Firebase simple login does not return a user object
I am trying to use the FIrebase's simple login with email/password provider. My setup is very simple, it's a copy of Firebase's docs:
<!doctype html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script type='text/javascript' src='https://cdn.firebase.com/v0/firebase.js'></script>
<script type='text/javascript' src='https://cdn.firebase.com/v0/firebase-auth-client.js'></script>
<script>
var chatRef = new Firebase('https://testfbang.firebaseIO-demo.com');
var authClient = new FirebaseAuthClient(chatRef, function(error, user) {
if (error) {
// an error occurred while attempting login
console.log(error);
} else if (user) {
// user authenticated with Firebase
console.log('User ID: ' + user.id + ', Provider: ' + user.provider);
} else {
// user is logged out
console.log('Not logged in')
}
});
authClient.createUser('myemail@gmail.com', 'mypass', function(error, user) {
if (!error) {
console.log('User Id: ' + user.id + ', Email: ' + user.email);
}
});
function dologin(){
authClient.login('password', {
email: 'myemail@gmail.com',
password: 'mypass'
});
};
</script>
</head>
<body>
<button onclick="dologin()">login</button>
</body>
</html>
The user is created correctly, I got at my console:
User Id: 2, Email: myemail@gmail.com
But when I hit the login button, I am getting:
Not logged in
The response consists of a "token" string and a "user" json string with the correct id, email, provider etc.
The response seems correct, somehow the user object does not get populated.
I have tried with wrong email or password and I got the relevant error message.
Am I missing something?
Also I have noticed that the call to the auth service is something like this:
https://auth.firebase.com/auth/firebase?&firebase=testfbang&email=myemail%40gmail.com&password=mypass5&callback=FirebaseAuthClient._callbacks._firebaseXDR136717460560112
I am not a security expert but isn't cleartext passwords at the url a major security problem?
Thank you for any input.
Andreas
The code in the above snippet is correct, but the address / URL of the Firebase being used is incorrect. All 'production' user Firebases use the domain firebaseIO.com
, but the above code uses a firebaseIO-demo.com
domain, which is security-disabled and used only for test purposes. Firebases on that domain can be created by anyone and passed around as a convenience, but cannot be authenticated to or tied to a Firebase account.
Regarding passwords in plaintext, all Firebase Simple Login requests are forced to HTTPS, so this password is never actually sent in plaintext over the wire.
链接地址: http://www.djcxy.com/p/74044.html上一篇: Firebase authWithPassword注销
下一篇: Firebase简单登录不返回用户对象