In their docs: https://firebase.google.com/docs/auth/web/manage-users#delete_a_user
And their code example:
var user = firebase.auth().currentUser;
user.delete().then(function() {
// User deleted.
}).catch(function(error) {
// An error happened.
});
This only deletes my user, the one logged in. How would I look up a different user to delete based on email with Firebase?
You can't delete a different user from a client web app, but you could do so from a server using the Admin SDK, as shown here.
You can limit other users using any user by implementing a code+db.
Later, using google cloud services/functions, you might be able to setup one that looks for specific values in db to delete those users for you, as it will be running as Admin.
Related
I am having a react application with firebase as authentication. My authentication code is below
await firebase.auth().onAuthStateChanged((user) => {
if (user) {
props.setUser(user); //setting the user if login/register happens
history.push(`/admin/dashboard`);
console.log("user",user)
} else {
props.setUser(null); //blocks the user to get into the app if he/she is not logged in
history.push("/");
}
});
So, when user logs in..he will be navigated to /admin/dashboard. suppose when am in /admin/home and when i refresh the page, it goes again to admin/dashboard which shouldn't happen. so I tried
history.push(${props.location.pathname}); it works correctly after the refresh, it stays on the same page when the application is logged in. but when I restart the server again when I try to log in, it says no redirect url is specified. Got stuck on this for a long time.. Any help is welcome.Thanks
What your code does is check if the user is logged in and only let the user access the data if so.
You should do that in the fireabse rules (= serverside) as this is way more secure.
You didn't provide the kind of FirebaseDB you are using. So assuming you use the Realtime Database here are some according rules:
{
“rules”: {
“.read”: “auth != null”,
“.write”: “auth != null”
}
}
You should maybe check the rules before deploying your app, because now every authenticated user can change/add/delete data, but you get the point. This does exactly what you want so you won't even need to perform a check in your ReactJS App. Firebase will automatically deny unauthenticated users the access to the database.
Btw: You should try to implement security relevant things in the Firebase Rules. Ideally you want your rules to be written in a way that you don't need to perform any validation inside your ReactJS app. Firebase rules can get quite complex. I experienced that myself when writing a chat app with chatrooms and everything. But it is definitly worth the effort if your app is more secure after.
I am trying to delete a user from firebase through an admin panel, to delete a user, according to the documentation, this is how it is done
var user = firebase.auth().currentUser;
user.delete().then(function() {
// User deleted.
}).catch(function(error) {
// An error happened.
});
However, I am trying to delete the a user that is not the currentUser, is it possible to somehow fetch a user through its UID?
It's not possible for a Firebase user to fetch or delete other arbitrary users. That would be a massive security hole.
You will need to have a backend for this, and your client is going to have to instruct the backend to delete the user account using the Firebase Admin SDK to manage users.
Good day guys,so i am trying to implement a feature in my react native app....After a user has logged in and later logs out of the app,i want to add a feature on the login screen to ask if the user wants to continue as the previous user that was logged in,please how do i go about it?
Sample User interface
i'm new in react-native. but i think i have some solution:
Using local storage, store user id or somthing for login.
When user login, you can get device id and store it to your database. When user into app: check device id, detected previous user logged.
When ever a new user logs in try to save details like email or username in Async storage(which is one way to store values in React native). And when the user logs out you can show the details which you had stored in Async storage.
Hope, this helps!
Right now, I only want users who have already registered and been verified with our software to login, and I have saved the list of emails of users (stripped of special characters) inside Firebase. Currently, when the user logs in, I use the following function to check if their email is in this list:
function isEmailValid(userEmail, trueCallback, falseCallback) {
var emailHash = userEmail.replace(/[^a-zA-Z0-9]/g, "");
firebase
.database()
.ref("validEmails/" + emailHash)
.on("value", snapshot => {
if (snapshot.val()) {
trueCallback(snapshot.val());
} else {
falseCallback();
}
});
}
Although this method works, it is quite unwieldy, as the user is still able to log in initially before the function callback is called, and their email is still shown in the "Authentication" tab in Firebase.
Is there a better way to only allowed pre-verified users to log into Firebase?
I'm pretty sure this has been covered before: there currently is no way to prevent users from signing in with Firebase Authentication. But if you want to prevent them from accessing backend resources, you can check whether their email address is verified either in the server-side security rules (for Realtime Database, Storage, or Firestore), or in your own server-side code.
At I/O a demo was given of upcoming functionality in Cloud Function that would allow you to prevent signing in users without a verified email address. But I don't know when this functionality will available in a public API.
Also see:
Firebase Prevent Creating Account Before Email Verification
How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
How do I lock down Firebase Database to any user from a specific (email) domain?
I have following flow for my sign up process:
User fills out details and signs up (gets send verification email)
After this user is logged in, but sees a screen asking to for email verification
User verifies their email and goes back to app
At this stage how can I get new user data that will have emailVerified field without logging user out?
I expected auth().onAuthStateChanged to be fired once emailVerified changes to true, but that does not happen, nor can I find any refresh function in firebase docs to get this data manually.
Only way I can get that new value for emailVerified is by loging out and loging back in, but ideally would like to avoid this.
update: this is using JavaScript SDK
Based on android I did
firebase.auth().currentUser.reload().then(() => {
console.log(firebase.auth().currentUser)
})
this returns updated information about the user, I couldn't find this anywhere in the docs for some reason