I'm currently looking for a solution for creating an iOS application using swift and Firebase as an authentication and database storage system. I'm relatively new to swift and Firebase. I currnently have methods in place that validate the input of my text, in the given text fields in a form.
Here is my method used to validate the format of the email. "Utilities" is in reference to a expression that shows the valid format.
let cleanedEmail = emailAddressTextField.text!.trimmingCharacters(in: .whitespacesAndNewlines)
if Utilities.isValidEmail(cleanedEmail) == false {
return "Please enter a valid email address."
I'm looking to now "Verify" an email address in swift and firebase, and find a method or function to verify wether the email address given by a user on signup is real and not just given to support the format of the validation method I have created. This helps me prevent errors on input for users when they sign up.
Just to be clear, if I give a valid email address of "Jack#fmail.com" it will be accepted even if it isn't a real domain. Therefore if a user mistypes their email address it will create an account on a false domain.
If anyone has any suggestions,I'd be happy to hear them.
Thank you.
The most common used option is to send a verification mail to the user. You can activate that functionality in your Firebase console under the Authentication setting. See image and the link for more information on how to set it up in your app.
https://firebase.google.com/docs/auth/ios/email-link-auth
Related
My issue is that I’m trying to parse my deep link for information to then change a users password. When I send the password reset email I included the users email address within the deep link parameter, however is there a specific way to parse this using FDL library once the link is opened in app? For security purposes there must be a way to verify the generated action code in the deep link to verify the link is legitimate aswell? I know that the fire base docs touch on this for web applications, but it doesn’t go into specifics for IOS.
Best,
James
I'm making a simple social media app. Now I'm trying to provide security while registering users.
I'd like something like. By the way, JUST code for when things go wrong, like if username exists in db, not when things go right for example: Auth.auth().crateUser()
if username already exists in db {
(dont let user register.)
} else {
(let user register)
}
if email is not valid {
(dont let user register.)
} else {
(let user register)
}
Something like that. I'm thinking maybe using alerts, etc.
Any answer is VERY appreciated...
You can tell Firebase Authentication to only allow a single user with each specific email address to register in your project. You do this by enabling the One account per email address setting in the authentication providers panel in the Firebase console.
If you mean with email validation that you want to ensure the user actually has access to the mail address that they enter, that is called email verification in Firebase. Firebase doesn't require that the user verifies their email address before they can sign in. But if your application requires that, you can tell Firebase to send a verification email from within the app. Then when the user clicks the link in that email, a property is set on their account that you can then check in your code (or in the server-side security rules if you're using the Realtime Database, Cloud Firestore, or Cloud Storage). For more on this flow, see the blog post Email Verification in Firebase Auth.
An alternative to this flow is to use Firebase's newer Email link provider. This prevents the need for the user to enter a password, instead using an email with a link for them to sign in. This automatically then also sets their email address to verified.
looking for a little advice on HTML emails and GDPR re-permission.
With the new GDPR regulations I have to create an email to send out to an existing list requesting their consent to continue contacting them.
My intention is to have an 'I'm in' button in the email, which when clicked takes the user to another page/url which has a simple form on it requesting the users email address and checkbox for them to tick to opt in.
My question is can I achieve this another more simple way. For example in the email itself when the user clicks the 'I'm in' button, can a post submission be made automatically with their email address, that gets sent to clients email, and they then just get re-directed to a standard success message. Is something like this possible? It would save having to create a form somewhere and make the process easier for the user.
I don't normally do HTML emails so I'm a little unsure - any help on this would be greatly appreciated, thanks in advance
Yes, you could embed their email in the query string of the URL and then have a webapp at that URL pick up their email from the querystring and process it. Obviously you'd need to code the webapp side accordingly.
E.g:
I'm in!
If you can still send an email to the user, the collection of consent can be quite simple. It will be sufficient to send each user an email containing a link to accept the newsletter (e.g. "Yes, I want to receive the newsletter"). The email should also contain the terms and conditions of the service, and the privacy policy. What come next can be either automated, or handled manually.
The best option would be to automate the process. This can be done in multiple way, the simplest being with a customized link for each user pointing to a website capable of interpreting the data transmitted by the link itself. To achieve this result, the link contained in each email should contain an identification code - which should be anonymized where possible - so that it will be possible to link the new consent to each user. In this way, when the user clicks the link, he or she will be taken to the website. At that point, the backend will be able to collect the code passed by the link, identify the user and, finally, re-subscribe the user to the newsletter.
In practical terms, in the email there could be a link with a value to be passed as a `GET« parameter:
Yes, I want to receive the newsletter
The server-side logic could be as follows (in PHP synthax):
// re-subscribe.php
$uuid = $_GET['uuid'];
$user = getUserByUUID($uuid); // assumed function that gets the user infos by a UUID
subscribeUser($user); // assumed function that re-subscribes user to the newsletter
echo 'Thank you!'
This could even be accomplished manually, provided that a link tracker service/tool is used.
In this – less ideal – case, in the email there should only be a single clickable link, the one required to express consent (e.g. "Yes, I want to receive the newsletter"). This link could take the user wherever deemed most appropriate. What matters, in this case, is the ability, through the tracker service/tool, to know which users have clicked the link. As long as there is only one link in the email, this would inform us that the user has expressed his or her consent, and thus we could manually re-subscribe them to the newsletter. In this case, the link to the terms and conditions and to the privacy policy should be included as static text, and not as an actual clickable link.
For more info, check out our blog post, inspired by this question, at blog.autoprivacy.eu/2018/05/newsletters-after-gdpr-existing-and-new.html
I'm quite a noobie at Firebase. I'm asking for a sort of step by step guide to setup email verification.
Currently, my app uses basic email password login. I want users to be verified so I'm hiding content based on a user's emailVerified property. I'm calling the .sendEmailVerification() and it sends to the current user's email but, whenever I click the link in the email it says the link has expired or someone has used it, this also doesn't change the property. I suspect it has something to do with the api manager. I currently have my website hosted to the built-in Firebase hosting URL.
Based on this link in the docs (which refers to a similar function but not the exact one): https://firebase.google.com/docs/reference/js/firebase.auth.Auth#sendPasswordResetEmail
p.s. I can't find anything regarding this exact function in the docs.
I think I need some sort of listener at the link of the email or on my website?
Thanks in advance, any answers are appreciated.
there could be an issue with your browser api key. You may have some referrer restrictions on it. This could cause the misleading error (code expired or used) to occur. Either fix that issue or generate a new one in the Google console.
Today I faced the following problem:
I registered a new user on my Joobla 1.6 site
activated the account by link from an activation email
After login as the new user I've changed my email to a made up one ( foo#bar.bar )
Joomla's reaction was: 'ok no problem, e-mail seems to be fine, lets save it then'
The only two things Joomla checked was whether the e-mail was written correctly and whether it was in use by a different user.
Why isn't Joomla sanding the same activation e-mail to the new e-mail in order to change it in an user's profile? Is there something I should know?
This looks as if that very important functionality was missing in the profile editing component.
How do I make it working without editing core files?
EDIT:
I've writed a plugin which sorts this out: http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/18139
Well if you want a way to sort this out then try this:
Write your own authentication plugin that uses the onBeforeStoreUser event. Here you check the user email validates correctly whenever they change their email address.
Should you want to you can deactivate the user's account, and then send them a new activation email with link. Have a look the com_users code to see how the registration is dealt with in terms of new users registering and the sending of the activation email. You can pretty much copy the code from there.
Example code for you plugin:
onBeforeStoreUser($user, $isnew) {
if (!$isnew) {
// grab code from com_users to generate activation email
// part of the code makes an activation sequence
// sql to inject this seq into the users account
$db = JFactory::getDBO();
$db->setQuery('
UPDATE #__users
SET activation = '.$db->quote($activation_code)).'
WHERE id='.$user->id.'
);
$db->query();
// send activation email
}
}
Maybe it would be a good thing to also validate old mail account before caring for the new one.
Explanation:
I get a user and password, I log in , I change mail from real owner to mine, I have stolen the account and now can activate it with my mail.
If we validate both old and new mails , we are assuring the new mail is valid and also the change was requested by the original owner.
The activation email is just that - an activation method. This is intended to satisfy user information collection laws for countries like the States, where it is necessary to have users confirm they own "this" email address when they signup. This ensures they themselves are the ones signing them up. This is the purpose of the activation emails.