skip to Main Content

I’m creating an app specific to an industry. To ensure that only industry persons are registering to use it I am requiring company emails to sign up. However, users have said that they then want to change their login email to their personal email address. With Firebase, how to I allow users to change their email address to their personal and then prevent them from creating a second account with their company email address? I don’t have any code snippets to share because I literally don’t know where to even begin with this.

I tried creating a collection of previously used emails but it doesn’t work as a user needs to be authenticated and logged in to be able to get any documents from the database.

2

Answers


  1. How i would do is
    To let users switch from their company email to their personal one in your app using Firebase
    First, make sure users are logged in using Firebase authentication. Then, organize your Firestore database to hold user details like their current email, personal email, and company ID. When a user wants to update their email, double-check the new email to ensure it’s not already used by another account. If it’s unique, go ahead and update the user’s info in Firestore. Also, during registration, make sure each company email is used only once to stop users from creating multiple accounts with the same email. And don’t forget to set up Firebase Security Rules to only allow logged-in users to access and change their own info.

    like for example
    now user comes logs in with his company account
    he will change to his personal email save both in the db so that you can tell that the user already exists na

    Login or Signup to reply.
  2. Updating a user’s email is pretty trivial. You just need to call updateEmail(to:) on the user object from the authentication module.

    Auth.auth().currentUser?.updateEmail(to: email) { error in
      // ...
    }
    

    I tried creating a collection of previously used emails but it doesn’t work as a user needs to be authenticated and logged in to be able to get any documents from the database.

    This is managed by your security rules and thus you can change this.

    service cloud.firestore {
      match /databases/{database}/documents {
        match /usedEmails {
          allow read: if true;
          allow write: if false;
        }
      }
    }
    

    But, it would be a pretty huge security problem if you publically allowed any user to get a list of all previously registered email addresses. There are a few solutions like anonymous authentication:

    Auth.auth().signInAnonymously { authResult, error in
      // ...
    }
    guard let user = authResult?.user else { return }
    let isAnonymous = user.isAnonymous  // true
    let uid = user.uid
    

    which you would then need to convert to a permanent account or link it against an existing account when you have the users email and password.

    let credential = EmailAuthProvider.credential(withEmail: email, password: password)
    annonymousUser.link(with: credential) { authResult, error in
      // ...
    }
    

    Another solution would be to confirm the user’s email hasn’t been used in a HTTP cloud function.

    exports.emailAvailable = onCall((request) => {
      // check if email used
    });
    
    functions.httpsCallable("emailAvailable").call(["email": email]) { result, error in
      if let error = error as NSError? {
        // ...
      }
      // ...
    }
    
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search