Reputation: 57
How to know when a user has changed the password in firebaseAuthentication?
Currently I'm using two databases to administrate users, what I'm trying to do is to update the firebaseAuth password when the user isn't logged (by sending passwordResetEmail).
Then when the user changes the password (in firebase) and log in again, if the FirebaseLogin is successful I'll take the password and I'll reset the password in the other database.
So, what I need is to know when a user has changed the password in firebase
there's a method from firebaseAuth that sends to the user a password reset email, I need a way to know when the user have changed his password, I've found two methods from firebaseAuth:
confirmPasswordReset();
checkActionCode();
I think that using both methods it could be possible to identify a password reset action, but I don't know how to use these methods.
The other way it would be to save the password directly in Firebase database, to use addValueEventListener or something similar, but I would prefer to avoid saving passwords in the Firebase database.
Thanks for your answers.
Upvotes: 0
Views: 1642
Answers (2)
Reputation: 1506
The best way to do this would probably to create a custom reset-password email handler. Instead of doing the work in your app to verify that a password was just reset, you can handle the reset yourself (and reset it in both places at once). You can read about implementing this in the auth guide.
The confirmPasswordReset() and checkActionCode() methods you mentioned are both supposed to be used from inside the custom email handler.
You definitely do not want to be saving your user's passwords in plain text anywhere. If you have to save them in a second location, always make sure they are encrypted with a unique salt. If you want to verify your Firebase users' identity on a second system, other methods you could use are: re-use their Firebase auth tokens, use the REST api to verify their password, or export your users using the cli and verify them yourself using Firebase's Scrypt library
Upvotes: 1
Reputation: 80924
To be able to use this method:
confirmPasswordReset();
you need the actioncode and the newpassword entered by the user.
Completes the password reset process, given a confirmation code and new password.
more info here: https://firebase.google.com/docs/reference/js/firebase.auth.Auth#confirmPasswordReset
So first you need to get the actioncode:
var actionCode = getParameterByName('oobCode');
then you need to verify the action code and get a new password from the user and pass it to confirmPasswordReset:
auth.verifyPasswordResetCode(actionCode).then(function(email) {
var accountEmail = email;
auth.confirmPassordReset(actionCode, newPassword).then(function(resp) {
// Password reset has been confirmed and new password updated.
}).catch(function(error) {
//error
});
}).catch(function(error) {
//error
});
more info here:
https://firebase.google.com/docs/auth/custom-email-handler
Upvotes: 1
Related Questions
- How to get the time of last password update for Firebase 9 User?
- How to get the password change date in Firebase?
- How to figure out that user has changed password or not via mail FIREBASE
- How do i get the new Password stored in my firebase realtime database in android studio
- How to prevent user from reading after password change?
- how to check when a user has phone authenticated in Firebase?
- Firebase: how to intercept password changed?
- Firebase updating password (current pass and new pass)
- Check if user has signed in using Password Authentication in Firebase
- Get updated User from Firebase Authentication