我正在尝试编写应用程序,但我遇到了一些无法解决的安全问题,我需要帮助。 我在firebase上使用用户手机身份验证,它正常工作。现在我希望当用户身份验证被授予用户ID保存在数据库上并且它正在工作时。
但问题是我使用此代码为新用户写入数据库的规则:
{
"rules": {
".write": "auth == null ",
".read": "auth == null "
}
}
此代码适用于新用户注册时:
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
Firebase Ref = new Firebase( "database address" );
Firebase usersRef = Ref.child( "Users" ).child( "user_id" );
usersRef.setValue( user.getUid() );
当我使用此规则时身份验证被拒绝:
{
"rules": {
".write": "auth != null ",
".read": "auth != null "
}
}
但是我的用户已经注册,我得到他的身份证和手机身份验证用户如何解决这个安全问题?
D/FirebaseAuth: Notifying id token listeners about user ( b3bizXzmH7XQfXWNvHCMVXzDHSx2 ).
D/FirebaseApp: Notifying auth state listeners.
D/FirebaseApp: Notified 0 auth state listeners.
D/PhoneAuthActivity: signInWithCredential:success
D/FirebaseAuth: Notifying id token listeners about user ( b3bizXzmH7XQfXWNvHCMVXzDHSx2 ).
D/FirebaseApp: Notifying auth state listeners.
Notified 0 auth state listeners.
D/PhoneAuthActivity: signInWithCredential:success
W/RepoOperation: setValue at /Users/user_id failed: FirebaseError: Permission denied
W/RepoOperation: setValue at /Users/user_id failed: FirebaseError: Permission denied
D/FirebaseAuth: Notifying id token listeners about user ( b3bizXzmH7XQfXWNvHCMVXzDHSx2 ).
D/FirebaseApp: Notifying auth state listeners.
D/FirebaseApp: Notified 0 auth state listeners.
D/PhoneAuthActivity: signInWithCredential:success
W/RepoOperation: setValue at /Users/user_id failed: FirebaseError: Permission denied
答案 0 :(得分:0)
尝试
{
"rules": {
".write": "auth == true",
".read": "auth == true"
}
}
答案 1 :(得分:0)
我解决了我的问题答案:
FirebaseUser user = task.getResult().getUser();
mDatabase =FirebaseDatabase.getInstance().getReference();
String current_uid =user.getUid();
mDatabase.child( "Users" ).child( "uid" ).setValue( current_uid );