How recovers password with firebase Auth Reset password mail in firebase database

0
votes

I am actually develloping an iOS app in Swift which use Firebase as online Database. So the concept is : User can sign up with the firebase Authentification email and password then I write the email and the password in Database. But now, I wanted to implement a Reset mail password with Firebase Auth send password reset. This function work very well but I want to update the password in database too. I don't know to do it. Here is my code:

@IBOutlet weak var txt_mail: UITextField!
 Auth.auth().sendPasswordReset(withEmail: txt_mail.text!) { (error) in
            let alertController = UIAlertController(title: "Error", message: error?.localizedDescription, preferredStyle: .alert)
            let defaultAction = UIAlertAction(title: "OK", style: .cancel, handler: nil)
            alertController.addAction(defaultAction)
            self.present(alertController, animated: true, completion: nil)
        }

This code send reset email to user and user'll change his password from the link which send him by mail, how can I recover password?

1
iosswiftfirebasefirebase-authentication

1 Answers

1
votes

First, why are you storing user passwords? Are you storing them in plain text? This is certainly NOT secure and I recommend that you do not do this.

Firebase DOES NOT store users passwords. It stores the hash of the passwords. This is the proper way to store passwords and cannot be converted into plain text. Additionally, there is no API for getting the user's password. Again this is due to security concerns.

In the event that you don't want to listen. Then you have only one potential option. You can use changePasswordForUser() which allows you to update the password in your app. This however, requires that the user knows their current password. The only way to reset a password that is not know is with resetPasswordForUser().

However, since you have the password saved in the database perhaps you can design a work around to use that password to authenticate a user and then update their password or you can ask the user to update their password the next time they sign in after updating their password (you can re-authenticate them with their updated password to make sure it is accurate). Again I do NOT recommend doing this.

Take a look at these links for more information:

How to get an authenticated users password and email

Manage Users in Firebase

How to verify users current password?