如何验证Firebase用户当前密码
[英]How to validate firebase user current password
问题描述
I am creating a form, in react-redux to change user password. 
我在react-redux中创建一个表单来更改用户密码。 I am wondering how can I validate the user current password in order to change to new one. 我想知道如何验证用户当前密码才能更改为新密码。 in my form I have 2 fields: old password, new password. 在我的表单中,我有2个字段:旧密码,新密码。
this is my action: 这是我的动作:
const { currentUser } = auth
currentUser.updatePassword(newPassword)
.then(
success => {
dispatch({
type: CHANGE_USER_PASSWORD_SUCCESS,
payload: currentUser
})
},
error => {
dispatch({
type: CHANGE_USER_PASSWORD_FAIL,
error: error.message
})
}
)
I am wondering, how to validate the old password in firebase? 我想知道,如何在Firebase中验证旧密码? Should I use signInWithEmailAndPassword()? 我应该使用signInWithEmailAndPassword()吗? Or, is there a function to validate the current password without calling the signIn again, since my user is already logged in? 或者,由于我的用户已经登录,是否存在无需再次调用登录即可验证当前密码的功能? Thanks 谢谢
1 个解决方案
解决方案1
4 已采纳 2018-12-30 21:01:07
Well, I believe you want the user to enter the old password just to verify whether it's the actual owner of the account or not. 好吧,我相信您希望用户输入旧密码只是为了验证它是否是该帐户的实际所有者。
Firebase handles this situation very well, you just need to call the updatePassword method on the user object and pass in the new password. Firebase很好地处理了这种情况,您只需要在用户对象上调用updatePassword方法并传递新密码即可。
const changePassword = async newPassword => {
const user = firebase.auth().currentUser;
try {
await user.updatePassword(newPassword)
console.log('Password Updated!')
} catch (err) {
console.log(err)
}
}
If it's been quite a while that the user last logged in then firebase will return back an error - "This operation is sensitive and requires recent authentication. Log in before retrying this request." 如果已经有一段时间用户最后一次登录,那么Firebase将返回一个错误-“此操作敏感,需要最近的身份验证。请在重试此请求之前登录。”
Thus, you don't really need to check the old password as firebase does it for you. 因此,您真的不需要检查旧密码,因为Firebase会为您这样做。
But if you just want to do it in one go, without having the user to log in again. 但是,如果您只想一次完成,而无需用户再次登录。 There's a way for that as well. 还有一种方法。
There is a method on user object reauthenticateAndRetrieveDataWithCredential you just need to pass in a cred object(email and password) and it refreshes the auth token. 用户对象reauthenticateAndRetrieveDataWithCredential上有一个方法,您只需要传递一个cred对象(电子邮件和密码)即可刷新auth令牌。
const reauthenticate = currentPassword => {
const user = firebase.auth().currentUser;
const cred = firebase.auth.EmailAuthProvider.credential(
user.email, currentPassword);
return user.reauthenticateAndRetrieveDataWithCredential(cred);
}
In your particular case, you can have something like this 在您的特定情况下,您可以拥有这样的内容
const changePassword = async (oldPassword, newPassword) => {
const user = firebase.auth().currentUser
try {
// reauthenticating
await this.reauthenticate(oldPassword)
// updating password
await user.updatePassword(newPassword)
} catch(err){
console.log(err)
}
}
Learn more about firebase reauth - https://firebase.google.com/docs/auth/web/manage-users#re-authenticate_a_user 了解更多火力点重新验证- https://firebase.google.com/docs/auth/web/manage-users#re-authenticate_a_user
Hope it helps 希望能帮助到你
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.