在我的密码重置功能中,用户可以放入他/她想要的任何内容。它甚至不需要是电子邮件地址。
我想检查一个有效的电子邮件地址,并且该电子邮件已在Parse Server中注册
@IBAction func forgotPasswordButtonTapped(_ sender: Any) {
let forgotPasswordAlert = UIAlertController(title: "Forgot password?", message: "Please enter your email address", preferredStyle: .alert)
forgotPasswordAlert.view.tintColor = UIColor.red
forgotPasswordAlert.addTextField { (textField) in
textField.placeholder = "Email address"
}
forgotPasswordAlert.addAction(UIAlertAction(title: "Cancel", style: .cancel, handler: nil))
forgotPasswordAlert.addAction(UIAlertAction(title: "Reset password", style: .default, handler: { (action) in
let resetEmail = forgotPasswordAlert.textFields?.first?.text
PFUser.requestPasswordResetForEmail(inBackground: resetEmail!, block: { (success, error) in
if error != nil {
let resetFailedAlert = UIAlertController(title: "Error", message: error?.localizedDescription, preferredStyle: .alert)
resetFailedAlert.view.tintColor = UIColor.red
resetFailedAlert.addAction(UIAlertAction(title: "OK", style: .default, handler: nil))
self.present(resetFailedAlert, animated: true, completion: nil)
} else {
let resetEmailSentAlert = UIAlertController(title: "Password reset instructions sendt", message: "Please check your email", preferredStyle: .alert)
resetEmailSentAlert.view.tintColor = UIColor.red
resetEmailSentAlert.addAction(UIAlertAction(title: "OK", style: .default, handler: nil))
self.present(resetEmailSentAlert, animated: true, completion: nil)
}
})
}))
//PRESENT ALERT
self.present(forgotPasswordAlert, animated: true, completion: nil)
}
答案 0 :(得分:2)
您可以在操作中检查电子邮件的有效性:-
forgotPasswordAlert.addAction(UIAlertAction(title: "Reset password", style: .default, handler: { (action) in
let resetEmail = forgotPasswordAlert.textFields?.first?.text
if self.isValidEmail(testStr: resetEmail) {
// Check of email registered on server should be done via this API and API should return error based on that.
PFUser.requestPasswordResetForEmail(inBackground: resetEmail!, block: { (success, error) in
if error != nil {
let resetFailedAlert = UIAlertController(title: "Error", message: error?.localizedDescription, preferredStyle: .alert)
resetFailedAlert.view.tintColor = UIColor.red
resetFailedAlert.addAction(UIAlertAction(title: "OK", style: .default, handler: nil))
self.present(resetFailedAlert, animated: true, completion: nil)
} else {
let resetEmailSentAlert = UIAlertController(title: "Password reset instructions sendt", message: "Please check your email", preferredStyle: .alert)
resetEmailSentAlert.view.tintColor = UIColor.red
resetEmailSentAlert.addAction(UIAlertAction(title: "OK", style: .default, handler: nil))
self.present(resetEmailSentAlert, animated: true, completion: nil)
}
})
} else {
//Show error that email entered is not correct format
// present the reset email alertbox again.
}
}))
func isValidEmail(testStr:String) -> Bool {
let emailRegEx = "[A-Z0-9a-z._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,64}"
let emailTest = NSPredicate(format:"SELF MATCHES %@", emailRegEx)
return emailTest.evaluate(with: testStr)
}
答案 1 :(得分:0)
有一个解析电子邮件适配器来验证电子邮件。
Verifying user email addresses and enabling password reset via email requires an email adapter. As part of the parse-server package we provide an adapter for sending email through Mailgun. To use it, sign up for Mailgun, and add this to your initialization code:
答案 2 :(得分:0)
关于Parse Server通知客户端不存在具有提供的电子邮件地址的用户:
Parse Server 3.1.0之前的版本,如果未找到电子邮件地址,则重置密码的请求将返回错误,但是这存在安全风险,因为它允许攻击者获取用于蛮力攻击的用户数据-请参阅这个explanation。
您还可以查看changelog和PR that implemented this change。
仍然可以通过在发出密码重置请求之前查询User类来自己实现此目的。但是,不应在客户端代码中执行此操作,因为这将要求用户数据可公开访问,这是对隐私的严重侵犯。也可以使用主密钥在云代码中实现该功能,以使用户数据仍然无法被公众访问,但这将带来上述相同的安全风险。