,发送了验证电子邮件。我阻止新用户在验证之前登录。
同时,如果验证链接到期,用户忘记了密码,他将单击重置密码链接并将收到电子邮件。
所以我认为我应该同时处理重置密码操作以及验证。否则,用户即使更改密码也将无法登录。
function handleResetPassword(auth, actionCode) {
auth.verifyPasswordResetCode(actionCode)
.then(function (email) {
// Showing the reset screen and ask the user for
// the new password.
}).catch(function (error) {
//
});
};
用户保存新密码时:
function saveNewPassword() {
auth.confirmPasswordReset(actionCode, vm.form.password).then(function (resp) {
// Password reset has been confirmed and new password updated.
// Now auto sign in user
auth.signInWithEmailAndPassword(vm.email, vm.form.password).catch(function (error) {
// Handle Errors here.
});
firebase.auth().onAuthStateChanged(function (user) {
if (user) {
// user signed in.
// check whether the user is verified
// if not set true
user.updateProfile({ emailVerified: true })
}
});
}).catch(function (error) {
//
});
}
但是下面的代码无法正常工作,因为它没有影响。我可以更改其他用户数据(例如displayName),但不能更改(电子邮件verified)。它仅适用于firebase电子邮件验证。
user.updateProfile({ emailVerified: true })
此类用户方案的推荐方法是什么?
您无法从客户端更新emailVerified,否则任何未经验证的用户都可以在不执行电子邮件的实际所有权的情况下执行此操作。您需要使用HTTP端点使用Admin SDK执行此操作(也可以使用Firebase功能为此)。但是,您需要确保密码重置代码成功。因此,在这种情况下,您需要在服务器上运行代码。这是它的工作方式:
var firebase = require('firebase');
var admin = require('firebase-admin');
// Initialize the client and admin instances.
// firebase.initializeApp(clientConfig);
// admin.initializeApp(adminConfig);
// Send the reset code and the new password to your backend.
var email = null;
// Get email corresponding to code.
firebase.auth().checkActionCode(actionCode)
.then(function(info) {
email = info.email;
// Confirm password reset.
firebase.auth().confirmPasswordReset(actionCode, password)
});
.then(function() {
// Get uid of user with corresponding email.
return admin.auth().getUserByEmail(email);
}).then(function(userRecord) {
// Password reset succeeded. Email can be verified as the user
// must have received the code via their email confirming
// ownership.
return admin.auth().updateUser(userRecord.uid, {emailVerified: true});
});