Firebase e-mail authentication system logs-in any account:

0
votes

I have an application I'm building with Firebase. Essentially, I'm trying to build an authentication system that allows users to sign-up using their e-mail/password and then use that same e-mail/password to log in.

While my create users authentication system is working just fine, along with my reset password system that sends password reset links to the designated e-mail address, for some reason or another my login authentication system seems to allow anyone of any e-mail address (signed up or not) to sign-in and essentially be authenticated.

To summarize: Upon entering an e-mail or password in my LoginViewController, it immediately segues into the next ViewController regardless of whether the account has previously been created or not.

These are the pods I'm using: 

pod 'Firebase/Database'
pod 'Firebase/Auth'
pod 'Firebase/Core'
pod 'Firebase/Messaging'

Here's my code in my LoginViewController for e-mail/password authentication: 

@IBAction func loginDidTouch(sender: AnyObject) {
    if let email = textFieldLoginEmail.text, let password = textFieldLoginPassword.text {
        FIRAuth.auth()?.signInWithEmail(email, password: password, completion: { (user, error) in
        if error != nil {
            // There was an error logging in to this account!
           print("Unsuccessful sign-in")
        } else {
            print("Successful login!")
            self.performSegueWithIdentifier("SuccessfulAuthentication", sender: nil)
        }
    })
  }
}

My database rules in my Firebase console: 

{
  "rules": {
   ".read": "auth != null",
".write": "auth != null"
  }
}

Also, I'm using the exact same code (with the exception of migrated syntax from Firebase 2.5.1 to Firebase 3.5.2) in another application I've built using Firebase 2.5.1 (Legacy console) and it works exactly as it should and does not log-in any accounts that haven't been created beforehand (sign-up).

UPDATE FIXES: Firebase version 3.6.0 (release date: 9/14/16):

  • Improved the behavior of Firebase Authentication when testing apps using the iOS 10 simulator.
  • Fixed an issue with error reporting when a user provides an invalid email address while signing in with an email address and password.

See newest release notes here.

2
iosswiftfirebasefirebase-authentication
Added update fix + link for release notes.user6410342

2 Answers

0
votes

Is it possible that you create the segue by ctrl dragging from your login UIButton? If yes, then the segue will be performed regardless whether the authentication was a success or not.

You need to make sure when creating the segue in the storyboard that you ctrl+drag the View Controller (I think it's the yellow button at the top of your view controller) not your UIButton

0
votes

Use .isValidated to check whether the logged in user has validated their email address. As for authorization, remember that is different from authentication. Authorization is handled by Firebase Realtime Database Rules.