Firebase - How to permanently save user profile? - firebase

Firebase Console only allows to set email address and password, there is no option to save user's profile but this can be done using code:
user.updateProfile({
displayName: "Chinmay Sarupria"
}).then(function() {
console.log(user.displayName);
}, function(error) {
console.log(error);
});
If this is the way to save user data permanently then it is impossible to write code for every user just to save their displayName like this or is doing via code permanent, at the moment it is working for me but I'm not sure if it will remain like that forever.
Ofcourse, I could save the user data in realtime database and then fetch it based on user's uid but if saving user data in the user variable is possible then that is much better than getting the data from database.

After you reference your user object you can update values under the UID for that user.
var rootRef = new Firebase('https://yourapp.firebaseio.com');
// Check the current user login status and redirect if not logged in
var user = rootRef.getAuth();
if (user) {
var user = rootRef.getAuth();
var userRef = rootRef.child('users').child(user.uid);
... do something with the logged in user...
}
function writeData () {
var user = rootRef.getAuth();
var userRef = rootRef.child('users').child(user.uid);
var profileRef=userRef.child('profile').push();
profileRef.update ({
name: "Tony",
position: "Developer"
});
};
This should give your user profile a structure something like this:
}
"users" : {
"067f75bf-4a07-473e-82e5-d9a5ee11be17" : {
"profile" : {
"-KN2dG5X4lLpp0fwfsXK" : {
"name" : "Tony",
"position" : "Developer"
}
}
}
}
Note the push() function gives you the randomly generated key. You may not need it.
Hope this helps.

Related

How to check if logged in via 3rd party service in Meteor framework?

How do you check whether a user is logged in via third party (Google, Facebook, ...) in the Meteor framework? Also, is this possible from the client?
There are multiple ways to do it. On the Server side you would have a function like Accounts.onCreateUser((options, user) => {... }).
If you already publish minimum data of the user, you can add a key using onCreateUser and save something like: loginVia: "email" or "FB" etc. Then you publish that key or get its value with a method.
The straight forward solution is to check if the social service exists if look for a particular service.
For Example:
const isFBUser: Meteor.users.find({ _id :.... }, { 'services.facebook': { $exists: true } }).count() // results in 1 record or 0 records = true / false
of if you want to know if the user is coming via email and not third party you can check for emails
const isThirdParty = Meteor.users.find({_id: ...}, emails: { $exists: true })
It is pretty common to also use a merge accounts system so that someone coming from FB with the email gigi#gmail.com will letter be allowed to log in to you app with the email instead of the social account. In this case, you would need to eventually save the source of the last login.
I'll leave here for you part of my onCreateUser as example of how to pull data out of a 3rd party user and save it in the use profile. On the same lines you can save the 3rd party source (as suggested above)
if (user.services) {
const fb = user.services.facebook
const google = user.services.google
let avatar = null
let fbi = null // I use this to keep a record of the FB user Id
let ggli = null // // I use this to keep a record of the Google user Id
if (fb) {
/**
* I upload to S3 and I don't wait for a response. A little risky...
*/
put_from_url(`https://graph.facebook.com/${fb.id}/picture?width=500&height=500`, `avatar/${fb.id}.jpg`, (err, res) => {
if (err) {
console.log('Could not upload FB photo to S3, ', err)
} else {
// console.log(res)
}
})
user.profile = extend(user.profile, {
firstName: fb.first_name,
lastName: fb.last_name,
email: fb.email,
displayName: fb.name,
gender: startCase(toLower(fb.gender)),
avatar: `${fb.id}.jpg`
})
avatar = `${fb.id}.jpg`
fbi = fb.id
roles = ['user', 'social']
}
if (google) {
/**
* I upload to S3 and I don't wait for a response. A little risky...
*/
put_from_url(google.picture + '?sz=500', `avatar/${google.id}.jpg`, err => {
if (err) {
console.log('Could not upload Google photo to S3, ', err)
}
})
user.profile = extend(user.profile, {
firstName: google.given_name,
lastName: google.family_name,
email: google.email,
displayName: google.name,
gender: startCase(toLower(google.gender)),
avatar: `${google.id}.jpg`
})
avatar = `${google.id}.jpg`
ggli = google.id
roles = ['user', 'social']
}
/**
* Create a slug for each user. Requires a display name for all users.
*/
let slug
slug = Meteor.call('/app/create/slug', user.profile.displayName, 'user')
Also please check the user object structure:
And check this out. Users via 3rd party don't have the email field so you can check its existence.

Firebase get value from database

The question is: How to take the uid row when you only know the user his username? for example, you only know 'senneken' and you want to know the uid of 'senneken'
Extra information:
My user database looks like this
I want to add friends to users. I can check if the user exists for them by doing
searchButton.addEventListener('click', function (event) {
event.preventDefault();
username = searchUsername.value;
var ref = firebase.database().ref('users').orderByChild("username").equalTo(username).once("value", snapshot => {
const userData = snapshot.val();
if (userData) {
console.log("Username " + username + " was found");
} else {
console.log("No user found");
}
But now I want to add the users UID in my database
And I can add the friends username by doing
addFriendButton.addEventListener('click', function (event) {
firebase.auth().onAuthStateChanged(function (user) {
if (user) {
var ref = firebase.database().ref("users").child(user.uid).child("friends").push({
username: username
})
}
});
});
Because I use push there is always a random ID generated under friends but I would like to take the UID from the user that I want to add and put that under my friends (instead of the random UID)
In this case the collection of friends seems like a set: each specific UID can either be in there, or it cannot be in there. It cannot be in there more than once, and order seems to not matter. The solution is to not use a push ID, but model it as a set like this:
friends
uid1
uid2: true
uid3: true
This way you can simply set a user as a friend with:
firebase.database().ref("friends").child(user.uid).child(username).set(true)
You might notice that I also turned the collections of friends into a top-level collection. Nesting information about friends under other profile information about a user is an anti-pattern, which makes it hard to secure data, leads to downloading more data than is needed, and in general is not recommended by Firebase experts.

In meteor how to verify user password before running a method? [duplicate]

There are some irreversible actions that user can do in my app. To add a level of security, I'd like to verify that the person performing such an action is actually the logged in user. How can I achieve it?
For users with passwords, I'd like a prompt that would ask for entering user password again. How can I later verify this password, without sending it over the wire?
Is a similar action possible for users logged via external service? If yes, how to achieve it?
I can help with the first question. As of this writing, meteor doesn't have a checkPassword method, but here's how you can do it:
On the client, I'm going to assume you have a form with an input called password and a button called check-password. The event code could look something like this:
Template.userAccount.events({
'click #check-password': function() {
var digest = Package.sha.SHA256($('#password').val());
Meteor.call('checkPassword', digest, function(err, result) {
if (result) {
console.log('the passwords match!');
}
});
}
});
Then on the server, we can implement the checkPassword method like so:
Meteor.methods({
checkPassword: function(digest) {
check(digest, String);
if (this.userId) {
var user = Meteor.user();
var password = {digest: digest, algorithm: 'sha-256'};
var result = Accounts._checkPassword(user, password);
return result.error == null;
} else {
return false;
}
}
});
For more details, please see my blog post. I will do my best to keep it up to date.
I haven't done this before, but I think you will need something like this on your server
Accounts.registerLoginHandler(function(loginRequest) {
console.log(loginRequest)
var userId = null;
var username = loginRequest.username;
// I'M NOT SURE HOW METEOR PASSWORD IS HASHED...
// SO YOU NEED TO DO A BIT MORE RESEARCH ON THAT SIDE
// BUT LET'S SAY YOU HAVE IT NOW
var password = loginRequest.password;
var user = Meteor.users.findOne({
$and: [
{username: username},
{password: password}
]
});
if(!user) {
// ERROR
} else {
// VERIFIED
}
});
then you can call this function from the client side like this:
// FETCH THE USERNAME AND PASSWORD SOMEHOW
var loginRequest = {username: username, password: password};
Accounts.callLoginMethod({
methodArguments: [loginRequest]
});
I have a project on github for different purpose, but you can get a sense of how it is structured: https://github.com/534N/apitest
Hope this helps,
I have found the best way to validate the users password is to use the Accounts.changePassword command and
pass in the same password for old and new password. https://docs.meteor.com/api/passwords.html#Accounts-changePassword
Accounts.changePassword(this.password, this.password, (error) => {
if(error) {
//The password provided was incorrect
}
})
If the password provided is wrong, you will get an error back and the users password will not be changed.
If the password is correct, the users password will be updated with the same password as is currently set.

Meteor private messaging between users

Right now I have a working messaging system developed in Meteor where users can send private messages to each other.
The server looks like this:
// .. lot of code
Meteor.publish("privateMessages", function () {
return PMs.find({ to: this.userId });
});
PMs.allow({
insert: function(user, obj) {
obj.from = user;
obj.to = Meteor.users.findOne({ username: obj.to })._id;
obj.read = false;
obj.date = new Date();
return true;
}
});
// .. other code
When the user subscribes to privateMessages, he gets a mongo object that looks like this:
{ "to" : "LStjrAzn8rzWp9kbr", "subject" : "test", "message" : "This is a test", "read" : false, "date" : ISODate("2014-07-05T13:37:20.559Z"), "from" : "sXEre4w2y55SH8Rtv", "_id" : "XBmu6DWk4q9srdCC2" }
How can I change the object to return the username instead of the user id?
You need to do so in a way similar to how you changed username to _id. You can create a utility function:
var usernameById = function(_id) {
var user = Meteor.users.findOne(_id);
return user && user.username;
};
Edit:
If you don't want to poll minimongo for each message, just include username instead of _id inside your message object. Since username is unique, they will be enough.
If in your app you allow users to change username, it might be a good idea to also keep the _id for the record.
In one of larger apps I've been working with we kept user's _id in the model (to create links to profile etc.), as well as cached his profile.name (for display purposes).
I suggest adding the collection helpers package from atmosphere. Then create a helper for PMs called toUser that returns the appropriate user.
Then you can get the name using message.user.name.

How do I use Firebase Simple Login with email & password

Firebase Simple login provides an email/password option, how do I use it? Starting from from creating a user, storing data for that user, to logging them in and out.
There are three distinct steps to be performed (let's assume you have jQuery):
1. Set up your callback
var ref = new Firebase("https://demo.firebaseio-demo.com");
var authClient = new FirebaseAuthClient(ref, function(error, user) {
if (error) {
alert(error);
return;
}
if (user) {
// User is already logged in.
doLogin(user);
} else {
// User is logged out.
showLoginBox();
}
});
2. User registration
function showLoginBox() {
...
// Do whatever DOM operations you need to show the login/registration box.
$("#registerButton").on("click", function() {
var email = $("#email").val();
var password = $("#password").val();
authClient.createUser(email, password, function(error, user) {
if (!error) {
doLogin(user);
} else {
alert(error);
}
});
});
}
3. User login
function showLoginBox() {
...
// Do whatever DOM operations you need to show the login/registration box.
$("#loginButton").on("click", function() {
authClient.login("password", {
email: $("#email").val(),
password: $("#password").val(),
rememberMe: $("#rememberCheckbox").val()
});
});
}
When the login completes successfully, the call you registered in step 1 will be called with the correct user object, at which point we call doLogin(user) which is a method you will have to implement.
The structure of the user data is very simple. It is an object containing the following properties:
email: Email address of the user
id: Unique numeric (auto-incrementing) ID for the user
FirebaseAuthClient will automatically authenticate your firebsae for you, not further action is required. You can now use something like the following in your security rules:
{
"rules": {
"users": {
"$userid": {
".read": "auth.uid == $userid",
".write": "auth.uid == $userid"
}
}
}
}
This means, if my User ID is 42, only I can write or read at example.firebaseio-demo.com/users/42 - when I am logged in - and no-one else.
Note that Simple Login does not store any additional information about the user other than their ID and email. If you want to store additional data about the user, you must do so yourself (probably in the success callback for createUser). You can store this data as you normally would store any data in Firebase - just be careful about who can read or write to this data!
Just incase someone is reached to this thread and looking for some example application using the firebase authentication. Here are two examples
var rootRef = new Firebase('https://docs-sandbox.firebaseio.com/web/uauth');
......
.....
....
http://jsfiddle.net/firebase/a221m6pb/embedded/result,js/
http://www.42id.com/articles/firebase-authentication-and-angular-js/

Resources