Sandhya Krishnan
Reputation: 87
How to prevent same user logging in from different devices ? My app is paid , so I dont want credentials to be shared
I am new to firebase , but I managed to develop an app using firebase -email&password authentication This app is for an organization's members so there is no sign up on the app , the organization gives me a list which I add to user list.My problem here is , I have only 45 registered users ,but there are almost 85 who are using the app.I understand I should be using an auth token , but I am not quite clear.Can anybody explain the easiest way I could prevent multiple logins simultaneously ? I have attached the login code ( I tried storing device names , but was a bad way )so can anybody please help me out on what has to be done?
public class EmailLogin extends AppCompatActivity implements
View.OnClickListener {
public String Email;
private static final String TAG = "EmailPassword";
public static int device = 0;
private TextView forgoPwd;
private TextView mDetailTextView;
private EditText mEmailField;
private EditText mPasswordField;
private ProgressDialog PD;
private CheckBox saveLoginCheckBox;
private SharedPreferences loginPreferences;
private SharedPreferences.Editor loginPrefsEditor;
private Boolean saveLogin;
// [START declare_auth]
private FirebaseAuth mAuth;
// [END declare_auth]
private DatabaseReference root;
// [START declare_auth_listener]
private FirebaseAuth.AuthStateListener mAuthListener;
// [END declare_auth_listener]
private String temp_key;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
requestWindowFeature(Window.FEATURE_NO_TITLE);
getWindow().setFlags(WindowManager.LayoutParams.FLAG_FULLSCREEN,
WindowManager.LayoutParams.FLAG_FULLSCREEN);
setContentView(R.layout.emailpass);
PD = new ProgressDialog(this);
PD.setMessage("Loading...");
PD.setCancelable(true);
PD.setCanceledOnTouchOutside(false);
// Views
mEmailField = (EditText) findViewById(R.id.field_email);
Email = mEmailField.toString();
mPasswordField = (EditText) findViewById(R.id.field_password);
Button btnCount = (Button) findViewById(R.id.email_sign_in_button);
// Button regis = (Button) findViewById(R.id.regis);
saveLoginCheckBox = (CheckBox)findViewById(R.id.checkBox);
loginPreferences = getSharedPreferences("loginPrefs", MODE_PRIVATE);
loginPrefsEditor = loginPreferences.edit();
saveLogin = loginPreferences.getBoolean("saveLogin", false);
if (saveLogin == true) {
mEmailField.setText(loginPreferences.getString("username", ""));
mPasswordField.setText(loginPreferences.getString("password", ""));
saveLoginCheckBox.setChecked(true);
}
//regis.setOnClickListener(this);
forgoPwd = (TextView)findViewById(R.id.forgo);
forgoPwd.setOnClickListener(this);
// Buttons
btnCount.setOnClickListener(this);
// findViewById(R.id.email_create_account_button).setOnClickListener(this);
// findViewById(R.id.sign_out_button).setOnClickListener(this);
// [START initialize_auth]
mAuth = FirebaseAuth.getInstance();
// [END initialize_auth]
// [START auth_state_listener]
mAuthListener = new FirebaseAuth.AuthStateListener() {
@Override
public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
FirebaseUser user = firebaseAuth.getCurrentUser();
if (user != null) {
// User is signed in
Log.d(TAG, "onAuthStateChanged:signed_in:" + user.getUid());
} else {
// User is signed out
Log.d(TAG, "onAuthStateChanged:signed_out");
}
// [START_EXCLUDE]
updateUI(user);
// [END_EXCLUDE]
}
};
// [END auth_state_listener]
}
public ProgressDialog mProgressDialog;
public void showProgressDialog() {
if (mProgressDialog == null) {
mProgressDialog = new ProgressDialog(this);
mProgressDialog.setMessage(getString(R.string.loading));
mProgressDialog.setIndeterminate(true);
}
}
public void hideProgressDialog() {
if (mProgressDialog != null && mProgressDialog.isShowing()) {
mProgressDialog.dismiss();
}
}
// [START on_start_add_listener]
@Override
public void onStart() {
super.onStart();
mAuth.addAuthStateListener(mAuthListener);
}
// [END on_start_add_listener]
// [START on_stop_remove_listener]
@Override
public void onStop() {
super.onStop();
if (mAuthListener != null) {
mAuth.removeAuthStateListener(mAuthListener);
}
}
// [END on_stop_remove_listener]
private void createAccount(String email, String password) {
Log.d(TAG, "createAccount:" + email);
if (!validateForm()) {
return;
}
showProgressDialog();
// [START create_user_with_email]
mAuth.createUserWithEmailAndPassword(email, password)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
@Override
public void onComplete(@NonNull Task<AuthResult> task) {
Log.d(TAG, "createUserWithEmail:onComplete:" + task.isSuccessful());
// If sign in fails, display a message to the user. If sign in succeeds
// the auth state listener will be notified and logic to handle the
// signed in user can be handled in the listener.
if (!task.isSuccessful()) {
Toast.makeText(EmailLogin.this, R.string.auth_failed,
Toast.LENGTH_SHORT).show();
}
// [START_EXCLUDE]
hideProgressDialog();
// [END_EXCLUDE]
}
});
// [END create_user_with_email]
}
private void signIn(String email, String password) {
Log.d(TAG, "signIn:" + email);
if (saveLoginCheckBox.isChecked()) {
loginPrefsEditor.putBoolean("saveLogin", true);
loginPrefsEditor.putString("username", mEmailField.getText().toString());
loginPrefsEditor.putString("password", password);
loginPrefsEditor.commit();
} else {
loginPrefsEditor.clear();
loginPrefsEditor.commit();
}
if (!validateForm()) {
return;
}
PD.show();
showProgressDialog();
// [START sign_in_with_email]
mAuth.signInWithEmailAndPassword(email, password)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
@Override
public void onComplete(@NonNull Task<AuthResult> task) {
Log.d(TAG, "signInWithEmail:onComplete:" + task.isSuccessful());
if (task.isSuccessful())
{
onAuthSuccess(task.getResult().getUser());
}
// If sign in fails, display a message to the user. If sign in succeeds
// the auth state listener will be notified and logic to handle the
// signed in user can be handled in the listener.
if (!task.isSuccessful()) {
Log.w(TAG, "signInWithEmail:failed", task.getException());
Toast.makeText(EmailLogin.this, R.string.auth_failed,
Toast.LENGTH_SHORT).show();
}
// [START_EXCLUDE]
if (!task.isSuccessful()) {
// mStatusTextView.setText(R.string.auth_failed);
}PD.dismiss();
hideProgressDialog();
// [END_EXCLUDE]
}
});
// [END sign_in_with_email]
}
private void onAuthSuccess(FirebaseUser user) {
if (device == 0)
getDeviceName();
device++;
String username = usernameFromEmail(user.getEmail());
Intent intent = new Intent(getApplicationContext(),Home_screen.class);
intent.putExtra("user",username);
startActivity(intent);
finish();
}
public String getDeviceName() {
String manufacturer = Build.MANUFACTURER;
String model = Build.MODEL;
root = FirebaseDatabase.getInstance().getReference().child("users");
doDb(manufacturer);
return manufacturer+model ;
}
private void doDb(String manu) {
Map<String,Object> map = new HashMap<String, Object>();
temp_key = root.push().getKey();
root.updateChildren(map);
DatabaseReference mess_root = root.child(temp_key);
Map<String,Object> map2 = new HashMap<String, Object>();
String email = FirebaseAuth.getInstance().getCurrentUser().getEmail();
int index = email.indexOf('@');
email = email.substring(0,index);
map2.put("user",email);
map2.put("msg",manu);
mess_root.updateChildren(map2);
}
private String usernameFromEmail(String email) {
if (email.contains("@")) {
return email.split("@")[0];
} else {
return email;
}
}
private void signOut() {
mAuth.signOut();
updateUI(null);
}
private boolean validateForm() {
boolean valid = true;
String email = mEmailField.getText().toString();
if (TextUtils.isEmpty(email)) {
mEmailField.setError("Required.");
valid = false;
} else {
mEmailField.setError(null);
}
String password = mPasswordField.getText().toString();
if (TextUtils.isEmpty(password)) {
mPasswordField.setError("Required.");
valid = false;
} else {
mPasswordField.setError(null);
}
return valid;
}
private void updateUI(FirebaseUser user) {
hideProgressDialog();
if (user != null) {
//Timer timer = new Timer();
//timer.schedule(new TimerTask(){
// public void run() {
Intent i = new Intent(EmailLogin.this, Home_screen.class);
i.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
startActivity(i);
finish();
// return;
// }
// }, 600000);
}
/*
if (user != null) {
Intent intent = new Intent(getApplicationContext(),Home_screen.class);
startActivity(intent);
finish();
mStatusTextView.setText(getString(R.string.emailpassword_status_fmt, user.getEmail()));
mDetailTextView.setText(getString(R.string.firebase_status_fmt, user.getUid()));
findViewById(R.id.email_password_buttons).setVisibility(View.GONE);
findViewById(R.id.email_password_fields).setVisibility(View.GONE);
} */
else {
// mStatusTextView.setText(R.string.signed_out);
// mDetailTextView.setText(null);
// findViewById(R.id.email_password_buttons).setVisibility(View.VISIBLE);
// findViewById(R.id.email_password_fields).setVisibility(View.VISIBLE);
}
}
@Override
public void onClick(View v) {
int i = v.getId();
if (i == R.id.email_sign_in_button) {
signIn(mEmailField.getText().toString(), mPasswordField.getText().toString());
}
//if(i == R.id.regis)
{
}
if(i == R.id.forgo) {
FirebaseAuth auth = FirebaseAuth.getInstance();
String mail = mEmailField.getText().toString();
if (TextUtils.isEmpty(mail)) {
mEmailField.setError("Required.");
} else {
auth.sendPasswordResetEmail(mEmailField.getText().toString())
.addOnCompleteListener(new OnCompleteListener<Void>() {
@Override
public void onComplete(@NonNull Task<Void> task) {
if (task.isSuccessful()) {
Toast.makeText(EmailLogin.this, "Email sent to your account",
Toast.LENGTH_SHORT).show();
}
}
});
}
}
}
}
Upvotes: 0
Views: 5307
Answers (2)
ctrl freak
Reputation: 12385
You can employ a session manager, which just keeps track of the last session and terminates all other sessions for that user.
- Generate a UUID on the client every time the app launches (lets call it
sessionId). If the user is signed in, or when the user signs in, write thatsessionIdto the user's document in the remote database (lets call this fieldlastSessionId). - Listen for changes to this document for the currently-signed-in user and make note when
lastSessionIdchanges. - When another client launches the app with the same auth credentials, that client is also given a random
sessionIdand thatsessionIdis also written to the database, to the same document, overwritinglastSessionId. All of the clients signed in with these credentials (including this client) see the change inlastSessionIdand for every client where the localsessionId(that was generated on the client) does not equal the newlastSessionId, that client is automatically signed out, thus only allowing one client to be signed in at a time for each credential.
Upvotes: 3
Frank van Puffelen
Reputation: 599776
I understand I should be using an auth token
That won't work. Whenever a user signs in on a device, they get a new auth token. So the same user being signed in on two devices, will have to different auth tokens.
But they will have the same UID. So I'd actually store the uid and something that identifies the active device in the database.
activeDeviceByUser
<uid>: <device ID>
Then remove that when the user signs out or disconnects.
Upvotes: 0
Related Questions
- Only one log in per user at the time in Firebase for android
- Firebase authentication - many users logged with the same credentials
- Firebase: How to keep an Android user logged in?
- How to Ensure only one account can sign into flutter app from one phone
- Android Firebase: Prevent the sharing of account on more than one device issue
- How to prevent multiple login with same credentials from different device in angular Firebase application?
- Firebase : Prevent same account on multiple devices
- Firebase same account on multiple android devices prevention
- Firebase - How to make sure Authentication for an already authenticated user doesn't happen again?
- Firebase authentication - prevent users login one account same time