In my app users can register an account using Email authentication with Firebase, one of the required fields while registering is the phone number, which is stored as a string value in Firestore:
final phoneField = TextFormField(
controller: phoneController,
keyboardType: TextInputType.phone,
autofocus: false,
autocorrect: false,
textInputAction: TextInputAction.next,
validator: (value) {
RegExp regex = RegExp(r'(^(?:[00] )?[0-9]{10,15}$)');
if (value!.isEmpty) {
return AppLocalizations.of(context)!.phoneValidationEmpty;
}
if (!regex.hasMatch(value)) {
return ("Please Enter a Valid phone Number");
}
},
onSaved: (value) {
phoneController.text = value!;
},
textAlign: TextAlign.center,
decoration: InputDecoration(
prefixIcon: Icon(Icons.phone),
contentPadding: EdgeInsets.fromLTRB(20, 15, 20, 15),
hintText: AppLocalizations.of(context)!.phoneNumber,
border: OutlineInputBorder(
borderRadius: BorderRadius.circular(10),
),
),
);
Am trying to add a functionality in the "validator" that can access the "Users" collection and check all documents (users information), especially the "phone" field for any duplication.
I tried using query snapshot but it seems am not using it properly, I appreciate any help.
CodePudding user response:
You have a couple options.
Store the phone on the user document in firebase and look for them there. The problem with that is you'll have to give all users permission to read all other users' docs to see if the phone exists...not good.
Use phone auth. If you want to ensure only one phone number is ever existing in your system, I suggest setting up phone auth. that will store the phone number on the user's auth token. Only use that field throughout the app. You may want to set up a custom claim of "PhoneVerified" t/f.
Phone auth along with the social auth's (google, apple, facebook) are going to be better in the long run for authentication. There are firestore functions for linking the accounts, so you can ask a user to log in with whatever method and prompt them to also auth with another to ensure consistency.
CodePudding user response:
Firebase recently introduced authentication blocking triggers. You can use cloud functions which is a secure environment and check whether the phone number exists in firestore before registering a user.
NB// To use blocking functions you must upgrade your Firebase project to Firebase Authentication with Identity Platform. If you haven't already upgraded, do so first.
import { beforeUserCreated } from "firebase-functions/v2/identity";
//runs before a user is created using firebase authentication
export const beforecreated = beforeUserCreated((event) => {
// Check if phone number exists in firestore
});