Validate user registration with firebase - reactjs

I am new to Firebase. I have a custom subscription page with email and password.
In the webApp I am working on, I would like to send an activation email every time someone subscribes. However, I would like this email to be sent to an administrator instead of being sent to the user itself.
I do not want the users to activate their accounts, but an administrator, who does not know anything about programming.
Is there an easy way with firebase to do such a thing?
Thank you!
PS: I am using firebase with ReactJS, if this helps :-)

Firebase has an example of sending emails through Gmail. Please see the link. You can store and read the administrator email address in the firebase db. In the email to the administrator, you direct the admin to click the link to your webapp to activate the user.
https://github.com/firebase/functions-samples/blob/master/quickstarts/email-users/functions/index.js

Related

Firebase, Changing User password via Email with unique password requirements

Currently, Firebase offers the option to send an email to a users email who wishes to change their password. Unfortunately, Firebase does not allow you to edit their password requirements which I believe is locked at requiring only 6 characters.
For many people this is inadequate and insecure.
I recently made an application that allows users to create quizzes either for themselves or for others. In this application, I stores personal information of my users and I wanted to make sure that their accounts were secure so I required more from my passwords. Unfortunately, when a user wishes to change their email, the default Firebase function does not keep my security which leads to confusion as a user can change their passwords according to Firebase's lax constraints but then they still couldn't log in because they used an invalid password. (I blocked invalid passwords from the text box before even checking with Firebase).
After I encountered this error, I came to StackOverflow for help to see if anyone else had this issue and came up with a solution. Unfortunately, I was met with harsh criticism and harassment by users who claim to be Firebase officials and Administrators who did not care about my question.
Then, I after a week of research and testing, I found the solution using React and 3rd party libraries to handle this.
Please, see my answer below and if you have a more creative solution, I would be interested in seeing that as well.
To solve this problem, the only answer is to create your own mailer service with your own basic mailer service, host website, and API.
What you need:
An application which uses Firebase.
A hosted API which uses Firebase and a 3rd party Mailer such as Node with NodeMailer - hosted on Heroku
A React app which can communicate with the API
What I did:
First, I created my API which accepts calls from my specified IP addresses. This API can receive requests to reset a password when the password is known or unknown. When the password is known, I send an email to the user using NodeMailer and I send a special HTML file so the email looks official. It is quite easy to copy the layout of Firebase's emails if you wish.
More Info can be found here: https://nodemailer.com/message/
Then, I created a React App that is hosted on Heroku. When the user clicks a link in the email, it will send them to this website with the required information in the query. This app, much like when the Firebase link is clicked is just a simple text box and submit button. However, now you can customize it to require password confirmation with a second text box. You can also add a company logo and custom colors so it isn't so HTML 1 looking like the link you see from Firebase. Most importantly, you can now control the password that the user enters to add your unique requirements.
On submit, the app will send the new password, username and old password if available to the API.
If you do not know how to create a React App or a Node API, you can see a detailed tutorial here: https://www.techandstartup.com/tutorials/build-api-with-node-express-and-mongodb
Finally, the API can log into the users account if a password is present and then change the password. Detailed steps can be seen from: https://www.codegrepper.com/code-examples/javascript/firebase+user+change+password
If a current password is not present, then the API can delete the user and recreate it with the desired password. Deleting a user can be seen: https://www.codegrepper.com/code-examples/javascript/firebase+delete+user Then you simply recreate a user. Example code: https://www.codegrepper.com/search.php?q=firebase%20createUserWithEmailAndPassword
With these steps, you can now send a password reset email to a user. The email will be completely unique as you will be designing it yourself. The password will be to your exact specifications as your React App will control the data on submit. And the page itself will look much more user friendly as it's not the default Firebase page.
Hopefully this helps you or your company with working around the Firebase reset password with email function. I am still holding out hope that another user may have a more elegant or basic solution than this as creating an API and hosting a website just for 1 function is not appealing in many cases.

How to access multiple salesforce orgs with same connected app

I am trying to access the multiple communities in multiple salesforce sites with same connected-app but could not.
For example: I have created the two salesforce sites A and B. And created connected-app in A. To access rest API of A, i could authenticate with connected-app in A, But how to connect with B with using the same client_secret and client_id by differs in user_name and password?
Or is there any way to connect with REST API with username and password as creds?
Example: There is community_A1, community_A2 in Site A and community_B1 , community_B2 in Site B.
I need to access communities in both the Sites
This should work out of the box, what errors you're getting?
You can have 1 set of consumer key and secret and (if admin in target org didn't block it) you could use this to login to any SF in the world, sandbox or production, core SF or community.
Imagine being a developer of mobile app that pulls data from salesforce. You'd want to have just 1 pair of keys, not install separate key for every org people might install your app...
All org-specific stuff you need is username, password and login url. For community the login url will look like https://sandboxName-MyDomain.cs123.force.com/communityName
Once you have that, you can inspect all the OAuth2 stuff at https://sandboxName-MyDomain.cs123.force.com/communityName/.well-known/openid-configuration
Have you played with https://openidconnect.herokuapp.com/ ?
Paste your community url, for now keep the client and secret as is, click next. Login to community and keep clicking next. It should work fine and at the end - give you access_token / session id.
Now close this browser completely / open new incognito window and do it again. This time give your login url but also client and secret. Next, Next... Check the user's login history, it should mention your connected app now.
Now close this and do it last time, with the other community's login url and another user's credentials but still with your client and secret.
is there any way to connect with REST API with username and password
as creds?
Not for community. Internal users can get access in one go with https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_username_password_flow.htm&type=5 but community/experience users need this interactive login, there has to be a human consent / password typing step. And anyway it's not very secure flow. "Experience Cloud sites don’t support the OAuth 2.0 username-password flow."
In a pinch you could try the SOAP API's login method but from what I remember you may need to pass the community's Id in the message then
Connected-app is global metadata in salesforce. Once we create a connected-app in one org, then can access any salesforce site with the same client_id,client_secret, unless the admin has blocked the access.
I needed to add the custom profile into the community members to allow the access to the community via API (Community workspace -> administration -> members -> profiles.)

user management with Firebase and React

I was wondering if this is possible using Firebase and React.
I want to create a admin panel where the admins can add new user and assign roles. The moderators should also be able to login and make a new post (the new post part i have figured out).
However i dont want any users to be able to register on their own, just the admin to add them to the site.
Is this possible and in that case, how? Grateful for input and thoughts
Yes its possible, just create and Interface which is able to send data to firebase.
Here you have a little example.
I've just create and APP which connects to firebase. Firebase saves a lot of time becase you dont have to control the Auth and the Users SingUp, it has functions to do it.
I will sugest you to use it with ReactForm (to send the data) abd the ReactRedux to control states and the LogIn, LogOut and SignUp.
https://medium.com/firebase-developers/how-to-setup-firebase-authentication-with-react-in-5-minutes-maybe-10-bb8bb53e8834
Fore more info check Google Documentation.
https://firebase.google.com/docs/auth

Facebook Taggable Friends

I am trying to get all the friends of the user currently signed in. I tried /me/friends but that didn't work as it returns only the users using my app already. I then tried https://graph.facebook.com/me/taggable_friends?access_token=somecodehere
In the browser it says
"To use taggable_friends on behalf of people who are not admins,
developers and testers of your app, your use of this endpoint must be
reviewed and approved by Facebook. To submit this feature for review
please read our documentation on reviewable features:
https://developers.facebook.com/docs/apps/review"
But when I do a GET (using Angular.js) on this URL with a valid access token using my application, it returns me a list of my friends, with their id, name, picture. Why is this happening? How can my app get the data if my browser cannot?
Also, the picture currently returned is too small. How can I get the email and larger picture of all my friends in this response?
Any help is highly appreciated.
PS: I am building a cordova app and getting access_token via CordovaOAuth.
taggable_friends works for you because it works without review for everyone with a role in the App (Admin/Developer/Tester). You only need to go through the review process if you want to go public with your App.
That beind said, taggable_friends is for tagging only, a larger picture is not neccessary for that and you definitely can´t get their email. What would you do with the email of friends who did not even authorized your App? You would not be allowed to use those emails anyway. You can ONLY get the email of a Facebook user by authorizing that user with the email permission.
More information about getting access to friends: Facebook Graph Api v2.0+ - /me/friends returns empty, or only friends who also use my app

Registration Module in DotNetNuke

I am trying to secure my DNN site running on DNN version 7.01.02
WHat i am looking for is that anybody who registers for a new account must enter a valid email id and should be able to login only after he clicks the verification mail.
Currently the way i have it is Once the user enters his Email and chooses a password he is directly logged into the site and only gets the following message.
Here are the site settings for the Website i use to control the user Registration.
So how can i change this config so that the user can only log into the portal once he goes through the verification mail
PS: My verification mail works. I have checked the SMTP settings.
As an administrator, go to Site Settings, User Account Settings and change the User Registration Setting to "Verified."
The user will be required to enter a verification code when they log in for the first time.
I personally use the private setting, but I have a low traffic site. IF you dont mind verifying the accounts you can do that. Also you can set it to redirect to a page where it tells them that the account needs to be approved before they can login

Resources