堆栈内存溢出
  简体   繁体   English

Firebase临时禁止帐户

[英]Firebase temporary ban account

 原文  2016-11-18 17:08:14       ios/ swift/ firebase/ firebase-realtime-database/ firebase-authentication

问题描述

I'm trying to create an app where you'll have to login / register. 我正在尝试创建一个必须登录/注册的应用程序。 I'm able to permanently ban a user by creating a value called "Disabled" for his account and set this value to "Yes". 我可以通过为其帐户创建一个名为“已禁用”的值并将该值设置为“是”来永久禁止用户。 Than I'll check each time he logges in if this value is Yes, if it is than he won't be able to login. 然后,我将在每次登录时检查该值是否为“是”,否则将无法登录。 Is it possible to temporary ban an account? 可以暂时禁止帐户吗? I was thinking to save the current time when the ban happened and then add the amount of time for the ban. 我当时想保存禁令发生的当前时间,然后增加禁令的时间。 Then check each time the players logges in if the temporary ban value (the time) is higher than the current time, if so the player is still banned. 然后,在每次玩家登录时检查临时禁令值(时间)是否大于当前时间,如果是,则仍然被禁止。 If the value (the time) is lower than the player is unbanned. 如果该值(时间)低于播放器,则不被禁止。 But I think they just could change this in the settings of their device. 但是我认为他们可以在设备的设置中进行更改。

Is there any other way to do this? 还有其他方法吗?

2 个解决方案

解决方案1
 3  2016-11-18 19:10:51

You can disable a user's account through the Firebase Admin SDK . 您可以通过Firebase Admin SDK禁用用户帐户 But that won't automatically sign out the user. 但这不会自动注销用户。 It will just prevent them from signing in again. 这样只会阻止他们再次登录。

To prevent the user from making unauthorized changes, you'll probably also want to add a blacklist of disabled users to your database: 为了防止用户进行未经授权的更改,您可能希望将禁用用户的黑名单添加到数据库中: 

/bannedUsers
  uid1: <banned-until-timestamp>
  uid2: <banned-until-timestamp>
  uid3: <banned-until-timestamp>

Then you can check this list from your security rules : 然后,您可以从安全规则中检查以下列表 

".write": "!root.child('bannedUsers').child(auth.uid).exists() || 
            root.child('bannedUsers').child(auth.uid).val() < now"

解决方案2
 3 已采纳  2016-11-18 19:27:29

Maybe an idea which might work for you: 可能对您有用的想法:

To ban a user, create an entry in your database to the user to flag the user as banned with a timestamp NOW + X 要禁止用户,请在数据库中为该用户创建一个条目,以将该用户标记为已禁止,并带有时间戳NOW + X 

{ "users" : {
     "bad_user" : {
         "banned" : {
            "until" : 123456 // timestamp NOW + X
         }
     }
  }
}

Now whenever the user logs in afterwards, you check wether the user is banned and immediately try to delete that entries. 现在,每当用户随后登录时,您都可以检查该用户是否被禁止,并立即尝试删除该条目。 If it fails, penalty time is still running. 如果失败,则惩罚时间仍在运行。 If it succeeds, well then the user can use your app :) 如果成功,那么用户可以使用您的应用程序:)

The trick is to use firebase rules to restrict possible changes. 诀窍是使用Firebase规则限制可能的更改。

something like: 就像是: 

{ 
  "rules" : {
    "users" : {
      "$uid" : {
       // ...
        "banned" : {
          .write : "(!newData && now < data.child('until').val() )"
....

Please note - these are not working rules, but should help to figure it out. 请注意-这些不是工作规则,但应该有助于弄清楚。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iOS 链接两个 firebase 帐户 - iOS link two firebase account 使用firebaseSimpleLogin的Firebase用户帐户安全性 - Firebase user account security with firebaseSimpleLogin 使用不同的Google帐户Firebase iOS登录 - Sign in with different google account Firebase iOS "Firebase 删除帐户以及 iOS 上的数据库和存储" - Firebase delete account along with Database and Storage on iOS Firebase电话验证以及帐户链接 - Firebase Phone Auth along with account linking iOS:Firebase和facebook帐户套件登录 - iOS: Firebase and facebook account kit login Firebase Auth Google - 总是要求提供帐户 - Firebase Auth Google - always ask for account Firebase电子邮件验证不会验证帐户 - Firebase email verification doesn't verify account 多个帐户链接到一个(管理员)Firebase - Multiple account's linked to one (Admin) Firebase 如何在iOS中将Facebook帐户链接到Firebase用户 - How to link Facebook account to Firebase user in iOS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM