I'm building an app for an online course, but I like to take their skeleton and make it better to add to my portfolio, adding features. They're teaching Firebase in this section and building a chat app... When I see their video they use "1#2.com" as their email, which doesn't seem like a real email, so I tried it in mine, and I noticed that Firebase is allowing me to use a random assortment of whatever, so an obviously not real email "ajflkdsajffadjslfj123412djflakjdf#hotmail.com" to register. I've skimmed through the firebase docs and didn't see anything that says how to check if the email is actually an email.
Technically that could be a valid mail, so there is nothing Firebase can do to check every mails if they are valid or not. What you could do though is to send an email verification to the user and if they verify their account then they can use your application.
Email Verification in Firebase Auth documentation for that can be found here.
Related
I've been trying to create a contact form for my flutter project. The contact form is composed of two steps. First, the user provides their email and then describes their issue. Once the user presses submit, I want to receive an email on my end. I've look at several packages like mailer and flutter_email_sender. However, they don't seem to offer good solutions; mailer requires that I provide the password to my email address in my code (opening up the possibility for vulnerabilities). Flutter_email_sender simply opens up an email app on the phone.
Recently I've come across the perfect solution, Firebase's new extension Trigger Email. Although the extension seems promising, I can't find any resources outlining proper implementation of Trigger Email in Flutter.
Can you please provide an example of how Trigger Email can be implemented in Flutter project?
From the documentation of the extension:
Use this extension to render and send emails that contain the information from documents added to a specified Cloud Firestore collection.
So to send an email you write a document to Cloud Firestore. For examples of writing to Cloud Firestore from Flutter, see the FlutterFire documentation for examples of this.
Client Framework: Vuejs
Backend DB: Firebase Firestore
Auth system: Firebase Auth
__________________________
I'm building a Vue application that uses Firebase Auth. In the past, most developers created custom form that collects user info (name, email, password, phone #, and etc.) using HTML Input field to gather Email and password, and then, from the client side we could perform TWO important actions in one sequence to give a single step to user.
USE Auth SDK to Call firebase auth method to create new user by passing email and password to the method as parameters.
Upon completion of this action, we then grab the UID that is returned by Firebase, and using Firestore SDK, we then make the next call to create a NEW User in DB, using the name,email, Phone # and the UID.
This flow works great which provides a smooth one step User Flow and we can provide proper error message and navigation.
Then came along and Firebase Team offered FirebaseUI to use as replacement to our custom form and sequence. The FirebaseUI has some strange behaviors related to how to "Sign up" new user and also lacks flexibility and a modern look for form entry.
Based on my understanding, the main reason Google wants us to use it:
A) It provides a more secure way to collect email and password and send it to Firebase Auth.
B) It provides easy way to use multiple providers.
My question is, Is it really unsecured to build our own form as I explained earlier and not bother with Firebase UI, when I'm only using email/password auth and passing it via HTTPS?
Please clarify, is it safe just build my own custom form or SHOULD I use FirebaseUI?
FirebaseUI doesn't really offer anything special in terms of security. Use it if you like the way it works. If it doesn't work the way you want, fork the source code and make it work the way you want. If you want something completely different, feel free to implement it yourself.
The point of FirebaseUI isn't to ensure security. It's to be convenient. You are ultimately responsible for security, so be sure to audit any code you use in order to ensure it meets your needs.
I've incorporated Firebase Cloud Messaging into my app. After messing around, I kind of understood the premise of how it operates. So, as a result, I structured my code so that when users sign up the FCM token is stored. After creating two accounts, I realise both FCM tokens for the user were the same.
Looked online and sorted this issue, and now I can refresh the token on launch, and still append the new FCM token when users initially sign up.
So now, I ask the question - Users are created with a fcmToken field (which I can refer to in my code), however, due to the fact a new token is generated on launch each time does this render the token(s) stored for each user useless? Or can I still push to the specific user using the fcmToken?
I've looked online, but can't seem to find an answer.
FCM tokens don't uniquely identify an individual end user. They identify a specific installation of an app on a specific device. When sending with that token, it doesn't matter who is signed in to the app (or if anyone is signed in at all) - the app will still receive it and need to figure out what to do with it. It's up to you to decide what to do with that message, given the sign-in state of the user. If you expect that your app could have multiple users sharing a single app on a single device, then you will probably want to send something in the payload to determine who that message was intended for, if necessary.
#doug great answer, but there's a common implementation problem when people share a device, so please add a warning, something like: often only the last logged in user should receive push notifications, otherwise he could see messages from the person who was logged in before. your backend should not only store all the devices a user is logged in, but also for each device who the last active user is and check this upon sending a push. the question whether you receive push or not when logged out is a common topic, too.
I'm trying to send a verification email without having a firebaseUser, is it possible ?
I know i can do it with user.sendEmailVerification() method but can i do it just by giving an email from a textfield ?
Based on what I knew and what I've read from the documentation, it looks like it's not possible to do this. A Firebase user, a.k.a an user authenticated within Firebase platform is required if you want to send email verification that uses Firebase Email Vetification service.
Well, do not lose hope since there are plenty workarounds to do this. What I would do to achieve this is to use Firebase Cloud Functions to create serverless API platform. I connect Firebase Cloud Functions with Firebase Admin SDK (which also has access to other Firebase services if I am not mistaken).
I send an email using some kind of email service providers such as SendGrid to designated email address (which the app got from user's inputted email) and provide a link to verify there (in the e-mail that sent to designated email address). Then, in the cloud functions, you leverage Firebase Admin SDK to change verification status.
This approach is flexible though, as it can be used to verify a user not only with Firebase Authentication.
Hope it helps. If it's not clear for you, just comment.
Happy coding.
EDIT: After thoroughly read your question again, I realized that my answer is not fully correct. Somehow you still need a specific user to be added within Firebase Authentication database, which you would not want to do manually and let your app do so instead. Perhaps you can use Firebase Admin SDK in this matter. You can read official Firebase documentation for more information regarding Admin SDK.
I'm walking through the steps described here and upon sending the verification email to myself, I get an email in my inbox from noreply#myappname.firebaseapp.com.
For other email-based auth steps, I can customize the sender name and email address directly from the Firebase console:
Am I missing something that could help me with Email Link sign-in or do I need to go through the process of modifying the SMTP settings in my app's console?
I noticed the same behavior / restriction in the Firebase console. Considering that the underlying .firebase.auth().createUserWithEmailAndPassword method could write your new user to firestore, i guess you could use firebase function to trigger a custom email via sendGrid, for example, and you could flesh out a custom workflow from there.
This article, Email via Firebase Firestore Cloud Function Triggers includes the code to trigger custom emails and could be adapted to your needs. I imagine the trick will be to get the .emailValidated property set to true. It may be as easy as switching the boolean - i don't know.
All in all, it seems like a lot of work just to get a customized validation email though. I would recommend you just stick with what they provide.