I'm making a password change page. The user will need to enter their current password to go to the password change section. But I don't know how to get current password. How can I do that?
This action is one of the sensitive actions that requires to re-authenticate the user before proceeding. You can read more about it here.
Now you should ask user to re-authenticate again, if you used any provider you can get the credential from Firebase and pass to reauthenticateWithCredential function. But in your case that used password provider, meaning using email and password to sign up users, you should show a screen to users and ask them to enter their email and password again and then use that information and re-authenticate them.
Simple example:
Let's say we showed a screen to user and got their email and password from them and then we can use this information to re-authenticate user. If you're asking what if user logged in with emailA and enter EmailB to re-authenticate? The answer is that Firebase will throw an Exception(user-mismatch), so you can ask user to enter the email that they are currently logged in with.
Future<void> reauthenticateWithCredential(String email, String password) async {
try {
final user = FirebaseAuth.instance.currentUser;
final credential = EmailAuthProvider.credential(
email: email,
password: password,
);
await user.reauthenticateWithCredential(credential);
} on Exception catch (e) {
// Handle exceptions
}
}
And to get credentials from other providers like google, is similar to log in process, you use the same code, and then get the credential and pass it to reauthenticateWithCredential function to re-authenticate user again.
Now you're ready to do any sensitive actions, you can delete user account or let them request for changing their password.
If you want to reset the password you can try this Reset Password | Firebase Authentication
Not sure you can access user's password because when you look at users in Firebase you can't see password champ.
Doing this you'll have all user's data available:
User? user = FirebaseAuth.instance.currentUser;
String userName = user!.providerData.first.displayName.toString(); // Display user's name
String userPhoto = user!.providerData.first.photoURL.toString(); // Display user's photo
user.providerData.first you'll have access user's informations but the password seems to not be available
Related
Hi im making a app with a register page where the user enters email, password, shared secret and then a sign in page. Using firestore i store the users shared secret which works fine. I also use the firebase authentication method for email and password. The issue i have is on the sign up page using the firebase authentication signInWithEmailAndPassword method i can only call the email and password. How would i go about checking the shared secret of the user as well as the email and password?
thanks for any help
The easiest way that I know how to do this is to add additional statements. I am assuming the shared secret is saved in the Realtime database. In this case, you are going to want to call that data and compare it to the user's input:
FirebaseAuth auth;
DatabaseReference secretRef; //before onCreate
private String currentUserId;
Now for your signin method
final EditText sharedSecret = findViewById(R.id.sharedSecret); //find user input
auth = FirebaseAuth.getInstance();
currentUserId = mAuth.getCurrentUser().getUid();
secretRef = FirebaseDatabase.getInstance().getReference().child("User").child(currentUserId).child("sharedSecret");
final String checkedSecret = secretRef.toString();
Then you would compare it by using code like:
if(checkedSecret != sharedSecret)
{
//user is not login
}else{
//continue with login
}
Good luck
When using email and password based sign-in, Firebase Authentication only lets you use that email and password pair to authenticate the user. It has no concept of a shared secret. If you want to check additional data, you will have to do that after the user is signed in, and decide what to do if the data doesn't match.
My app have two user( buyer and seller).
I am tring to get current user email which is buyers but when i run the below code, it shows previously logged in user email which is the seller's one.
String userID= FirebaseAuth.getInstance().getCurrentUser().getEmail();
How to write firebase code to get current active user email.
Use this code snippet FirebaseAuth.getInstance().signOut(); to sign out the current user properly, after successfully signed out you can repopulate your user model from Firebase Auth/login in new user. Hope your problem will be solved with this.
When you go to the Auth > Sign-In Methods page of your project in the Firebase console. do you have One account per email address on or off? If you allow multiple accounts per email address, you will get null for FirebaseUser.getEmail()
In my current project, I'm registering a user with email ID and then in profile section when the user updates a phone number, I authenticate that phone number & using PhoneAuthCredetials I'm merging both Authentication methods for the same user.
Now the real pain is, My user can sign in with Phone number or Email ID but for Email ID user has to enter password & for phone number it'll need OTP.
(I Tried that, Entered phone number & password for signInWithEmailAndPassword() but not worked)
I wanted the user to log in with email or phone with a password. the way Flipkart does.
Is there any way I can manage that?
Create cloud function with following code
const functions = require('firebase-functions');
const firebase = require('firebase');
const admin = require('firebase-admin');
admin.initializeApp();
firebase.initializeApp({
//Add config for web-app here
//Required because Admin SDK doesn't include signInWithEmailAndPassword method
});
exports.signInWithPhoneAndPassword = functions.https.onCall(async (data, context) => {
const phoneNumber = data.phone;
if (phoneNumber === undefined) {
return {'s':400,'m':'Bad argument: no phone number'};
}
const user = await admin.auth().getUserByPhoneNumber(phoneNumber);
const pass = data.password;
try {
await firebase.auth().signInWithEmailAndPassword(user.email, pass);
} catch (e) {
return {'s':400,'m':'Wrong password'};
}
const token = await admin.auth().createCustomToken(user.uid, {'devClaim':true}); //developer claims, optional param
return {'s':200,'t':token};
});
On client side call this function, and if it returns object with "s"==200 use token with signInWithCustomToken (Calling a Cloud Function from Android through Firebase)
Currently, this feature does not exist.
However, there are ways you can improvise and still achieve this. Here's my suggestion:
First, when a user creates an account, you need to create a separate list on your db solely for mapping emails to phone numbers. Your db might look like this:
This way, you have a full list of emails and their linked phone numbers.
Now, at the login stage, do this:
When the user clicks the login button, check whether the user inputed an email or a phone number. You can use the Patterns class to perform this check:
If the user inputed an email, go ahead with the signInWithEmailAndPassword() approach.
If the user inputed a phone number, check the database of phone numbers in your FirebaseDatabase list and get the email from there. After getting the email, perform signInWithEmailAndPassword() and pass the email you got as well as the password the user inputed.
The downside to using this method is that it incurs an extra call (to get email from phone number) but at least, this should work.
I really hope this helps, merry coding!!
Firebase phone authentication is using OTP. This way there is no need to remember the password for a user. Once authenticated, you will be registered. The OTP code acts as a password. Still, if you want to customize the authentication method, firebase provide to customize authentication method https://firebase.google.com/docs/auth/android/custom-auth
This question already has answers here:
Username authentication instead of email
(4 answers)
Closed 4 years ago.
I am creating an application using Firebase database in which login and sign up functionality added. I want to add the login with username instead of email id.
But I don't find any method for authentication with username. If I change firebase database rules for public then I able to login with username, but the security of database is hamper in this case. So please guide me for login with username on firebase and also suggest me on how to check username availability before sign up, if the username is available then user can sign up or if not, then the user must change his/her username for sign up.
Firebase auth only allows you to authenticate with email and password. If you want to use username instead of email you can store user details in the database and authenticate according to that.
you can follow this format in your database to configure the authentication process.
In the username field, you can store the username of user whichever they selected and check the password of that. In this way, you can also able to check whether the username is already created or not.
If you want to do something like giving special login access like usernames and passwords, you can use Firebase realtime database to do so.
You can create a node named credentials and then store every new username and password in it. Then to check if a person is logging in with correct details, you can search the database records and match them with what the user is entering.
What I am saying, can be coded something like this:
DatabaseReference ref = FirebaseDatabase.getInstance().getReference().child("credentials");
//to store values in your credentials node just use this code
ref.child("usernames").child(username);
ref.child("usernames").child(username).child("password").setValue(password);
// here username and password are the strings you want to store
You can do this with all of your new users to register them in your app. Also this make it easier(read faster) for you to search for the particular username and corresponding password.
You can do so using the following piece of code:
ref.child("credentials").orderByChild("usernames").equalTo(username).addValueEventListener(new ValueEventListener() {
#Override
public void onDataChange(#NonNull DataSnapshot dataSnapshot) {
// here you can do what you want, like comparing the password of the username and other things you require to do
}
}
#Override
public void onCancelled(#NonNull DatabaseError databaseError) {
}
});
I have a social media app, I'm using FirebaseUI to let users sign in/up to the app,using Email, Google or Facebook.
How can I let user to change his/her password later if using "Email" as a
provider?
If using Facebook or Google as providers can I let him/her set Email-Password as Authentication Method by giving him/her an option to change password?.
The change password action from user should set Email-Password as Authentication Method in firebase with a new password input from the user.
Then, The user should be able to login using Email-Password or the Authentication Provider( Facebook/Google) linked with same email.
Answering your question:
Yes.
Here is a sample code snippet for changing/updating the user password:
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
String newPassword = "SOME-SECURE-PASSWORD";
user.updatePassword(newPassword)
.addOnCompleteListener(new OnCompleteListener<Void>() {
#Override
public void onComplete(#NonNull Task<Void> task) {
if (task.isSuccessful()) {
Log.d(TAG, "User password updated.");
}
}
});
Details of using Firebase User is available here.
2.
a. Changing the password in your app:
NO
The SignIn Providers such as Facebook, Google and Twitter do not open this features (API) to prevent middleman and other attacks/abuses.
b. User changed the password in the service provider after signed-in
The user is still able to login to your app, authentication process is deal directly to the service provider, so you don't have to worry!
c. Multiple authentication with the same email address.
Referring to
let's say user A logged in using Facebook to my app, then he went to his profile in MY APP , and changed his password, next time to login I want him to have 2 options: 1- Login using Facebook normally 2- Login using his facebook Email + the password that he saved earlier
The answer is YES, but you have to merge the details first, here is the reference. You can actually link/merge the user details of the same email address by identifying the same Firebase user ID regardless of the authentication provider they used to sign in.
For example, a user who signed in with a password can link a Google account and sign in with either method in the future. Or, an anonymous user can link a Facebook account and then, later, sign in with Facebook to continue using your app.
Hope it helps!