Only authenticate with Google Auth Provider if user exists - javascript

I am using Firebase to authenticate users in our app using GoogleAuthProvider. But I don't want a new user to sign in if they are not already an authenticated user.
If the user exists then sign them in and console.log('user ' + user.email + ' does exist!');.
However, if the user does not exist. Then do not allow authentication and console.log('user ' + user.email + ' does not exist!')
var googleProvider = new firebase.auth.GoogleAuthProvider();
export const doSignInWithGoogle = () => auth.signInWithPopup(googleProvider);
googleLogin = () => {
auth
.doSignInWithGoogle()
.then(result => {
var user = result.user;
const userRef = db.collection('users').doc(user.uid);
userRef.get().then(docSnapshot => {
if (docSnapshot.exists) {
userRef.onSnapshot(() => {
console.log('user ' + user.email + ' does exist!');
});
} else {
console.log('user ' + user.email + ' does not exist!');
}
});
})
.catch(error => {
this.setState(updateByPropertyName('error', error));
});
};
I thought referencing the user records in Firestore would be a simple approach to this. However, perhaps Firebase Auth already have a way to do this. I cannot find documentation or any example.
In the above code, nothing gets logged and the user is either created or logged in.
How can I stop new users from signing up, whilst still allowing current users to sign in?

If you really want to use signInWithPopup method, you have this option,
but it's not the best way. when you are signing in with google, signInWithPopup method returns a promise. you can access the isNewUser property in additionalUserInfo from resulting object. then delete the user you just created.
firebase.auth().signInWithPopup(provider).then(
function (result) {
var token = result.credential.accessToken;
var user = result.user;
//this is what you need
var isNewUser = result.additionalUserInfo.isNewUser;
if (isNewUser) {
//delete the created user
result.user.delete();
} else {
// your sign in flow
console.log('user ' + user.email + ' does exist!');
}
}).catch(function (error) {
// Handle Errors here.
});
This is the easy way but deleting after creating is not the best practice. There is another option,
you can use, signInAndRetrieveDataWithCredential method for this. according to the docs,
auth/user-not-found will be
Thrown if signing in with a credential from
firebase.auth.EmailAuthProvider.credential and there is no user
corresponding to the given email.
function googleSignInWithCredentials(id_token) {
// Build Firebase credential with the Google ID token.
var credential = firebase.auth.GoogleAuthProvider.credential(id_token);
// Sign in with credential from the Google user.
firebase.auth().signInAndRetrieveDataWithCredential(credential)
.then(function (userCredential) {
//sign in
console.log(userCredential.additionalUserInfo.username);
}).catch(function (error) {
// Handle Errors here.
var errorCode = error.code;
if (errorCode === 'auth/user-not-found') {
//handle this
} else {
console.error(error);
}
});
}
here is an example from firebase github repo.

with Firebase security rules, can only check if keys exist - therefore searching in the users table is not an option:
"emails": {
"example1#gmail.com": true,
"example2#gmail.com": true
}
and then one can check with security rules, if the auth.token.email exists as a key:
{
"rules": {
".read": "root.child('emails').child(auth.token.email).exists(),
".write": false,
}
}
in the client, this should throw an "The read failed: Permission denied error" error then, to be handled accordingly. hooking into the Firebase sign-up isn't possible - but while they cannot log-in, this has the same effort (except that on has to clean up the user-database from time to time); eg. with a Cloud Function, which deletes users, which do not have their email as key in the emails "table".
in Firestore security rules, one can check with:
request.auth.token.email & request.auth.token.email_verified
for example, with a collection called emails and a collection called content:
match /databases/{database}/documents {
function userMatchesId(userId) {
return request.auth != null && request.auth.uid == userId
}
function readAllowed(email) {
return if get(/databases/$(database)/documents/emails/$(request.auth.token.email)).data != null
}
match /users/{userId} {
allow get: if userMatchesId(userId)
}
match /content {
allow get: if readAllowed(request.auth.token.email)
}
}

The object you receive from firebase after login has additionalUserInfo where you have the property isNewUser.
You can find the reference here: https://firebase.google.com/docs/reference/js/firebase.auth.html#.AdditionalUserInfo

Related

Writing data to Firestore on create user not working

I am using the VueCLI & Firebase (Auth & Firestore).
Essentially the function is being called properly and registers the user in the database correctly, however, the promises aren't being called (e.g. .then & .catch) on the .createUserWithEmailAndPassword function.
No error is returned and nothing is registered in the firestore, has really stumped me.
However, sometimes it works exactly as expected?? But often irregularly.
submit () {
var v = this
firebase.auth().createUserWithEmailAndPassword(v.form.email, v.form.password)
.then(function () {
// set account doc
var account = {
email: v.form.email,
name: v.form.name,
picture: v.form.picture
}
db.collection('Users').doc(v.form.email).set(account).then(() => {
console.log('Database Details Defined')
// Set user display name
v.$store.commit('setUserDisplayName', v.form.name)
// Set user display name
v.$store.commit('setUserImage', v.form.picture)
// Set user as signed in
v.$store.commit('changeLoginState', true)
// Set user email
v.$store.commit('setUserEmail', v.form.email)
// console.log('Vue Store Details Defined')
localStorage.setItem('name', v.$store.state.displayName)
localStorage.setItem('email', v.$store.state.email)
localStorage.setItem('userImage', v.$store.state.userImage)
localStorage.setItem('loggedin', v.$store.state.isLoggedin)
// console.log('Local Storage Details Defined')
// Redirect user to dashboard
v.$router.replace('/')
v.registering = false
}).catch((error) => {
v.databaseError = 'Database Error: ' + error.code + ' - ' + error.message
v.registering = false
})
})
.catch(function (error) {
v.registrationError = 'Registration Error: ' + error.code + ' - ' + error.message
v.registering = false
})
}
You have a function getDB() that returns the value the Firestore instance so getDB().collection("users")... may have worked as intended. I don't see where db is initialized in this specific file so console.log(db) might help to check what is it's value.
firebase.firestore().collection('Users').doc(v.form.email).set(account)
This worked as intended because firebase.firestore() will return the Firestore instance for sure. I'd recommend exporting Firebase services directly and not in functions. For example you could create a file firebase.js and initialize Firebase there:
var firebase = require('firebase/app')
require('firebase/firestore')
const firebaseConfig = { }
if (!firebase.apps.length) {
firebase.initializeApp(config);
}
const auth = firebase.auth()
const db = firebase.firestore()
export {db, auth}
You need to initialize Firebase only once as shown. It'll be much more clear rather than initializing in the getDB function.

Firebase .getIdToken() returns invalid token

I'm trying to make just a simple authentication app with electron and firebase redirect, but if the user is already logged in and I use the firebase.auth().currentUser.getIdToken() to get the IdToken of that user, but when i try that token in
firebase.auth().signInWithCredential(credential) I get the error that says ERROR: auth/invalid-credential
Here is my code front-end
firebase.auth().onAuthStateChanged( async function (user) {
if (user) {
// User is signed in.
var user = await firebase.auth().currentUser;
if (user != null) {
await firebase.auth().currentUser.getIdToken().then(function(idToken) {
window.location.href = "electron://"+idToken;
}).catch(function(error) {
console.log(error)
});
}
} else {
// No user is signed in.
document.getElementById("user_div").style.display = "none";
document.getElementById("login_div").style.display = "block";
}
});
Here is my code back-end
app.on('second-instance', (event, commandLine, workingDirectory) => {
if (commandLine[2]) {
var url = commandLine[2].split('/')
var id_token = url[2]
console.log('id: ', id_token)
// Build Firebase credential with the Google ID token.
var credential = firebase.auth.GoogleAuthProvider.credential(id_token);
// Sign in with credential from the Google user.
firebase.auth().signInWithCredential(credential)
.then((success)=>{
myWindow.loadFile('./scr/welcome.html')
console.log('RESULT: ',success)
})
.catch((error) => {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
console.log('ERROR:', errorMessage)
// The email of the user's account used.
var email = error.email;
// The firebase.auth.AuthCredential type that was used.
var credential = error.credential;
console.log('ERROR:', credential)
// ...
})
}
I'm missing something or doing something wrong?
That's not how ID tokens work. The purpose of an ID token is to pass to your backend, so that it can validate the identity of the signed in user, and perform some action on their behalf. It's not valid for signing in on the client again. You might want to review the documentation on use of ID tokens to learn how this works.
signInWithCredential only works with Google Auth when you correctly construct a GoogleAuthProvider credential. There is plenty of sample code in the API documentation for that.

Remove/onDisconnect not working on log out

Using the documentation, I created the following presence function:
function setPresence() {
var myConnectionsRef = firebase.database().ref('users/' + currentUser.uid + '/connections');
var connectedRef = firebase.database().ref('.info/connected');
connectedRef.on('value', function(snap) {
if (snap.val() === true) {
var con = myConnectionsRef.push();
con.onDisconnect().remove();
con.set("profile");
}
});
}
I have the basic sign out function:
firebase.auth().signOut().then(() => {
// Sign-out successful.
}).catch((error) => {
// An error happened.
});
The issue is that onDisconnect does not seem to activate on sign out. I need to clear user state when they log out, but for some reason, I am getting permission denied error:
Using this, I tried the following when auth state changes such that user is undefined:
firebase.database().ref('users/' + currentUser.uid ).remove()
.then(function() {
console.log("Remove succeeded.");
window.location = "/";
})
.catch(function(error) {
console.log("Remove failed: " + error.message)
});
I am using the basic security rules:
{
"rules": {
"users": {
"$uid": {
".read": "auth != null",
".write": "auth != null && auth.uid == $uid"
}
}
}
}
Any idea what I am doing wrong?
Signing a user out from Authentication is unrelated to having a connection to the Realtime Database. While your security rules may require the user to be signed in, there is no such requirement on the product level: many apps allow part of their data to be used by unauthenticated users.
The .info/connected listener is true when the client can connect to the Firebase Realtime Database servers, and is not related to whether they can access specific data in that database.
Any onDisconnect handlers you define for a connection are executed when (the server detects that ) the connection is lost. This again is unrelated to the sign in state of the user.
If you want to mark the user as no longer present when they're signing out, you should remove their presence node before you sign them out. So your firebase.database().ref('users/' + currentUser.uid ).remove() need to run (and complete) before you call firebase.auth().signOut().
firebase.database().ref('users/' + currentUser.uid ).remove().then(() => {
firebase.auth().signOut().then(() => {
window.location = "/";
});
})

How to convert an anonymous account to a permanent account

can someone help me how to convert an anonymous account (signInAnonymouslyAndRetrieveData) to a permanent account ?
I have tried this:
firebase.auth().currentUser.linkAndRetrieveDataWithCredential(credential).then(function(usercred) {
var user = usercred.user;
console.log("Anonymous account successfully upgraded", user);
}, function(error) {
console.log("Error upgrading anonymous account", error);
});
but i'm getting an
cannot read property "linkAndRetrieveDataWithCredential" of null
error.
firebase.auth().currentUser will be null if there's no currently signed in user.
Ensure your anonymous user is still signed in then as in your example above you can then upgrade your user using linkAndRetrieveDataWithCredential
const credential = firebase.auth.EmailAuthProvider.credential(email, password);
const currentUser = firebase.auth().currentUser;
if (currentUser) {
currentUser.linkAndRetrieveDataWithCredential(credential).then((userCredential) => {
const user = userCredential.user;
console.log("Account linking success", user);
}, (error) => {
console.log("Account linking error", error);
});
}
References:
Official Firebase guide to account linking:
https://firebase.google.com/docs/auth/web/account-linking
React Native Firebase reference doc:
https://rnfirebase.io/docs/v4.3.x/auth/reference/User#linkAndRetrieveDataWithCredential

Parse Server / JS SDK, error 206 when saving a user object

I am having trouble using the Parse Server JS SDK to edit and save a user.
I am signing in, logging in and retrieving the user just fine, I can call without exception user.set and add/edit any field I want, but when I try to save, even when using the masterKey, I get Error 206: Can t modify user <id>.
I also have tried to use save to direcly set the fields, same result.
A interesting thing is that in the DB, the User's Schema get updated with the new fields and types.
Here is my update function:
function login(user, callback) {
let username = user.email,
password = user.password;
Parse.User.logIn(username, password).then(
(user) => {
if(!user) {
callback('No user found');
} else {
callback(null, user);
}
},
(error) => {
callback(error.message, null);
}
);
}
function update(user, callback) {
login(user, (error, user) => {
if(error) {
callback('Can t find user');
} else {
console.log('save');
console.log('Session token: ' + user.getSessionToken());
console.log('Master key: ' + Parse.masterKey);
user.set('user', 'set');
user.save({key: 'test'}, {useMasterKey: true}).then(
(test) => {
console.log('OK - ' + test);
callback();
}, (err) => {
console.log('ERR - ' + require('util').inspect(err));
callback(error.message);
}
);
}
});
}
And a exemple of the error:
update
save
Session token: r:c29b35a48d144f146838638f6cbed091
Master key: <my master key>
ERR- ParseError { code: 206, message: 'cannot modify user NPubttVAYv' }
How can I save correctly my edited user?
I had the exact same problem when using Parse Server with migrated data from an existing app.
The app was created before March 2015 when the new Enhanced Sessions was introduced. The app was still using legacy session tokens and the migration to the new revocable sessions system was never made. Parse Server requires revocable sessions tokens and will fail when encountering legacy session tokens.
In the app settings panel, the Require revocable sessions setting was not enabled before the migration and users sessions were not migrated to the new system when switching to Parse Server. The result when trying to edit a user was a 400 Bad Request with the message cannot modify user xxxxx (Code: 206).
To fix the issue, I followed the Session Migration Tutorial provided by Parse which explain how to upgrade from legacy session tokens to revocable sessions. Multiple methods are described depending on your needs like enableRevocableSession() to enable these sessions on a mobile app, if you're only having a web app, you can enforce that any API requests with a legacy session token to return an invalid session token error, etc.
You should also check if you're handling invalid session token error correctly during the migration to prompt the user to login again and therefore obtain a new session token.
I had the same error and neither useMasterKey nor sessionToken worked for me either. :(
Here's my code:
console.log("### attempt 1 sessionToken: " + request.user.getSessionToken());
var p1 = plan.save();
var p2 = request.user.save(null, {sessionToken: request.user.getSessionToken()});
return Parse.Promise.when([p1, p2]).then(function(savedPlan) {
...
}
I see the matching session token in log output:
2016-08-21T00:19:03.318662+00:00 app[web.1]: ### attempt 1 sessionToken: r:506deaeecf8a0299c9a4678ccac47126
my user object has the correct ACL values:
"ACL":{"*":{"read":true},"PC7AuAVDLY":{"read":true,"write":true}}
I also see a bunch of beforeSave and afterSave logs with user being "undefined". not sure whether that's related.
beforeSave triggered for _User for user undefined:
I'm running latest parser-server version 2.2.18 on Heroku (tried it on AWS and results are the same)
function login(logInfo, callback) {
let username = logInfo.email,
password = logInfo.password;
Parse.User.logIn(username, password).then(
(user) => {
if(!user) {
callback('No user found');
} else {
callback(null, user);
}
},
(error) => {
callback(error.message, null);
}
);
}
function update(userInfo, data, callback) {
login(userInfo, (error, user) => {
if(error) {
callback('Can t find user');
} else {
getUpdatedData(user.get('data'), data, (error, updateData) => {
if(error) {
callback(error);
} else {
user.save({data: updateData}, /*{useMasterKey: true}*/ {sessionToken: user.get("sessionToken")}).then(
(test) => {
callback();
}, (err) => {
callback(error.message);
}
);
}
});
}
});
}
For some reason, retrying to use sessionToken worked.
This is not how asynchronous functions work in JavaScript. When createUser returns, the user has not yet been created. Calling user.save kicks off the save process, but it isn't finished until the success or error callback has been executed. You should have createUser take another callback as an argument, and call it from the user.save success callback.
Also, you can't create a user with save. You need to use Parse.User.signUp.
The function returns long before success or error is called.

Categories