I have the following logic in my iOS app:
User registers
Firebase sends an email confirmation
Returns to login screen
Now if the user logs in, without verifying the email, then we have a user session and isEmailVerified is false.
I only need to check the isEmailVerified in a certain point in the app.
Also I think signing the user in, checking the field and signing the user out would be bad practise.
I'd need to reauthenticate the user, what is the best way of doing this? How can I, after the user has logged in, switch the status of isEmailVerified?
Thanks
First, you need to have the email and password to create a credential. Your user already provided this on the login page... So the email and password to persistent storage on iOS. In Android, the equivalent would be SharedPreferences.
I do not code in iOS, but this will give you the idea for the logic.
Then, when you get to that point in your app where email verified is called:
if (user.isEmailVerified) == true {
// you do not need to hold the email and password in persistent storage anymore.
// go into your persistent storage and delete the data.
} else {
// get the email and password the user saved in persistent storage.
String email = persistentStorage.getEmail();
String password = persistentStorage.getPassword();
var user = firebase.auth().currentUser;
var credentials = firebase.auth.EmailAuthProvider.credential(email, password);
user.reauthenticate(credentials);
// then, when finished reauthenticating, check whether isEmailVerified() == true;
}
Related
My app is having facebook & email password login with firebase. Now for those user who are signed with Facebook, I don't want to verify their emails. but in Auth.auth().currentUser?.isEmailVerified its return false always. so is there any other method to detect user is logged in with facebook. I know i can store value inside user default before login but after uninstall & reinstall app i will lost that userdefault. while firebase keep user logged in. i can use keychain for that but if firebase directly provide that then that will make easy for coding.
I find one solution with firebase methods:
if let providerData = Auth.auth().currentUser?.providerData {
for userInfo in providerData {
switch userInfo.providerID {
case "facebook.com":
print("Facebook Login")
//isVerifiededUser = true
default:
print("provider is \(userInfo.providerID)")
}
}
}
You can use:
if let user = Auth.auth().currentUser {
if FBSDKAccessToken.current() != nil {
// logged in using facebook
}
else {
// logged in using manual email/password method
}
}
so you can send verification emails to only those who are logged in using email/password method.
Firebase doesn't provide a method to show which was the first method used to create Firebase account. You will have a list of the all the providers attached to a firebase user with their emails/ phone number attached to them.
Firebase by default only set emails verified for Google SignIn, for other providers Firebase behavior is to set false (although some times it do set the email verified true randomly). The reason is that Firebase cannot guarantee that email is verified by facebook on their platform but incase of Google firebase has trust.
One option is you always send verification email no matter facebook or Email Auth. Second is that you ditch Email password login and instead use new Email Link Authentication, which eliminates the email auth needed in password login.
EDIT:
if you only allow one method to be used at a time then you can get the providers list from the firebase user and check if the providers list has 'password' signin method present, send a verification email after checking email verified, else don't send the email and continue the app
Here is the resource to email link authentication: https://firebase.google.com/docs/auth/ios/email-link-auth
This code means that at some point the user registered using Facebook, but it does not mean that at this point the user is using this provider for access. If the user has these providers ["google.com", "facebook.com"] it will also return true . 😊🖤
fileprivate func userHasFBProvider() -> Bool{
var fBProvider = false
guard let providerData = Auth.auth().currentUser?.providerData else {
return fBProvider
}
for userInfo in providerData {
switch userInfo.providerID {
case "facebook.com":
fBProvider = true
default:
fBProvider = false
}
}
return fBProvider
}
I currently have user authentication in my app using firebase and swift 3. Is there a way to only let users with a certain email address to sign up to use my app?
Essentially what you want to do is include a boolean test to determine whether the email text contains the domain you want.
Here is a function that determines whether or not the input text contains a set domain.
func isValidEmail(testEmail:String, domain:String) -> Bool {
let emailRegEx = "[A-Z0-9a-z._%+-]+#[\(domain)]+\\.[com]{3,\(domain.characters.count)}"
let emailTest = NSPredicate(format:"SELF MATCHES %#", emailRegEx)
let result = emailTest.evaluate(with: testEmail)
return result
}
Here's an example of me using it
let customDomain = "mycompanyname"
let test = "frank#mycompanyname.com"
if isValidEmail(testEmail: test, domain: customDomain) == true {
//Test succeedes... Here you would register the users as normal
print("register \(test)")
}else{
//Test fails... Here you might tell the user that their email doesn't check out
print("register failed")
}
Additionally, I would take a look at Apples App Distribution Guide for if you want to distribute your app locally to say an employee base.
Hope this helps.
You can do the following client and backend checks to enforce this:
On the client side, you can block sign-in when an invalid email domain is provided. If you are using some federated sign in with Google or Facebook, etc, you can on return check the currentUser.email and currentUser.delete the user if the email doesn't match your domain. Google also provides an 'hd' parameter to specify the user domain if you are using GSuite.
You can use Firebase Functions onCreate event to delete a user quickly every time one is created with an invalid email domain.
If you are using database rules, you can block access if the email doesn't match:
".read": "auth != null && auth.uid == $uid" && auth.token.email.matches(/.*#mydomain.com$/)
If you are using your own backend, when getting the ID token of a user, validate it, then get the email and make sure it matches your domain, if not, you can delete the user. The Firebase Admin SDKs provide the ability to verify an ID token and delete a user by UID.
I have a question which looks silly but I can't find answer anywhere.
I have a simple signup iOS procedure which relies on Firebase Authentication SDK.
At a certain point after the user is created with:
FIRAuth.auth()?.createUser(withEmail: userName!, password: password!)
right after that I sent my user a verification email:
FIRAuth.auth()?.currentUser?.sendEmailVerification(completion:
{(error) in
if error == nil
{self.showSuccessPopUp()}
else
{self.showErrorPopUp()}
})
Everything works more than fine, no problem at all.
My question is: my user receives the email and - for any reason - didn't click on the autogenerated confirmation link.
Later on he open the app again and - forgetting that he already register once - tries to signup with the same email address.
Firebase just says that there's already an user created with that email address - as per documentation the user is created even if not 'active' -, therefore I'd like to give my users the option to have a "Resend verification email".
I've been digging into Firebase API documentation without a solution.
Does anyone have ever had the same 'issue' ?
Thanks for any help
Though late I would answer this in two scenarios:
1: You successfully called createUser, but when the user opens the app again, firebase.auth() says they are not signed in
In this case, the account exists with a password, so you will need to send a 'reset password' email, not an authentication email
2: You successfully called createUser, but when the user opens the app again, firebase.auth() says they ARE signed in
In this case, they are logged in, but not verified. Use
firebase.auth().currentUser.reload() // reloads user fields, like emailVerified:
if (!firebase.auth().currentUser.emailVerified) {
//resend verification email
} else {
//login
}
pardon my use of javascript but should be easy enough to translate
This question already has a short answer but I'll add my answer as I was facing the same problem. So there's already an user created with that email address. Later on the user opens the app again and wants to resend the email verification, but this time you don't create the user with email as there's already an user created in firebase with same email address, instead you can signing the user through firebase first as firebase already has user's details, if successful then get the current user from firebase. Now you can give your users the option to have a "Resend verification email" if they haven't verified yet. See the code below to get clear idea.
The following code assumes that user receives the email and - for any reason - didn't click on the autogenerated confirmation link. Later on he open the app again and - forgetting that he already register once - tries to signup with the same email address. Therefore you want give users the option to have a "Resend verification email".
firebaseAuth.signInWithEmailAndPassword(username, password)
.addOnCompleteListener(new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
firebaseUser = firebaseAuth.getCurrentUser();
firebaseUser.reload(); // Here you finally get the user, now you can send verification mail again.
if(firebaseUser.isEmailVerified()) {
// TODO
}else {
// TODO
Toast.makeText(LoginActivity.this, "Please verify your email first!", Toast.LENGTH_LONG).show();
}
}
}
});
Now set a button Resend or something
Here's the code for that
resend.setOnClickListener(new View.OnClickListener() {
#Override
public void onClick(View view) {
if(firebaseUser!=null){
firebaseUser.reload();
if(!firebaseUser.isEmailVerified()) {
firebaseUser.sendEmailVerification();
Toast.makeText(LoginActivity.this, "Email Sent!", Toast.LENGTH_LONG).show();
}else {
Toast.makeText(LoginActivity.this, "Your email has been verified! You can login now.", Toast.LENGTH_LONG).show();
}
}
}
});
This can be done using a firebase function with an email sending module (Nodemailer or Firebase Trigger Email extension for example)
The solution is in the firebase documentation
See section Generate email verification link
I want to allow a user to enter their email address/password in a field. Upon continuing, I want to run a check to see if that user already exists. If they do, log them in and continue with app, if they do not, move to account creation flow where they will be instructed to add name, phone number, etc.
I cannot for the life of me find documentation on how to log a user in using AWS Cognito. I should be able to pass email/pass in a call and get a response back that says User Exists/User does not exist or whatever! Am I missing something here?
Any help would be greatly appreciated. I've scoured the documentation..this is my last resort.
In the current SDK, calling getUser on your AWSCognitoIdentityUserPool just constructs the in-memory user object. To make the call over the network, you need to call the getSession method on the constructed user. Here's a Swift 3 method I wrote to check whether an email is available:
/// Check whether an email address is available.
///
/// - Parameters:
/// - email: Check whether this email is available.
/// - completion: Called on completion with parameter true if email is available, and false otherwise.
func checkEmail(_ email: String, completion: #escaping (Bool) -> Void) {
let proposedUser = CognitoIdentityUserPoolManager.shared.pool.getUser(email)
UIApplication.shared.isNetworkActivityIndicatorVisible = true
proposedUser.getSession(email, password: "deadbeef", validationData: nil).continueWith(executor: AWSExecutor.mainThread(), block: { (awsTask) in
UIApplication.shared.isNetworkActivityIndicatorVisible = false
if let error = awsTask.error as? NSError {
// Error implies login failed. Check reason for failure
let exceptionString = error.userInfo["__type"] as! String
if let exception = AWSConstants.ExceptionString(rawValue: exceptionString) {
switch exception {
case .notAuthorizedException, .resourceConflictException:
// Account with this email does exist.
completion(false)
default:
// Some other exception (e.g., UserNotFoundException). Allow user to proceed.
completion(true)
}
} else {
// Some error we did not recognize. Optimistically allow user to proceed.
completion(true)
}
} else {
// No error implies login worked (edge case where proposed email
// is linked with an account which has password 'deadbeef').
completion(false)
}
return nil
})
}
For reference, my ExceptionString enum looks like this:
public enum ExceptionString: String {
/// Thrown during sign-up when email is already taken.
case aliasExistsException = "AliasExistsException"
/// Thrown when a user is not authorized to access the requested resource.
case notAuthorizedException = "NotAuthorizedException"
/// Thrown when the requested resource (for example, a dataset or record) does not exist.
case resourceNotFoundException = "ResourceNotFoundException"
/// Thrown when a user tries to use a login which is already linked to another account.
case resourceConflictException = "ResourceConflictException"
/// Thrown for missing or bad input parameter(s).
case invalidParameterException = "InvalidParameterException"
/// Thrown during sign-up when username is taken.
case usernameExistsException = "UsernameExistsException"
/// Thrown when user has not confirmed his email address.
case userNotConfirmedException = "UserNotConfirmedException"
/// Thrown when specified user does not exist.
case userNotFoundException = "UserNotFoundException"
}
Some clarification is in order. Cognito has several parts. The part that does "Authentication" (which is what you are talking about) is called "Cognito User Pools". Not to be confused with Cognito Federated Identity Pools.
With User Pools you can create usernames and password combinations with attributes, and these can be used to authenticate and deliver a persistent, cross device, Cognito Federated identity identityId to a user (across multiple devices).
Once logged in, the Federated Identity Pool is hooked to roles which can get your "Authorized" to use AWS services (like Dynamo DB etc).
It can be tricky to get all these parts working together and AWS has an online site called "Mobile Hub" that will build code for you and download an xcode project. This process configures the Federated Identity Pool and the User Pool correctly, and connects them all up to a set of example code.
Connecting the credentials provider to the user pool to the identity pool is a bit counterintuitive, but the AWSIdentityManager in the aws-mobilehub-helper-ios on github manages all that for you. So I would recommend starting with mobile hub on the console.
Cognito is a somewhat confusing system, here is a link to a brief powerpoint that hits the highlights of how it works (for people that can't understand the AWS docs (like me)).
With that said, "how to check if a user already exists?"
The most reasonable approach is to create the user (via signup), and get a reject if the name is in use, and suggest that your user try a different username. With respect to the email being in use, you will get that reject upon confirmation (signup sends confirmation id's by email and/or via text). This can be overridden to reclaim the email address, or you can do a test beforehand to see if the email is in use by attempting to log in and looking at the failure code.
you can fetch the user as the other answer suggests, however if you have established in user pools an alias for login (like email) you will find this problematic, because this just tells you if someone has the user name, not if someone is already using the email address, and you will get a reject later at confirmation time.
ListUsers is now a nice way to check for existing usernames.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html
You can also look for existing emails, phone numbers, and other default attributes.
Here is a simple .NET example:
Dim userRequest = New ListUsersRequest With {
.UserPoolId = "poolId",
.Filter = "username = bob#email.com"
}
Dim response = amazonCognitoIdentityProviderClient.ListUsers(userRequest)
Debug.WriteLine(response.Users.Count)
I'm trying to setup a password reset within an app using swift 2 and Firebase.
Following Firebases example:
let ref = Firebase(url: "https://<YOUR-FIREBASE-APP>.firebaseio.com")
ref.changePasswordForUser("bobtony#example.com", fromOld: "correcthorsebatterystaple",
toNew: "batteryhorsestaplecorrect", withCompletionBlock: { error in
if error != nil {
// There was an error processing the request
} else {
// Password changed successfully
}
})
How can I access an authenticated users email & password in order to pass those values to this function instead of the current mock data?
I'm not interested in sending a temporary password in a pass reset email.
I was thinking that I'd be able to access these values by something like:
let ref = Firebase(url: firebaseURL)
ref.authData.providerData.someValueHere
But I haven't been able to figure it out.
How can I access these values from the currently authenticated user?
How can I access an authenticated users email & password
Firebase does not store the user's password. Instead it stores a hash of the user's password. That means that there is no API from Firebase that returns a user's password.