Firebase Auth's default password reset app is insecure, as it allows users to enter insecure passwords. This project provides a drop-in replacement.
SafeFirebasePasswordReset ensures that users enter a secure password:
...Whereas Firebase's default mechanism will accept any 6-character combination:
Further information on this insecurity is in this blog.
- NodeJS >= 16
- Firebase CLI
-
Find your Firebase project config by going to Settings (cog icon) --> Project settings in your Firebase console, then click Add App. Follow the steps to see a screen like this:
.
Your project config is in the red box. Paste this intosrc/firebaseConfig.ts
where indicated by comments. -
Build the project:
npm run build
The build files will be created in thebuild
directory. -
Upload the
build
directory to any hosting service. If you want to use Firebase Hosting, just runfirebase init
, select Hosting, and answer the questions as follows:
-
In your Firebase console, select Authentication, then Templates (tab), then press the pencil edit icon, then click Customise action URL. Paste in the URL from your hosting service plus #. So if your hosting URL is https​://my-app.com/resetpassword/, enter
https://my-app.com/resetpassword/#
. This directs password reset emails to your newly uploaded app.
The app is written using React and can be easily branded or customised.
Please open an issue, I will try to respond quickly.
Any and all contributions very welcome but I recommend opening an issue before submitting a pull request.
MIT