问题描述

如果在 allowedUsers 中找不到他们的电子邮件，我需要阻止用户身份验证.它不会真正影响应用程序，因为所有操作都将在 users 列表上执行，但是如果不进行身份验证，那就很好了.

I need to prevent user authentication if their email isn't found in allowedUsers. It doesn't really affect the app, since all the actions will be performed on the users list, but it will be nice if the authentication doesn't happen.

loginWithGoogle() {
    const userDetails = this.afAuth.auth.signInWithPopup(new firebase.auth.GoogleAuthProvider())
      .then(user => {
        console.log(user.user.uid);

        const queryObservable = this.db.list('/allowedUsers', {
          query: {
            orderByChild: 'email',
            equalTo: user.user.email,
          }
        }).subscribe(data => {

          if (data.length > 0) {

            const userObj = {
              admin: false,
              ...
              email: data[0].email,
              name: data[0].name,
              verified: false,
            };

            this.addUser(userObj, user.user.uid);

          }

        });

      });

    return userDetails;
  }

推荐答案

无法阻止用户使用Firebase身份验证进行身份验证.他们进行身份验证时所做的只是说我是X Yz"并证明这一点.

There is no way to prevent a user from authenticating with Firebase Authentication. All they do when they authenticate is say "I am X Yz" and prove it.

您可以执行的操作是阻止他们访问您的数据库.例如，仅允许白名单用户对您的数据库进行读取访问:

What you can do however is prevent that they have access to you database. For example to only allow white-listed users read-access to your database:

{
  "rules": {
    ".read": "root.child('allowedUsers').child(auth.uid).exists()"
  }
}

另请参阅:

• 如何在Firebase 3.x中禁用注册
• Firebase身份验证状态更改不会触发(白名单的反向版本)

• How to disable Signup in Firebase 3.x
• Firebase Authentication State Change does not fire when user is disabled or deleted (inverted version of your whitelist)

这篇关于Firebase-防止用户身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！