发表新帖
发表新帖

Is there any way to do email confirmation for Firebase user creation and/or password reset?

前端 未结
关注
9 2187
故里飘歌
故里飘歌 2020-11-28 04:03

Question says it all. In Firebase, how do I confirm email when a user creates an account, or, for that matter, do password reset via email.

I could ask more broadly:

相关标签:
9条回答
  • 借酒劲吻你
    2020-11-28 05:02

    What I did to work around this was use Zapier which has a built in API for firebase. It checks a location for added child elements. Then it takes the mail address and a verification url from the data of new nodes and sends them forwards. The url points back to my angular app, which sets the user email as verified.

    As I host my app files in firebase, I don't need have to take care of any servers or processes doing polling in the background.

    There is a delay, but as I don't block users before verifying mails it's ok. Zapier has a free tier and since I don't have much traffic it's a decent workaround for time being.

    0 讨论(0)
  • 旧巷少年郎
    2020-11-28 05:04

    I used MandrillApp. You can create an API key that only allows sending of a template. This way even thought your key is exposed it can't really be abused unless someone wants to fire off tonnes of welcome emails for you.

    That was a hack to get myself off the ground. I'm now enabling CORS from a EC2 that uses the token to verify that the user exists before extending them a welcome via SES.

    0 讨论(0)
  • 难免孤独
    2020-11-28 05:05

    Update

    Note that this was never a very secure way of handling email verification, and since Firebase now supports email verification, it should probably be used instead.

    Original answer

    I solved the email verification using the password reset feature.

    On account creation I give the user a temporary (randomly generated) password. I then trigger a password reset which will send an email to the user with a link. The link will allow the user to set a new password.

    To generate a random password you can use code similar to this:

    function () {
  var possibleChars = ['abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!?_-'];
  var password = '';
  for(var i = 0; i < 16; i += 1) {
    password += possibleChars[Math.floor(Math.random() * possibleChars.length)];
  }
  return password;
}

    Note that this is happening on the client, so a malicious user could tamper with your logic.

    0 讨论(0)
 看不清?
提交回复
热议问题