I am trying to do the user registration process in meteor . I looked at meteor accounts-password package which is very good and handle pretty much all the required logic. For my app ,I am struggling over the following two points ----
1 . Accounts-password api named Accounts.createUser takes a limited parameters like -- username , email , password for registering the user . I am requiring other fields like mobile_number , first_name, last_name, address for completing the user registration by creatUser . The mobile number will be used to send an OTP to verify the user's mobile . For email verification , meteor does it very easily . How can this multiple parameters based create user be executed using the accounts-password api's.
2 . Accounts-password api named Accounts.loginWithPassword only takes email , username and password to login . In my app , user will enter either email or mobile_number as one input and password as second input , and based on this , i need to verify the user and log him in the app . How can the mobile number based loggingIn be included ?
I've had a similar use case where I had to build a system for users with only mobile numbers and no email IDs.
Use the profile field to store additional information.
When an user is created, generate the OTP and send it to the mobile number through your SMS gateway. Handle the OTP confirmation through a separate form. (Make sure the OTP is not published to the user).
Store the mobile number as the user name, this way when they user keys in his mobile/email, Meteor.loginWithPassword will check both username/email.
Hope the above helps.
Related
I've a project in which a user needs to be signed in by using their email and password credentials.The user must submit his unique id(Roll number) along with email and password at the time of his account creation.
While doing the project, I've used firebase-auth on the login page to use firease.auth().onAuthStateChanged() function.But the issue here is anyone can create their accounts by simply running firebase.auth().createUserWithEmailAndPassword() function in the console without submitting unique id(Roll number).
Now how can I restrict the users from such actions and making them to submit their unique IDs for their account creation
You probably do not want users to have to submit their unique ids when creating an account. If you do require this, then you'll need to add a validator that pings a collection with stored IDs to make sure that the unique Id they are submitting is in fact unique.
Instead, let Firebase create a unique ID for the user and allow them to register by email password.
Once a user registers with the firebase.auth().createUserWithEmailAndPassword() method, if successful it returns an object with auth credentials. in that returned object is a user property that includes a uid key:value
I'd like to know if it's possible for a mobile registered firebase user to log-in without authentication procedure, in other words:
Lets say an administrator creates a firebase user by console (or web interface to console) then is it possible that when this user launches the app on his mobile he just logs in without the authentication procedure?
To put it simple, is it possible for mobile users a log-in like email/password user: just enter the number and log-in?
If you're referring to using a Phone Number for authentication this is supported by Firebase and the documentation can be found here https://firebase.google.com/docs/auth/ios/phone-auth
The caveat to this is that you can't create a user through the Firebase console as you were suggesting. It relies on the user using their mobile number to register when they logging in for the first time.
The other option that may or may not be applicable is to use Anonymous authentication along with a collection of predefined users with numbers as Peter suggested above.
You can add new users from the console, first you need to enable the email/password Sign in method. Then you can add a new user:
Then the user can login using the email/password added in the console.
If you want the user to enter a number and login, then associate a number in the firebase database with the email:
Users
userid
email: userx#gmail.com
number: 102
I am using ionic 3 and firebase for the backend.In my app I am trying to let users sign up with just username and password. Well firebase by default doesn't provide that option. So I am getting user's input as username (for example: 'mike123') then i add #myapp.com. so it looks like an email: 'mike123#myapp.com'. That is all fine, but a problem just came up when user's want to reset their passwords. Is it possible to let users type in any valid email address at the time they want to reset their password?.
You can change the password of the user by https://firebase.google.com/docs/auth/admin/manage-users#update_a_user. Note that this is in the Firebase Admin SDK, so will require that you run code in a trusted environment, such as a server you control or Cloud Functions.
But faking username+password by faking an email address is non-ideal. I'd consider creating a custom auth provider for your needs.
If the email provided when sending the Reset Password request doesn't exist for any user, then it will fail.
In Android, calling sendPasswordResetEmail with a non-existing email, it would return a:
FirebaseAuthInvalidUserException: There is no user record corresponding to this identifier. The user may have been deleted.
You should ask for a valid email from the user and save their preferred username separately upon the user creation.
Currently, by default if I try to use social login in meteor, it will create a new account for the user if one is not available. But I don't want that. Here's what I need :
When the user signup, I need to provide social signup options. When the user signup with the social account, it should come back to the app where I will present the user with a form to enter extra details. I don't want to create an account until those details are filled. I will pull the name and email from social accounts.
At login, if the user have already connected a social account, he will be allowed to login. Otherwise he have to signup first.
How can I implement this behavior in Meteor?
The way I handle this is in Account.validateNewUser
this function validates the user and returns true or false.
but you can add logic to the process.
In my case, I check if the user exists by email:
social logins (except for Twitter) all create a user with email.
the function contains a user object parameter with the user account info
If you do a check using Accounts.findUserByEmail(<email>) you can find if the user has been created previously.
In that case,
there are 2 cases:
user tried to create an account with password, just return true and the rest of the user create process will prompt the user that a user already exists with this email.
if it's a social login, I merge the 2 user objects to make it one, keeping the original _id. then return 'true' to pass the validation process.
I have a web application that creates user accounts, but I would also like to have the ability to have users that can sign up for subscriptions without accounts. All they have is a subscription page to modify email settings and enable the newsletter subscription.
My questions is how do I verify that the user is who they say they are without a username/password, and my second is how should they access this page. I dont want just anyone typing in the url with the email and access subscription settings for that user.
For each user entry you create a unique access code that you use in the url in order to validate that this is the user you want.
The subscription form will give these options:
subscribe by filling in your email
request to change your settings by just putting your email to another field
both action will send an email to you with a special url
the first to validate that this is made by you so you will enable this user & his email
the second to send him another special url to make any changes to his settings in the case that this use is active in your database.
For this unique code you can use md5 of his email with a timestamp when he was registered.