Menu
So, maybe I missed this somewhere in the docs but I couldn't find anything of the sort.
I wan't my users to have to type in their current password to be able to create a new one. From what I understand if the user is authenticated he is able to update his password without providing his current one.
Even if this might be somewhat secure I would rather have him type his old one to prevent people from going on already authenticated sessions from say family members or so and changing the pw.
Is there any way to do this?
(I have no problem using the Admin SDK since I already set up a server for these kind of things)
561
If you haven't yet connected your app to your Firebase project, do so from the Firebase console. Enable Email/Password sign-in: In the Firebase console, open the Auth section. On the Sign in method tab, enable the Email/password sign-in method and click Save.
onAuthStateChanged. Adds an observer for changes to the user's sign-in state. Prior to 4.0. 0, this triggered the observer when users were signed in, signed out, or when the user's ID token changed in situations such as token expiry or password change.
If the user login with a custom "email/password" you don't know anything else about that user (apart from the unique user id). If a user login with Facebook, or with Google sign in, you can get other information like the profile picture url. It is explained here: firebase.google.com/docs/auth/android/… .
var user = firebaseApp.auth().currentUser; var credential = firebase.auth.EmailAuthProvider.credential( firebase.auth().currentUser.email, providedPassword ); // Prompt the user to re-provide their sign-in credentials user.reauthenticateWithCredential(credential).then(function() { // User re-authenticated. }).catch(function(error) { // An error happened. }); you can use reauthenticate API to do so. I am assuming you want to verify a current user's password before allowing the user to update it. So in web you do something like the following:
reauthenticateAndRetrieveDataWithCredential- DEPRECATED
firebase.auth().currentUser.reauthenticateAndRetrieveDataWithCredential( firebase.auth.EmailAuthProvider.credential( firebase.auth().currentUser.email, providedPassword ) ); If this succeeds, then you can call
firebase.auth().currentUser.updatePassword(newPassword); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
