1. 首頁
  2. 問答
  3. 如何使用Swift在Firebase中設置散列密碼?

如何使用Swift在Firebase中設置散列密碼?

2017-04-08 61 views
0

我跟隨優步克隆tutorial。我可以登錄,註冊和註銷工作,但密碼似乎沒有被散列;我可以在我的Firebase數據庫中清楚地看到它們。如何使用Swift在Firebase中設置散列密碼?

這是我的代碼。首先登錄/註冊/註銷功能保存在與控制器分開的'plugins'文件夾中。

import Foundation 
import FirebaseAuth 

typealias LoginHandler = (_ msg: String?) -> Void; 

struct LoginErrorCode { 
    static let INVALID_EMAIL = "Invalid email, please provide a real email address"; 
    static let WRONG_PASSWORD = "Wrong Password, Please Try Again"; 
    static let PROBLEM_CONNECTING = "Problem Connecting to Database. Please Try Later"; 
    static let USER_NOT_FOUND = "User Not Found, Please Register"; 
    static let EMAIL_ALREADY_IN_USE = "Email Already In Use, Please Use Different Email"; 
    static let WEAK_PASSWORD = "Password Should Be At Least 6 Characters"; 
} 

class AuthProvider { 
    private static let _instance = AuthProvider(); 

    static var Instance: AuthProvider { 
     return _instance; 
    } 

    func login(withEmail: String, password: String, loginHandler: LoginHandler?) { 
     FIRAuth.auth()?.signIn(withEmail: withEmail, password: password, completion: { (user, error) in 
      if error != nil { 
       self.handleErrors(err: error as! NSError, loginHandler: loginHandler); 
      } else { 
       loginHandler?(nil); 
      } 
     }) 
    } //login func 

    func signUp(withEmail: String, password: String, loginHandler: LoginHandler?) { 
     FIRAuth.auth()?.createUser(withEmail: withEmail, password: password, completion: { (user, error) in 
      if error != nil { 
       self.handleErrors(err: error as! NSError, loginHandler: loginHandler); 
      } else { 
       if user?.uid != nil { 
        // store the user to database 
        DBProvider.Instance.saveUser(withID: user!.uid, email: withEmail, password: password) 
        //log in the user 
        self.login(withEmail: withEmail, password: password, loginHandler: loginHandler) 
       } 
      } 
     }) 

    } //sign up func 

    func logOut() -> Bool { 
     if FIRAuth.auth()?.currentUser != nil { 
      do { 
       try FIRAuth.auth()?.signOut(); 
       return true; 
      } catch { 
       return false; 
      } 
     } 
     return true 
    } 

    private func handleErrors(err: NSError, loginHandler: LoginHandler?) { 
     if let errCode = FIRAuthErrorCode(rawValue: err.code) { 
      switch errCode { 
      case .errorCodeWrongPassword: 
       loginHandler?(LoginErrorCode.WRONG_PASSWORD); 
       break; 
      case .errorCodeInvalidEmail: 
       loginHandler?(LoginErrorCode.INVALID_EMAIL); 
       break; 
      case .errorCodeUserNotFound: 
       loginHandler?(LoginErrorCode.USER_NOT_FOUND); 
       break; 
      case .errorCodeEmailAlreadyInUse: 
       loginHandler?(LoginErrorCode.EMAIL_ALREADY_IN_USE); 
       break; 
      case .errorCodeWeakPassword: 
       loginHandler?(LoginErrorCode.WEAK_PASSWORD); 
       break; 
      default: 
       loginHandler?(LoginErrorCode.PROBLEM_CONNECTING); 
       break; 
      } 
     } 
    } 
} //class

而且控制器:

import UIKit 
import FirebaseAuth 

class SignInVC: UIViewController { 
    private let DRIVER_SEGUE = "DriverVC"; 

    @IBOutlet weak var emailTextField: UITextField! 

    @IBOutlet weak var passwordTextField: UITextField! 


    override func viewDidLoad() { 
     super.viewDidLoad() 


     // Do any additional setup after loading the view. 
    } 

    @IBAction func login(_ sender: Any) { 

     if emailTextField.text != "" && passwordTextField.text != "" { 
      AuthProvider.Instance.login(withEmail: emailTextField.text!, password: passwordTextField.text!, loginHandler: { (message) in 
       if message != nil { 
        self.alertTheUser(title: "Problem With Authentication", message: message!); 
       } else { 
        self.performSegue(withIdentifier: self.DRIVER_SEGUE, sender: nil) 
       } 
      }); 
     } else { 
      alertTheUser(title: "Email And Password Are Required", message: "Please enter email and password"); 
      } 
      } 


    @IBAction func signUp(_ sender: Any) { 
     if emailTextField.text != "" && passwordTextField.text != "" { 
      AuthProvider.Instance.signUp(withEmail: emailTextField.text!, password: passwordTextField.text!, loginHandler: { (message) in 
       if message != nil { 
        self.alertTheUser(title: "Problem With Creating New Account", message: message!) 
       } else { 
        self.performSegue(withIdentifier: self.DRIVER_SEGUE, sender: nil) 
       } 
      }) 
     } else { 
      alertTheUser(title: "Email And Password Are Required", message: "Please enter email and password"); 
     } 
    } 


    private func alertTheUser(title: String, message: String) { 
     let alert = UIAlertController(title: title, message: message, preferredStyle: .alert); 
     let ok = UIAlertAction(title: "OK", style: .default, handler: nil); 
     alert.addAction(ok); 
     present(alert, animated: true, completion: nil) 
    } 


} //class

來源

2017-04-08 Sophia

+0

這是我必須添加自己的東西嗎?它不是FirebaseAuth的一部分? – Sophia

+0

僅使用哈希函數是不夠的,只是添加一點鹽對提高安全性沒有多大作用。取而代之的是用隨機鹽對HMAC進行大約100毫秒的持續時間並用散列表保存鹽。使用「PBKDF2」,「Rfc2898DeriveBytes」,「password_hash」,「Bcrypt」等功能。關鍵是要讓攻擊者花費大量時間通過強力查找密碼。 – zaph

回答

0

嘗試在FIRUser使用updatePassword(_ password: String, completion: FirebaseAuth.FIRUserProfileChangeCallback? = nil)

來源

2017-04-09 00:45:02

相關問題

 相關問題