[英]Native iOS app - Does the Firebase SDK have the capability to lock a user out of their account if they have failed 5 consecutive log-in attempts?
I'm creating the log-in page for a mobile app, will Firebase Auth allow me to cap log-in attempts at 5 before temporarily disabling the account?我正在为移动应用程序创建登录页面,Firebase Auth 是否允许我在暂时禁用帐户之前将登录尝试次数限制为 5 次?
I've been investigating the Firebase SDK to see if I can lock users out of their account if they have attempted 5 consecutive incorrect password entries.我一直在调查 Firebase SDK,看看如果用户连续 5 次尝试输入错误密码,我是否可以将他们锁定在他们的帐户之外。
I'm reviewing the errors available in the Firebase documentation and I see there are the following error codes:我正在查看 Firebase 文档中提供的错误,我看到有以下错误代码:
FIRAuthErrorCodeWrongPassword,
FIRAuthErrorCodeTooManyRequests,
FIRAuthErrorCodeUserDisabled
https://firebase.google.com/docs/auth/ios/errors https://firebase.google.com/docs/auth/ios/errors
Yes, to implement "account lockout" in your app, you can do the following:是的,要在您的应用中实施“帐户锁定”,您可以执行以下操作:
Set the maximum number of allowed failed sign-in attempts.设置允许的最大失败登录尝试次数。 This can be done in the Firebase Console by going to the "Authentication" section and clicking on the "Sign-in method" tab.
这可以在 Firebase 控制台中通过转到“身份验证”部分并单击“登录方法”选项卡来完成。 In the "Email/Password" section, you can set the "Maximum failed sign-in attempts" to the desired number (eg 5).
在“电子邮件/密码”部分,您可以将“最大失败登录尝试次数”设置为所需的次数(例如 5)。
Handle the FIRAuthErrorCodeTooManyRequests error in your app's sign-in code.处理应用登录代码中的 FIRAuthErrorCodeTooManyRequests 错误。 This error is returned by the Firebase Auth API when the maximum number of allowed failed sign-in attempts has been reached.
当达到允许的失败登录尝试的最大次数时,Firebase Auth API 会返回此错误。 When this error is returned, you can display a message to the user telling them that their account has been temporarily disabled and instructing them to contact customer support to reset their password.
当返回此错误时,您可以向用户显示一条消息,告诉他们他们的帐户已被暂时禁用,并指示他们联系客户支持以重置密码。
Optionally, implement a mechanism to automatically reset the failed sign-in attempts counter after a certain amount of time.或者,实施一种机制以在一定时间后自动重置失败的登录尝试计数器。 This can be done using the updateUser method of the Firebase Auth API and setting the reauthenticateBeforeUpdate parameter to true.
这可以使用 Firebase Auth API 的 updateUser 方法并将 reauthenticateBeforeUpdate 参数设置为 true 来完成。 This will require the user to re-enter their password before the failed sign-in attempts counter is reset, which can help prevent unauthorized access to the user's account.
这将要求用户在重置失败登录尝试计数器之前重新输入密码,这有助于防止未经授权访问用户帐户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.