Menu
My angular app sports a users handling page, where a super-user (administrator) should be able to edit users data. He is not allowed to add new users (who have a sign-up page, where they choose their own secret password), but he should be able(according to my logic) to remove users...
This is removeUser() firebase-simple-login API docs page, and this is a usage example in that same page:
auth.removeUser(email, password, function(error) {
if (error === null) {
console.log("User removed successfully");
} else {
console.log("Error removing user:", error);
}
});
So, application is supposed to know the password... Should I save user's password in my user's data when she is signing-up?
But this way I'd lose firebase-simple-login's main advantage (avoid storing private/sensible data locally)...
Please explain my mistake, in any...
UPDATE:
Thanks to Rob DiMarco comment, I now understand the rationale behild this issue: removeUser() is designed to be used by the user him/herself, after having provided password again... If an admin should need to remove an account, he/she should just set some 'deleted' flag on local user's metadata, and leave that account untouched on firebase. In the event that the user should decide to reactivate that same account, the software should simply remove the 'deleted' flag, and perform a standard auth.login() with freshly user provided username/password...
UPDATE 2: The only small problem with this approach (if it is a problem) is that a user who wants to recover a 'deleted' account, must remember old password, since we did not remove firebase-simple-login account... However, she can always reset her password, in the "login" form (if she is the real owner of the email account...).
@Rob DiMarco: if you want to post your comment as an answer, I'd be happy to accept it...
915
If you'd like to sign the user out of their current authentication state, call the signOut method: import auth from '@react-native-firebase/auth'; auth() . signOut() .
Finding the Password Hash Parameters To access these parameters, navigate to the 'Users' tab of the 'Authentication' section in the Firebase Console and select 'Password Hash Parameters' from the drop down in the upper-right hand corner of the users table.
The user data for firebase authentication is stored in firebaseLocalStorageDb in IndexedDB .
Rather than outright removing the user account, I would recommend an approach where you simple disable the account by writing admin-only metadata to the user account, however those records are stored and structured in your Firebase.
Then you may use security rules against this 'locked' / 'disabled' flag, and get the functionality you're after without the need to store user passwords.
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
