1

I need to prevent user authentication if their email isn't found in allowedUsers. It doesn't really affect the app, since all the actions will be performed on the users list, but it will be nice if the authentication doesn't happen.

loginWithGoogle() {
    const userDetails = this.afAuth.auth.signInWithPopup(new firebase.auth.GoogleAuthProvider())
      .then(user => {
        console.log(user.user.uid);

        const queryObservable = this.db.list('/allowedUsers', {
          query: {
            orderByChild: 'email',
            equalTo: user.user.email,
          }
        }).subscribe(data => {

          if (data.length > 0) {

            const userObj = {
              admin: false,
              ...
              email: data[0].email,
              name: data[0].name,
              verified: false,
            };

            this.addUser(userObj, user.user.uid);

          }

        });

      });

    return userDetails;
  }
KENdi
  • 7,576
  • 2
  • 16
  • 31
Ciprian
  • 3,066
  • 9
  • 62
  • 98

1 Answers1

1

There is no way to prevent a user from authenticating with Firebase Authentication. All they do when they authenticate is say "I am X Yz" and prove it.

What you can do however is prevent that they have access to you database. For example to only allow white-listed users read-access to your database:

{
  "rules": {
    ".read": "root.child('allowedUsers').child(auth.uid).exists()"
  }
}

Also see:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • Makes sense. I'll just have a long list of users in the Authentication tab in Firebase. As I said in my question, this doesn't affect the app i'm working on, since they won't have their uid in the `users` list. Thank you for your answer! – Ciprian Aug 21 '17 at 06:16