如何在用户注销的情况下允许用户更改密码?

huangapple go评论72阅读模式
英文:

How can I allow a user to change his password if they are signed out?

问题

我正在使用Firebase身份验证。
我有电话验证。
假设某个用户在登出状态下忘记了他/她的密码。

在电话验证之后,我想允许他/她更改他/她的密码(他/她未登录)。
我无法使用getCurrentUser(),因为他未登录。
用户的帐户是通过电子邮件(电子邮件登录方法)创建的,但验证是通过电话号码进行的。
那么,我该如何做呢?

英文:

I'm using Firebase Authentication.
I have a phone verification.
Suppose some user forgot his/her password while he/she is signed out.

After phone verification, I want to allow him/her to change his/her password. (He/she is not signed in).
I can't use getCurrentUser() because he is not signed in.
User's account is created with email(email sign in method). but verification is made with phone number.
So, how can I do this??

答案1

得分: 1

你可以使用 updatePassword() 方法更改用户的密码。这是 FirebaseUser 类的一个方法。只有在用户登录时才能获取到这些对象。因此,除非用户已登录,否则不可能让用户自行更改密码。

唯一的替代方法是构建一个“后门”,允许用户填写某个表单并将其提交到您的后端,以便您可以使用 Firebase Admin SDK 直接 更新用户账户,绕过正常的安全问题。Admin SDK 仅在后端运行,而不在客户端应用中。

英文:

You can change a user's password with updatePassword(). That is a method of the class FirebaseUser. You can only get one of these objects when the user is signed in. So, it's not possible to have a user change their own password unless they are signed in.

The only alternative to this is to build a "back door" that allows a user to fill out some form and submit it to your backend, so that you can use the Firebase Admin SDK to update the user account directly, bypassing the normal security concerns. The Admin SDK only runs on backends, and not in client apps.

huangapple
  • 本文由 发表于 2020年9月24日 22:44:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/64048882.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定