问题描述
所以,也许我错过了这个文档的某个地方,但是我找不到这样的东西。我的用户不得不输入他们当前的密码才能创建一个新密码。据我所知,如果用户通过身份验证,他可以在不提供现有密码的情况下更新密码。
即使这可能有些安全,我宁愿让他输入旧的,以防止人们继续从家庭成员那里已经认证的会议,并改变重量。
有没有办法做到这一点?
(我已经没有问题了,因为我已经使用Admin SDK为这些东西设置一个服务器)
您可以使用重新验证API来执行此操作。我假设你想验证当前用户的密码,然后让用户更新它。所以在web上你可以做如下的事情:
firebase.auth()。currentUser.reauthenticateWithCredential(firebase.auth.EmailAuthProvider。 (firebase.auth()。currentUser.email,providedPassword);
如果成功了,那么你可以调用firebase.auth()。currentUser.updatePassword(newPassword);
So, maybe I missed this somewhere in the docs but I couldn't find anything of the sort.
I wan't my users to have to type in their current password to be able to create a new one. From what I understand if the user is authenticated he is able to update his password without providing his current one.
Even if this might be somewhat secure I would rather have him type his old one to prevent people from going on already authenticated sessions from say family members or so and changing the pw.
Is there any way to do this?
(I have no problem using the Admin SDK since I already set up a server for these kind of things)
you can use reauthenticate API to do so. I am assuming you want to verify a current user's password before allowing the user to update it. So in web you do something like the following:
firebase.auth().currentUser.reauthenticateWithCredential(firebase.auth.EmailAuthProvider.credential(firebase.auth().currentUser.email, providedPassword);
If this succeeds, then you can call firebase.auth().currentUser.updatePassword(newPassword);
这篇关于如何验证用户目前的密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!