78023

Firebase security: find other users via email

Question:

Let's say we have these data in Firebase.

usersMail - "example1@mail.com": "1" - "example2@mail.com": "2" - "example3@mail.com": "3"

Is there anyway for user1 to query his own list of emails to look up his friends who are using the application without setting usersMail to be iterable by all users?

If this isn't possible in Firebase, would I have to set up a server with an admin account to do the querying? Still very new to the back-end stuff so I appreciate the help!

Answer1:

So the question is: two users exist in Firebase, uid_0 and uid_1, and we need the ability for uid_0 to search for uid_1 by email.

However, we want to prevent other users from iterating over the users node.

The answer is no. This cannot be done. To query a users node for another user by email, a user would have to have access to each of the users within that node.

There may be another option however. Suppose uid_1 (doug) knows that uid_0 (bob) wants to find him and add him as a friend.

users uid_0: email: bob@greatwhitenorth.com uid_1: email: doug@greatwhitenorth.com

and then a node that links users together, in this case doug knows bob will be looking for him, we include doug's uid so when bob reads the node it will be included in the child data

email_finder doug@greatwhitenorth.com bob@greatwhitenorth.com: true uid: uid_1

and rules to limit access

rules for email_finder node $email read: root.child('email_finder').child($email) .child( root.child('users').child(auth.uid).child('email').val ) .val = true

If I typed that correctly,

root.child('users').child(auth.uid).child('email').val

should retrieve the current users email from the users node, in this case bob@greatwhitenorth.com, so call that X

then

.child($email).child(X).val = true

to ensure that the email = true (exists) within the doug node

Then a direct observe would return the node containing the uid

let thisUserRef = emailFinderRef.childByAppendingValue("doug@greatwhitenorth.com") thisUserRef.ObserveEventOfType(.Value...... { //capture the aid }

You would also want a Rule on the users node that only allows a user to read their own node as well.

This is totally untested and possible even totally wrong but may give you a direction of a possible solution.

Recommend

  • Edit information in firebase, swift project
  • Pandas data types change when iterating over the major axis
  • Convert “String” of Binary to NSString of text
  • Making a switch statement in C with an array?
  • MarkLogic Node.js Sort on “last-modified”
  • c++ search a vector for element first seen position
  • Iterate twice through a DataReader
  • getelement by class name for clicking
  • Changing media screen makes div overlay
  • Using android opencv apps without downloading opencv sdk manager
  • Efficient User-Agent Regex to find Safari in Python
  • Django Haystack Rebuild Index
  • Consuming a WCF service in a Java Client using wsHttpBinding
  • jQuery: How to AJAXify WordPress Search?
  • Simple linked list-C
  • How to install node-mysql?
  • Bash if statement with multiple conditions
  • Selenium to click on a javascript button corresponding to a text
  • CakePHP ACL tutorial initDB function warnings
  • Tamper-proof configuration files in .NET?
  • How do I access an unhandled exception in an MVC Error view?
  • Email verification using google app script and google forms
  • Google Custom Search with transparent background
  • Email format validation in mvc3 view
  • Insert into database using onclick function
  • What is Eclipse's Declaration View used for?
  • How to make a tree having multiple type of nodes and each node can have multiple child nodes in java
  • Can I make an Android app that runs a web view in Chrome 39?
  • sending/ receiving email in Java
  • Jquery - Jquery Wysiwyg return html as a string
  • Arrays break string types in Julia
  • WPF Applying a trigger on binding failure
  • Java static initializers and reflection
  • File not found error Google Drive API
  • Qt: Run a script BEFORE make
  • Authorize attributes not working in MVC 4
  • Busy indicator not showing up in wpf window [duplicate]
  • How can i traverse a binary tree from right to left in java?
  • Python/Django TangoWithDjango Models and Databases
  • Net Present Value in Excel for Grouped Recurring CF