Question

我正在使用React使用Firebase作为身份验证/数据库来构建Web应用程序，我注意到我的浏览器历史记录包含一个URL，其中包含纯文本的用户名和密码（http://localhost:3000/login?email=big%40me.com&password=bigger）。这是我在将字符串存储为状态然后将其传递给Firebase身份验证功能时犯的一个错误，还是Firebase身份验证过程中的缺陷？有办法减轻这种情况吗？

代码：

import React from 'react';
import Input from '@material-ui/core/Input';
import Button from '@material-ui/core/Button';
import { withStyles } from '@material-ui/core/styles';
import Grid from '@material-ui/core/Grid';
import Typography from '@material-ui/core/Typography';
import {auth} from './firebase';
import logo from '../images/signature.jpg';

const styles = {
  card: {
    minWidth: 275,
    maxWidth: 350,
  },
  custForm: {
    clear: 'both',
  },
  logo: {
    align: 'center',
    height: 200, 
    width: 'auto', 
    margin: -30, 
    paddingRight: 28
  },
};

class Auth extends React.Component {
  constructor(props){
    super(props);
    this.state = {
      email: '',
      pass: '',
      err: false
    }

    this.handleSubmit = this.handleSubmit.bind(this);
    this.handleChange = this.handleChange.bind(this);
  }

  handleChange(e){
    const name = e.target.name;
    const value = e.target.value;
    this.setState({
      [name]: value
    });
  }

  handleSubmit(e){
    e.preventDefault();
    auth.signInWithEmailAndPassword(this.state.email,this.state.pass)
      .then(result => {
      this.props.onLogin(result);
      this.props.history.push('/home');
    }).catch(e => {
      console.log(e);
      this.setState({
        err: true,
        email: '',
        pass: ''
      })}
    );
  }

  render(){  
    const {classes} = this.props;

    return (
      <div align='center' style={{marginTop: 20}}>
        <Grid 
          container
          direction='column'
          spacing={8}
          justify='center'
        >
        <img src={logo} className={classes.logo} />
        <Typography variant='title' style={{marginBottom: 20}} >Subcontractor Reporting Portal</Typography>
          <Grid item className={classes.card} >
            <form 
              onSubmit={this.handleSubmit} 
              className={classes.custForm}
            >
              <Input 
                onChange={this.handleChange}
                fullWidth
                autoFocus
                type='text'
                name='email'
                placeholder='email'
                value={this.state.email}
              />
              <Input
                onChange={this.handleChange}
                fullWidth
                name='pass'
                type='password'
                placeholder='password'
                value={this.state.pass}
              />
              <Button type='submit'>Login</Button>
            </form>
            {this.state.err && <p>A wrong email or password was entered</p>}
          </Grid>
        </Grid>
      </div>
    );
  }
}

export default withStyles(styles)(Auth);

Answer 1

您可以使用以下链接进行Firebase身份验证，而无需在URL中发送用户名和密码。

https://firebase.google.com/docs/reference/rest/auth/#section-sign-in-email-password

端点

https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[API_KEY]

API_KEY是您在Firebase中的项目的API_KEY。所有详细信息都在该链接中。这将是通过firebase实现身份验证的正确方法，因为它使用令牌，并且令牌可以存储在本地存储中，即使在刷新应用后也可以保持登录状态。

通过URL传递的React / Firebase身份验证变量

1 个答案: