In Firebase, I register the user with e-mail on the authentication side and after registration I send e-mail verification to this user, but in addition to this, I define some other features in my system, such as name, phone number while registering. I will combine these features and keep them in user collections in firestore. At the same time, I want to send an sms-code to the phone number of the data whose e-mail and password are matched in the user collections with the e-mail and password entered by the user while logging in to the system, and I will instantly verify this every time for the user to log in. Is it possible for me to do something like this or should I just choose one over email or phone?
Yes absolutely it is possible, use both authentication method one by one (email first then phone OTP) and while registering after creating user with email and password and sending otp to the user, instead of doing createUserWithCredentials use linkUserWithCredentials. This will create one user with both email and phone number authentication instead of creating two separate users for two different credentials.
Related
I'm working with telegram bot and i have this method to get user messages.
I need to find a way to get a link to the user who send this message
I saw there are this method, but i dont know how to connect them to a "link" to a profile
#Override
public void onUpdateReceived(Update update) {
update.getMessage().getFrom();
// i have: getFirstName(), getLastName() - not helping
// i have also getId() - but its a number how do i convert it to a link to telegram profile ?
}
Having username is optional on Telegram, setting it up means other people will be able to contact the user without knowing their phone number. Only users that chose their username in Telegram settings have a profile link, and the link is of the form https://t.me/<username>.
For ordinary messages, you can get the username via update.getMessage().getFrom().getUsername() and use it to create profile links, however, note that for many users this value will be empty (meaning they don't have a profile link).
Also, if you keep database of chat IDs, you can get usernames of the users via getChat Telegram API call. This can be useful because while usernames can be changed by the user any time (meaning their profile link will also change), chat ID of the user is constant over time and the getChat method will always provide you with the most recent information.
My app uses Firebase authentication with two providers(email/password and Google SignIn) but I require all my users to have a password so they can use any of these providers to sign in, now my problem is I want that each user that sign in using a provider different from email/password should be prompted to create a password immediately but I cannot find any method in the SDK to check if a user has a password.
I tried using the method below to check that but from my observation, this checks only for the provider the user used to Sign Up.
for(UserInfo info : currentUser.getProviderData()) {
if(!info.getProviderId().equals("password")) {
ShowUpdateUserPasswordDialog("CREATE",currentUser);
} else {
MoveToMainActivity();
}
break;
}
I require all my users to have a password so they can use any of these providers to sign in
Firebase authentication with email and password is a totally different authentication mechanism than the authentication with the Google provider.
now my problem is I want that each user that sign in using a provider different from email/password should be prompted to create a password immediately
If the user has chosen to sign-in with Google, why would you force him to enter a password? That's the whole idea, not to use a password anymore. Besides that, you let the user choose even from the beginning what kind of authentication to use. It's some kind of a bad user experience to force the user to choose one, or the other, or both.
However, if you still want to force the user the choose a password, you first need to sign-out the user from Google and Firebase so it can be signed in again with email and password. You can do that silently, but how about the situation in which the user wants to choose a password for the Gmail account that is already in use? In that situation you'll get an error, saying the account with that particular email already exists.
but I cannot find any method in the SDK to check if a user has a password
You didn't find something like that because something like that doesn't exist.
IMHO, some kind of operation might be considered bad practices and I cannot see any reason for doing that. You should let the user choose the type of authentication according to their own will.
I'am developing Api's for Reset Password :-
1st One :- validating email or phone and Send OTP.
2nd One :- validating OTP.
3rd One :- Reset Password.
Problems:-
1.How I can maintain OTP at api side to validate it.
2.If a person directly hit my reset password Api,then he/she could change password, which is a security breach.
Please answer!!!Thanx in advance
1.How I can maintain OTP at api side to validate it.
OTP for password reset should be random, time limited and bound to a username. So yes, you need to maintain the OTPs persistently
Option one - you either build a database where you store the generated OTPs with their validity.
Option two - you can generate OTP in form of signed jwt so the validation algorithm just validates the timestamp and signature (this OTP password is longer, so feasible only for email)
2.If a person directly hit my reset password Api,then he/she could change password, which is a security breach.
There is no point of exposing a separate validation service. The reset service itself should validate the otp and reset the password or not (as one operation)
I need a help of how to send a notification from device to other device using the same application by GCM and PHP as a server.
can anyone provide me a simple example of how to register as a user and send message to another user. or provide me anything that will be useful to my application
I think I know what you are talking about. First things first, if you want to send a Google Cloud Message from device A to to device B, you must have the GCM registration Id of device B. (I hope you are not planning on storing device B's registration Id on device A)
Here is one approach
Create a registration page. Take a unique input from user like email address (don't forget to verify it) and get GCM registration Id. Then store this information in server with the unique input (email) as primary key and map it with GCM registration Id.
Now if you want the USER of the app, say user A to send some information to user B (like chatting app) call your PHP method from device A with user B's unique input (email address). Your web method can fetch the GCM registration Id for device B from the input parameter and can send a GCM message. you can get email address of user B, C, D etc. from user's contact book or contacts in the email address (or use social networking SDKs to get email address).
If you want your app to send GCM message from device A to device B without users consent, then also you either need the registration Id or the mapped unique key of device B (email in this example). I don't really see any use in this case. But since you didn't mention any detail in your original question I am giving the possibilities.
you cannot use IMEI number as device A does not know the IMEI number of device B. And as mentioned earlier you cannot store all the registration Ids from USER A, B, C, D.... in device A.
I am registering user with email address . but i want to send the user a confirmation link where if they click then their email address gets confirmed
I am using java spring MVC hibernate mysql
Among other tools you can use "java mail" package to send emails direclty from your application. Here's the link to API docs Java Mail API
So the scenario could be like the following:
User account is created. It's in unconfirmed state now;
You generate a unique confirmation ID to your applicaiton. The easiest way is to use java.util.UUID.randomUUID().toString(). UUID is a random globally unique value.;
You store the ID (e.g. 0123)+account to the database for future use;
Send the URL+ID (http://yourapp.com/confirm?id=0123) as an email using javamail to the user;
Do not show the ID in browser now;
The user checks inbox and see your letter;
The user clicks the link and request is sent to your site confirmaion servlet;
Confirmation servlet will search for the account associated with the specified confirmation id;
Confirmaion servlet set account to "confirmed state" as obvously the user has access to the specified mail box
Use Java Mail Api to create a e-mail with confirmation. Also, you need to generate unique id to confirm the user - this info can be stored in db. After the moment user clicks on your confirmation link you should set user in 'Confirmed' state.