Currently, I am working on a Flutter project application which is a tricycle booking system. When a user has canceled three times(equivalent to life points), the user shall not be able to use their accounts for a few days meaning their accounts are suspended for abusing the cancel functionality. How do I implement this idea/functionality wherein I am using a Realtime Database from Firebase. Thank you!
you can prepare a flag in the user object.. a status flag.. that indicates if the user account status is allowed or not.. and when the app starts you can check that status flag.. if it says true.. user can login.. if it says false, you can show a screen saying account denied.
Related
I need to implement a standard user registration/activation workflow with Firebase. There doesn't seem to be an obvious way to implement this. When I say "standard", I mean how most email/password accounts work - not necessarily specific to Firebase. I'm sure you're familiar with this. This is the workflow:
User enters their username/password on a form with some validation and submits details
The back-end creates the user record in the database, but the account remains deactivated (i.e. user cannot authenticate - the activated flag is set to false)
The back-end sends an email to the user with a link to activate the account
The user clicks the link in their email which triggers activation. This is probably a Web API of some description.
At this point, the user record's activated flag ticks over to true, and the user can now authenticate
The link probably also has a deep link that opens the app or navigates to a web page
The user can now log into the app
How do I configure Firebase to do all this?
Currently, the app allows the user to register. I am using the Flutterfire SDK. I call createUserWithEmailAndPassword, which successfully creates the user in Firebase. But, the user is already activated. The user should have a state of "disabled" in firebase until the account becomes activated. I can't find any settings to default the user to disabled when the account is first created.
I also managed to get Firebase to send out an activation email by calling sendSignInLinkToEmail, but this call is really designed for email authentication - not email activation. Opening the link should activate the account, but I have not figured out how to do this. This documentation makes it sound like it is possible. Perhaps, the Flutterfire SDK is missing this? I don't want to allow people to log in without a password. I only want to use this call to send out an email.
What am I missing here? Is this non-standard behavior for Firebase? If so, why? If the user is allowed to use an app with an email address that is not activated, they can impersonate someone else. We need to confirm at least that they are custodians of the email address that they are claiming to have.
Do other Firebase people just not worry about this?
Lastly, I know I can achieve this by creating a collection for users in Firebase and putting an "activated" flag there. But, if I do that, I've got to write a cloud function that accepts the link and then updates the user in the collection based on the received link. But I thought this would be automatic in Firebase. If Firebase doesn't have this built-in, I have to put all the security over the top to stop users from authenticating when they have not yet activated their account.
This is a pretty valid concern. I suppose the way around this is to check whether the signed-in user is verified whenever the app is launched. The User object that is returned from Firebase Auth has an emailVerified flag. Check this page for more details.
Using this flag you can choose to show a different screen or pop-up that has a button to send a verification link to the registered email address. Until the user verifies this address, you can limit access to some of the app's screens if you want.
Please note that I have not checked if this emailVerified flag is true for sign ups using Federated login providers like Google Sign-in and Apple Sign In. You might want to check that out.
I am new to Firebase and I have been working within IOS to identify the users by an automatically generated key. Essentially I'm creating a leaderboard with highscores and levels. Instead of having the user sign up for an account I want them to already have an ID so they can just start playing and write their high scores to the leader board. At the moment I have this code:
let user = Auth.auth().currentUser
ref?.child("Highscore").child((user?.uid)!).setValue(highscoreArray)
For some reason I'm getting an error that the "user" is non-existant. Is there a way to automatically generate one without having to force the user to choose a username etc. Also I've tried childByAutoID and i keep getting new IDs within the simulator everytime I run it.
Thanks for the help.
Minimally, you have to put the user through a sign-in process. Auth.auth().currentUser won't return anything but null until that process is complete. There is no workaround for this requirement. The only way you get a uid is after the user signs in a creates an account.
If you don't want to user to have to do anything to sign in, you can enable and implement anonymous authentication to sign them in without requiring any input from them. You can then upgrade their account later in order to make it permanent, since anonymous accounts don't transfer between devices or survive an app uninstall.
In my application , i works with web-services and when user log in into my app my app is sending a request with status 1 means loged in and when on log out button click sending a request with status 0.
Now problem is , when user removes app from devices , status in my server is remain 1(log in) , hence other user can see him available while his app is not in device. so is there any way by which i can send request when my app removes from device (i don't think it is possible) or is there any other way that i can do in my backend side ?
Thanks in advance.
It is not possible to call a web service when the user deleting the app from an ios device. There are three methods to came to know that whether your application is there in user's ios device. But there are few limitations also.
Activate Push notification: By doing this, device will get registered with Apple's push notification service. When user delete the app from device, the registration will be revoked from APNS server and through the APNS feedback service, you can get to know whether the application is existing. (Limitation: If the user did not agree with receiving push notifications, then the app will not be registered with APNS and you never came to know that whether application is existing or not)
Activate Location Based service: If your application enables location based service, then your application will get periodic location updates in a location delegate method. In this delegate, you can call a webservice and keep update the status of user even the application is in background. (Limitation: If user disables the location update, then your server will not get info about user status)
Periodically Call a Webservice From you app: This is possible only if your app is active. (Limitation: When you application pushed in to background, your application will be in suspended mode, so it will not possible to call webservice)
Sorry Unfortunately Apple not provide any method that user Uninstall app from user's device, There is no such method.
When user delete any application device does give the alert "Do you want to delete this application" with option "Delete" and "Cancel". You don't have to write any specific code for this.
I just assume that There is one method in which you can find out when user is about to delete your app. That is you need to implement push notification Apple server will inform you when you try to push to an uninstalled instance. Other than that there's no way to detect it but i am not sure its helpful or not.
You can't do this from within the app. You would want to do something like have a periodic task which runs on the backend, checking the last activity date of logged in users and setting them to 'not available' after some configured period of inactivity. This will probably require some changes to the backend to record last activity date and a change to the app so that while it's open it sends a periodic 'heartbeat' to the backend. You probably want to make the timeout quite big (say 15 minutes, big enough to not have a large impact on performance).
I have an ios app.
In which i have multi user account.So multiple user can Login.
When one user see other user profile and if that user is also online i want to notify him.
I can't get how to implement it.
If i have to continuously check some flag value on server if someone has checked their profile or how can i handle it?
Remote notifications is the way to do it. The logic on when and who has to be notified can be handled at the server.
You may have seen lots of apps asking for permissions to send notification. The downside being if the user denies that permission.
Polling from client side can also be one of the methods which can be used and but would require the client to do most of the computation.
So all in all, its a call you got to take considering what you are building.
I am just trying to implement In-App-Purchasing with in my application and I am successfully able to test my application but I want to offer few part of application will be free and some part will be give to user after payment. How can I do it. Thank you.
we basically keep the features locked in our application and unlock them after user makes in app purchase. To lure the user, when user tries to access that feature, we usually show the user message that it is locked in this version of application and in order to unlock it, in app purchase needs to be done.
All the features should have unique product identifier, so as to identify which feature the user unlocked (purchased)