I'm currently using firebase-admin to create a web Dashboard with node.js as a backend which will have multiple users and those users have user specific data in my database, note that I need them to be able to delete or add stuff to the database as well, I've managed to add new users to Autentication using firebase.auth().createUser() programmatically, but how would one go about logging in a user, and then from there controlling which uid is logged in and displaying his data (giving him access to the correct data, obviously don't want him messing with someone elses data).
I know this might seem like a really newbie question, and it probably is, but firebase docs always get me confused for some reason. Any tips? I'd greatly appreciate.
Any questions don't hesitate.
To login a new user, try this:
firebase.auth().signInWithEmailAndPassword(email, password)
this returns a Firebase.Promise which you can use to track the operation progress. If successful, it will return the corresponding Firebase.User object.
From there, the logged-in user will also be available in the firebase.auth().currentUser property. You can then use the user's uid property as a key for his JSON branch on the database.
Related
I'm using Node(axios,pinia)+Vue3 as frontEnd,and node(express,bcrypt,jsonwebtoken)+MongoDB as BackEnd to build a SPA web.
I use JWT for login authentication and save at localstorage.
Now it only can keep login.
Hoping have Selectable "Keep Login" function like some forum usually have.
(After closing browser/shotdown will need to login again.)
I don't use sessionStorage for this website user often open new tab.Some cross tab problem bother me and I thought cookie might got better solution.
I can imagine only "Always login"/"temp login" can be done likes. But with selectable I can't thought a simple way to apply it.
Like now I'm thought still use LocalStorage(LS) for Vue to run,but also have Session Cookie(as Cookie)(Not sure the name but the cookiewill be deleted when all webs closed).
Keep login need no change for me.If set to temp login, then the setting will be save to JWT,all front/back could know.
Use cache as signal for closing browser,if (temp login)&&(no cookie){clear LS}.
However I wonder the localStorage can be extract so the func will not safty enough? Then a school computer will be disaster
I'm new to cookie/session,and want to know any better way for safty/efficent. I will prevent XSS.
It would be wonderful to have your experienct/Idea!
Poor language and consult at here first,If any describe not clear/too detail please tell me,I will try to edit it, thanks!
The use of JWT is below:
BackEnd use bcrypt verify user password and response a JWT(with userID for db to find,also save to user login record DB) and other basic user info.
Some response data like JWT,basic userinfo will be save in localstorage to let Vue decide display login/admin/different page.
When user send a request(some login-action), JWT will also be send as BearToken to bo verified by backEnd that JWT was record in that user login record.
So JWT is the only security key,the user's login record should have same JWT.
Because it save in localstorage,user must logout!(Despite I can set some limit time.)
Newbie so apologies if I am not concise enough on this. Creating a simple application in react that displays movies and allows users to have profiles. I am running into an issue with retrieving information from my database. When I sign up and register as a user for the first time, my data is stored in my db and I am able to login via username and password.
Once logged in, I can then navigate to my profile and update my information (username, password, email, birthdate) and using a "handleUPdate" function I am successfully able to update the user info and this new information shows in my database. The issue is when I am redirected back to login after updating my information, the system does not recognize my credentials (despite the updated user info showing in my mongo db). I think the issue is occurring either in my mainView, profileView, or loginView. For reference, i've attached my repo link: https://github.com/jchasehuskey/myFlixx-client-final.git.
I can include more information if needed. The error I am getting when trying to login via the new username and password is: " POST https://myfavflixdb.herokuapp.com/login 400 (Bad Request). "
Again, it's unable to retrieve the updated user info from the DB. I have been dragging on this for days and am not sure where I am going wrong. I could be asking the wrong questions or giving the wrong information. Any help would be much appreciated.
I am working on the vue-firebase application and want to know that how can I get the list of all registered users in firebase auth.
I am quite not sure if that is possible with one user try to get all the users, unless you are using firebase-admin. Though I have an idea how you can do that if you trying to get a list of added user being another user.
So, try to keep another list when a new user logs in, add the user details to a new node like userList.
And when ever you need them, call that node.
And incase you are using firebase-admin
admin.auth().listUsers(1000, nextPageToken)
.then(function(listUsersResult) {
will give the list.
Here's a reference. https://firebase.google.com/docs/auth/admin/manage-users#list_all_users
EDIT : tried the authorized domain and it seems to be what i need, i'll try to go deeper with André's answer :)
Thank you !
Hi,
I'm new to firebase and i just finished a project but i had a question:
Since the doc says i have to put my api keys and else in the javascript, they are visible to anyone even if put into process.env
i've read here : Is it safe to expose Firebase apiKey to the public?
that making the api key public is normal and not a big deal.
I'm using the email/password auth and i'm scared
If someone takes my :
API_KEY_FIREBASE
AUTH_DOMAIN
DB_URL
PROJECT_ID
that are in the source code and use the createAccount function, is he gonna be able to create an account ?
Is yes, is there a way to disable this ?
I want to be able to create account only through the firebase console
I'm not using firebase database for my data, i only use it for auth so i don't have to create a user table in my database, but i use the IDTokens they provide to secure some routes on express.
thank you ! :)
Someone can only create an account when you have that option enabled in your firebase console. So If you have it disabled there is no problem.
You can look here in the "before you begin" section for how to enable/disable Email/password sign-in method.
I just started my own little project with HTML5, PHP and Node.js.
Currently everything works just as i want it. But something came to my mind after checking the code. My website is supposed to be an auction house. I store the userid in my database and have the id as an id tag on the website.
Here is the problem. If someone now bids on the items, i just simply take the id and send it to my node.js server. Technically someone could just change this id to the id of another person registered. Currently i have no real solution to this problem, since this is my first website.
I thought about maybe inserting the phpsessionid cookie into the user database everytime the user logins and then send these with the userid to the database everytime he bids on an item. The node.js server would then compare the stored value with the send one to verify if the right user send the bid.
My question is now, is this a good solution or is there a better way?
Edit:
Some of the code:
<li class='dropdown' id='steam' title='".$steamprofile['avatarmedium']."' name='".$steamprofile['steamid']."'>'><span class='caret'></span><ul id='profilenav' class='dropdown-menu'><li><a href='?logout'>Logout</a></li></ul></li>;
So this is the part that gets created once i login with openid
var steamid=document.getElementById("steam").getAttribute("name");
socket.emit('status added',{itemid:id, tmerid:timerid, steamid: steamid, avatar: avatarlink});
This is how i get the userid and send it to the node.js server