Im triying to use firebase in my app but I have a doubt about registration process, I declared an User collection, but when I sign up with google or facebook, the data is stored in Authentication, I want create an user but besides the fiels email and password, also with a fields like address, role, city and use the createUserWithEmailAndPassword method , to create the user with all those fields, is there a way to do that?
Auth only creates it's own entry to its own table. so you should first get these details from the user and send them to user collection manually.
You can create a new user object adding all these details into it and call this:
this.fireStore.collection("users")
.doc(user.id)
.set(user);
Due to security reasons, I wouldn't recommend storing the password in the db though.
Related
I'm working on a Node js project using Firebase. Currently, I store several User fields in the database under their email address. (Users > Email Address > (five different fields)). One of these fields is the user's password.
In my Reset Password workflow, I have Firebase send the User a reset password email. After the user goes through the link in that email, they successfully change their password and can now log in with their new password. My question is how can I grab that new password, and update the Users > Email Address > password field in my database right away? Currently, this field is holding the old password that doesn't have any use any longer.
I don't believe we will need this field for the project, but I want to keep it updated for now in case another member on my team needs it. Thank you
My question is how can I grab that new password, and update the Users
-> Email Address -> password field in my database right away?
By using the standard reset password email mechanism proposed by Firebase you cannot "grab" the password.
You would need to implement your own mechanism as explained in the "Create custom email action handlers" page in the doc.
As evocated by #Kiran in his comment, storing users' passwords in your Firebase DB (Firestore or the RTDB) can be dangerous: you should take care that they cannot be read by some malicious users, typically by using security rules.
It can make sense, from a specific business/admin/organisational reason, to store users' password in a Firebase DB but then you should correctly protect them.
I'm currently building a POS/Store admin app, when a user gets into my app, the Owner of the store will then be asked to login only once for setup purpose (e.g. a new machine), the app will then display a list of staffsName that has already been added by this owner, and then everytime a staff wants to start a new transaction, he/she will only need to click on his/her name, then enter his/her 4-digit pincode to 'login' and process the transaction.
How do i go about achieving this?
I was thinking of using firebase auth for the 'login' of the staff, but then when i log in using the staff credential, I will lose access to the uid of the owner, which is needed to access the owner's store data such as his/her products.
i'm also thinking of using firestore to store the 4digit pincode, but then i'm also concerned about security
There are multiple ways you can approach this, one where you utilize the email login by simply appending a fake domain to the username to create a valid email domain. This user account could be the designated 'user' in question, or utilize credentials inside custom claims or hidden in a database that allows the client or server (depending on your preference) to then log in as the user.
Moreover if you want the manager to login once you can add Authentication State Persistence to specify whether a signed in user should be indefinitely persisted until explicit sing out, page reload etc.
Another approach requires the user also to have a valid auth that is not an email password and you link your pin auth to that main account with Firebase Auth Linking per the documentation: https://firebase.google.com/docs/auth/web/account-linking.
This does however require that the user be registered from an auth provider such as Google, Twitter, Apple, etc. then the user will have to activate this link by logging in for authentication purposes. This can in theory be automatically generated and processed without the user knowing.
It is a long way around it since this is essentially a custom solution but it does create the flow you are looking for without having to use a custom auth provider.
I have a flutter project in which every user create their profile and store some data in it by using firebase firestore.
I want to know that how a user can access or see the profile data of other users by their usernames without logging in?
For example: Facebook profile of anyone by facebook.com/username. anyone can see the profile of the user without logging in.
If you want to control the access to documents and collections in your database I suggest that you use and modify the security rules. In this case what you want is to allow read access only for specific fields (user profile). This link show you how control access to specific fields.
I've a project in which a user needs to be signed in by using their email and password credentials.The user must submit his unique id(Roll number) along with email and password at the time of his account creation.
While doing the project, I've used firebase-auth on the login page to use firease.auth().onAuthStateChanged() function.But the issue here is anyone can create their accounts by simply running firebase.auth().createUserWithEmailAndPassword() function in the console without submitting unique id(Roll number).
Now how can I restrict the users from such actions and making them to submit their unique IDs for their account creation
You probably do not want users to have to submit their unique ids when creating an account. If you do require this, then you'll need to add a validator that pings a collection with stored IDs to make sure that the unique Id they are submitting is in fact unique.
Instead, let Firebase create a unique ID for the user and allow them to register by email password.
Once a user registers with the firebase.auth().createUserWithEmailAndPassword() method, if successful it returns an object with auth credentials. in that returned object is a user property that includes a uid key:value
I signed up a user in my Flutter app using FirebaseAuth.instance.verifyPhoneNumber(). This works perfectly and the user shows up in my Firebase Console.
FirebaseAuth.instance.currentUser() now returns the user for me whenever I open the app. Should I store user info (age, weight etc.) here, or should I create a users collection in my Database and link the currentUser().uid in there?
Also, should I store it on the Database linked against the uid, or linked against the login info. For example, link a user to the phoneNumber and not the uid. Because if you ever delete the user, but they want to register again, then they will get a new uid, but their phoneNumber / email will still stay the same and can therefore still link to their old data.
You can't add arbitrary data to the Firebase Authentication user profile. So you should store the additional data in a database, and indeed associate it with the UID of the user, so that you can easily look it up. This also allows you to implement searches for users more easily, as the client-side Firebase Authentication SDKs have no functionality to look up data for any user but the currently signed in one.
To the additional question: if a user deletes their account from your application, you should respect their wishes and delete the additional data that you store for them too.