Reputation: 1192
Firebase password validation
I have a forum I'm trying to create using firebase. Certain subforums can only be accessed if the user knows the password. At the time of joining, the client retrieves the password of the subforum and then checks if the entered password is correct.
Is there a way to do the password validation server side instead?
Upvotes: 3
Views: 1281
Answers (2)
Reputation: 10837
Your scenarios is quite whacky. You want to do away with user names and only have passwords. How are you planning to know who modified the forum entry if you don't identify them?
Anyways, for your ask, you can work something like below where you impersonate a pre-created user when an anonymous user wants to access a forum -
Enable email authentication in firebase.
For every forum password, create a user with these values -
username: [email protected] password: forumpasswordNote its uid.
Add the respective uid as a child "uid" property to the corresponding forum.
Add simple security rules for password protected forums -
"forums":{ "$subforum_id": { ".read": "auth.uid == data.child('uid')", ".write": "auth.uid == data.child('uid')" } }- Now when an anonymous user wants to access a forum, she must give a password and you will need to hardcode the user name with the appropriate one for the forum she is trying to access. This way you impersonate an anonymous user as the forum user provided she knows the password.
Upvotes: 1
Reputation: 4978
I suggest you use a different aproach to tackle this problem. Instead of giving out passwords i suggest you keep a list of the users that can access the subforum in firebase (only admin should be able to write to this list) and use the firebase security rules to check if someone can read / write to the subforum based on that list.
The rules for your subforum would look a bit like this then:
"forums":{
"$subforum_id": {
".read": "auth != null && root.child('subforums').child($subforum_id).hasChild(auth.uid)",
".write": "auth != null && root.child('subforums').child($subforum_id).hasChild(auth.uid)"
}
}
Upvotes: 2
Related Questions
- How to handle notification when app in background in Firebase
- How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?
- Is it safe to expose Firebase apiKey to the public?
- Upload files to Firebase Storage using Node.js
- Using NodeJs with Firebase - Security
- Customize validation & text in Firebase reset password form?
- How can i validate password in firebase? (Not user credentials)
- Phone Authentication Validation from Server Side Firebase + PHP
- Is there any way to do email confirmation for Firebase user creation and/or password reset?