How to catch 'permission-denied' after updateEmail in firebase

0
votes

I have a problem with permissions after using firebase updateEmail for a user.

Many of my collections roles have a 'read' like: 

if request.auth != null && request.auth.token.email_verified == true;

to only let in those users who have confirmed their e-mail during registration.

The problem is when logged in user changes his email. The interceptor reacts with "Missing or insufficient permissions. I would like somehow to log out the user immediately, right after changing the password, so that the interceptor will not be able to react. Can I react somehow before interceptor? Any idea? Or maybe some role update will be better?

UpdateEmail (https://firebase.google.com/docs/auth/web/manage-users) returns the promise and I can't log out of the user in then/catch

1
firebasegoogle-cloud-firestorefirebase-security

1 Answers

0
votes

It seems that there are some options that could help you logout the user, based on changes or updates in the database. I would recommend you to take a look at the following links, to get more information about it.

On the official documentation Manage User Sessions, as per the following phrase, it confirms that it works with change of emails.

A major account change is detected for the user. This includes events like password or email address updates.

Besides that, there is this other question in the Community, with some other options on how to achieve it: Best way to implement logout in Firebase v3.0.1+? Firebase.unauth is removed after update

Let me know if the information helped you!