Firebase Email and Password Authentication

 

We're building an employee engagement survey platform with Ember JS and Firebase as the backend.

And we're using Firebase's Email and Password authentication to store our users' passwords. We're not storing the passwords in our firebase.

The application flows like this:

  • Admin creates a survey and adds questions
  • Admin adds users to the survey(with name, email and password)
  • Admin sends emails to users
  • Users login and respond to the survey

    • As can be seen from the workflow above, one of the features we need is an "Email Manager" which sends an email to users based on their survey status (ex: "Survey Not Started", "Survey Partially Completed" etc.)

    In the email that we send we need to send the user's login credentials (ie email and password) to enable them to login. A sample email would look like this:

    "

    Please login to your survey at this URL - www.voiceupsurvey.com using the following access details:

    Email: bobtony@yourcompany.com

    Password: XA3kdt3

    "

    Would you have any suggestion as to how we can do this?

    Specifically, I'm not sure how to query for a users password from the Firebase authentication store.

    Firebase does not store the user's password, that would be a huge security risk.

    Instead what you can do is send the user a password reset email. This email will contain a link that they can click to reset their password.

    Your application's flow would be:

  • Admin creates a survey and adds questions
  • Admin adds users to the survey (with name, email and a random password)
  • Admin sends password reset emails to users
  • Users login and respond to the survey

    • Note that the password in step 2 is never used, so make it long and unguessable to again reduce the security risk.

    First - you cannot query user password from Firebase.

    Second - it sounds better to add users to survey only with name & mail or even only with mail, and let the users login/register himself.

    What should happen if admin add same user to more then one survey?

    You can have another password for entering the specific survey , but that should be in separate place , not connected to the user authentication details.

    If you don't want to let any user login, you can provide some token with the link in the email, to validate if user can register.

    链接地址: http://www.djcxy.com/p/74048.html

    上一篇: 将注册用户从一个Firebase应用转移到另一个

    下一篇: Firebase电子邮件和密码验证