[Backend] Set Firebase user email verification status

Question

[Backend] Set Firebase user email verification status

Closed this issue 2 years ago · 1 comments

dpang314 commented 2 years ago

Description

When a user is created their email is not verified.
This is reflected in MongoDB, but not hasn't been implemented with Firebase, which we use for authentication.

Acceptance Criteria

In /api/user/user POST when a user is created update associated Firebase user to have emailVerified: false
in /api/auth/verify PATCH on a successful verification, update the Firebase user to have emailVerified: true
in firebase_storage_rules.txt restrict both read and write to require request.auth.emailVerified to be true

Other Notes

Answer 1 · 2023-02-05T19:20:13.000Z

In Firebase, emailVerified: false is the default configuration if verified status is not provided. Either way I added some code to ensure that is is set to false for new users.