When I use firebase's
auth.currentUser
for my website, it gets the latest user that logged in, even if multiple users are logged in at the same time. How do I get the info of each user that is logged into their own computer?
I am trying to get each user's unique info when they load into a page, but auth.currentUser has only one user logged in at a time?
Here is how I log users in
auth.signInWithEmailAndPassword(email, password)
.then((userCredential) => {
res.redirect(state)
console.log(`logged in`)
})
.catch((error) => {
var errorMessage = error.message;
return res.render('login', { error: errorMessage, state: '/' })
});
auth.currentUser is what you seek. Ideally there should not be multiple logged in at the same time in the same browser. auth.currentUser will give you different information depening on who is logged in.
If userA logs in, auth.currentUser will contain information about userA.
If userB logs in, auth.currentUser will contain information about userB
and so on...
auth.currentUser is just a local variable in each user's session
Related
In the html file that I have for the sign-in page, I perform the authentication using Firebase and on successful authentication, I redirect the given user to the homepage. When I call firebase.auth().currentUser in the express file, I use for rendering and routing pages, I get undefined or null for the current user.
Can anyone help me understand what the issue might be?
This is how I perform the authentication:
firebase
.auth()
.signInWithEmailAndPassword(temail, tpass)
.then(function(firebaseUser) {
window.location.href = "http://localhost:5000/homepage";
})
.catch(function(error) {
window.alert("incorrect pass");
});
This is the code that I have in my express file:
app.get("/homepage", (req, res) => {
var user = firebase.auth().currentUser;
console.log("USER IS " + user);
res.render("menu", { title: "Welcome" });
});
Backend code doesn't have a sense of "current user". When you sign in on the frontend, the current user is only known on that client. It isn't known on the backend. If you want the backend to know which user is signed in, the client will have to send an ID token to the backend for it to verify. The documentation for the Firebase Admin SDK is used for that on the backend. The client must send the ID token to in the request to your route, and the code handling that route must verify the token in order to know the user that made the request. From the documentation:
If your Firebase client app communicates with a custom backend server, you might need to identify the currently signed-in user on that server. To do so securely, after a successful sign-in, send the user's ID token to your server using HTTPS. Then, on the server, verify the integrity and authenticity of the ID token and retrieve the uid from it. You can use the uid transmitted in this way to securely identify the currently signed-in user on your server.
When the user lands on a new page, Firebase automatically restores their previous authentication state. But to do so, it may have to contact the server, which means that it may take a few moments. While Firebase is restoring the state, auth().currentUser will be null.
To ensure you get the correct authentication state, you should use an authentication state listener, as shown in the documentation on getting the current user:
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
// User is signed in.
} else {
// No user is signed in.
}
});
I am trying to verify that somene if changed the JWT token from browser .The user should logout.
authorisedUser has some fields like username,id.
My code is working for only the case when any of this is changed and user is getting logged out.
But if i replaced this with another valid authorisedUser ,user is not logged out
So user A can user user B cookie and have access to his data.How should i change below code to verify it.
This is a light weight application so use of session or database is not there.
jwt.verify(req.cookies["authorisedUser"], "shhhhh", function (err, payload) {
if (err) {
res.redirect(db.env.application.logout_url+'?error=true');
//res.redirect(db.env.application.logout_url);
}
else{
//normal code}}
I am using facebook SDK for social login, it works well most of the time, but sometimes when a user tries to login with Facebook they accidentally logs into someone else's account.
I am using facebookId as unique Id in my DB, and if an existing user logs in again, through this facebookId i validate his/her account.
/* Find user by Fb id */
accountModel.findOne({ facebookId: req.body.fbId }, function (err,resultUserByFb) {
if(err){
}
else {
sendLoginResponse()
}
});
If the facebookId is not present in the DB, we register that user into the system.
I would like to only allow one instance of a user logged in. If I log in on this computer, and then go to another computer to login, the previous session should be destroyed. How can I do that? How can I access all sessions so I can destroy the right one or ensure that session's userID is unique? The only documentation I've seen for accessing the session regards req.session, which is only for the current session.
The typical way to implement this would be to save a user's session ID in the database, and whenever they log in, destroy the session whose ID was previously stored. Sails uses Connect's session store for session management. The session ID is exposed as req.sessionID, and the underlying session store is exposed as req.sessionStore. So, given the session store interface described in the Connect docs, you could do something like the following in your login action:
// Destroy the session from the previous login
req.sessionStore.destroy(loggedInUser.currentSessionId, function(err) {
if (err) {return res.serverError(err);}
// Save the session ID of the current login
User.update({id: loggedInUserId}, {currentSessionId: req.sessionID})
.exec(function(err) {
if (err) {return res.serverError(err);}
// Continue your login action...
});
});
How to destroy the session of a particular user using his/her user_id ?
I have an events like when admin assign role to a normal user then, if the normal user is logged in, I have to destroy the session of the normal user.
Any help would be appreciated.
Thanks
The session of the logged in user has an id that you can save after successful login: req.session.id. Then you can retrieve that user's session from the memory store at any time and destroy it using:
sessionStore = express.session.MemoryStore();
sessionStore.get(id, function(err, sess) {
sess.destroy (function (err) {
});
});